Cybersafe Threats – 13th June

Cybersafe Threats Weekly Update 13 June

Each week, Cybersafe.co.uk will be updating you on the latest cyber attacks threatening the private and sensitive data of businesses all over the UK and the world as part of our Cybersafe Threats Weekly Update. As technology evolves, so do cyber criminals and their methods of attack. If your company does not have the right cyber security processes in place, it runs a serious risk of cyber attackers infiltrating its network and data. The results could devastate your business if your data falls into the wrong hands. Whether it be paying a ransom which could cost you a fortune, losing all your data and not being able to recover it, a fine due to GDPR breaches, or reputational damage, all of these effects could have a severe impact on how (and if) your business will be able to move forwards. 

Cybersafe Threats Weekly Update – 13th June 2024  – Below, we update business leaders on what you and your employees need to look out for when assessing cyber threats to their data. This is all within our aim of making your business Cybersafe.

Here are the most prominent cyber threats to businesses which you should be aware of:

Pure Storage Reports Breach of Snowflake Environment, No Sensitive Data Compromised

On June 13, 2024, Pure Storage disclosed that attackers infiltrated a Snowflake data workspace, accessing customer support telemetry information such as company names, LDAP usernames, email addresses, and Purity software release version numbers. The company assured that no sensitive data, like passwords or stored customer data, was compromised.

Pure Storage has taken immediate action to secure the environment and found no evidence of a broader infrastructure impact. The breach is part of a larger campaign targeting Snowflake users, with 165 organisations potentially exposed due to stolen credentials from infostealer malware. The threat actor, UNC5537, has been active since May 2024.

It was revealed that cyber attackers are exploiting weakly secured customer accounts rather than breaching Snowflake directly. Snowflake maintains that its system is secure and attributes the breaches to inadequate cyber security measures by users. Recent attacks on Santander and Ticketmaster have also been linked to this campaign.

Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation

On June 12, 2024, Google released a significant Pixel security update, addressing a zero-day vulnerability (CVE-2024-32896) described as an elevation of privilege issue in Pixel Firmware. This high-severity bug has already been exploited in limited, targeted cyber attacks.

The Pixel security bulletin lists 44 vulnerabilities, with seven marked as critical. These include multiple elevation of privilege issues and high-severity remote code execution vulnerabilities. The update also addresses flaws in Qualcomm components.

Separately, a severe defect in the Arm Mali GPU Kernel Driver (CVE-2024-4610) has been identified and is actively exploited. Arm has released a fix and recommends affected users to upgrade.

So far in 2024, there have been 41 documented zero-day attacks, with eight linked to Google’s software products.

Microsoft June Patch Tuesday: Fixes for Windows, Outlook, and SharePoint

On June 12, 2024, Microsoft released its June Patch Tuesday updates, addressing over 50 security vulnerabilities across Windows, Microsoft 365, Visual Studio, Edge, SharePoint, and Outlook. Notably, 18 remote code execution (RCE) flaws were fixed, including a critical bug in Microsoft Message Queuing (MSMQ) tracked as CVE-2024-30080, with a severity score of 9.8 out of 10. This flaw could allow remote attackers to control Windows systems without user interaction.

A zero-day vulnerability in DNSSEC validation (CVE-2023-50868) caused a denial of service, and seven Windows Kernel privilege elevation flaws were also patched. Additionally, critical security issues in Office applications, including Outlook RCEs exploitable from the preview pane, were addressed.

Microsoft patched SharePoint RCE CVE-2024-30100 and a privilege escalation vulnerability in Cloud Files Mini Filter Driver CVE-2024-30085. The Windows OS update is considered the most urgent, particularly due to the critical MSMQ and DNSSEC vulnerabilities.

Non-security updates for Windows 11 and Windows 10 and fixes for seven Microsoft Edge flaws were also released.

Keep up to date with our Cybersafe Weekly Threats Update – Be Cybersafe

Contact Cybersafe.co.uk for help on how we can help prevent cyber attacks on businesses from cyber criminals and how to become Cybersafe. Whether you have sensitive data or confidential information within your business, you are always likely to be a target for cyber criminals. We also have a podcast where you can stay up-to-date with the latest cyber security measures that will help your company fight against these threats.

Share the article:

More Posts:

11 July Cybersafe Threats - Covering Data Breaches

Cybersafe Threats – 11th July

Each week, Cybersafe.co.uk will be updating you on the latest cyber attacks and cyber criminal activity threatening the private and sensitive data of businesses all

Cyber Criminal activity in the week leading up to the 4th July

Cybersafe Threats – 4th July

Each week, Cybersafe.co.uk will be updating you on the latest cyber attacks and cyber criminal activity threatening the private and sensitive data of businesses all

Listen to our Podcast:

Stay Cybersafe

with our weekly updates