Summary: This content discusses a severe logging configuration flaw, CVE-2021-44832, in Apache Log4j2 that could have a significant impact on the financial industry.

Threat Actor: N/A

Victim: N/A

Key Point :

The vulnerability, CVE-2021-44832, allows remote attackers to execute malicious code on affected systems by exploiting a logging configuration flaw in Apache Log4j2.…
Read More

We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000. These vulnerabilities are found in various WordPress plugins and are prone to unauthenticated stored cross-site scripting (XSS) attacks due to inadequate input sanitization and output escaping, making it possible for attackers to inject malicious scripts.…

Read More

Authored by Dexter Shin

Many government agencies provide their services online for the convenience of their citizens. Also, if this service could be provided through a mobile app, it would be very convenient and accessible. But what happens when malware pretends to be these services?

McAfee Mobile Research Team found an InfoStealer Android malware pretending to be a government agency service in Bahrain.…

Read More

Threat Actor: Unknown | Unknown Victim: Windows users | Windows users Price: $120,000 Exfiltrated Data Type: Not specified

Additional Information:

The exploit targets multiple versions of Windows, including the latest releases such as Windows Server 2022, Windows 11, and Windows 10. The exploit claims to raise privileges from medium to system level in just 2 seconds with a success rate of 99.4%.…
Read More

Summary: Researchers have discovered a macOS version of the LightSpy spyware that has been active since January 2024, with threat actors using publicly available exploits to deliver the spyware and exfiltrate private information from devices.

Threat Actor: LightSpy | LightSpy Victim: macOS users | macOS

Key Point :

The macOS version of LightSpy spyware has been active since January 2024.…
Read More

Summary: Cloudflare’s threat intel team has stopped a month-long phishing and espionage attack targeting Ukraine, attributed to the Russia-aligned gang FlyingYeti, which aimed to exploit financially vulnerable citizens who had benefited from a government moratorium on evictions and utility disconnections for unpaid debt.

Threat Actor: FlyingYeti | FlyingYeti Victim: Financially strapped citizens in Ukraine | Ukraine

Key Point :

FlyingYeti, a Russia-aligned gang, launched a phishing and espionage attack targeting financially vulnerable citizens in Ukraine who had benefited from a government moratorium on evictions and utility disconnections for unpaid debt.…
Read More

Summary: Okta warns of credential stuffing attacks targeting its Customer Identity Cloud (CIC) feature since April, which poses a risk of exposing sensitive data or enabling fraudulent activities.

Threat Actor: Unknown | credential stuffing attacks Victim: Okta | Okta

Key Point :

Okta has observed credential stuffing attacks targeting its Customer Identity Cloud (CIC) feature since April.…
Read More

Summary: A threat actor known as “phant0m” is promoting a new Ransomware-as-a-Service (RaaS) called “SpiderX,” which is designed to be more advanced and harder to detect than its predecessor, Diablo ransomware.

Threat Actor: phant0m | phant0m Victim: N/A

Key Point :

A threat actor named phant0m is advertising a new Ransomware-as-a-Service (RaaS) called SpiderX on the dark web forum OnniForums.…
Read More
Executive Summary

Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP). The incident took place over a 72-hour period between October 25-27, rendered the infected devices permanently inoperable, and required a hardware-based replacement.…

Read More

Update 31.05.2024: Added clarification on severity of the vulnerability, recommendations and mitigations. A Proof of Concept (POC) to exploit the vulnerability is now publicly available. CVSS score has been increased from 7.5 to 8.6. Updated Check Point support links.

A critical vulnerability has been discovered in Check Point Security Gateways with Remote Access VPN enabled, also referred to as the “Mobile Access” blade.…

Read More

A critical vulnerability was found in the Replicate AI platform that could have exposed the private AI models and application data of all its customers.

The vulnerability stemmed from challenges in tenant separation, a recurring issue in AI-as-a-service platforms. 

By exploiting this, attackers could have gained unauthorized access to user prompts and the corresponding AI results, as the security flaw was responsibly disclosed to Replicate and promptly addressed, with no customer data compromised. …

Read More

On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade.

On May 29, 2024, security firm mnemonic published a blog reporting that they have observed in-the-wild exploitation of CVE-2024-24919 since April 30, 2024, with threat actors leveraging the vulnerability to enumerate and extract password hashes for all local accounts, including accounts used to connect to Active Directory.…

Read More

Summary: RansomLord is an open-source tool that automates the creation of PE files to exploit ransomware pre-encryption, aiming to demonstrate vulnerabilities in ransomware and help build anti-ransomware defenses.

Threat Actor: hyp3rlinx | hyp3rlinx Victim: N/A

Key Point :

RansomLord leverages DLL hijacking tactics used by cybercriminals and deploys exploits to defend networks, providing a novel strategy against ransomware.…
Read More

Summary: This content discusses the unintended consequences of the growing number of software vulnerabilities reported and maintained as common vulnerabilities and exposures (CVEs) in cybersecurity.

Threat Actor: N/A Victim: N/A

Key Point :

The increasing number of software vulnerabilities reported as CVEs poses challenges in terms of managing and prioritizing them effectively.…
Read More