Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: A vulnerability called “CosmicSting” in Adobe Commerce and Magento websites is leaving millions of sites at risk of XML external entity injection (XXE) and remote code execution (RCE) attacks.
Threat Actor: CosmicSting | CosmicSting Victim: Adobe Commerce and Magento websites | Adobe Commerce and Magento websites
Key Point :
A vulnerability named “CosmicSting” in Adobe Commerce and Magento websites remains unpatched, leaving millions of sites vulnerable to XXE and RCE attacks.…Summary: The Atlassian June 2024 Security Bulletin addressed multiple high-severity vulnerabilities in their Confluence, Crucible, and Jira products.
Threat Actor: None identified.
Victim: Atlassian.
Key Point :
The Atlassian June 2024 Security Bulletin addressed nine high-severity vulnerabilities in Confluence, Crucible, and Jira products. The most severe vulnerability was an improper authorization dependency in Confluence Data Center and Server, which received a CVSS score of 8.2.…This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.
IntroductionPerimeter devices such as firewalls, virtual private networks (VPNs), and intrusion prevention systems (IPS), have long been the target of adversarial actors attempting to gain access to internal networks.…
ModiLoader aka DBatLoader – Active IOCsJune 21, 2024Multiple IBM i and WebSphere Application Server VulnerabilitiesJune 21, 2024
Analysis SummaryThe SideWinder APT (Advanced Persistent Threat) Group is a sophisticated cyber espionage group active since at least 2012. The group is believed to be based in India and has targeted government agencies, military organizations, and financial institutions in South Asia and the Middle East.…
The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Windows-based PHP servers used in CGI mode. Identified as CVE-2024-4577 and given a CVSSv3 score of 9.8, the vulnerability is more severe than it initially appears. Labeled as an argument injection vulnerability and categorized as CWE-78 – Improper Neutralization of Special Elements used in an OS Command – this vulnerability allows an attacker to read/modify/execute any file on the system, take control and compromise affected servers. …
Summary: A security researcher discovered a bug that allows anyone to impersonate Microsoft corporate email accounts, potentially enabling phishing attacks.
Threat Actor: N/A
Victim: Microsoft
Key Point:
A bug was discovered that allows anyone to impersonate Microsoft corporate email accounts, putting users at risk of falling for phishing attacks.…Summary: There is a critical vulnerability in the command line program wget, which has a CVSS Base Score of 10.0. CERT-Bund warns of the vulnerability, which is contained in wget versions <=1.24.5.
Threat Actor: Unspecified threat actor | wget Victim: Users of wget under Linux or Windows | wget
Key Point :
A critical vulnerability (CVE-2024-38428) has been discovered in the command line program wget, which allows an attacker to carry out an unspecified attack.…Summary: Google has released a security update for Chrome 126, addressing several vulnerabilities including a high-severity type confusion issue in the V8 script engine.
Threat Actor: N/A
Victim: N/A
Key Point :
The security update for Chrome 126 addresses a high-severity type confusion issue in the V8 script engine, reported by Seunghyun Lee during the SSD Secure Disclosure’s TyphoonPWN 2024.…Summary: This content discusses the investigation into UNC3886, a suspected China-nexus cyberespionage group targeting strategic global organizations.
Threat Actor: UNC3886 | UNC3886 Victim: Strategic global organizations | strategic global organizations
Key Point :
UNC3886 demonstrated sophisticated and cautious approaches by employing multiple layers of persistence across network devices, hypervisors, and virtual machines to maintain long-term access.…Summary: This content discusses a vulnerability in RAD Data Communications’ SecFlow-2 equipment that allows remote attackers to perform path traversal and obtain files from the operating system.
Threat Actor: RAD Data Communications | RAD Data Communications Victim: Users of RAD Data Communications’ SecFlow-2 equipment | RAD Data Communications
Key Point :
The vulnerability, known as CVE-2019-6268, has a CVSS v4 score of 8.7 and allows attackers to exploit the path traversal vulnerability remotely with low attack complexity.…⚠️This is only a small excerpt from the original report, which can be found in the corresponding section, the report has been created thanks to the collaboration of Josh Penny [@josh_penny]⚠️
Akira is a Threat Actor (TA) categorized within the criminal groups related to Ransomware, whose main objective is to gain money through extortion.…
We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are bundled with malicious Winos payloads.…
Threat Actor: Unknown | Unknown Victim: Windows 8.1, 10, and 11 | Windows 8.1, 10, and 11 Price: $150,000 in cryptocurrency Exfiltrated Data Type: Not specified
Additional Information:
The threat actor is allegedly selling a zero-day Local Privilege Escalation (LPE) exploit targeting Windows 8.1, 10, and 11.…Summary: The content discusses the alarming increase in vulnerabilities across all enterprise software categories and emphasizes the need for alternative approaches to vulnerability monitoring due to delays in associating Common Vulnerabilities and Exposures (CVE) identifiers with Common Platform Enumeration (CPE) data.
Threat Actor: N/A Victim: N/A
Key Point :
Action1 researchers found a significant rise in the total number of vulnerabilities in enterprise software.…Summary: Threat actors are increasingly targeting load balancers, leading to a record exploitation rate for this category of devices over a three-year period.
Threat Actor: Unknown | Unknown Victim: Load balancers | Load balancers
Key Point :
Load balancers have a disproportionately high exploitation rate, with a record 17% exploitation rate over a three-year period.…Summary: This content discusses the importance of process mapping in cybersecurity and how it can revolutionize understanding and managing the security landscape.
Threat Actor: N/A Victim: N/A
Key Point :
Cybersecurity is not just about firewalls and antivirus, but also about understanding how defenses, people, and processes work together.…Summary: Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances.
Threat Actor: Malicious actors | malicious actors Victim: Mailcow open-source mail server suite | Mailcow open-source mail server suite
Key Point :
A path traversal vulnerability impacting a function named “rspamd_maps()” that could result in the execution of arbitrary commands on the server by allowing a threat actor to overwrite any file that can be modified with the “www-data” user.…Manila, Philippines – Supply chain attacks have become increasingly prevalent. While large corporations and government agencies typically boast complex information security systems and robust defense infrastructure, their smaller vendor counterparts often lack comparable defensive capabilities. This discrepancy creates a significant vulnerability, allowing hackers to exploit weaker links to ultimately target larger, more secure entities.…
Summary: This article discusses the use of large language models (LLMs) in cyber defense applications and the concerns regarding their reliability and accuracy.
Threat Actor: N/A
Victim: N/A
Key Point :
Researchers from the Rochester Institute of Technology have developed CTIBench, the first benchmark to evaluate the performance of LLMs in cyber threat intelligence applications.…While responding to an incident at one of our clients, the PT ESC CSIRT team discovered a previously unknown backdoor written in Go, which we attributed to a cybercrime gang dubbed ExCobalt.
ExCobalt focuses on cyberespionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt gang. Cobalt attacked financial institutions to steal funds.…