Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: This content discusses the vulnerability of nearly 52,000 internet-exposed Tinyproxy instances to a recently disclosed critical remote code execution (RCE) flaw.
Threat Actor: None mentioned.
Victim: Tinyproxy instances.
Key Point :
Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw.…Summary: Hackers are targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.
Threat Actor: Unknown | Unknown Victim: WordPress sites | WordPress
Key Point :
Hackers are exploiting an unauthenticated cross-site scripting flaw in older versions of the LiteSpeed Cache plugin for WordPress.…
Juniper Threat Labs has been monitoring exploitation attempts targeting an Ivanti Pulse Secure authentication bypass with remote code execution vulnerabilities. We have observed instances of Mirai botnet delivery in the wild, using this exploit with remote code execution capabilities. This exploit facilitates malware delivery, posing a significant threat to compromise entire networks.…
Summary: This content discusses a novel attack called TunnelVision that targets virtual private network (VPN) applications, compromising their ability to protect user traffic.
Threat Actor: Researchers have discovered this attack technique.
Victim: Users of VPN applications.
Key Point:
TunnelVision is an attack that forces VPN applications to send and receive traffic outside of the encrypted tunnel, undermining their purpose of protecting user data.…Summary: A security loophole in the WordPress plugin “Email Subscribers by Icegram Express” has been discovered, exposing over 90,000 websites to potential attacks due to a SQL injection vulnerability.
Threat Actor: N/A
Victim: WordPress websites utilizing the “Email Subscribers by Icegram Express” plugin.
Key Point :
A security vulnerability in the “Email Subscribers by Icegram Express” WordPress plugin exposes over 90,000 websites to potential attacks.…Summary: NATO and the European Union condemn cyber espionage operations conducted by the Russia-linked threat actor APT28 against European countries.
Threat Actor: APT28 | APT28 Victim: European countries | European countries
Key Point:
NATO and the European Union have condemned cyber espionage operations carried out by the Russia-linked threat actor APT28 against European countries.…Summary: Citrix has addressed a vulnerability in its NetScaler ADC and Gateway appliances that allowed remote attackers to obtain potentially sensitive information from affected systems.
Threat Actor: Unknown | Unknown Victim: Citrix | Citrix
Key Point :
Citrix has quietly patched a vulnerability in its NetScaler ADC and Gateway appliances that allowed remote, unauthenticated attackers to access sensitive information from affected systems.…Written by Lex Crumpton and Charles Clancy.
Image Credit: GPT4 / Dall-E 3This is the second blog post in a series, sharing MITRE’s experiences detecting and responding to a nation-state cyber threat actor incident in our research and experimentation network, NERVE. It follows our April 19, 2024 posting, “Advanced Cyber Threats Impact Even the Most Prepared”.…
The Sysdig Threat Research Team (TRT) recently observed a new attack that leveraged stolen cloud credentials in order to target ten cloud-hosted large language model (LLM) services, known as LLMjacking. The credentials were obtained from a popular target, a system running a vulnerable version of Laravel (CVE-2021-3129).…
Summary: This content discusses a cyberwarfare and nation-state attack carried out by APT28, targeting political parties and critical infrastructure in Germany and the Czech Republic.
Threat Actor: APT28 | APT28 Victim: German and Czech governments | German and Czech governments
Key Point :
The German and Czech governments have revealed that Russian military intelligence hackers, known as APT28, conducted a cyber espionage campaign targeting political parties and critical infrastructure.…Summary: Researchers have found that the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog is having a positive impact on organizations by helping them patch vulnerabilities faster.
Threat Actor: N/A
Victim: N/A
Key Point :
The Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog is a repository for software and hardware bugs actively being exploited by hackers around the world.…Summary: CISA and the FBI are urging software companies to address path traversal security vulnerabilities in their products to prevent attackers from exploiting them and gaining unauthorized access or control over critical files and systems.
Threat Actor: Attackers exploiting path traversal vulnerabilities
Victim: Software companies
Key Point :
Path traversal vulnerabilities, also known as directory traversal, can be exploited by attackers to manipulate file paths and access sensitive data or execute malicious code.…Summary: This content discusses the identification of vulnerabilities in Android apps from smartphone maker Xiaomi and Google’s Android Open Source Project (AOSP) by Oversecured, a business that scans mobile apps for security issues.
Threat Actor: Oversecured | Oversecured Victim: Xiaomi and Google’s Android Open Source Project (AOSP) | Xiaomi and Google’s Android Open Source Project (AOSP)
Key Point:
Oversecured has identified more than two dozen vulnerabilities in Android apps from Xiaomi and Google’s AOSP.…Summary: This content discusses the challenges of vulnerability management in cloud environments and the impact of cloud services on risk and vulnerability management.
Threat Actor: N/A Victim: N/A
Key Point:
Vulnerability management in cloud environments is different from traditional network environments. Cloud providers do not assign Common Vulnerabilities and Exposures (CVE) identifiers to vulnerabilities, making it challenging for vulnerability management teams who rely on CVE-based constructs.…An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.
The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes.…
Summary: HPE Aruba Networking has issued a security advisory detailing critical remote code execution vulnerabilities in its network operating system, ArubaOS.
Threat Actor: None identified. Victim: HPE Aruba Networking | HPE Aruba Networking
Key Point :
The security advisory lists ten vulnerabilities, including four critical-severity unauthenticated buffer overflow flaws that can lead to remote code execution.…Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in GitLab Community and Enterprise Editions to its Known Exploited Vulnerabilities catalog, which allows for account takeover via Password Reset.
Threat Actor: N/A Victim: GitLab Community and Enterprise Editions | GitLab
Key Point :
A vulnerability in GitLab Community and Enterprise Editions, tracked as CVE-2023-7028, allows for account takeover via Password Reset without any interaction.…Summary: The content discusses the increase in the exploitation of vulnerabilities as an initial access step for a breach, highlighting the significant growth between 2022 and 2023.
Threat Actor: Cybercriminals | Cybercriminals Victim: Organizations | Organizations
Key Point :
The exploitation of vulnerabilities as an initial access step for a breach increased by 180% between 2022 and 2023, accounting for 14% of malicious actors’ way into a network.…SonicWall Capture Labs threat research team became aware of a fully unauthenticated server-side template injection vulnerability within CrushFTP, assessed its impact, and developed mitigation measures. CrushFTP is an enterprise file transfer tool. Such tools have seen increased attention from attackers over the last several years.…
The BI.ZONE Threat Intelligence team has uncovered a fresh campaign by the group targeting Russian and Belarusian organizations
Key findingsThe cluster’s methods evolve continuously with new tools added to its arsenal. The use of password-protected archives enables the criminals to bypass defenses and deliver malware successfully.…