Tag: CVE

“`html

Short Summary: The BlackBerry Threat Research and Intelligence team has identified a new campaign by the nation-state threat actor SideWinder, targeting maritime facilities in the Indian Ocean and Mediterranean Sea. The campaign utilizes upgraded infrastructure and tactics, focusing on espionage and intelligence gathering, particularly against countries like Pakistan, Egypt, and Sri Lanka.…
Read More

“`html Short Summary:

This article discusses a cybersecurity incident involving two medical organizations that were tricked into downloading a malicious version of a DICOM viewer, a software used for viewing medical images. The Huntress Security Operations Center (SOC) detected suspicious SSH activity linked to the malicious installer, which was a cloned version of the legitimate software.…

Read More

Threat Actor: Unknown | unknown Victim: ServiceNow Users | ServiceNow Users Price: N/A Exfiltrated Data Type: Database credentials, usernames, and metadata

Key Points :

Three critical vulnerabilities (CVE-2024-4879, CVE-2024-5217, CVE-2024-5178) disclosed by ServiceNow allow unauthenticated remote code execution. Active exploitation attempts detected, primarily targeting finance and government sectors.…
Read More

The U.S. Federal Bureau of Investigation (FBI) and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju:

The RGB 3rd Bureau includes a DPRK (aka North Korean) state-sponsored cyber group known publicly as Andariel, Onyx Sleet (formerly PLUTONIUM), DarkSeoul, Silent Chollima, and Stonefly/Clasiopa.…

Read More

Summary: A security vulnerability in certain versions of Docker Engine allows attackers to bypass authorization plugins, potentially leading to unauthorized actions and privilege escalation. Although the likelihood of exploitation is low, affected users are advised to update to patched versions or implement mitigation strategies.

Threat Actor: Unknown | unknown Victim: Docker Engine Users | docker engine users

Key Point :

Vulnerability allows bypass of authorization plugins using a specially crafted API request.…
Read More

Summary: The SonicWall 2024 Mid-Year Cyber Threat Report reveals a significant surge in malware-based threats, with a 30% increase in the first half of 2024 compared to the previous year, alongside a notable rise in IoT attacks and ransomware incidents. The report highlights the sophistication of malware techniques, particularly in evading defenses and targeting vulnerabilities in IoT devices.…

Read More

Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting the active exploitation of these vulnerabilities in the wild. The vulnerabilities, CVE-2012-4792 and CVE-2024-39891, pose significant risks to federal agencies and other organizations.

Threat Actor: Malicious Cyber Actors | malicious cyber actors Victim: Federal Civilian Executive Branch Agencies | federal civilian executive branch agencies

Key Point :

CISA has identified CVE-2012-4792 (Microsoft Internet Explorer) and CVE-2024-39891 (Twilio Authy) as actively exploited vulnerabilities.…
Read More

On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet. Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking activity associated with Onyx Sleet. We will continue to closely monitor Onyx Sleet’s activity to assess changes following the indictment.…

Read More

Category: Adversary Intelligence

Industry:  Multiple

Motivation: Financial

Region:  Global

Source*:

B – Usually Reliable 

2 – Possibly true

Executive Summary

This report investigates a significant supply chain attack targeting IT service provider BORN Group. The threat actor, Intelbroker, exploited CVE-2024-23897 to breach BORN Group’s systems, exfiltrating sensitive data from multiple clients.…

