North Korean Hacker, Critical Software Flaws, Secure Boot At Risk
July 26, 2024
Major vulnerabilities are making headlines in today’s security news. A critical flaw (CVE-2024-6327) in Progress Software’s Telerik Report Server could allow attackers to remotely execute code, potentially compromising sensitive data. Meanwhile, a newly revealed vulnerability dubbed “PKfail” exposes a weakness in UEFI Secure Boot, leaving hundreds of device models vulnerable to malware attacks, even after OS reinstalls. And in other news, a North Korean hacker has been charged in the US for orchestrating ransomware attacks against hospitals, highlighting the increasing use of such tactics for financial and geopolitical gain.
North Korean Hacker Charged in US for Hospital Ransomware Attacks and Espionage
/Major/ /Andariel/
The US Department of Justice has unsealed an indictment charging a North Korean military intelligence operative with orchestrating ransomware attacks against US healthcare institutions and funneling the proceeds to fund further cyber intrusions targeting defense, technology, and government entities globally. The accused, Rim Jong Hyok, is alleged to be a member of the Andariel Unit, operating under North Korea’s Reconnaissance General Bureau.
The indictment details Hyok’s involvement in a series of ransomware attacks in 2021 and 2022, including one targeting a Kansas hospital. The funds extorted from these attacks were allegedly used to support North Korea’s illicit weapons program and to further their cyber espionage activities against organizations deemed strategically important.
This case highlights the evolving tactics of state-sponsored cybercriminals, who are increasingly leveraging ransomware as a means to generate revenue and advance geopolitical objectives. The indictment sends a strong message that such activities will not be tolerated, and that the US government is committed to holding perpetrators accountable for their actions.
References
US Charges North Korean Hacker for Ransomware Attacks on Hospitals [hackread.com]
North Korean Hackers Target Critical Infrastructure for Military Gain [infosecurity-magazine.com]
U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals [thehackernews.com]
North Korean Charged in Cyberattacks on US Hospitals, NASA & Military Bases [cybersecuritynews.com]
US indicts alleged North Korean state hacker for ransomware attacks on hospitals [therecord.media]
North Korean hacker used hospital ransomware attacks to fund espionage [cyberscoop.com]
Feds Warn of North Korean Cyberattacks on US Critical Infrastructure [darkreading.com]
US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks [bleepingcomputer.com]
North Korean APT45 Hackers, Long Running Digital Military Since 2009 [cybersecuritynews.com]
Progress Software Addresses Critical RCE Vulnerability in Telerik Report Server
/Critical/
Progress Software has issued an urgent warning to customers, urging them to patch a critical remote code execution (RCE) vulnerability discovered in their Telerik Report Server product. Tracked as CVE-2024-6327 and assigned a CVSS score of 9.9, the flaw could allow attackers to execute arbitrary code on vulnerable systems.
Telerik Report Server, a web-based reporting solution widely used by organizations for creating, managing, and delivering reports, is susceptible to exploitation due to this vulnerability. Attackers can exploit CVE-2024-6327 to gain unauthorized access to sensitive data, disrupt critical business operations, or even take complete control of affected servers.
Progress Software strongly advises all users to update their Telerik Report Server instances to the latest patched version (2024 Q2 10.1.24.709 or later) to mitigate the risk posed by this critical RCE vulnerability. Organizations using affected versions are advised to prioritize patching as soon as possible.
References
Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) [helpnetsecurity.com]
Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk [thehackernews.com]
Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server [securityaffairs.com]
Progress warns of critical RCE bug in Telerik Report Server [bleepingcomputer.com]
PKfail Vulnerability Exposes UEFI Secure Boot to Malware Attacks
/Critical/
A newly disclosed vulnerability, dubbed PKfail, has been discovered in the UEFI Secure Boot process, potentially compromising the security of over 200 device models from various vendors. This critical firmware supply-chain issue undermines the integrity of Secure Boot, a crucial security mechanism designed to ensure that only trusted software is loaded during the boot process.
PKfail stems from the mishandling and exposure of Platform Keys (PK), essential components of the Secure Boot process. Attackers exploiting this vulnerability could potentially bypass Secure Boot protections, enabling them to install malicious software, including rootkits and bootkits, that can remain persistent even after the operating system is reinstalled.
The discovery of PKfail highlights the importance of robust firmware security and the need for vendors to prioritize timely security updates. Users are advised to check if their devices are affected and apply necessary firmware updates from their respective manufacturers to mitigate the risks associated with this vulnerability.
References
PKfail: Untrusted Keys Expose Major Vulnerability in UEFI Secure Boot [cyberinsider.com]
PKfail Secure Boot bypass lets attackers install UEFI malware [bleepingcomputer.com]
PKfail Vulnerability Allows Hackers to Install UEFI Malware on Over 200 Device Models [cybersecuritynews.com]
This site is auto-generated from feeds which I personally follow using Generative AI APIs. This was primarily done to make it easier for me to consume the feeds I like to follow, but its also an experiment to see how Gen AI could be used in real life.