Tag: VULNERABILITY

Summary: A vulnerability called “CosmicSting” in Adobe Commerce and Magento websites is leaving millions of sites at risk of XML external entity injection (XXE) and remote code execution (RCE) attacks.

Threat Actor: CosmicSting | CosmicSting Victim: Adobe Commerce and Magento websites | Adobe Commerce and Magento websites

Key Point :

A vulnerability named “CosmicSting” in Adobe Commerce and Magento websites remains unpatched, leaving millions of sites vulnerable to XXE and RCE attacks.…
Read More

Summary: The Atlassian June 2024 Security Bulletin addressed multiple high-severity vulnerabilities in their Confluence, Crucible, and Jira products.

Threat Actor: None identified.

Victim: Atlassian.

Key Point :

The Atlassian June 2024 Security Bulletin addressed nine high-severity vulnerabilities in Confluence, Crucible, and Jira products. The most severe vulnerability was an improper authorization dependency in Confluence Data Center and Server, which received a CVSS score of 8.2.…
Read More

This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.

Introduction

Perimeter devices such as firewalls, virtual private networks (VPNs), and intrusion prevention systems (IPS), have long been the target of adversarial actors attempting to gain access to internal networks.…

Read More

ModiLoader aka DBatLoader – Active IOCsJune 21, 2024Multiple IBM i and WebSphere Application Server VulnerabilitiesJune 21, 2024

Analysis Summary

The SideWinder APT (Advanced Persistent Threat) Group is a sophisticated cyber espionage group active since at least 2012. The group is believed to be based in India and has targeted government agencies, military organizations, and financial institutions in South Asia and the Middle East.…

Read More
Overview 

The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Windows-based PHP servers used in CGI mode. Identified as CVE-2024-4577 and given a CVSSv3 score of 9.8, the vulnerability is more severe than it initially appears. Labeled as an argument injection vulnerability and categorized as CWE-78 – Improper Neutralization of Special Elements used in an OS Command – this vulnerability allows an attacker to read/modify/execute any file on the system, take control and compromise affected servers. …

Read More

Summary: There is a critical vulnerability in the command line program wget, which has a CVSS Base Score of 10.0. CERT-Bund warns of the vulnerability, which is contained in wget versions <=1.24.5.

Threat Actor: Unspecified threat actor | wget Victim: Users of wget under Linux or Windows | wget

Key Point :

A critical vulnerability (CVE-2024-38428) has been discovered in the command line program wget, which allows an attacker to carry out an unspecified attack.…
Read More

Summary: Google has released a security update for Chrome 126, addressing several vulnerabilities including a high-severity type confusion issue in the V8 script engine.

Threat Actor: N/A

Victim: N/A

Key Point :

The security update for Chrome 126 addresses a high-severity type confusion issue in the V8 script engine, reported by Seunghyun Lee during the SSD Secure Disclosure’s TyphoonPWN 2024.…
Read More

Summary: This content discusses the investigation into UNC3886, a suspected China-nexus cyberespionage group targeting strategic global organizations.

Threat Actor: UNC3886 | UNC3886 Victim: Strategic global organizations | strategic global organizations

Key Point :

UNC3886 demonstrated sophisticated and cautious approaches by employing multiple layers of persistence across network devices, hypervisors, and virtual machines to maintain long-term access.…
Read More

Summary: This content discusses a vulnerability in RAD Data Communications’ SecFlow-2 equipment that allows remote attackers to perform path traversal and obtain files from the operating system.

Threat Actor: RAD Data Communications | RAD Data Communications Victim: Users of RAD Data Communications’ SecFlow-2 equipment | RAD Data Communications

Key Point :

The vulnerability, known as CVE-2019-6268, has a CVSS v4 score of 8.7 and allows attackers to exploit the path traversal vulnerability remotely with low attack complexity.…
Read More

⚠️This is only a small excerpt from the original report, which can be found in the corresponding section, the report has been created thanks to the collaboration of Josh Penny [@josh_penny]⚠️

Akira is a Threat Actor (TA) categorized within the criminal groups related to Ransomware, whose main objective is to gain money through extortion.…

Read More

Summary: The content discusses the alarming increase in vulnerabilities across all enterprise software categories and emphasizes the need for alternative approaches to vulnerability monitoring due to delays in associating Common Vulnerabilities and Exposures (CVE) identifiers with Common Platform Enumeration (CPE) data.

Threat Actor: N/A Victim: N/A

Key Point :

Action1 researchers found a significant rise in the total number of vulnerabilities in enterprise software.…
Read More

Summary: This content discusses the importance of process mapping in cybersecurity and how it can revolutionize understanding and managing the security landscape.

Threat Actor: N/A Victim: N/A

Key Point :

Cybersecurity is not just about firewalls and antivirus, but also about understanding how defenses, people, and processes work together.…
Read More

Summary: Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances.

Threat Actor: Malicious actors | malicious actors Victim: Mailcow open-source mail server suite | Mailcow open-source mail server suite

Key Point :

A path traversal vulnerability impacting a function named “rspamd_maps()” that could result in the execution of arbitrary commands on the server by allowing a threat actor to overwrite any file that can be modified with the “www-data” user.…
Read More

Manila, Philippines – Supply chain attacks have become increasingly prevalent. While large corporations and government agencies typically boast complex information security systems and robust defense infrastructure, their smaller vendor counterparts often lack comparable defensive capabilities. This discrepancy creates a significant vulnerability, allowing hackers to exploit weaker links to ultimately target larger, more secure entities.…

Read More