Tag: CVE

Summary: Apple has released security updates to fix a zero-day vulnerability in the Safari web browser that was exploited during the Pwn2Own Vancouver hacking competition.

Threat Actor: Manfred Paul | Manfred Paul Victim: Apple | Apple

Key Point :

Apple has addressed a zero-day vulnerability (CVE-2024-27834) in Safari that was exploited by security researcher Manfred Paul during Pwn2Own Vancouver.…
Read More

Summary: This content discusses the latest Microsoft Patch Tuesday, which includes over 60 CVEs to address, including three zero-day vulnerabilities, two of which have been actively exploited in the wild.

Threat Actor: QuakBot | QuakBot Victim: System administrators | system administrators

Key Point :

The latest Microsoft Patch Tuesday includes over 60 CVEs to address, with three zero-day vulnerabilities.…
Read More

Summary: VMware has addressed four vulnerabilities in its Workstation and Fusion desktop hypervisors, including three zero-day flaws demonstrated at the Pwn2Own Vancouver 2024 event.

Threat Actor: N/A

Victim: N/A

Key Point:

CVE-2024-22267 (CVSS score: 9.3) – A use-after-free vulnerability in the Bluetooth device allows a threat actor with local administrative privileges on a virtual machine to execute code as the virtual machine’s VMX process running on the host.…
Read More

Summary: The content discusses the current state of the U.S. National Vulnerability Database and the challenges it is facing.

Threat Actor: N/A Victim: N/A

Key Point :

The U.S. National Vulnerability Database, which tracks security vulnerabilities, is experiencing a significant backlog in analyzing vulnerabilities. This backlog poses a threat to the security of organizations and individuals, as it delays the identification and mitigation of vulnerabilities.…
Read More

Summary: The UK’s NHS is warning of active exploitation of vulnerabilities in Arcserve Unified Data Protection (UDP) software, which were disclosed in March and had proof of concept exploit code released shortly after.

Threat Actor: Unknown threat actor | Arcserve Unified Data Protection (UDP) Victim: UK’s National Health Service (NHS) | UK’s National Health Service

Key Point :

The NHS has warned organizations about the active exploitation of vulnerabilities in Arcserve UDP software.…
Read More
Overview

The SonicWall Capture Labs threat research team became aware of CVE-2024-31984, which is a code injection vulnerability in XWiki’s management of space titles and has a critical CVSS score of 9.9. After assessing the impact, we developed mitigation measures to address the vulnerability. This vulnerability, originating from insufficient input validation, allows remote, authenticated attackers to execute arbitrary code on the target server by creating documents with maliciously crafted titles.…

Read More
Executive Summary

This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes.

Malicious actors occasionally employ DNS tunneling as a covert communications channel, because it can bypass conventional network firewalls.…

Read More

Authored by Yashvi Shah, Lakshya Mathur and Preksha Saxena

McAfee Labs has recently uncovered a novel infection chain associated with DarkGate malware. This chain commences with an HTML-based entry point and progresses to exploit the AutoHotkey utility in its subsequent stages. DarkGate, a Remote Access Trojan (RAT) developed using Borland Delphi, has been marketed as a Malware-as-a-Service (MaaS) offering on a Russian-language cybercrime forum since at least 2018.…

Read More

This blog focuses on the exploitation of the ConnectWise ScreenConnect vulnerabilities (CVE-2024-1708 and CVE-2024-1709) and Darktrace’s coverage of affected customer networks in early 2024.

Introduction

Across an ever changing cyber landscape, it is common place for threat actors to actively identify and exploit newly discovered vulnerabilities within commonly utilized services and applications.…

Read More
SUMMARY

Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…

Read More

Summary: Google has released a security update for the Chrome browser to fix a zero-day vulnerability that is actively being exploited in the wild.

Threat Actor: Unknown | Unknown Victim: Chrome browser users | Chrome browser users

Key Point :

Google has released a security update for the Chrome browser to address a zero-day vulnerability (CVE-2024-4671) that is actively being exploited in the wild.…
Read More

Summary: The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown.

Threat Actor: N/A

Victim: N/A

Key Point :

The NIST National Vulnerability Database (NVD) has been experiencing a slowdown in adding CVE-numbered vulnerabilities to its database, creating a gap in CVE enrichment.…
Read More

Summary: This content discusses a security flaw in XenCenter for Citrix Hypervisor that affects versions using PuTTY for SSH connections to guest VMs.

Threat Actor: N/A

Victim: Citrix Hypervisor users

Key Point :

Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR used PuTTY for SSH connections to guest VMs, but PuTTY inclusion was deprecated with XenCenter version 8.2.6.…
Read More

Summary: This content discusses the challenges faced by IoT device makers in securing their connected products and highlights the lack of expertise and experience in cybersecurity among manufacturers.

Threat Actor: N/A

Victim: IoT device makers

Key Point:

IoT device makers, who traditionally produced non-connected devices, lack the expertise and experience needed to effectively secure their connected products.…
Read More

Advanced Persistent Threat Group 31 (APT31), also known by aliases like ZIRCONIUM or Judgment Panda, represents a sophisticated cybersecurity threat with ties to state-sponsored activities.

Threat Actor Card of APT31

This group is believed to operate primarily on behalf of the Chinese government, engaging in cyber espionage and targeted attacks to gather intelligence and support strategic objectives aligned with China’s national interests.…

Read More

Summary: MITRE has shared details about a recent hack on its research and prototyping networks, including information about the new malware used and a timeline of the attacker’s activities.

Threat Actor: Nation-state actor | nation-state actor Victim: MITRE Corporation | MITRE Corporation

Key Point :

MITRE disclosed a security breach in April 2024 and immediately launched an investigation, logged out the threat actor, and engaged third-party forensics Incident Response teams for analysis.…
Read More