Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: The UK’s NHS is warning of active exploitation of vulnerabilities in Arcserve Unified Data Protection (UDP) software, which were disclosed in March and had proof of concept exploit code released shortly after.
Threat Actor: Unknown threat actor | Arcserve Unified Data Protection (UDP) Victim: UK’s National Health Service (NHS) | UK’s National Health Service
Key Point :
The NHS has warned organizations about the active exploitation of vulnerabilities in Arcserve UDP software.…Summary: Apple has backported security patches to older iPhones and iPads, fixing an iOS zero-day vulnerability that was actively exploited in attacks.
Threat Actor: Unknown | Unknown Victim: Apple | Apple
Key Point :
Apple has addressed a memory corruption issue in its RTKit real-time operating system that allowed attackers to bypass kernel memory protections.…Summary: Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability that is being exploited in attacks.
Threat Actor: Unknown | Unknown Victim: Chrome users | Chrome
Key Point :
Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability.…The SonicWall Capture Labs threat research team became aware of CVE-2024-31984, which is a code injection vulnerability in XWiki’s management of space titles and has a critical CVSS score of 9.9. After assessing the impact, we developed mitigation measures to address the vulnerability. This vulnerability, originating from insufficient input validation, allows remote, authenticated attackers to execute arbitrary code on the target server by creating documents with maliciously crafted titles.…
This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes.
Malicious actors occasionally employ DNS tunneling as a covert communications channel, because it can bypass conventional network firewalls.…
Authored by Yashvi Shah, Lakshya Mathur and Preksha Saxena
McAfee Labs has recently uncovered a novel infection chain associated with DarkGate malware. This chain commences with an HTML-based entry point and progresses to exploit the AutoHotkey utility in its subsequent stages. DarkGate, a Remote Access Trojan (RAT) developed using Borland Delphi, has been marketed as a Malware-as-a-Service (MaaS) offering on a Russian-language cybercrime forum since at least 2018.…
This blog focuses on the exploitation of the ConnectWise ScreenConnect vulnerabilities (CVE-2024-1708 and CVE-2024-1709) and Darktrace’s coverage of affected customer networks in early 2024.
IntroductionAcross an ever changing cyber landscape, it is common place for threat actors to actively identify and exploit newly discovered vulnerabilities within commonly utilized services and applications.…
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
Summary: Google has released a security update for the Chrome browser to fix a zero-day vulnerability that is actively being exploited in the wild.
Threat Actor: Unknown | Unknown Victim: Chrome browser users | Chrome browser users
Key Point :
Google has released a security update for the Chrome browser to address a zero-day vulnerability (CVE-2024-4671) that is actively being exploited in the wild.…Summary: The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown.
Threat Actor: N/A
Victim: N/A
Key Point :
The NIST National Vulnerability Database (NVD) has been experiencing a slowdown in adding CVE-numbered vulnerabilities to its database, creating a gap in CVE enrichment.…Summary: This content discusses a security flaw in XenCenter for Citrix Hypervisor that affects versions using PuTTY for SSH connections to guest VMs.
Threat Actor: N/A
Victim: Citrix Hypervisor users
Key Point :
Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR used PuTTY for SSH connections to guest VMs, but PuTTY inclusion was deprecated with XenCenter version 8.2.6.…Summary: This content discusses the challenges faced by IoT device makers in securing their connected products and highlights the lack of expertise and experience in cybersecurity among manufacturers.
Threat Actor: N/A
Victim: IoT device makers
Key Point:
IoT device makers, who traditionally produced non-connected devices, lack the expertise and experience needed to effectively secure their connected products.…Summary: Security flaws in Telit Cinterion cellular modems could allow remote attackers to execute arbitrary code via SMS.
Threat Actor: Unknown | Unknown Victim: Telit Cinterion modem users | Telit Cinterion modem users
Key Point :
Security flaws in Telit Cinterion cellular modems could allow remote attackers to execute arbitrary code via SMS.…Advanced Persistent Threat Group 31 (APT31), also known by aliases like ZIRCONIUM or Judgment Panda, represents a sophisticated cybersecurity threat with ties to state-sponsored activities.
Threat Actor Card of APT31
This group is believed to operate primarily on behalf of the Chinese government, engaging in cyber espionage and targeted attacks to gather intelligence and support strategic objectives aligned with China’s national interests.…
Summary: MITRE has shared details about a recent hack on its research and prototyping networks, including information about the new malware used and a timeline of the attacker’s activities.
Threat Actor: Nation-state actor | nation-state actor Victim: MITRE Corporation | MITRE Corporation
Key Point :
MITRE disclosed a security breach in April 2024 and immediately launched an investigation, logged out the threat actor, and engaged third-party forensics Incident Response teams for analysis.…Summary: The Log4J vulnerability exploit remains one of the most attempted exploits, according to a report by Cato Networks.
Threat Actor: Not specified
Victim: Not specified
Key Point :
The Log4J vulnerability exploit accounted for 30% of outbound vulnerability exploitations and 18% of inbound vulnerability exploitations in Q1 2024.…Summary: This content discusses the vulnerability of nearly 52,000 internet-exposed Tinyproxy instances to a recently disclosed critical remote code execution (RCE) flaw.
Threat Actor: None mentioned.
Victim: Tinyproxy instances.
Key Point :
Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw.…Summary: Hackers are targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.
Threat Actor: Unknown | Unknown Victim: WordPress sites | WordPress
Key Point :
Hackers are exploiting an unauthenticated cross-site scripting flaw in older versions of the LiteSpeed Cache plugin for WordPress.…
Juniper Threat Labs has been monitoring exploitation attempts targeting an Ivanti Pulse Secure authentication bypass with remote code execution vulnerabilities. We have observed instances of Mirai botnet delivery in the wild, using this exploit with remote code execution capabilities. This exploit facilitates malware delivery, posing a significant threat to compromise entire networks.…
Summary: This content discusses a novel attack called TunnelVision that targets virtual private network (VPN) applications, compromising their ability to protect user traffic.
Threat Actor: Researchers have discovered this attack technique.
Victim: Users of VPN applications.
Key Point:
TunnelVision is an attack that forces VPN applications to send and receive traffic outside of the encrypted tunnel, undermining their purpose of protecting user data.…