Weekly Cybersecurity Roundup: January 13, 2025 – January 19, 2025
Category
A series of critical vulnerabilities have been reported across various platforms, including Aviatrix Controller and Microsoft 365 applications, leading to significant security risks such as unauthorized access and data breaches. Additionally, a new phishing tactic targeting Apple iMessage users and a malicious PyPi package aimed at Discord developers have emerged, highlighting the evolving threat landscape. Affected: Aviatrix Controller, Microsoft 365, Fortinet, OneBlood, Docker Desktop, Apple iMessage, Rsync, WordPress, Ivanti, Google Ads, Discord

Keypoints :

  • Aviatrix Controller vulnerability (CVE-2024–50603) allows unauthenticated remote code execution.
  • Microsoft 365 applications crash on Windows Server after specific updates, causing operational disruptions.
  • Fortinet discloses a zero-day vulnerability (CVE-2024–55591) affecting FortiOS and FortiProxy.
  • OneBlood suffered a ransomware attack leading to the exfiltration of personal data.
  • False malware alerts block Docker Desktop on Macs, affecting versions 4.32 to 4.36.
  • Phishing texts target Apple iMessage users, tricking them into disabling protection.
  • Ransomware campaign exploits AWS S3 buckets using compromised credentials.
  • WordPress skimmers evade detection by injecting malicious scripts into database tables.
  • Ivanti patches critical vulnerabilities in its Endpoint Manager software.
  • OWASP releases the LLM Top 10, highlighting security risks associated with AI technologies.
  • Malvertising campaign targets Google Ads users to steal credentials and 2FA codes.
  • A malicious PyPi package steals Discord authentication tokens from developers.

MITRE Techniques :

  • Remote Code Execution (T1203) – Exploitation of CVE-2024–50603 in Aviatrix Controller allows attackers to execute arbitrary commands.
  • Credential Dumping (T1003) – Attackers exploit compromised AWS credentials to access S3 buckets.
  • Phishing (T1566) – Cybercriminals use deceptive messages to trick Apple iMessage users into disabling security features.
  • Data Encrypted for Impact (T1486) – Ransomware encrypts data in AWS S3 buckets, locking out legitimate users.
  • Exploitation of Vulnerability (T1203) – Exploitation of vulnerabilities in Ivanti Endpoint Manager for unauthorized access.

Indicator of Compromise :

  • [domain] aviatrix.com
  • [url] bleepingcomputer.com
  • [url] aws.amazon.com
  • [url] discord.com
  • [url] google.com
  • Check the article for all found IoCs.


Full Research: https://threatweek.medium.com/weekly-cybersecurity-roundup-jan-13-2025-jan-19-2025-cbd4e90d000c?source=rss——malware-5