Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: This article discusses the discovery of 24 vulnerabilities in a biometric access system manufactured by a Chinese company, highlighting the potential security risks associated with biometrics.
Threat Actor: N/A Victim: N/A
Key Point :
A biometric access system manufactured by a Chinese company was found to have 24 vulnerabilities, raising concerns about the security of biometric authentication.…Summary: The TellYouThePass ransomware gang is exploiting a recently patched vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems.
Threat Actor: TellYouThePass ransomware | TellYouThePass ransomware Victim: Multiple targets | TellYouThePass ransomware victims
Key Point :
The TellYouThePass ransomware gang is exploiting the CVE-2024-4577 vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems.…Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the “TellYouThePass” ransomware campaign.…
CVE-2024-26169) occurs in the Windows Error Reporting Service. If exploited on affected systems, it can permit an attacker to elevate their privileges. The vulnerability was patched on March 12, 2024, and, at the time, Microsoft said there was no evidence of its exploitation in the wild.…
This post is about exploiting CVE-2022-24834 against a Rediscontainer running on AlpineLinux. CVE-2022-24834 is a vulnerability affecting the Lua cjsonmodule in Redis servers <=7.0.11. The bug is an integer overflow thatleads to a large copy of data, approximately 350MiB.
A colleague from NCC Group wanted to exploit this bug but found thatthe public exploits didn’t work.…
Summary: A proof-of-concept exploit for a Veeam Backup Enterprise Manager authentication bypass flaw has been publicly released, highlighting the need for immediate security updates.
Threat Actor: Remote unauthenticated attackers
Victim: Veeam Backup Enterprise Manager users
Key Point :
A proof-of-concept exploit for a Veeam Backup Enterprise Manager authentication bypass flaw has been publicly released.…Summary: Arm has issued a security bulletin warning of a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers that is being exploited in the wild.
Threat Actor: Exploits targeting the memory-related vulnerability in Bifrost and Valhall GPU kernel drivers.
Victim: Users of devices with Arm’s Bifrost and Valhall GPU kernel drivers.…
Summary: The content discusses the discovery of multiple vulnerabilities in the Netgear WNR614 N300 router, which is no longer supported by the manufacturer but is still widely used in many environments.
Threat Actor: N/A
Victim: Home users and small businesses
Key Point :
The Netgear WNR614 N300 router, which has reached end-of-life and is no longer supported, has been found to have six vulnerabilities ranging from authentication bypass to weak password policy.…The Grandoreiro banking trojan was first observed in 2016. This threat is described as a highly sophisticated and adaptive Windows-based banking trojan. Grandoreiro uses a Malware-as-a-Service (MaaS) model, making it easily accessible to various cybercriminals. Its latest wave affected Central and South America, Africa, Europe and the Indonesia-Pacific region, targeting more than 1,500 banks in more than 60 countries.…
Summary: SolarWinds has released version 2024.2, which includes new features and upgrades, as well as patches for three security vulnerabilities.
Threat Actor: None identified.
Victim: SolarWinds.
Key Point :
SolarWinds released version 2024.2, which includes patches for a high-severity SWQL injection bug (CVE-2024-28996), a high-severity cross-site scripting flaw (CVE-2024-29004), and a medium-severity race condition vulnerability affecting the Web console (CVE-2024-28999).…Summary: A critical vulnerability in the PHP programming language can be easily exploited to execute malicious code on Windows devices, prompting security practitioners to urge admins to check if their PHP servers are affected.
Threat Actor: N/A
Victim: PHP servers running on Windows devices
Key Point :
A critical vulnerability in PHP can be exploited to execute malicious code on Windows devices.…Summary: The content discusses a critical security flaw in EmailGPT, an AI-powered email writing assistant, which allows malicious actors to manipulate the service and potentially compromise sensitive data.
Threat Actor: N/A
Victim: N/A
Key Point :
The EmailGPT vulnerability (CVE-2024-5184) known as prompt injection enables malicious actors to manipulate the service and gain control over its logic.…Summary: Chinese threat actors are targeting vulnerable ThinkPHP applications to install a persistent web shell named Dama, allowing further exploitation of breached endpoints.
Threat Actor: Chinese threat actors | Chinese threat actors Victim: ThinkPHP applications | ThinkPHP applications
Key Point :
Chinese threat actors are exploiting the vulnerabilities CVE-2018-20062 and CVE-2019-9082 in ThinkPHP applications to install the Dama web shell.…Affected Platforms: Microsoft WindowsImpacted Users: Windows UsersImpact: Collects sensitive information from a victim’s computerSeverity Level: Critical
A new phishing campaign was recently captured by our FortiGuard Labs that spreads a new Agent Tesla variant targeting Spanish-speaking people.
Security researchers have detected Agent Tesla campaigns from time to time for years.…
Summary: Exploit activity targeting a recent information disclosure flaw in Check Point’s VPN technology has increased, emphasizing the need for organizations to address the vulnerability immediately.
Threat Actor: Unknown | Unknown Victim: Organizations using Check Point’s VPN technology | Organizations using Check Point’s VPN technology
Key Point :
Check Point’s VPN technology has a vulnerability, identified as CVE-2024-24919, which allows attackers to access sensitive information and potentially gain domain admin privileges.…Summary: Multiple security vulnerabilities have been found in the WooCommerce Amazon Affiliates (WZone) plugin, posing significant security risks for WordPress site owners and bloggers using the plugin to monetize their websites via the Amazon affiliate program.
Threat Actor: Unknown | Unknown Victim: WordPress site owners and bloggers using the WooCommerce Amazon Affiliates (WZone) plugin | WordPress site owners and bloggers using the WooCommerce Amazon Affiliates (WZone) plugin
Key Point :
The WooCommerce Amazon Affiliates (WZone) plugin, developed by AA-Team, has multiple security vulnerabilities that impact all tested versions, including a critical authenticated arbitrary option update vulnerability.…Summary: This content discusses the disclosure of a critical vulnerability in Apache HugeGraph, an open-source graph database, and the availability of proof-of-concept exploits for remote command execution.
Threat Actor: N/A
Victim: N/A
Key Point :
Apache HugeGraph version 1.0.0 before April’s 1.3.0 release is affected by a critical vulnerability (CVE-2024-27348) that allows bypassing sandbox restrictions and achieving remote code execution.…Summary: This blog post discusses a new campaign of Muhstik malware targeting the Apache RocketMQ platform, exploring how the attackers exploit vulnerabilities in RocketMQ and analyzing the impact of the malware on compromised instances.
Threat Actor: Muhstik | Muhstik Victim: Aqua Nautilus | Aqua Nautilus
Key Point :
A new campaign of Muhstik malware has been discovered, targeting the Apache RocketMQ platform.…A new vulnerability has been discovered in Ariane Allegro Scenario Player in a Kiosk mode that could allow threat actors to bypass the Kiosk mode and access the underlying Windows Desktop.
The CVE for this vulnerability is yet to be assigned by the severity for the Kiosk Mode Bypass has been given as 6.3 (Medium). …
Published On : 2024-06-06
Mustang Panda, also known as Bronze President, is a Chinese cyber threat actor, active since 2012. This group has launched cyberattacks against organizations worldwide, targeting foreign governments, NGOs, and other entities deemed adversaries of the Chinese Communist Party. Mustang Panda is notorious for its sophisticated spear-phishing campaigns, which utilize the target’s native language and often impersonate government services.…