Skip to main content
News

According to the latest Broadcom Threat Bulletin, several alarming threats are emerging in the cybersecurity landscape that deserve attention

By May 22, 2024No Comments

Europol, the European Union’s law enforcement agency, has confirmed a breach of its Europol Platform for Experts (EPE) web portal. A threat actor claims to have stolen documents containing classified data from this platform. The EPE is an online platform used by law enforcement experts to share knowledge, best practices, and non-personal data on crime.

According to the latest Broadcom Threat Bulletin, several alarming threats are emerging in the cybersecurity landscape that deserve attention

Europol Web Portal Breached, Data Offered for Sale

Europol, the European Union’s law enforcement agency, has confirmed a breach of its Europol Platform for Experts (EPE) web portal. A threat actor claims to have stolen documents containing classified data from this platform. The EPE is an online platform used by law enforcement experts to share knowledge, best practices, and non-personal data on crime. Europol stated that they are assessing the situation, emphasizing that the incident involves a closed user group on the EPE and that no operational information or core systems of Europol have been compromised. Despite these reassurances, the breach has led to the leak of personnel records of Europol’s executive director and other senior officials. The threat actor asserts that the stolen files, marked For Official Use Only (FOUO), include data on alliance employees, source code, PDFs, and recon guidelines. They also claim to have accessed various EPE communities, including EC3 SPACE, and the SIRIUS platform, which is used by authorities from 47 countries for accessing cross-border electronic evidence. The stolen data is being offered for sale without a fixed price, with payment requested in Monero (XMR).

Google Patches Another Actively Exploited Chrome Zero-Day

Google has issued updates to address a critical zero-day vulnerability in its Chrome web browser. The high-severity vulnerability, identified as CVE-2024-4671, is described as a use-after-free flaw in the Visuals component, which handles rendering and displaying content in the browser. Exploiting such vulnerabilities can lead to a range of outcomes, from crashes to arbitrary code execution. Google acknowledged that an exploit for this vulnerability exists in the wild but did not disclose further details about how it is being used in attacks. The issue has been resolved in Chrome versions 124.0.6367.201/.202 for Mac and Windows, and 124.0.6367.201 for Linux. Fixes for users of the Extended Stable channel are also available in version 124.0.6367.201 for Mac and Windows. This marks the fifth zero-day vulnerability Google has addressed in Chrome this year, underlining the persistent threats faced by widely used software.

Google Patches Another Actively Exploited Chrome Zero-Day

Google has issued updates to address a critical zero-day vulnerability in its Chrome web browser, identified as CVE-2024-4671, a use-after-free flaw in the Visuals component. Exploiting this can lead to crashes or arbitrary code execution. Google acknowledged that an exploit for this vulnerability exists in the wild but did not disclose further details about how it is being used in attacks. The issue is resolved in Chrome versions 124.0.6367.201/.202 for Mac and Windows, and 124.0.6367.201 for Linux, with fixes also available for the Extended Stable channel. This marks the fifth zero-day vulnerability Google has addressed in Chrome this year.

Malicious Fork of Requests Library Pulled from PyPI

A malicious version of the popular Python requests library was discovered and subsequently removed from the official PyPI repository. The compromised version, named requests-darwin-lite, was a fork of the legitimate requests library but included malicious code specifically targeting macOS users. This version would proceed with its malicious activities only if the UUID of the compromised computer matched a specific value. If matched, the code extracted a large Go language binary from a PNG file disguised as the requests library logo. The normal logo PNG is around 300 KB, but the malicious version was 17 MB, containing the payload. This payload was a copy of the Silver command-and-control framework, which, although intended for security testing, is often misused for malicious purposes. Before being pulled from PyPI, this malicious library was downloaded 417 times, highlighting the risks of supply chain attacks in software development.

These incidents underscore the critical importance of maintaining robust cybersecurity measures, staying informed about potential threats in the digital landscape, and taking proactive actions.