Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: Google has released an emergency security update to address a zero-day vulnerability in the Chrome browser that is actively being exploited in the wild.
Threat Actor: Unknown | Unknown Victim: Chrome users | Chrome users
Key Point :
Google has released an emergency security update to address a zero-day vulnerability in the Chrome browser.…Summary: GitLab has patched a high-severity vulnerability that could allow unauthenticated attackers to take over user accounts through cross-site scripting (XSS) attacks.
Threat Actor: Unauthenticated attackers | unauthenticated attackers Victim: GitLab users | GitLab
Key Point :
GitLab has released patches for a high-severity vulnerability (CVE-2024-4835) in its VS code editor (Web IDE) that could be exploited by unauthenticated attackers to steal restricted information.…Summary: The content discusses an improper access control bug in Apache Flink that has been added to the US government’s Known Exploited Vulnerabilities Catalog, indicating that criminals are actively exploiting the vulnerability.
Threat Actor: Criminals are actively exploiting the improper access control bug in Apache Flink.…
Summary: This content discusses the increasing use of operational relay box (ORB) networks by China-linked state-backed hackers for cyberespionage operations, posing challenges in detection and attribution.
Threat Actor: China-linked state-backed hackers | China-linked state-backed hackers Victim: Not specified
Key Point :
China-linked state-backed hackers are using operational relay box (ORB) networks, which are proxy server networks created from virtual private servers and compromised online devices, for cyberespionage operations.…Summary: Hackers have compromised a popular brand of recording software called Justice AV Solutions (JAVS), which is widely used in courtrooms, jails, and prisons, allowing them to gain full control of systems through a backdoor implanted in an update to the tool.
Threat Actor: Unknown | Justice AV Solutions Victim: Users of Justice AV Solutions software
Key Point :
Hackers have implanted a backdoor in an update to the Justice AV Solutions (JAVS) software, compromising over 10,000 installations worldwide.…As organizations prepare for the challenges and opportunities of 2024, the critical importance of cybersecurity preparedness is increasingly apparent. In an era characterized by rapid digital transformation and continuous innovation, cyber threats are becoming more sophisticated and frequent, presenting substantial risks to businesses across all sectors.…
*The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger*
OverviewJustice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording solutions for courtroom environments.…
The SonicWall Capture Labs threat research team became aware of a noteworthy vulnerability –an SQL injection in the WordPress plugin Automatic by ValvePress – assessed its impact and developed mitigation measures for it. Around ~38k active users have installed this premium plugin. The issue allows trivial SQL injection attacks against the plugin user’s authentication process, which could allow WordPress website takeovers.…
Summary: Positive Technologies researchers discovered an unknown keylogger embedded in the main Microsoft Exchange Server page, which was used to collect account credentials. The malware campaign targeting MS Exchange Server has been active since at least 2021, with most victims located in Africa and the Middle East.…
This post is also available in: 日本語 (Japanese)
Executive SummaryA Chinese advanced persistent threat (APT) group has been conducting an ongoing campaign, which we call Operation Diplomatic Specter. This campaign has been targeting political entities in the Middle East, Africa and Asia since at least late 2022.…
Summary: The UserPro plugin for WordPress has a significant security vulnerability that allows unauthenticated users to change the passwords of other users under certain conditions.
Threat Actor: Unauthenticated users | Unauthenticated users Victim: Users of the UserPro plugin | UserPro plugin
Key Point :
The UserPro plugin for WordPress, used by over 20,000 sites, has a critical security vulnerability in its password reset mechanism.…Summary: This content discusses an authentication bypass vulnerability (CVE-2024-4985) recently fixed by GitHub, which impacts GitHub Enterprise Server instances using SAML single sign-on authentication.
Threat Actor: N/A Victim: GitHub Enterprise Server instances
Key Point :
An authentication bypass vulnerability (CVE-2024-4985) was fixed by GitHub, impacting GitHub Enterprise Server instances using SAML single sign-on authentication.…Mirai is a botnet that has been targeting Internet of Things (IoT) devices since September 2016. It initially gained notoriety with denial-of-service attacks on several high-profile targets, including Krebs on Security, a blog run by the notable cybersecurity expert and journalist Brian Krebs.…
Written by: Michael Raggi
Mandiant Intelligence is tracking a growing trend among China-nexus cyber espionage operations where advanced persistent threat (APT) actors utilize proxy networks known as “ORB networks” (operational relay box networks) to gain an advantage when conducting espionage operations. ORB networks are akin to botnets and are made up of virtual private servers (VPS), as well as compromised Internet of Things (IoT) devices, smart devices, and routers that are often end of life or unsupported by their manufacturers.…
Summary: Veeam has warned its customers about a critical security vulnerability in its Backup Enterprise Manager (VBEM) that allows unauthenticated attackers to sign into any account, urging users to patch the vulnerability or take mitigation measures.
Threat Actor: Unauthenticated attackers | unauthenticated attackers Victim: Veeam customers | Veeam
Key Point :
Veeam Backup Enterprise Manager (VBEM) has a critical security vulnerability that allows unauthenticated attackers to log in to the web interface as any user.…Threat Actor: Unknown | Unknown Victim: Git (Version Control System) | Git Price: Not specified Exfiltrated Data Type: Not specified
Additional Information:
The GIT CVE-2024-32002 RCE vulnerability allows for remote code execution through a recursive clone of a Git repository and Git submodules. The vulnerability takes advantage of the way Git handles submodules on case-insensitive filesystems that support symbolic links.…Summary: An extensive security audit of QNAP QTS, the operating system for the company’s NAS products, has uncovered fifteen vulnerabilities, with eleven remaining unfixed.
Threat Actor: WatchTowr Labs | WatchTowr Labs Victim: QNAP | QNAP
Key Point :
An extensive security audit of QNAP QTS has uncovered fifteen vulnerabilities, including an unpatched stack buffer overflow vulnerability in the ‘No_Support_ACL’ function of ‘share.cgi’…Summary: This content discusses the features and deployment options of FortiSIEM, a SIEM solution that allows for log collection, correlation, automated response, and remediation.
Threat Actor: N/A
Victim: N/A
Key Point :
The FortiSIEM solution offers various deployment options, ranging from standalone appliances to scaled-out solutions for enterprises and managed service providers.…Summary: Tenable Research has discovered a critical memory corruption vulnerability named Linguistic Lumberjack in Fluent Bit, a core component in the monitoring infrastructure of many cloud services.
Threat Actor: N/A Victim: N/A
Key Point :
Fluent Bit is a logging utility heavily used by all major cloud providers.…