Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: EstateRansomware, a new ransomware gang, is exploiting a Veeam vulnerability to deploy file-encrypting malware and extort payments from victims.
Threat Actor: EstateRansomware | EstateRansomware Victim: Veeam users | Veeam
Key Point :
EstateRansomware is exploiting a Veeam vulnerability (CVE-2023-27532) that was patched more than a year ago to deploy LockBit variant ransomware.…Summary: Multiple threat actors are exploiting the PHP vulnerability CVE-2024-4577 to deliver various malware families, including Gh0st RAT, RedTail cryptominers, and XMRig.
Threat Actor: Multiple threat actors are exploiting the PHP vulnerability CVE-2024-4577.
Victim: No specific victim mentioned.
Key Point:
The PHP vulnerability CVE-2024-4577 allows threat actors to execute arbitrary code on remote PHP servers through an argument injection attack, leading to the takeover of vulnerable servers.…by Haifei Li
Introduction and BackgroundCheck Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution. Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL.…
In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors of sophisticated threat actors and measures the potential dwell time actors have on a network, providing a realistic assessment of the organization’s security posture.…
Nefilim is a Ransomware-as-a-Service (RaaS) operation that emerged in March 2020 and is believed to have evolved from the Nemty ransomware family. This attribution is due to the fact that Nefilim arose at the time when Nemty’s operators decided to quit the RaaS business model to concentrate their efforts on more selective attacks with more dedicated resources.…
Summary: A critical vulnerability, CVE-2024-38021, has been discovered in Microsoft Outlook that could lead to data breaches and unauthorized access. The vulnerability is now patched by Microsoft.
Threat Actor: N/A
Victim: Microsoft Outlook
Key Point :
A critical vulnerability, CVE-2024-38021, has been found in Microsoft Outlook.…Summary: GitLab has issued a security update to address a critical vulnerability that allows attackers to run pipeline jobs as any other user, impacting all GitLab CE/EE versions from 15.8 to 17.1.2.
Threat Actor: Unknown | Unknown Victim: GitLab | GitLab
Key Point :
A critical vulnerability in GitLab’s GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user.…Summary: VMware has addressed a high-severity SQL-injection vulnerability in its Aria Automation solution, which could allow an authenticated malicious user to perform unauthorized read/write operations in the database.
Threat Actor: N/A
Victim: VMware
Key Point :
The SQL-injection vulnerability, tracked as CVE-2024-22280, affects VMware Aria Automation version 8.x…Summary: This content highlights the latest vulnerabilities and their severity in various Microsoft products, including .NET and Visual Studio, Active Directory Rights Management Services, Azure CycleCloud, and Azure DevOps.
Threat Actor: N/A Victim: N/A
Key Point :
The content provides a list of CVE IDs, titles, and severity levels for vulnerabilities in Microsoft products.…was the target of a U.S.-led law enforcement operation in December 2023. Although Noberus attempted to reestablish itself in the following weeks, it eventually closed in March 2024, citing the impact of the law enforcement operation, amid reports of a falling out with many of its affiliates.…
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities catalog.
Threat Actor: N/A Victim: N/A
Key Point :
CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2024-23692, CVE-2024-38080, and CVE-2024-38112. CVE-2024-23692 is a template injection vulnerability in Rejetto HTTP File Server, CVE-2024-38080 is an elevation of privilege vulnerability in Windows Hyper-V, and CVE-2024-38112 is a platform spoofing vulnerability in Microsoft Windows MSHTML.…Summary: The content discusses a vulnerability in the RADIUS networking protocol that could allow attackers to bypass user authentication through man-in-the-middle attacks.
Threat Actor: Cybercriminals | Cybercriminals Victim: Users of network devices and services relying on the RADIUS networking protocol | Users of network devices and services relying on the RADIUS networking protocol
Key Point:
A vulnerability in the RADIUS networking protocol allows attackers to bypass user authentication through man-in-the-middle attacks.…Summary: Splunk has released security updates to address 16 vulnerabilities, including a critical remote code execution vulnerability, emphasizing the importance of maintaining robust cybersecurity practices in enterprise environments.
Threat Actor: N/A Victim: N/A
Key Point :
Splunk has released security updates to address 16 vulnerabilities across its Splunk Enterprise and Cloud Platform.…Summary: The Apache Software Foundation has addressed multiple vulnerabilities in its popular Apache HTTP Server, including denial-of-service, remote code execution, and unauthorized access issues. One of the vulnerabilities is a critical source code disclosure vulnerability.
Threat Actor: N/A
Victim: N/A
Key Point :
The Apache HTTP Server has addressed multiple vulnerabilities, including a critical source code disclosure vulnerability tracked as CVE-2024-39884.…Summary: This content discusses the exploitation of a Ghostscript vulnerability that allows threat actors to escape the sandbox and achieve remote code execution.
Threat Actor: Unknown | Ghostscript Victim: Web applications and services using Ghostscript for document conversion and previews | Ghostscript
Key Point :
Threat actors are actively exploiting a Ghostscript vulnerability, CVE-2024-29510, to escape the sandbox and achieve remote code execution.…The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score of 9.8. Labeled as an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability and categorized as CWE-611, this vulnerability allows an attacker unauthorized access to private files, such as those containing passwords.…
Summary: This content discusses a vulnerability in Ghostscript that could potentially lead to major breaches in the future.
Threat Actor: Ghostscript | Ghostscript Victim: Users of *nix, Windows, MacOS, and various embedded OSes and platforms | Users of *nix, Windows, MacOS, and various embedded OSes and platforms
Key Point:
A vulnerability in Ghostscript, a Postscript and Adobe PDF interpreter, has been discovered and could potentially lead to major breaches.…Summary: This content discusses a high-severity vulnerability in Traeger grills that could be exploited by threat actors to control the grills remotely, potentially ruining BBQ cookouts.
Threat Actor: Unknown threat actor | Unknown threat actor Victim: Traeger grill users | Traeger grill users
Key Point :
A security consultant discovered weaknesses in Traeger grills with the Traeger Grill D2 Wi-Fi Controller, allowing remote attackers to control the grills through temperature change controls or shutting them down.…Summary: Hackers are exploiting a critical vulnerability in the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software.
Threat Actor: Unknown | HTTP File Server (HFS) Victim: Users of older versions of HFS | HTTP File Server (HFS)
Key Point :
Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software.…