Cyber Security News: Cisco Bugs, CISA Layoffs, Gootloader, Sandworm, and Meta's Ad Fraud

Cisco Patches Critical Vulnerabilities

• 🐛 Cisco has released patches for two critical vulnerabilities in its Unified Contact Center Express (UCCX) software, allowing remote attackers to gain full control.
• 🔑 The most severe flaw enables unauthenticated command execution with root privileges via the Java remote method invocation process.
• ⚠️ A separate critical flaw in the UCCX editor app permits attackers to bypass authentication and run arbitrary scripts with admin permissions.
• 🚨 Cisco urges immediate upgrades, though no active exploitation has been reported for these specific UCCX flaws.

CISA and Government Workforce Issues

• 📉 The Department of Homeland Security (DHS) is proceeding with layoffs at CISA despite a federal court order halting some government-wide workforce reductions.
• ⚖️ CISA argues that 54 employees in its stakeholder engagement division, who received layoff notices before the injunction, are not covered by the ruling.
• 🚫 The agency contends these reductions fall outside the scope of the injunction, which applies to competitive areas with union members.

Emerging Threats and Malware

• 📈 CISA warns of active exploitation of a critical command injection flaw in Control Web Panel (CWP), a Linux server management tool.
• 💻 Exploits for the CWP vulnerability allow unauthenticated remote attackers to execute arbitrary shell commands, potentially leading to full system compromise.
• ⏳ The Gootloader malware operation has resurfaced after a 7-month break, using SEO poisoning to distribute malicious JavaScript disguised as legal document templates.
• 🎣 Gootloader's new campaign employs sophisticated evasion tactics, including custom web fonts and malformed zip archives, to deliver payloads like Cobalt Strike and ransomware.

International Cyber Incidents

• 🇰🇷 South Korean telecom giant KT is under investigation for allegedly concealing a major malware breach affecting 43 servers with BPF Door and other malicious code.
• 🕵️ Investigators found compromised systems contained customer data and severe flaws in KT's femtoell management system, potentially enabling payment data interception.
• 🇷🇺 Russia's state-sponsored Sandworm group has launched multiple destructive data wiping attacks against Ukraine's government, education, logistics, energy, and grain sectors.
• 🌾 Attacks targeting Ukraine's grain industry aim to damage the country's wartime economy, using wiper variants like ZeroLot and Sting.
• 🇨🇳 A Chinese court sentenced five members of a Myanmar-based crime syndicate to death for operating massive online fraud compounds that defrauded victims of over $4 billion.

Meta's Profit-Driven Ad Practices

• 💰 Internal documents reveal Meta expected to earn approximately $16 billion in 2024 from scam ads and banned goods, including fake investment schemes and fraudulent e-commerce.
• ⚠️ Meta's own systems flagged these ads as high risk, yet the company often charged advertisers more rather than banning them outright.
• 📈 Internal estimates suggest Meta displayed 15 billion scam ads daily, with its ad system serving victims even more ads after they clicked.
• 🌐 Despite internal acknowledgments of Meta's platforms becoming a pillar of the global fraud economy, the company is reportedly addressing the issue slowly to protect quarterly earnings.