Summary: This content discusses the vulnerability of nearly 52,000 internet-exposed Tinyproxy instances to a recently disclosed critical remote code execution (RCE) flaw.

Threat Actor: None mentioned.

Victim: Tinyproxy instances.

Key Point :

Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw.…
Read More

Summary: Hackers are targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.

Threat Actor: Unknown | Unknown Victim: WordPress sites | WordPress

Key Point :

Hackers are exploiting an unauthenticated cross-site scripting flaw in older versions of the LiteSpeed Cache plugin for WordPress.…
Read More

 

Juniper Threat Labs has been monitoring exploitation attempts targeting an Ivanti Pulse Secure authentication bypass with remote code execution vulnerabilities. We have observed instances of Mirai botnet delivery in the wild, using this exploit with remote code execution capabilities. This exploit facilitates malware delivery, posing a significant threat to compromise entire networks.…

Read More

Summary: This content discusses a novel attack called TunnelVision that targets virtual private network (VPN) applications, compromising their ability to protect user traffic.

Threat Actor: Researchers have discovered this attack technique.

Victim: Users of VPN applications.

Key Point:

TunnelVision is an attack that forces VPN applications to send and receive traffic outside of the encrypted tunnel, undermining their purpose of protecting user data.…
Read More

Summary: A security loophole in the WordPress plugin “Email Subscribers by Icegram Express” has been discovered, exposing over 90,000 websites to potential attacks due to a SQL injection vulnerability.

Threat Actor: N/A

Victim: WordPress websites utilizing the “Email Subscribers by Icegram Express” plugin.

Key Point :

A security vulnerability in the “Email Subscribers by Icegram Express” WordPress plugin exposes over 90,000 websites to potential attacks.…
Read More

Summary: NATO and the European Union condemn cyber espionage operations conducted by the Russia-linked threat actor APT28 against European countries.

Threat Actor: APT28 | APT28 Victim: European countries | European countries

Key Point:

NATO and the European Union have condemned cyber espionage operations carried out by the Russia-linked threat actor APT28 against European countries.…
Read More

Summary: Citrix has addressed a vulnerability in its NetScaler ADC and Gateway appliances that allowed remote attackers to obtain potentially sensitive information from affected systems.

Threat Actor: Unknown | Unknown Victim: Citrix | Citrix

Key Point :

Citrix has quietly patched a vulnerability in its NetScaler ADC and Gateway appliances that allowed remote, unauthenticated attackers to access sensitive information from affected systems.…
Read More

Summary: This content discusses a cyberwarfare and nation-state attack carried out by APT28, targeting political parties and critical infrastructure in Germany and the Czech Republic.

Threat Actor: APT28 | APT28 Victim: German and Czech governments | German and Czech governments

Key Point :

The German and Czech governments have revealed that Russian military intelligence hackers, known as APT28, conducted a cyber espionage campaign targeting political parties and critical infrastructure.…
Read More

Summary: Researchers have found that the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog is having a positive impact on organizations by helping them patch vulnerabilities faster.

Threat Actor: N/A

Victim: N/A

Key Point :

The Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog is a repository for software and hardware bugs actively being exploited by hackers around the world.…
Read More

Summary: CISA and the FBI are urging software companies to address path traversal security vulnerabilities in their products to prevent attackers from exploiting them and gaining unauthorized access or control over critical files and systems.

Threat Actor: Attackers exploiting path traversal vulnerabilities

Victim: Software companies

Key Point :

Path traversal vulnerabilities, also known as directory traversal, can be exploited by attackers to manipulate file paths and access sensitive data or execute malicious code.…
Read More

Summary: This content discusses the identification of vulnerabilities in Android apps from smartphone maker Xiaomi and Google’s Android Open Source Project (AOSP) by Oversecured, a business that scans mobile apps for security issues.

Threat Actor: Oversecured | Oversecured Victim: Xiaomi and Google’s Android Open Source Project (AOSP) | Xiaomi and Google’s Android Open Source Project (AOSP)

Key Point:

Oversecured has identified more than two dozen vulnerabilities in Android apps from Xiaomi and Google’s AOSP.…
Read More

Summary: This content discusses the challenges of vulnerability management in cloud environments and the impact of cloud services on risk and vulnerability management.

Threat Actor: N/A Victim: N/A

Key Point:

Vulnerability management in cloud environments is different from traditional network environments. Cloud providers do not assign Common Vulnerabilities and Exposures (CVE) identifiers to vulnerabilities, making it challenging for vulnerability management teams who rely on CVE-based constructs.…
Read More

An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.

The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes.…

Read More

Summary: HPE Aruba Networking has issued a security advisory detailing critical remote code execution vulnerabilities in its network operating system, ArubaOS.

Threat Actor: None identified. Victim: HPE Aruba Networking | HPE Aruba Networking

Key Point :

The security advisory lists ten vulnerabilities, including four critical-severity unauthenticated buffer overflow flaws that can lead to remote code execution.…
Read More

Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in GitLab Community and Enterprise Editions to its Known Exploited Vulnerabilities catalog, which allows for account takeover via Password Reset.

Threat Actor: N/A Victim: GitLab Community and Enterprise Editions | GitLab

Key Point :

A vulnerability in GitLab Community and Enterprise Editions, tracked as CVE-2023-7028, allows for account takeover via Password Reset without any interaction.…
Read More

Summary: The content discusses the increase in the exploitation of vulnerabilities as an initial access step for a breach, highlighting the significant growth between 2022 and 2023.

Threat Actor: Cybercriminals | Cybercriminals Victim: Organizations | Organizations

Key Point :

The exploitation of vulnerabilities as an initial access step for a breach increased by 180% between 2022 and 2023, accounting for 14% of malicious actors’ way into a network.…
Read More