Read More

nphplpgoakhhjchkkhmiggakijnkhfnd

apbldaphppcdfbdnnogdikheafliigcf

fldfpgipfncgndfolcbkdeeknbbbnhcc

ckdjpkejmlgmanmmdfeimelghmdfeobe

omaabbefbmiijedngplfjmnooppbclkk

iodngkohgeogpicpibpnaofoeifknfdo

afbcbjpbpfadlkmhmclhkeeodmamcflc

hnefghmjgbmpkjjfhefnenfnejdjneog

lodccjjbdhfakaekdiahmedfbieldgik

fpcamiejgfmmhnhbcafmnefbijblinff

hcflpincpppdclinealmandijcmnkbgn

egdddjbjlcjckiejbbaneobkpgnmpknp

bcopgchhojmggmffilplmbdicgaihlkp

nihlebdlccjjdejgocpogfpheakkpodb

fhmfendgdocmcbmfikdcogofphimnkno

ilbibkgkmlkhgnpgflcjdfefbkpehoom

kpfopkelmapcoipemfendmdcghnegimn

oiaanamcepbccmdfckijjolhlkfocbgj

fhbohimaelbohpjbbldcngcnapndodjp

ldpmmllpgnfdjkmhcficcifgoeopnodc

cnmamaachppnkjgnildpdmkaakejnhae

mbcafoimmibpjgdjboacfhkijdkmjocd

nlbmnnijcnlegkjjpcfjclmcfggfefdm

jbdpelninpfbopdfbppfopcmoepikkgk

amkmjjmmflddogmhpjloimipbofnfjih

onapnnfmpjmbmdcipllnjmjdjfonfjdm

cphhlgmgameodnhkjdmkpanlelnlohao

cfdldlejlcgbgollnbonjgladpgeogab

kncchdigobghenbbaddojjnnaogfppfj

ablbagjepecncofimgjmdpnhnfjiecfm

jojhfeoedkpkglbfimdfabpdfjaoolaf

fdfigkbdjmhpdgffnbdbicdmimfikfig

ffnbelfdoeiohenkjibnmadjiehjhajb

njojblnpemjkgkchnpbfllpofaphbokk

pdgbckgdncnhihllonhnjbdoighgpimk

hjagdglgahihloifacmhaigjnkobnnih

ookjlbkiijinhpmnjffcofjonbfbgaoc

pnlccmojcmeohlpggmfnbbiapkmbliob

mnfifefkajgofkcjkemidiaecocnkjeh

ljfpcifpgbbchoddpjefaipoiigpdmag

flpiciilemghbmfalicajoolhkkenfel

bhghoamapcdpbohphigoooaddinpkbai

jfdlamikmbghhapbgfoogdffldioobgl

gaedmjdfmmahhbjefcbgaolhhanlaolb

nkbihfbeogaeaoehlefnkodbefgpgknn

imloifkgjagghnncjkhggdhalmcnfklk

aiifbnbfobpmeekipheeijimdpnlpgpp

oeljdldpnmdbchonielidgobddffflal

aeachknmefphepccionboohckonoeemg

ilgcnhelpchnceeipipijaljkblbcobl

hpglfhgfnhbgpjdenjgmdgoeiappafln

nngceckbapebfimnlniiiahkandclblb

nknhiehlklippafakaeklbeglecifhad

oboonakemofpalcgghocfoadofidjkkk

dmkamcknogkgcdfhhbddcghachkejeap

fdjamakpfbbddfjaooikfcpapjohcfmg

jnmbobjmhlngoefaiojfljckilhhlhcj

fooolghllnmhmmndgjiamiiodkpenpbb

klnaejjgbibmhlephnhpmaofohgkpgkd

bfogiafebfohielmmehodmfbbebbbpei

ibnejdfjmmkpcnlpebklmnkoeoihofec

lfochlioelphaglamdcakfjemolpichk

ejbalbakoplchlghecdalmeeeajnimhm

hdokiejnpimakedhajhdlcegeplioahd

kjmoohlgokccodicjjfebfomlbljgfhk

naepdomgkenhinolocfifgehidddafch

fnjhmkhhmkbjkkabndcnnogagogbneec

bmikpgodpkclnkgmnpphehdgcimmided

nhnkbkgjikgcigadomkphalanndcapjk

nofkfblpeailgignhkbnapbephdnmbmn

hnfanknocfeofbddgcijnmhnfnkdnaad

jhfjfclepacoldmjmkmdlmganfaalklb

cihmoadaighcejopammfbmddcmdekcje

chgfefjpcobfbnpmiokfjjaglahmnded

bfnaelmomeimhlpmgjnjophhpkkoljpa

igkpcodhieompeloncfnbekccinhapdb

djclckkglechooblngghdinmeemkbgci

cfhdojbkjhnklbpkdaibdccddilifddb

