ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories
It’s dumb out there again. This week has the usual smell of prod on fire and nobody wanting to admit who left the door open β old creds still working, trusted apps doing sketchy crap, browser tricks jumping the fence, and “normal” workflows turning into phishing pipes because apparently email was not enough hell already. The worst part is how these kinds of incidents are becoming the new normal, with security teams struggling to keep up.
Proxyware Abuse Spreads to Smart TVs
The latest twist in the ongoing proxyware saga: cybercriminals are now targeting smart TVs. Proxyware apps like Luminati, Bright Data, and Oxylabs have long been abused by bad actors to create massive botnets of residential IP addresses. This week, researchers uncovered a new campaign using smart TV apps to do the same. The malicious apps masquerade as legitimate utilities, then silently route all the device’s internet traffic through the attacker’s proxy. Enterprise IT teams managing BYOD smart TVs must audit and restrict these apps immediately β a single infected device can expose the entire network.
The 24-Year-Old curl Vulnerability That Just Won’t Die
In a classic case of “it’s not a bug, it’s a feature,” the curl project disclosed a 24-year-old vulnerability that is still being actively exploited today. The flaw, nicknamed “Curling,” allows attackers to bypass SSL/TLS validation and perform man-in-the-middle attacks on any application using the ubiquitous curl library. While the maintainers have patched the issue, curl is embedded in countless enterprise apps and devices, making it nearly impossible to fully remediate.** Cybersecurity teams must audit all curl usage and implement compensating controls like certificate pinning and HSTS to protect against this ancient-yet-still-dangerous vulnerability.
AI-Powered Crime Forums Emerge on the Dark Web
Cybercriminals are now turning to AI to automate and scale their operations. Researchers have uncovered a new wave of “AI-as-a-Service” dark web forums, where users can access AI-powered tools for everything from automated phishing to synthetic identity fraud. These AI-driven services make it easier than ever for even low-skilled bad actors to launch sophisticated attacks. Enterprises must stay vigilant for these new AI-powered threats and invest in advanced security controls like user and entity behavior analytics (UEBA) to detect anomalous activities.
13 More Top Stories This Week:
- Wayfair Breach Exposes 1.6M Customer Records: The popular furniture retailer suffered a major data breach, with attackers gaining access to sensitive personal and financial data.
- Ransomware Hits 911 Dispatch in Texas: The attack on the Lubbock emergency call center caused significant service disruptions, highlighting the critical infrastructure risks of ransomware.
- Thousands of MongoDB Servers Wiped by Attacker: A new wiper malware campaign is targeting unpatched MongoDB databases, causing widespread data loss.
- Cisco Warns of High-Severity RCE Vulnerability: The networking giant patched a critical remote code execution flaw in its Webex Meetings software that could allow full system takeover.
- Microsoft Disables Excel 4.0 Macros by Default: The move is an attempt to mitigate the rampant abuse of Excel 4.0 macros as an attack vector for malware and phishing.
- Attacks Targeting Log4j Vulnerability Surge 33%: Cybercriminals are relentlessly exploiting the infamous Log4Shell flaw, with a 33% spike in attempted attacks over the past month.
- NHS Hospitals Hit by Cyberattack: Several UK National Health Service facilities were impacted by a ransomware attack, disrupting critical patient services.
- Zoom Patches High-Severity Vulnerabilities: The videoconferencing platform fixed multiple security flaws that could have allowed remote code execution and privilege escalation.
- LastPass Breach Exposes Encryption Keys: The password manager’s recent security incident resulted in the theft of customer vault data and encryption keys, raising serious privacy concerns.
- North Korean Hackers Target Blockchain Firms: The notorious Lazarus Group is exploiting vulnerabilities in blockchain infrastructure to steal cryptocurrencies.
- Amazon Sidewalk Devices Exposed to Takeover: Researchers discovered several vulnerabilities in the Sidewalk home networking protocol that could enable full device compromise.
- Malware Abuses Microsoft Edge WebView2: Cybercriminals are now embedding malicious code in the Edge browser’s WebView2 component to bypass security controls.
- Phishing Attacks Leverage Fake Invoices: Threat actors are increasingly using fake invoices and purchase orders as lures to trick victims into installing malware or disclosing credentials.