Summary: Veeam has warned its customers about a critical security vulnerability in its Backup Enterprise Manager (VBEM) that allows unauthenticated attackers to sign into any account, urging users to patch the vulnerability or take mitigation measures.

Threat Actor: Unauthenticated attackers | unauthenticated attackers Victim: Veeam customers | Veeam

Key Point :

Veeam Backup Enterprise Manager (VBEM) has a critical security vulnerability that allows unauthenticated attackers to log in to the web interface as any user.…
Read More

Threat Actor: Unknown | Unknown Victim: Git (Version Control System) | Git Price: Not specified Exfiltrated Data Type: Not specified

Additional Information:

The GIT CVE-2024-32002 RCE vulnerability allows for remote code execution through a recursive clone of a Git repository and Git submodules. The vulnerability takes advantage of the way Git handles submodules on case-insensitive filesystems that support symbolic links.…
Read More

Summary: An extensive security audit of QNAP QTS, the operating system for the company’s NAS products, has uncovered fifteen vulnerabilities, with eleven remaining unfixed.

Threat Actor: WatchTowr Labs | WatchTowr Labs Victim: QNAP | QNAP

Key Point :

An extensive security audit of QNAP QTS has uncovered fifteen vulnerabilities, including an unpatched stack buffer overflow vulnerability in the ‘No_Support_ACL’ function of ‘share.cgi’…
Read More

Summary: This content discusses the features and deployment options of FortiSIEM, a SIEM solution that allows for log collection, correlation, automated response, and remediation.

Threat Actor: N/A

Victim: N/A

Key Point :

The FortiSIEM solution offers various deployment options, ranging from standalone appliances to scaled-out solutions for enterprises and managed service providers.…
Read More

Summary: This content discusses the technical details of a pre-authenticated remote code execution vulnerability (CVE-2023-43208) affecting NextGen Mirth Connect, an open-source data integration platform widely used by healthcare companies.

Threat Actor: IHTeam | IHTeam Victim: Healthcare organizations | healthcare organizations

Key Point :

The vulnerability (CVE-2023-43208) is related to insecure usage of the Java XStream library for unmarshalling XML payloads in Mirth Connect.…
Read More

Summary: The content discusses the dangers posed by AI models harboring backdoors, specifically focusing on the vulnerability in the llama_cpp_python package that allows attackers to execute arbitrary code and compromise data and operations.

Threat Actor: Unknown | Unknown Victim: AI models on trusted platforms like Hugging Face | Hugging Face

Key Point :

The vulnerability in the llama_cpp_python package potentially allows attackers to execute arbitrary code and compromise data and operations.…
Read More

Summary: Intel has disclosed a maximum severity vulnerability in its Intel Neural Compressor software for AI model compression, which allows an unauthenticated attacker to execute arbitrary code on affected systems.

Threat Actor: Unauthenticated attacker | unauthenticated attacker Victim: Intel | Intel

Key Point :

The vulnerability, designated as CVE-2024-22476, is the most serious among the 41 security advisories disclosed by Intel.…
Read More

Summary: The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.

Threat Actor: N/A Victim: N/A

Key Point :

The Norwegian NCSC advises organizations to transition from SSLVPN/WebVPN solutions to IPsec with IKEv2 by 2025.…
Read More

Summary: The content discusses new versions of Git that have been released to fix five vulnerabilities, including a critical one that allows remote code execution during a “clone” operation.

Threat Actor: N/A Victim: N/A

Key Point :

New versions of Git have been released to address five vulnerabilities, with the most critical one being CVE-2024-32002.…
Read More

Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails.…

Read More

Summary: This report examines the threat posed by Russia-linked advanced persistent threat (APT) groups on operational technology (OT) by analyzing key cyber attacks from the past 12 months, providing detection rules and recommendations for network defenders.

Threat Actor: Russia-linked APT groups | Russia-linked APT groups Victim: Various industries and specifically a manufacturing industry customer | manufacturing industry

Key Points:

This report analyzes cyber attacks conducted by Russia-linked APT groups on operational technology (OT) in the past year, providing useful detection rules and recommendations for network defenders.…
Read More

Summary: Google has released an emergency security update for Chrome to address a third zero-day vulnerability that has been exploited in attacks within a week.

Threat Actor: Unknown | Unknown Victim: Google Chrome | Google Chrome

Key Point :

Google has released an emergency security update for Chrome to address a third zero-day vulnerability (CVE-2024-4947) that has been exploited in attacks.…
Read More
AhnLab Security Intelligence Center (ASEC) confirmed recent APT attacks by the Andariel group targeting domestic companies and organizations.The targeted organizations included domestic manufacturing companies, construction firms, and educational institutions.The attackers used not only backdoors but also keyloggers, infostealers, and proxy tools for the attacks.…
Read More

Last month, Volexity reported on its discovery of zero-day, in-the-wild exploitation of CVE-2024-3400 in the GlobalProtect feature of Palo Alto Networks PAN-OS by a threat actor Volexity tracks as UTA0218. Palo Alto Networks released an advisory and threat protection signature for the vulnerability with 48 hours of Volexity’s disclosure of the issue to Palo Alto Networks, with official patches and fixes following soon after.…

Read More