Summary: GitLab has patched a high-severity vulnerability that could allow unauthenticated attackers to take over user accounts through cross-site scripting (XSS) attacks.

Threat Actor: Unauthenticated attackers | unauthenticated attackers Victim: GitLab users | GitLab

Key Point :

GitLab has released patches for a high-severity vulnerability (CVE-2024-4835) in its VS code editor (Web IDE) that could be exploited by unauthenticated attackers to steal restricted information.…
Read More

Summary: This content discusses the increasing use of operational relay box (ORB) networks by China-linked state-backed hackers for cyberespionage operations, posing challenges in detection and attribution.

Threat Actor: China-linked state-backed hackers | China-linked state-backed hackers Victim: Not specified

Key Point :

China-linked state-backed hackers are using operational relay box (ORB) networks, which are proxy server networks created from virtual private servers and compromised online devices, for cyberespionage operations.…
Read More

Summary: Hackers have compromised a popular brand of recording software called Justice AV Solutions (JAVS), which is widely used in courtrooms, jails, and prisons, allowing them to gain full control of systems through a backdoor implanted in an update to the tool.

Threat Actor: Unknown | Justice AV Solutions Victim: Users of Justice AV Solutions software

Key Point :

Hackers have implanted a backdoor in an update to the Justice AV Solutions (JAVS) software, compromising over 10,000 installations worldwide.…
Read More

As organizations prepare for the challenges and opportunities of 2024, the critical importance of cybersecurity preparedness is increasingly apparent. In an era characterized by rapid digital transformation and continuous innovation, cyber threats are becoming more sophisticated and frequent, presenting substantial risks to businesses across all sectors.…

Read More
Overview

The SonicWall Capture Labs threat research team became aware of a noteworthy vulnerability –an SQL injection in the WordPress plugin Automatic by ValvePress – assessed its impact and developed mitigation measures for it. Around ~38k active users have installed this premium plugin. The issue allows trivial SQL injection attacks against the plugin user’s authentication process, which could allow WordPress website takeovers.…

Read More
Key FindingsSharp Dragon’s (Formerly referred to as Sharp Panda) operations continue, expanding their focus now to new regions – Africa and the Caribbean. Sharp Dragon, a Chinese threat actor, utilizes trusted government entities to infect new ones and establish initial footholds in new territories. The threat actors demonstrate increased caution in selecting their targets, broadening their reconnaissance efforts, and adopting Cobalt Strike Beacon over custom backdoors.…
Read More

This post is also available in: 日本語 (Japanese)

Executive Summary

A Chinese advanced persistent threat (APT) group has been conducting an ongoing campaign, which we call Operation Diplomatic Specter. This campaign has been targeting political entities in the Middle East, Africa and Asia since at least late 2022.…

Read More

Summary: The UserPro plugin for WordPress has a significant security vulnerability that allows unauthenticated users to change the passwords of other users under certain conditions.

Threat Actor: Unauthenticated users | Unauthenticated users Victim: Users of the UserPro plugin | UserPro plugin

Key Point :

The UserPro plugin for WordPress, used by over 20,000 sites, has a critical security vulnerability in its password reset mechanism.…
Read More

Summary: This content discusses an authentication bypass vulnerability (CVE-2024-4985) recently fixed by GitHub, which impacts GitHub Enterprise Server instances using SAML single sign-on authentication.

Threat Actor: N/A Victim: GitHub Enterprise Server instances

Key Point :

An authentication bypass vulnerability (CVE-2024-4985) was fixed by GitHub, impacting GitHub Enterprise Server instances using SAML single sign-on authentication.…
Read More
What is Mirai malware?

Mirai is a botnet that has been targeting Internet of Things (IoT) devices since September 2016. It initially gained notoriety with denial-of-service attacks on several high-profile targets, including Krebs on Security, a blog run by the notable cybersecurity expert and journalist Brian Krebs.…

Read More

Written by: Michael Raggi

 

Mandiant Intelligence is tracking a growing trend among China-nexus cyber espionage operations where advanced persistent threat (APT) actors utilize proxy networks known as “ORB networks” (operational relay box networks) to gain an advantage when conducting espionage operations. ORB networks are akin to botnets and are made up of virtual private servers (VPS), as well as compromised Internet of Things (IoT) devices, smart devices, and routers that are often end of life or unsupported by their manufacturers.…

Read More

Summary: Veeam has warned its customers about a critical security vulnerability in its Backup Enterprise Manager (VBEM) that allows unauthenticated attackers to sign into any account, urging users to patch the vulnerability or take mitigation measures.

Threat Actor: Unauthenticated attackers | unauthenticated attackers Victim: Veeam customers | Veeam

Key Point :

Veeam Backup Enterprise Manager (VBEM) has a critical security vulnerability that allows unauthenticated attackers to log in to the web interface as any user.…
Read More

Threat Actor: Unknown | Unknown Victim: Git (Version Control System) | Git Price: Not specified Exfiltrated Data Type: Not specified

Additional Information:

The GIT CVE-2024-32002 RCE vulnerability allows for remote code execution through a recursive clone of a Git repository and Git submodules. The vulnerability takes advantage of the way Git handles submodules on case-insensitive filesystems that support symbolic links.…
Read More

Summary: An extensive security audit of QNAP QTS, the operating system for the company’s NAS products, has uncovered fifteen vulnerabilities, with eleven remaining unfixed.

Threat Actor: WatchTowr Labs | WatchTowr Labs Victim: QNAP | QNAP

Key Point :

An extensive security audit of QNAP QTS has uncovered fifteen vulnerabilities, including an unpatched stack buffer overflow vulnerability in the ‘No_Support_ACL’ function of ‘share.cgi’…
Read More

Summary: This content discusses the features and deployment options of FortiSIEM, a SIEM solution that allows for log collection, correlation, automated response, and remediation.

Threat Actor: N/A

Victim: N/A

Key Point :

The FortiSIEM solution offers various deployment options, ranging from standalone appliances to scaled-out solutions for enterprises and managed service providers.…
Read More