Summary: EstateRansomware, a new ransomware gang, is exploiting a Veeam vulnerability to deploy file-encrypting malware and extort payments from victims.

Threat Actor: EstateRansomware | EstateRansomware Victim: Veeam users | Veeam

Key Point :

EstateRansomware is exploiting a Veeam vulnerability (CVE-2023-27532) that was patched more than a year ago to deploy LockBit variant ransomware.…
Read More

Summary: Multiple threat actors are exploiting the PHP vulnerability CVE-2024-4577 to deliver various malware families, including Gh0st RAT, RedTail cryptominers, and XMRig.

Threat Actor: Multiple threat actors are exploiting the PHP vulnerability CVE-2024-4577.

Victim: No specific victim mentioned.

Key Point:

The PHP vulnerability CVE-2024-4577 allows threat actors to execute arbitrary code on remote PHP servers through an argument injection attack, leading to the takeover of vulnerable servers.…
Read More

by Haifei Li

Introduction and Background

Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution. Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL.…

Read More
EXECUTIVE SUMMARY

In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors of sophisticated threat actors and measures the potential dwell time actors have on a network, providing a realistic assessment of the organization’s security posture.…

Read More

Summary: GitLab has issued a security update to address a critical vulnerability that allows attackers to run pipeline jobs as any other user, impacting all GitLab CE/EE versions from 15.8 to 17.1.2.

Threat Actor: Unknown | Unknown Victim: GitLab | GitLab

Key Point :

A critical vulnerability in GitLab’s GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user.…
Read More

Summary: This content highlights the latest vulnerabilities and their severity in various Microsoft products, including .NET and Visual Studio, Active Directory Rights Management Services, Azure CycleCloud, and Azure DevOps.

Threat Actor: N/A Victim: N/A

Key Point :

The content provides a list of CVE IDs, titles, and severity levels for vulnerabilities in Microsoft products.…
Read More

Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities catalog.

Threat Actor: N/A Victim: N/A

Key Point :

CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2024-23692, CVE-2024-38080, and CVE-2024-38112. CVE-2024-23692 is a template injection vulnerability in Rejetto HTTP File Server, CVE-2024-38080 is an elevation of privilege vulnerability in Windows Hyper-V, and CVE-2024-38112 is a platform spoofing vulnerability in Microsoft Windows MSHTML.…
Read More

Summary: The content discusses a vulnerability in the RADIUS networking protocol that could allow attackers to bypass user authentication through man-in-the-middle attacks.

Threat Actor: Cybercriminals | Cybercriminals Victim: Users of network devices and services relying on the RADIUS networking protocol | Users of network devices and services relying on the RADIUS networking protocol

Key Point:

A vulnerability in the RADIUS networking protocol allows attackers to bypass user authentication through man-in-the-middle attacks.…
Read More

Summary: Splunk has released security updates to address 16 vulnerabilities, including a critical remote code execution vulnerability, emphasizing the importance of maintaining robust cybersecurity practices in enterprise environments.

Threat Actor: N/A Victim: N/A

Key Point :

Splunk has released security updates to address 16 vulnerabilities across its Splunk Enterprise and Cloud Platform.…
Read More

Summary: The Apache Software Foundation has addressed multiple vulnerabilities in its popular Apache HTTP Server, including denial-of-service, remote code execution, and unauthorized access issues. One of the vulnerabilities is a critical source code disclosure vulnerability.

Threat Actor: N/A

Victim: N/A

Key Point :

The Apache HTTP Server has addressed multiple vulnerabilities, including a critical source code disclosure vulnerability tracked as CVE-2024-39884.…
Read More

Summary: This content discusses the exploitation of a Ghostscript vulnerability that allows threat actors to escape the sandbox and achieve remote code execution.

Threat Actor: Unknown | Ghostscript Victim: Web applications and services using Ghostscript for document conversion and previews | Ghostscript

Key Point :

Threat actors are actively exploiting a Ghostscript vulnerability, CVE-2024-29510, to escape the sandbox and achieve remote code execution.…
Read More
Overview

The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score of 9.8. Labeled as an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability and categorized as CWE-611, this vulnerability allows an attacker unauthorized access to private files, such as those containing passwords.…

Read More

Summary: This content discusses a vulnerability in Ghostscript that could potentially lead to major breaches in the future.

Threat Actor: Ghostscript | Ghostscript Victim: Users of *nix, Windows, MacOS, and various embedded OSes and platforms | Users of *nix, Windows, MacOS, and various embedded OSes and platforms

Key Point:

A vulnerability in Ghostscript, a Postscript and Adobe PDF interpreter, has been discovered and could potentially lead to major breaches.…
Read More

Summary: This content discusses a high-severity vulnerability in Traeger grills that could be exploited by threat actors to control the grills remotely, potentially ruining BBQ cookouts.

Threat Actor: Unknown threat actor | Unknown threat actor Victim: Traeger grill users | Traeger grill users

Key Point :

A security consultant discovered weaknesses in Traeger grills with the Traeger Grill D2 Wi-Fi Controller, allowing remote attackers to control the grills through temperature change controls or shutting them down.…
Read More

Key Takeaways 

Cyble Research and Intelligence Labs (CRIL) recently came across an active campaign exploiting the Microsoft SmartScreen vulnerability (CVE-2024-21412).  

The ongoing campaign targets multiple regions, including Spain, the US, and Australia. 

It employs lures related to healthcare insurance schemes, transportation notices, and tax-related communications to deceive individuals and organizations into downloading malicious payloads onto their machines. …
Read More

Summary: Hackers are exploiting a critical vulnerability in the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software.

Threat Actor: Unknown | HTTP File Server (HFS) Victim: Users of older versions of HFS | HTTP File Server (HFS)

Key Point :

Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software.…
Read More