MSP cybersecurity news digest: Feb. 20, 2024

Microsoft’s February 2024 Patch Tuesday addressed 73 flaws, including two actively exploited zero-days. These updates aim to rectify critical vulnerabilities, spanning denial of service, remote code execution, information disclosure and elevation of privileges issues.

Notably, the total includes 16 elevation of privilege vulnerabilities, three security feature bypass vulnerabilities, 30 remote code execution vulnerabilities, five information disclosure vulnerabilities, nine denial of service vulnerabilities, and 10 spoofing vulnerabilities. Excluded from this count are the six Microsoft Edge flaws remedied on February 8 and one Mariner flaw. Furthermore, Microsoft highlights the release of nonsecurity updates, including the new Windows 11 KB5034765 cumulative update and the Windows 10 KB5034763 update, for further exploration.

This month’s Patch Tuesday also addresses two zero-day vulnerabilities, including CVE-2024–21351, a Windows SmartScreen Security Feature Bypass Vulnerability, and CVE-2024–21412, an Internet Shortcut Files Security Feature Bypass Vulnerability, both exploited in active campaigns.

Prudential Financial reported a breach in its network, where attackers managed to access employee and contractor data before being blocked from compromised systems a day later.

As a leading global financial services Fortune 500 company managing approximately $1.4 trillion in assets, Prudential serves over 50 million customers worldwide, offering insurance, retirement planning, and wealth management services across the United States, Asia, Europe, and Latin America. With a workforce of 40,000 employees globally and revenue exceeding $50 billion in 2023, Prudential ranks as the second-largest life insurance company in the U.S.

The breach was detected following unauthorized access to certain systems as outlined in an 8-K form submitted to the U.S. Securities and Exchange Commission. Prudential suspects the threat actor to be a cybercrime group and has reported the breach to law enforcement and regulatory authorities, with an ongoing investigation underway to determine the full scope and impact of the incident. Despite the breach, Prudential has yet to find evidence suggesting the compromise of customer or client data, and the company believes the incident has not materially impacted its operations or financial condition.

Researchers have detected a resurgence of Qakbot malware in email campaigns. One variant observed in these campaigns employs a fake Adobe installer on Windows to deceive users into installing the malware.

Also known as QBot, this malware has historically served as a means for various malicious payloads, including ransomware, typically distributed via email. Despite its takedown last August, QBot had previously infected over 700,000 systems, causing financial losses exceeding $58 million in just 18 months. A Qakbot campaign observed last year persisted into early October, suggesting that law enforcement only disrupted the malware’s command and control servers, not its spam distribution infrastructure.

In December 2023, researchers documented a QBot phishing campaign impersonating the IRS, confirming concerns about the malware’s resurgence. Recently, researchers have identified renewed Qbot activity, with up to 10 new malware versions emerging since mid December. These new samples utilize advanced obfuscation techniques, including AES-256 encryption, to conceal strings and communication with command-and-control servers, while also evading detection by checking for endpoint protection software and virtualized environments.

Bank of America is cautioning customers about a data breach that compromised their personal details following an attack on Infosys McCamish Systems (IMS), one of its service providers, last year.

The exposed customer personally identifiable information (PII) includes names, addresses, social security numbers, dates of birth, and financial details, such as account and credit card numbers, according to information shared with the Attorney General of Texas. Bank of America serves approximately 69 million clients across over 3,800 retail financial centers and more than 15,000 ATMs in the United States, its territories and over 35 countries.

While the number of affected customers by the breach has not been disclosed by Bank of America, a notification letter from IMS to the Attorney General of Maine revealed that a total of 57,028 individuals were directly impacted.

Battery manufacturer VARTA AG, a German company partially owned by Energizer Holdings with an annual revenue exceeding $875 million, disclosed that it fell victim to a cyberattack.

The cyber incident targeted specific segments of VARTA’s IT infrastructure, leading to the disruption of operations in five production facilities and administrative functions. The disruption reflected in a 4.75% decline in VARTA’s share price, underscoring the severity of the situation.

To address the breach, VARTA activated its emergency plan, assembling a task force comprising cybersecurity experts and data forensic specialists to assist in system restoration efforts. While the attack shares similarities with ransomware incidents, its exact nature remains undetermined, and no prominent threat groups have claimed responsibility thus far.