Daily Briefing for 03.19.25

At a glance.

• Maximum severity vulnerability can lead to server bricking.
• Europol warns of partnerships between state-sponsored actors and cybercriminals. 
• Scareware campaign targets Mac users.

Maximum severity vulnerability can lead to server bricking.

A maximum severity vulnerability (CVE-2024-54085) in American Megatrends International's (AMI's) MegaRAC Baseboard Management Controller (BMC) software could allow attackers to hijack and brick vulnerable servers, BleepingComputer reports. MegaRAC BMC is a remote server management tool used by major server vendors, including HPE, Asus, and ASRock. Since these servers are used by many cloud service and data center providers, the vulnerability poses a significant risk to the cloud computing supply chain.

Eclypsium, which discovered the vulnerability, explains, "Vulnerabilities in a component supplier affect many hardware vendors, which can be passed on to many cloud services. As such, these vulnerabilities can pose a risk to servers and hardware that an organization owns directly and the hardware that supports the cloud services. Organizations with large server farms, data centers, cloud & hosting providers, hyper-scaler environments, and VDI environments are potentially impacted. Fortune 500 companies that host their own data centers are likely affected (due to the large number of top-tier OEM server vendors being impacted)."

Eclypsium adds, "AMI has released patches to its OEM computing manufacturers’ customers. Those vendors must incorporate the fixes into updates and publish notifications to their customers. Note that patching these vulnerabilities is a non-trivial exercise, requiring device downtime."

Europol warns of partnerships between state-sponsored actors and cybercriminals.

Europol has published a report on organized crime, warning of an increase in cooperation between cybercriminals and state-sponsored threat actors. The report states, "Hybrid threat actors cooperate with criminal actors for mutual benefit, leveraging each other’s resources, expertise, and protection to achieve their objectives. Financial gain is one of the primary motivations for criminals cooperating with hybrid threat actors, but the relationship is more complex and extends beyond just financial profit." Europol explains that this cooperation "allows these states to deny direct involvement by outsourcing certain crimes such as cyber-attacks, disinformation campaigns or even money laundering to criminal networks, making attribution difficult. The outsourcing to multiple networks or actors might also be cost effective for state actors as criminal networks already have infrastructure in place and often have a global reach."

Scareware campaign targets Mac users.

A scareware phishing campaign has shifted from targeting Windows to focusing on Mac users, according to LayerX. The campaign initially used phony Microsoft security alerts to trick Windows users into handing over their credentials, but began targeting Safari users following the rollout of new anti-scareware features in Microsoft, Chrome, and Firefox browsers. The phishing sites inform the user that their computer has been locked due to a malware infection, telling them to enter their credentials and call a phone number for tech support.