2024-06-30

Introduction

A few days ago, we came across a peculiar file. It looked like some kind of builder, and a quick glance at the settings piqued our interest. It appeared to be a ShadowPad builder, probably created around 2021.

ShadowPad builders became a topic of conversation around the time of the i-Soon leak, but we had never seen the actual builder ourselves.…

Read More

Summary: A popular dependency manager for Apple apps, CocoaPods, has been found to have serious vulnerabilities, making it a prime target for hackers.

Threat Actor: Hackers targeting the CocoaPods platform.

Victim: Apple app developers using the CocoaPods platform.

Key Point:

CocoaPods is a widely used platform by Apple app developers to add and manage external libraries.…
Read More

Summary: Fake IT support sites are promoting malicious PowerShell “fixes” for the 0x80070643 error on Windows devices, infecting them with information-stealing malware.

Threat Actor: Unknown | Unknown Victim: Windows users | Windows users

Key Point :

Fake IT support sites are promoting malicious PowerShell “fixes” for the 0x80070643 error on Windows devices.…
Read More

Summary: The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems, which allows unauthenticated remote code execution as root and presents a significant security risk.

Threat Actor: N/A

Victim: OpenSSH server instances

Key Point:

The vulnerability is a signal handler race condition in OpenSSH’s server (sshd) that affects sshd in its default configuration.…
Read More

Summary: This article discusses multiple critical vulnerabilities in Emerson devices that expose them to cyberattacks.

Threat Actor: N/A Victim: Emerson devices

Key Point :

Multiple critical vulnerabilities have been discovered in Emerson devices, putting them at risk of cyberattacks.

Endpoint Security , Governance & Risk Management , Internet of Things Security

Critical-Severity Flaws Expose Emerson Devices to Cyberattacks Prajeet Nair (@prajeetspeaks) • June 28, 2024    

Image: Shutterstock

Multiple critical vulnerabilities in Emerson gas chromatographs could allow malicious actors access to sensitive data, cause denial-of-service conditions and execute arbitrary commands.…

Read More

Summary: Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.

Threat Actor: N/A

Victim: Juniper Networks

Key Point :

Juniper Networks has released an emergency update to address an authentication bypass vulnerability in their Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.…
Read More

We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner.

SummaryWater Sigbin continues to exploit CVE-2017-3506 and CVE-2023-21839 to deploy  cryptocurrency miners via a PowerShell script. The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware code to run solely in memory and avoid disk-based detection mechanisms.…
Read More

Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three known exploited vulnerabilities to its catalog, including a code injection flaw in GeoServer and a use-after-free vulnerability in the Linux Kernel.

Threat Actor: N/A Victim: N/A

Key Point :

The GeoServer flaw (CVE-2022-24816) allows for remote code execution through code injection in the Jai-Ext open source project.…
Read More

Summary: This content discusses the unpatchable vulnerabilities found in temperature monitors made by Proges Plus and used in hospitals.

Threat Actor: No specific threat actor mentioned. Victim: Hospitals using temperature monitors made by Proges Plus.

Key Point :

Researchers have discovered unpatchable vulnerabilities in temperature monitors made by Proges Plus and used in hospitals.…
Read More

Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High

Spyware is malicious software engineered to covertly monitor and gather information from a user’s computer without their awareness or consent. It can record activities like keystrokes, browsing behavior, and personal information, often transmitting this data to a third party for espionage or theft.…

Read More

Summary: This content discusses a critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) and the availability of a proof-of-concept exploit online.

Threat Actor: N/A

Victim: Enterprise admins using Fortra FileCatalyst Workflow

Key Point:

A critical SQL injection vulnerability (CVE-2024-5276) has been discovered in the Workflow component of Fortra FileCatalyst.…
Read More

Summary: This content discusses multiple vulnerabilities in ADOdb, a PHP database abstraction layer library, and emphasizes the importance of updating the library to mitigate potential security risks.

Threat Actor: N/A

Victim: N/A

Key Point :

Multiple vulnerabilities have been addressed in ADOdb, including SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses.…
Read More

Summary: This content discusses a vulnerability in a vendor’s product and provides a business recommendation for addressing the issue.

Threat Actor: N/A

Victim: N/A

Key Point :

The vendor, Siemens, is a technology company focused on industry, infrastructure, transport, and healthcare. SEC Consult recommends installing a patch provided by the vendor and conducting a thorough security review of the product.…
Read More

Summary: Apple has released a firmware update for AirPods to address an authentication issue that could allow unauthorized access to the headphones, potentially enabling eavesdropping on private conversations.

Threat Actor: N/A

Victim: AirPods users

Key Point :

An authentication issue in AirPods could allow a malicious actor to gain unauthorized access to the headphones.…
Read More