Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
A few days ago, we came across a peculiar file. It looked like some kind of builder, and a quick glance at the settings piqued our interest. It appeared to be a ShadowPad builder, probably created around 2021.
ShadowPad builders became a topic of conversation around the time of the i-Soon leak, but we had never seen the actual builder ourselves.…
Summary: A popular dependency manager for Apple apps, CocoaPods, has been found to have serious vulnerabilities, making it a prime target for hackers.
Threat Actor: Hackers targeting the CocoaPods platform.
Victim: Apple app developers using the CocoaPods platform.
Key Point:
CocoaPods is a widely used platform by Apple app developers to add and manage external libraries.…Summary: Fake IT support sites are promoting malicious PowerShell “fixes” for the 0x80070643 error on Windows devices, infecting them with information-stealing malware.
Threat Actor: Unknown | Unknown Victim: Windows users | Windows users
Key Point :
Fake IT support sites are promoting malicious PowerShell “fixes” for the 0x80070643 error on Windows devices.…Summary: The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems, which allows unauthenticated remote code execution as root and presents a significant security risk.
Threat Actor: N/A
Victim: OpenSSH server instances
Key Point:
The vulnerability is a signal handler race condition in OpenSSH’s server (sshd) that affects sshd in its default configuration.…Summary: This article discusses multiple critical vulnerabilities in Emerson devices that expose them to cyberattacks.
Threat Actor: N/A Victim: Emerson devices
Key Point :
Multiple critical vulnerabilities have been discovered in Emerson devices, putting them at risk of cyberattacks.Endpoint Security , Governance & Risk Management , Internet of Things Security
Critical-Severity Flaws Expose Emerson Devices to Cyberattacks Prajeet Nair (@prajeetspeaks) • June 28, 2024
Image: ShutterstockMultiple critical vulnerabilities in Emerson gas chromatographs could allow malicious actors access to sensitive data, cause denial-of-service conditions and execute arbitrary commands.…
Summary: The content discusses the increasing number of vulnerabilities being published and the need for effective vulnerability mitigation strategies to protect against cyberattacks.
Threat Actor: N/A
Victim: N/A
Key Point :
Over 30,000 new vulnerabilities were published last year, with a new vulnerability emerging approximately every 17 minutes.…Summary: Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.
Threat Actor: N/A
Victim: Juniper Networks
Key Point :
Juniper Networks has released an emergency update to address an authentication bypass vulnerability in their Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.…Summary: Threat actors are exploiting a critical vulnerability in D-Link DIR-859 WiFi routers to collect account information, including user passwords.
Threat Actor: Unknown | Unknown Victim: D-Link DIR-859 WiFi routers | D-Link DIR-859
Key Point :
Exploitation attempts have been detected for the critical vulnerability CVE-2024-0769 impacting D-Link DIR-859 WiFi routers.…Summary: A critical vulnerability in certain versions of GitLab Community and Enterprise Edition products allows attackers to run pipelines as any user.
Threat Actor: Unknown | Unknown Victim: GitLab | GitLab
Key Point :
A critical vulnerability in GitLab allows attackers to run pipelines as any user.…We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner.
SummaryWater Sigbin continues to exploit CVE-2017-3506 and CVE-2023-21839 to deploy cryptocurrency miners via a PowerShell script. The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware code to run solely in memory and avoid disk-based detection mechanisms.…Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three known exploited vulnerabilities to its catalog, including a code injection flaw in GeoServer and a use-after-free vulnerability in the Linux Kernel.
Threat Actor: N/A Victim: N/A
Key Point :
The GeoServer flaw (CVE-2022-24816) allows for remote code execution through code injection in the Jai-Ext open source project.…Summary: BlackBerry detected and stopped 3.1 million cyberattacks in the first quarter of 2024, with a significant increase in malicious hashes compared to the previous reporting period.
Threat Actor: N/A
Victim: N/A
Key Point :
BlackBerry detected and prevented 3.1 million cyberattacks in Q1 2024, averaging 37,000 attacks per day.…Summary: This content discusses the unpatchable vulnerabilities found in temperature monitors made by Proges Plus and used in hospitals.
Threat Actor: No specific threat actor mentioned. Victim: Hospitals using temperature monitors made by Proges Plus.
Key Point :
Researchers have discovered unpatchable vulnerabilities in temperature monitors made by Proges Plus and used in hospitals.…Summary: The Vanna AI library is vulnerable to remote code execution (RCE) due to a prompt injection vulnerability.
Threat Actor: Unknown | Vanna AI Victim: Users of Vanna AI | Vanna AI
Key Point :
The Vanna AI library has a vulnerability in its chart generation process that allows for remote code execution (RCE) through a payload delivered via the user’s prompt.…Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
Spyware is malicious software engineered to covertly monitor and gather information from a user’s computer without their awareness or consent. It can record activities like keystrokes, browsing behavior, and personal information, often transmitting this data to a third party for espionage or theft.…
Summary: This content discusses a critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) and the availability of a proof-of-concept exploit online.
Threat Actor: N/A
Victim: Enterprise admins using Fortra FileCatalyst Workflow
Key Point:
A critical SQL injection vulnerability (CVE-2024-5276) has been discovered in the Workflow component of Fortra FileCatalyst.…Summary: This content discusses the issue of secrets being exposed in source code, even after they have been removed, and highlights the potential risks and challenges associated with this.
Threat Actor: N/A
Victim: N/A
Key Point:
Hard-coding secrets into code can permanently expose them, even after removal.…Summary: This content discusses multiple vulnerabilities in ADOdb, a PHP database abstraction layer library, and emphasizes the importance of updating the library to mitigate potential security risks.
Threat Actor: N/A
Victim: N/A
Key Point :
Multiple vulnerabilities have been addressed in ADOdb, including SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses.…Summary: This content discusses a vulnerability in a vendor’s product and provides a business recommendation for addressing the issue.
Threat Actor: N/A
Victim: N/A
Key Point :
The vendor, Siemens, is a technology company focused on industry, infrastructure, transport, and healthcare. SEC Consult recommends installing a patch provided by the vendor and conducting a thorough security review of the product.…Summary: Apple has released a firmware update for AirPods to address an authentication issue that could allow unauthorized access to the headphones, potentially enabling eavesdropping on private conversations.
Threat Actor: N/A
Victim: AirPods users
Key Point :
An authentication issue in AirPods could allow a malicious actor to gain unauthorized access to the headphones.…