.svg)
Google Chrome Security Alert: CVE-2024-7965 Vulnerability Exploited
Google has issued a security alert for its Chrome browser, warning users of an actively exploited vulnerability known as CVE-2024-7965. This critical flaw, found in the V8 JavaScript and WebAssembly engine, was recently patched, but attackers are already taking advantage of it.
The National Institute of Standards and Technology (NIST) has categorised CVE-2024-7965 as an "inappropriate implementation" issue. This bug allows remote attackers to exploit heap corruption via a specially crafted HTML page if users have not updated Chrome to version 128.0.6613.84.
Although details about the specific attacks and the identities of those exploiting this flaw remain unclear, Google has confirmed that an exploit for CVE-2024-7965 is currently active. It is also uncertain whether this vulnerability was used as a zero-day exploit prior to its recent patch.
This incident adds to the nine zero-day vulnerabilities in Chrome that Google has addressed since the start of 2024, including several identified during the Pwn2Own 2024 competition:
Action Required: Users are strongly advised to update their Chrome browsers to version 128.0.6613.84/.85 on Windows and macOS, and version 128.0.6613.84 on Linux to protect against these vulnerabilities.
NHS Cybersecurity Incident: Mobile Numbers of Staff Compromised
A recent data breach at a software supplier has exposed the mobile numbers of NHS staff across seven Scottish health boards. Scott Barnett, Head of Information and Cyber Security at NHS National Services Scotland, reported that a subcontractor for a third-party supplier experienced a "cyber incident."
While the breach did not directly target NHS Scotland boards, some workforce data, including mobile numbers, was compromised. Affected staff will be notified and provided with guidance by their respective NHS Scotland Boards. Importantly, no patient data was involved in this breach.
Among the affected health boards are NHS Grampian and NHS Dumfries and Galloway. An internal communication from NHS Grampian revealed that text messages sent over the past three months had been compromised, with mobile numbers potentially accessed by unauthorised individuals. These messages contained only general information, such as shift confirmations, with no personal data included.
A Scottish Government spokesperson confirmed that ministers are aware of the incident, which exposed the mobile numbers of staff registered on the bank staff rostering system used by seven health boards. They assured that no NHS systems or personally identifiable information were compromised, and that all services continue to operate normally.
The Information Commissioner has been informed of the breach.
Digital Marketing Tools Exploited by Cybercriminals for Malicious Campaigns
Researchers from Mandiant and Google have uncovered a concerning trend: cybercriminals are increasingly repurposing digital marketing tools to enhance their attacks. Tools typically used by marketers for targeting content and tracking campaign success are now being weaponised to avoid detection and amplify cyberattacks.
Cybercriminals are leveraging Search Engine Marketing (SEM) tools to refine their malicious advertising campaigns, also known as malvertising. By analysing high-traffic keywords, attackers can identify terms that generate the most clicks. For example, in June 2024, the keyword "advanced IP scanner" generated an estimated 220,000 clicks across various domains. Even when some domains ceased activity, they remained linked to these keywords, allowing criminals to use them as templates for future attacks.
Cybercriminals are also exploiting link shorteners like bit.ly, which are typically used to simplify URLs and track click rates. These tools are being used to obscure harmful links, making it difficult for victims to recognise malicious content. These shortened links are often deployed in phishing attacks and malvertising, tricking users into clicking on them and inadvertently downloading malware.
IP geolocation tools, designed to track the geographic reach of advertising campaigns, are now being misused by attackers. These tools enable cybercriminals to monitor the spread of malware and tailor their attacks based on the victim’s location. For instance, the Kraken Ransomware uses geolocation data to track infection rates, while other malware variants adjust their behaviour to evade detection based on the victim’s IP address.
CAPTCHA technology, intended to differentiate between humans and bots, is being manipulated by cybercriminals to protect their malicious infrastructure. By implementing CAPTCHA challenges, attackers can prevent automated security tools from accessing and analysing their phishing pages. This allows them to screen out non-human traffic while ensuring that human victims can still access malicious content.
Organisations should focus on detection and mitigation strategies. This includes monitoring for suspicious activity, analysing shortened links, and refining detection methods for CAPTCHA and geolocation abuse.
Contact Periculo for expert cyber security solutions tailored to the digital health industry.