A cyberespionage group called “Velvet Ant,” believed to be aligned with China, recently exploited a zero-day vulnerability in Cisco Nexus devices. This flaw, identified as CVE-2024-20399, allows an attacker to execute arbitrary commands as root on the affected device. According to Sygnia researchers, this exploit led to the deployment of custom malware that enabled remote access to compromised devices. Cisco has released patches to address this vulnerability.
In another incident, EVA Information Security Researchers uncovered vulnerabilities in CocoaPods, an open source dependency manager widely used in iOS and macOS apps. These vulnerabilities allowed a threat actor to claim ownership of orphaned packages and inject malicious code into popular applications. By exploiting insecure email verification processes and server vulnerabilities, an attacker could manipulate or replace packages being downloaded by developers. Fortunately, these vulnerabilities have been patched to prevent further exploitation.
Meanwhile, CDK Global, a provider of automotive sales management software, is working to restore systems following a ransomware attack on June 18. The company expects all car dealerships to be back online by Thursday, July 4. The attack, believed to be carried out by the BlackSuit ransomware gang, caused disruptions in the Dealer Management System (DMS). CDK Global is implementing a phased restoration process to reconnect dealers to their systems and aims to have all connections operational by the specified date.
These incidents highlight the ongoing challenges posed by cyber threats to organizations and individuals alike. As threat actors become more sophisticated in their tactics, it is essential for companies to remain vigilant and promptly address vulnerabilities in their systems to prevent potential breaches. Cisco, CocoaPods, and CDK Global have taken steps to mitigate the risks associated with these attacks, underscoring the importance of proactive cybersecurity measures in today’s digital landscape.
Article Source
https://thecyberwire.com/newsletters/daily-briefing/13/127