jiidiaalihmmhddjgbnbgdfflelocpak

kmmkllgcgpldbblpnhghdojehhfafhro

lgmpcpglpngdoalbgeoldeajfclnhafa

ibegklajigjlbljkhfpenpfoadebkokl

egjidjbpglichdcondbcbdnbeeppgdph

ijpdbdidkomoophdnnnfoancpbbmpfcn

flhbololhdbnkpnnocoifnopcapiekdi

llalnijpibhkmpdamakhgmcagghgmjab

kkhmbjifakpikpapdiaepgkdephjgnma

mjdmgoiobnbombmnbbdllfncjcmopfnc

ekkhlihjnlmjenikbgmhgjkknoelfped

dlcobpjiigpikoobohmabehhmhfoodbb

jngbikilcgcnfdbmnmnmnleeomffciml

jnlgamecbpmbajjfhmmmlhejkemejdma

hcjginnbdlkdnnahogchmeidnmfckjom

kbdcddcmgoplfockflacnnefaehaiocb

ogphgbfmhodmnmpnaadpbdadldbnmjji

kgdijkcfiglijhaglibaidbipiejjfdp

hhmkpbimapjpajpicehcnmhdgagpfmjc

epapihdplajcdnnkdeiahlgigofloibg

ojhpaddibjnpiefjkbhkfiaedepjheca

mgffkfbidihjpoaomajlbgchddlicgpn

fmhjnpmdlhokfidldlglfhkkfhjdmhgl

ebfidpplhabeedpnhjnobghokpiioolj

gjhohodkpobnogbepojmopnaninookhj

dngmlblcodfobpdpecaadgfbcggfjfnm

hmglflngjlhgibbmcedpdabjmcmboamo

ldinpeekobnhjjdofggfgjlcehhmanlj

eklfjjkfpbnioclagjlmklgkcfmgmbpg

mdjmfdffdcmnoblignmgpommbefadffd

jbkfoedolllekgbhcbcoahefnbanhhlh

aflkmfhebedbjioipglgcbcmnbpgliof

mcohilncbfahbmgdjkbpemcciiolgcge

dmjmllblpcbmniokccdoaiahcdajdjof

jbdaocneiiinmjbjlgalhcelgbejmnid

lnnnmfcpbkafcpgdilckhmhbkkbpkmid

blnieiiffboillknjnepogjhkgnoapac

odpnjmimokcmjgojhnhfcnalnegdjmdn

cjelfplplebdjjenllpjcblmjkfcffne

bopcbmipnjdcdfflfgjdgdjejmgpoaab

fihkakfobkmkjojpchpfgcmhfjnmnfpi

cpmkedoipcpimgecpmgpldfpohjplkpp

kkpllkodjeloidieedojogacfhpaihoh

khpkpbbcccdmmclmpigdgddabeilkdpd

nanjmdknhkinifnkgdcggcfnhdaammmj

mcbigmjiafegjnnogedioegffbooigli

nkddgncdjgjfcddamfgcmfnlhccnimig

fiikommddbeccaoicoejoniammnalkfa

acmacodkjbdgmoleebolmdjonilkdbch

heefohaffomkkkphnlpohglngmbcclhi

phkbamefinggmakgklpkljjmgibohnba

ocjdpmoallmgmjbbogfiiaofphbjgchh

efbglgofoippbgcjepnhiblaibcnclgk

hmeobnfnfcmdkdcmlblgagmfpfboieaf

lpfcbjknijpeeillifnkikgncikgfhdo

kfdniefadaanbjodldohaedphafoffoh

ejjladinnckdgjemekebdpeokbikhfci

kmhcihpebfmpgmihbkipmjlmmioameka

opcgpfmipidbgpenhmajoajpbobppdil

gafhhkghbfjjkeiendhlofajokpaflmk

aholpfdialjgjfhomihkjbmgjidlcdno

kglcipoddmbniebnibibkghfijekllbl

onhogfjeacnfoofkfgppdlbmlmnplgbn

iokeahhehimjnekafflcihljlcjccdbe

mopnmbcafieddcagagdcbnhejhlodfdd

idnnbdplmphpflfnlkomgpfbpcgelopg

fijngjgcjhjmmpcmkeiomlglpeiijkld

kmphdnilpmdejikjdnlbcnmnabepfgkh

hifafgmccdpekplomjjkcfgodnhcellj

cgeeodpfagjceefieflmdfphplkenlfk

ijmpgkjfkbfhoebgogflfebnmejmfbm

pdadjkfkgcafgbceimcpbkalnfnepbnk

lkcjlnjfpbikmcmbachjpdbijejflpcm

odbfpeeihdkbihmopkbjmoonfanlbfcl

onofpnbbkehpmmoabgpcpmigafmmnjh

fhilaheimglignddkjgofkcbgekhenbh

dkdedlpgdmmkkfjabffeganieamfklkm

aodkkagnadcbobfpggfnjeongemjbjca

