Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
by Haifei Li
Introduction and BackgroundCheck Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution. Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL.…
Cybereason Security Services issue Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.…
In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors of sophisticated threat actors and measures the potential dwell time actors have on a network, providing a realistic assessment of the organization’s security posture.…
Threat Actor: Unknown | Unknown Victim: phpBB | phpBB Price: $69 (Bitcoin) Exfiltrated Data Type: Databases
Key Points :
A threat actor is offering a SQL injection vulnerability for sale targeting phpBB, a popular open-source forum software. The vulnerability allows an authenticated attacker to execute SQL queries and retrieve databases.…Summary: GitLab has issued a security update to address a critical vulnerability that allows attackers to run pipeline jobs as any other user, impacting all GitLab CE/EE versions from 15.8 to 17.1.2.
Threat Actor: Unknown | Unknown Victim: GitLab | GitLab
Key Point :
A critical vulnerability in GitLab’s GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user.…Summary: VMware has addressed a high-severity SQL-injection vulnerability in its Aria Automation solution, which could allow an authenticated malicious user to perform unauthorized read/write operations in the database.
Threat Actor: N/A
Victim: VMware
Key Point :
The SQL-injection vulnerability, tracked as CVE-2024-22280, affects VMware Aria Automation version 8.x…This article reviews a DarkGate malware campaign from March-April 2024 that uses Microsoft Excel files to download a malicious software package from public-facing SMB file shares. This was a relatively short-lived campaign that illustrates how threat actors can creatively abuse legitimate tools and services to distribute their malware.…
Summary: The content discusses a vulnerability in the RADIUS networking protocol that could allow attackers to bypass user authentication through man-in-the-middle attacks.
Threat Actor: Cybercriminals | Cybercriminals Victim: Users of network devices and services relying on the RADIUS networking protocol | Users of network devices and services relying on the RADIUS networking protocol
Key Point:
A vulnerability in the RADIUS networking protocol allows attackers to bypass user authentication through man-in-the-middle attacks.…Summary: Splunk has released security updates to address 16 vulnerabilities, including a critical remote code execution vulnerability, emphasizing the importance of maintaining robust cybersecurity practices in enterprise environments.
Threat Actor: N/A Victim: N/A
Key Point :
Splunk has released security updates to address 16 vulnerabilities across its Splunk Enterprise and Cloud Platform.…Summary: This content discusses the exploitation of a Ghostscript vulnerability that allows threat actors to escape the sandbox and achieve remote code execution.
Threat Actor: Unknown | Ghostscript Victim: Web applications and services using Ghostscript for document conversion and previews | Ghostscript
Key Point :
Threat actors are actively exploiting a Ghostscript vulnerability, CVE-2024-29510, to escape the sandbox and achieve remote code execution.…The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score of 9.8. Labeled as an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability and categorized as CWE-611, this vulnerability allows an attacker unauthorized access to private files, such as those containing passwords.…
Summary: The content discusses the security and privacy challenges brought about by the proliferation of Internet of Things (IoT) devices, with a focus on vulnerabilities found in TVs, smart plugs, and digital video recorders.
Threat Actor: N/A Victim: N/A
Key Point :
The explosion of IoT devices has led to an expanded attack surface, with vulnerabilities in IoT frameworks exposing millions of users to potential privacy breaches.…Summary: Four vulnerabilities in the Gogs open-source self-hosted Git service solution could enable attackers to steal, modify, or delete valuable source code.
Threat Actor: Unknown | Unknown Victim: Gogs | Gogs
Key Point :
Three of the vulnerabilities enable “argument injection,” allowing attackers to read, modify, or delete code on a vulnerable Gogs server.…Summary: This content discusses a vulnerability in Ghostscript that could potentially lead to major breaches in the future.
Threat Actor: Ghostscript | Ghostscript Victim: Users of *nix, Windows, MacOS, and various embedded OSes and platforms | Users of *nix, Windows, MacOS, and various embedded OSes and platforms
Key Point:
A vulnerability in Ghostscript, a Postscript and Adobe PDF interpreter, has been discovered and could potentially lead to major breaches.…Summary: This content discusses a high-severity vulnerability in Traeger grills that could be exploited by threat actors to control the grills remotely, potentially ruining BBQ cookouts.
Threat Actor: Unknown threat actor | Unknown threat actor Victim: Traeger grill users | Traeger grill users
Key Point :
A security consultant discovered weaknesses in Traeger grills with the Traeger Grill D2 Wi-Fi Controller, allowing remote attackers to control the grills through temperature change controls or shutting them down.…Published On : 2024-07-06
EXECUTIVE SUMMARYAt CYFIRMA, we deliver timely insights into prevalent threats and malicious tactics impacting organizations and individuals. Our research team recently discovered a RAR archive in the wild, likely distributed via spam or phishing emails. This archive contains a loader binary that, upon infection, deploys batch and PowerShell scripts designed to collect sensitive user information.…
In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly.
Summary
Attackers can leverage the Jenkins Script Console to execute malicious Groovy scripts, leading to cybercriminal activities such as the deployment of cryptocurrency miners.…The Brain Cipher ransomware group gained widespread attention after a high-profile attack on Indonesia’s National Data Center (Pusat Data Nasional – PDN), which disrupted essential public services, including immigration. On June 20, the cyberattack targeted one of Indonesia’s national data centers. This attack encrypted government servers, disrupting immigration services, passport control, the issuance of event permits, and other online services.…
Summary: Splunk, a technology company, has addressed 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including four high-severity flaws.
Threat Actor: N/A
Victim: N/A
Key Point:
Splunk has released security updates to address 16 vulnerabilities in its Splunk Enterprise and Cloud Platform. One of the vulnerabilities, CVE-2024-36985, is a Remote Code Execution (RCE) flaw that can be exploited through an external lookup in the “splunk_archiver” application.…