SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories: 

Trojanized RAT builder used to target script kiddies

A trojanized version of the XWorm RAT builder has been delivered to script kiddies and leveraged to steal valuable information from compromised systems. According to CloudSEK, the malware has been distributed through a GitHub repository and file sharing services, and has compromised more than 18,000 devices worldwide. Researchers have discovered a kill switch that allowed them to disrupt the malware’s operations.

India and US sign MOU on cybercrime investigations 

India and the United States have signed a memorandum of understanding (MOU) to boost cooperation in cybercrime investigations. The MOU allows agencies in the two countries to step up cooperation and training in terms of cyber threat intelligence and digital forensics. 

DoJ confirms arrested US Army soldier linked to Snowflake hack

US Attorney Tessa Gorman filed a notice to a Seattle court pointing out the connection between the charges against Cameron John Wagenius, the US Army soldier arrested on December 20, and those against Connor Riley Moucka, a Canadian arrested in October over the Snowflake hacks. This all but confirms that Wagenius was involved in the Snowflake incident along with Moucka and a third suspect, John Binns. 

Accenture invests in QuSecure to protect against quantum threats

Accenture has made a strategic investment in post-quantum cybersecurity firm QuSecure, and through a partnership will offer post-quantum crypto solutions to help government agencies and private sector businesses mitigate emerging quantum risks.

Atlassian, GitLab patch high-severity vulnerabilities

Atlassian and GitLab this week announced patches for multiple high-severity vulnerabilities across their products. Atlassian released fixes for four security defects in third-party dependencies in Bitbucket, Confluence, Crowd, and Jira products, while GitLab resolved one high- and two medium-severity flaws in GitLab Community Edition (CE) and Enterprise Edition (EE).

Chinese threat actor hacks Korean VPN service’s supply chain

A Chinese APT named PlushDaemon compromised the supply chain of a South Korean VPN software developer to replace a legitimate installer with a backdoored one and deploy the SlowStepper implant for Windows. The attack, which occurred in 2023, was likely aimed at information collection, ESET says.

Critical flaws in WordPress plugins for real estate websites

RealHomes Theme and Easy Real Estate Plugin, two popular WordPress plugins tailored to real estate websites, contain critical-severity privilege escalation vulnerabilities that could be exploited without authentication, Patchstack reports. The defect in RealHomes allows any user to create an administrator account, while the Easy Real Estate issue allows attackers to log in to any administrator account if they know the email address.

Critical vulnerability in Meta AI framework

Oligo has disclosed the details of a critical vulnerability discovered in Meta’s LLama AI framework. The flaw, tracked as CVE-2024-50050, can allow an attacker to execute arbitrary code on the llama-stack inference server. Meta quickly patched the vulnerability, but the CVSS score assigned by the social media giant indicates that it’s a ‘medium severity’ issue. 

PayPal to pay $2 million to New York State over cybersecurity practices

PayPal has agreed to pay a $2 million penalty to the state of New York to settle a probe into its cybersecurity practices related to its implementation of changes to make IRS Form 1099-Ks available to more customers. Because untrained personnel implemented the changes and proper procedures were not followed, hackers were able to use compromised credentials to steal sensitive customer data. 

Related: In Other News: Bank of America Warns of Data Breach, Trucking Cybersecurity, Treasury Hack Linked to Silk Typhoon

Related: In Other News: Lawsuits and Settlements, CrowdStrike Phish, MITRE’s D3FEND 1.0