by Haifei Li

Introduction and Background

Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution. Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL.…

Read More
EXECUTIVE SUMMARY

In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors of sophisticated threat actors and measures the potential dwell time actors have on a network, providing a realistic assessment of the organization’s security posture.…

Read More

Summary: GitLab has issued a security update to address a critical vulnerability that allows attackers to run pipeline jobs as any other user, impacting all GitLab CE/EE versions from 15.8 to 17.1.2.

Threat Actor: Unknown | Unknown Victim: GitLab | GitLab

Key Point :

A critical vulnerability in GitLab’s GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user.…
Read More

Summary: The content discusses a vulnerability in the RADIUS networking protocol that could allow attackers to bypass user authentication through man-in-the-middle attacks.

Threat Actor: Cybercriminals | Cybercriminals Victim: Users of network devices and services relying on the RADIUS networking protocol | Users of network devices and services relying on the RADIUS networking protocol

Key Point:

A vulnerability in the RADIUS networking protocol allows attackers to bypass user authentication through man-in-the-middle attacks.…
Read More

Summary: Splunk has released security updates to address 16 vulnerabilities, including a critical remote code execution vulnerability, emphasizing the importance of maintaining robust cybersecurity practices in enterprise environments.

Threat Actor: N/A Victim: N/A

Key Point :

Splunk has released security updates to address 16 vulnerabilities across its Splunk Enterprise and Cloud Platform.…
Read More

Summary: This content discusses the exploitation of a Ghostscript vulnerability that allows threat actors to escape the sandbox and achieve remote code execution.

Threat Actor: Unknown | Ghostscript Victim: Web applications and services using Ghostscript for document conversion and previews | Ghostscript

Key Point :

Threat actors are actively exploiting a Ghostscript vulnerability, CVE-2024-29510, to escape the sandbox and achieve remote code execution.…
Read More
Overview

The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score of 9.8. Labeled as an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability and categorized as CWE-611, this vulnerability allows an attacker unauthorized access to private files, such as those containing passwords.…

Read More

Summary: The content discusses the security and privacy challenges brought about by the proliferation of Internet of Things (IoT) devices, with a focus on vulnerabilities found in TVs, smart plugs, and digital video recorders.

Threat Actor: N/A Victim: N/A

Key Point :

The explosion of IoT devices has led to an expanded attack surface, with vulnerabilities in IoT frameworks exposing millions of users to potential privacy breaches.…
Read More

Summary: This content discusses a vulnerability in Ghostscript that could potentially lead to major breaches in the future.

Threat Actor: Ghostscript | Ghostscript Victim: Users of *nix, Windows, MacOS, and various embedded OSes and platforms | Users of *nix, Windows, MacOS, and various embedded OSes and platforms

Key Point:

A vulnerability in Ghostscript, a Postscript and Adobe PDF interpreter, has been discovered and could potentially lead to major breaches.…
Read More

Summary: This content discusses a high-severity vulnerability in Traeger grills that could be exploited by threat actors to control the grills remotely, potentially ruining BBQ cookouts.

Threat Actor: Unknown threat actor | Unknown threat actor Victim: Traeger grill users | Traeger grill users

Key Point :

A security consultant discovered weaknesses in Traeger grills with the Traeger Grill D2 Wi-Fi Controller, allowing remote attackers to control the grills through temperature change controls or shutting them down.…
Read More

Published On : 2024-07-06

EXECUTIVE SUMMARY

At CYFIRMA, we deliver timely insights into prevalent threats and malicious tactics impacting organizations and individuals. Our research team recently discovered a RAR archive in the wild, likely distributed via spam or phishing emails. This archive contains a loader binary that, upon infection, deploys batch and PowerShell scripts designed to collect sensitive user information.…

Read More

Key Takeaways 

Cyble Research and Intelligence Labs (CRIL) recently came across an active campaign exploiting the Microsoft SmartScreen vulnerability (CVE-2024-21412).  

The ongoing campaign targets multiple regions, including Spain, the US, and Australia. 

It employs lures related to healthcare insurance schemes, transportation notices, and tax-related communications to deceive individuals and organizations into downloading malicious payloads onto their machines. …
Read More

The Brain Cipher ransomware group gained widespread attention after a high-profile attack on Indonesia’s National Data Center (Pusat Data Nasional – PDN), which disrupted essential public services, including immigration. On June 20, the cyberattack targeted one of Indonesia’s national data centers. This attack encrypted government servers, disrupting immigration services, passport control, the issuance of event permits, and other online services.…

Read More

Summary: Splunk, a technology company, has addressed 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including four high-severity flaws.

Threat Actor: N/A

Victim: N/A

Key Point:

Splunk has released security updates to address 16 vulnerabilities in its Splunk Enterprise and Cloud Platform. One of the vulnerabilities, CVE-2024-36985, is a Remote Code Execution (RCE) flaw that can be exploited through an external lookup in the “splunk_archiver” application.…
Read More