nlgbhdfgdhgbiamfdfmbikcdghidoadd

dngmlblcodfobpdpecaadgfbcggfjfnm

infeboajgfhgbjpjbeppbkgnabfdkdaf

lpilbniiabackdjcionkobglmddfbcjo

ppbibelpcjmhbdihakflkdcoccbgbkpo

bhhhlbepdkbapadjdnnojkbgioiodbic

klghhnkeealcohjjanjjdaeeggmfmlpl

jnkelfanjkeadonecabehalmbgpfodjm

enabgbdfcbaehmbigakijjabdpdnimlg

jgaaimajipbpdogpdglhaphldakikgef

mmmjbcfofconkannjonfmjjajpllddbg

kppfdiipphfccemcignhifpjkapfbihd

bifidjkcdpgfnlbcjpdkdcnbiooooblg

loinekcabhlmhjjbocijdoimmejangoa

nebnhfamliijlghikdgcigoebonmoibm

anokgmphncpekkhclmingpimjmcooifb

fcfcfllfndlomdhbehjjcoimbgofdncg

cnncmdhjacpkmjmkcafchppbnpnhdmon

ojggmchlghnjlapmfbnjholfjkiidbch

mkpegjkblkkefacfnmkajcjmabijhclg

MITRE ATT&CK TTPs – created by AI

Initial Access – T1078 Execution – T1203 Persistence – T1547 Privilege Escalation – T1068 Defense Evasion – T1218 Credential Access – T1003 Discovery – T1087 Command and Control – T1071 Exfiltration – T1041 Impact – T1485

Source: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed…

Read More

Summary: Canonical has released security updates for the Linux kernel addressing multiple vulnerabilities in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM, particularly for Microsoft Azure Cloud systems. These vulnerabilities could lead to denial of service, exposure of sensitive information, or arbitrary code execution.

Threat Actor: Unknown | unknown Victim: Canonical | Canonical

Key Point :

Multiple vulnerabilities were patched, including CVE-2021-33631 and CVE-2023-6270, both rated as high severity.…
Read More

Summary: A recently discovered vulnerability (CVE-2024-36991) in Splunk Enterprise on Windows poses a significant risk, allowing unauthorized access to sensitive files without prior authentication. SonicWall’s researchers emphasize the urgency for affected organizations to apply patches or disable the vulnerable component to mitigate risks.

Threat Actor: Unknown | unknown Victim: Splunk Enterprise | Splunk Enterprise

Key Point :

CVE-2024-36991 is a path traversal vulnerability that allows attackers to access files outside the restricted directory.…
Read More

Summary: SolarWinds has addressed eight critical vulnerabilities in its Access Rights Manager software, including six that allowed remote code execution (RCE) by attackers. The company has yet to confirm if any of these flaws have been exploited in the wild.

Threat Actor: APT29 | APT29 Victim: SolarWinds | SolarWinds

Key Point :

Six RCE vulnerabilities (CVE-2024-23469, CVE-2024-23466, CVE-2024-23467, CVE-2024-28074, CVE-2024-23471, CVE-2024-23470) rated 9.6/10 severity allow attackers to execute code on vulnerable systems.…
Read More