Summary: Positive Technologies researchers have discovered a cybercrime gang called ExCobalt that targeted Russian organizations with a new Golang-based backdoor known as GoRed, believed to be linked to the Cobalt Gang.

Threat Actor: ExCobalt | ExCobalt Victim: Russian organizations | Russian organizations

Key Point :

The ExCobalt group has been active since at least 2016 and targeted various sectors including metallurgy, telecommunications, mining, information technology, government, and software development.…
Read More
Intro – What is Prototype Pollution?

Prototype Pollution is a JavaScript vulnerability where it’s possible for an attacker to control unexpected variables in JavaScript, which on the client-side can lead to Cross-Site Scripting, and on the server-side lead to Remote Code Execution. 

It is caused by ‘JavaScript Weirdness’, specifically in the declaration and setting of variable names, and is exploitable because of further JavaScript weirdness with weak typing, where it’s possible to have various undeclared variables in code that can be controlled by Prototype Pollution. …

Read More

Since web servers are externally exposed to provide web services to all available users, they have been major targets for threat actors since the past. AhnLab SEcurity Intelligence Center (ASEC) is monitoring attacks against vulnerable web servers that have unpatched vulnerabilities or are being poorly managed, and is sharing the attack cases that have been confirmed through its ASEC Blog.…

Read More

Summary: A vulnerability called “CosmicSting” in Adobe Commerce and Magento websites is leaving millions of sites at risk of XML external entity injection (XXE) and remote code execution (RCE) attacks.

Threat Actor: CosmicSting | CosmicSting Victim: Adobe Commerce and Magento websites | Adobe Commerce and Magento websites

Key Point :

A vulnerability named “CosmicSting” in Adobe Commerce and Magento websites remains unpatched, leaving millions of sites vulnerable to XXE and RCE attacks.…
Read More

Summary: The Atlassian June 2024 Security Bulletin addressed multiple high-severity vulnerabilities in their Confluence, Crucible, and Jira products.

Threat Actor: None identified.

Victim: Atlassian.

Key Point :

The Atlassian June 2024 Security Bulletin addressed nine high-severity vulnerabilities in Confluence, Crucible, and Jira products. The most severe vulnerability was an improper authorization dependency in Confluence Data Center and Server, which received a CVSS score of 8.2.…
Read More

This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.

Introduction

Perimeter devices such as firewalls, virtual private networks (VPNs), and intrusion prevention systems (IPS), have long been the target of adversarial actors attempting to gain access to internal networks.…

Read More
Overview 

The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Windows-based PHP servers used in CGI mode. Identified as CVE-2024-4577 and given a CVSSv3 score of 9.8, the vulnerability is more severe than it initially appears. Labeled as an argument injection vulnerability and categorized as CWE-78 – Improper Neutralization of Special Elements used in an OS Command – this vulnerability allows an attacker to read/modify/execute any file on the system, take control and compromise affected servers. …

Read More

Summary: There is a critical vulnerability in the command line program wget, which has a CVSS Base Score of 10.0. CERT-Bund warns of the vulnerability, which is contained in wget versions <=1.24.5.

Threat Actor: Unspecified threat actor | wget Victim: Users of wget under Linux or Windows | wget

Key Point :

A critical vulnerability (CVE-2024-38428) has been discovered in the command line program wget, which allows an attacker to carry out an unspecified attack.…
Read More

Summary: Cyber espionage groups associated with China have been conducting a long-running campaign targeting telecom operators in an Asian country, infiltrating their networks and attempting to steal credentials.

Threat Actor: Chinese Cyber Espionage | Chinese Cyber Espionage Victim: Telecom operators in an Asian country | telecom operators in an Asian country

Key Point :

Cyber espionage groups associated with China have been conducting a long-running campaign targeting telecom operators in an Asian country.…
Read More

Summary: Google has released a security update for Chrome 126, addressing several vulnerabilities including a high-severity type confusion issue in the V8 script engine.

Threat Actor: N/A

Victim: N/A

Key Point :

The security update for Chrome 126 addresses a high-severity type confusion issue in the V8 script engine, reported by Seunghyun Lee during the SSD Secure Disclosure’s TyphoonPWN 2024.…
Read More

Summary: This content discusses the investigation into UNC3886, a suspected China-nexus cyberespionage group targeting strategic global organizations.

Threat Actor: UNC3886 | UNC3886 Victim: Strategic global organizations | strategic global organizations

Key Point :

UNC3886 demonstrated sophisticated and cautious approaches by employing multiple layers of persistence across network devices, hypervisors, and virtual machines to maintain long-term access.…
Read More

Summary: This content discusses a vulnerability in RAD Data Communications’ SecFlow-2 equipment that allows remote attackers to perform path traversal and obtain files from the operating system.

Threat Actor: RAD Data Communications | RAD Data Communications Victim: Users of RAD Data Communications’ SecFlow-2 equipment | RAD Data Communications

Key Point :

The vulnerability, known as CVE-2019-6268, has a CVSS v4 score of 8.7 and allows attackers to exploit the path traversal vulnerability remotely with low attack complexity.…
Read More

Summary: The content discusses the alarming increase in vulnerabilities across all enterprise software categories and emphasizes the need for alternative approaches to vulnerability monitoring due to delays in associating Common Vulnerabilities and Exposures (CVE) identifiers with Common Platform Enumeration (CPE) data.

Threat Actor: N/A Victim: N/A

Key Point :

Action1 researchers found a significant rise in the total number of vulnerabilities in enterprise software.…
Read More

Summary: Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances.

Threat Actor: Malicious actors | malicious actors Victim: Mailcow open-source mail server suite | Mailcow open-source mail server suite

Key Point :

A path traversal vulnerability impacting a function named “rspamd_maps()” that could result in the execution of arbitrary commands on the server by allowing a threat actor to overwrite any file that can be modified with the “www-data” user.…
Read More