This article discusses several recent cybersecurity threats, including vulnerabilities in Windows LDAP and Ivanti products, as well as various malware and phishing attacks targeting users and organizations. Affected: Windows, Ivanti, Chrome, Redis
Keypoints :
- Windows LDAP vulnerability (CVE-2024-49113) allows unauthenticated attackers to cause denial of service or information disclosure.
- Ivanti products have a buffer overflow vulnerability (CVE-2025-0282) that can lead to arbitrary code execution.
- Significant increase in cryptocurrency thefts, totaling $494 million in losses.
- Japan’s largest mobile operator experienced service interruptions due to a DDoS attack.
- New Eagerbee malware targets Middle Eastern government agencies and ISPs.
- LegionLoader malware abuses Chrome extensions to distribute various malicious software.
- Redis servers are at risk due to two severe RCE vulnerabilities (CVE-2024-51741, CVE-2024-46981).
- Phishing emails impersonating the Social Security Administration contain links to install ConnectWise RAT.
- Cybersecurity firms report Chrome extensions being hijacked to steal user data.
MITRE Techniques :
- T1071.001 – Application Layer Protocol: Attackers exploit the Windows LDAP vulnerability to send crafted DCE/RPC calls.
- T1203 – Exploitation for Client Execution: Exploitation of buffer overflow in Ivanti products leads to arbitrary code execution.
- T1070.001 – Indicator Removal on Host: Malicious software like LegionLoader may attempt to hide its presence.
- T1203 – Exploitation for Client Execution: Eagerbee malware exploits vulnerabilities in targeted organizations.
- T1499 – Endpoint Denial of Service: DDoS attacks against NTT Docomo result in service interruptions.
Full Research: https://blog.nsfocus.net/2025-01-06-2025-01-12/