FortiGuard Labs reported on a critical security incident involving the Ivanti Cloud Services Appliance (CSA), where an advanced adversary exploited multiple vulnerabilities, including CVE-2024-8190, to gain unauthorized access …
Tag: ZERO-DAY
Summary: Mozilla has disclosed a critical security vulnerability in Firefox and Firefox Extended Support Release (ESR) that is actively being exploited, identified as CVE-2024-9680. The flaw, a use-after-free bug in …
Summary: Microsoft has released patches for two actively exploited zero-day vulnerabilities and three additional publicly disclosed vulnerabilities in its latest Patch Tuesday update. The vulnerabilities pose significant risks to organizations, …
Summary: Recent research by Amit Geynis has revealed critical vulnerabilities in modern vehicles, raising alarms about the safety of connected cars. The findings indicate several zero-day exploits in Electronic Control …
Threat Actor: Anonymous | Anonymous Victim: IntelX | IntelX Price: Contact for details Exfiltrated Data Type: Zero-day vulnerability
Key Points :
An anonymous threat actor claims to be selling a…Summary: Google Pixel phones, particularly the Pixel 9, have enhanced security features to protect against vulnerabilities in the cellular baseband, which manages network connectivity and can be a target for …
Summary: Attackers are exploiting CVE-2024-45519, a critical vulnerability in Zimbra that allows unauthorized command execution. Despite patches being available, the exploitation began shortly after a technical write-up and proof of …
Summary and Keypoints
Short SummaryThe speaker announces the publication of a zero-day exploit, prompting a moment of confusion about the context and significance of this revelation.
Key Points The…Summary: A newly discovered zero-day vulnerability (CVE-2024-38200) in Microsoft Office poses significant risks to users by allowing unauthorized access to sensitive authentication data. Security researcher Metin Yunus Kandemir has detailed …
Summary: Attackers are exploiting a critical remote code execution vulnerability (CVE-2024-45519) in Zimbra’s SMTP server, prompting urgent patching by affected organizations. The vulnerability allows unauthenticated remote attackers to execute arbitrary …
Summary and Key Points
SummaryThis blog post discusses a long-standing issue regarding the reliance on output from webp without proper validation, highlighting the potential pitfalls associated with such trust.…
Researchers at Palo Alto Networks discovered a tool named Swiss Army Suite (S.A.S) used by attackers for automated vulnerability scanning, particularly targeting SQL injection vulnerabilities. This tool operates …
Threat Actor: Unknown | unknown Victim: Android Users | Android Users Price: $800,000 Exfiltrated Data Type: Sensitive personal information
Key Points :
A powerful zero-day exploit targeting Android devices is…Short Summary:
This research by Check Point focuses on the increasing number of vulnerable Windows drivers and their exploitation potential. It highlights the characteristics shared by these drivers, the methodologies …
Summary and Key Points
Short SummaryThe primary mistake made by the WebP image format was over-reliance on the output from a tool called enough.c to calculate maximum possible table …
Summary: Recent cyber espionage campaigns linked to China have targeted U.S. internet service providers, with the Salt Typhoon operation focusing on intelligence gathering and potential disruptions. Investigations are ongoing to …
In early 2024, the Sekoia Threat Detection & Research team investigated a suspicious script on a Kurdish website that prompted users to activate their webcams and share their …
Threat Actor: Unknown | Unknown Victim: Magento 2 | Magento 2 Price: $20,000 Exfiltrated Data Type: Remote Code Execution (RCE) exploit
Key Points :
The exploit targets a zero-day vulnerability…Victim: Pureform Radiology Center Country : CA Actor: everest Source: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/pureform-radiology-center/ Discovered: 2024-09-23 14:32:02.766717 Published: 2024-09-23 14:32:01.875767 Description : We were able to hack into the Pureform Radiology Center in …
Short Summary:
Check Point Research has uncovered a new attack vector where threat actors exploit Windows Internet Shortcut files (.url) to lure users into executing remote code. By utilizing the …
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four critical vulnerabilities in Adobe Flash Player to its Known Exploited Vulnerabilities catalog, highlighting ongoing risks associated with legacy …
Summary: Microsoft has updated its security advisory to classify CVE-2024-37985 as a zero-day vulnerability, which poses a medium-level threat to Windows systems by allowing unauthorized access to sensitive heap memory. …
The Summer Intelligence Insights report by Securonix Threat Labs highlights significant cyber threats identified over the last three months, including phishing campaigns, cyber-espionage efforts, and ransomware attacks. The …
Summary: A critical zero-day vulnerability in Windows Hyper-V, tracked as CVE-2024-38080, allows attackers to elevate privileges to SYSTEM level, posing a significant risk to organizations using Microsoft’s virtualization technology. Security …
Summary: The Windows MSHTML spoofing vulnerability, tracked as CVE-2024-43461, was exploited by the Void Banshee APT group to install information-stealing malware before being patched. This vulnerability allowed attackers to disguise …
Summary: Adobe has released security updates for Acrobat and Reader to address two critical vulnerabilities, CVE-2024-45112 and CVE-2024-41869, which could allow arbitrary code execution. A proof-of-concept exploit for a related …
Summary: Microsoft has issued patches for 79 vulnerabilities, with four being actively exploited, including two critical zero-day bugs that allow attackers to bypass security protections in Windows. Organizations are urged …
Summary: Microsoft has patched a long-standing zero-day vulnerability in Windows Smart App Control and SmartScreen, tracked as CVE-2024-38217, which has been exploited since at least 2018 to bypass security features …
Short Summary:
GlorySec is a rising hacktivist group known for targeting governments and institutions they view as corrupt, particularly in Russia and Venezuela. They operate primarily through Telegram, sharing details …
Short Summary:
Ransomware activity surged in Q2 2024, with a 36% increase in claimed attacks compared to Q1, totaling 1,310 incidents. The resurgence is attributed to the recovery of LockBit …
Summary: The article discusses the increasing vulnerability of IT infrastructures due to a lack of diversity in technology stacks, which can lead to catastrophic failures in the event of cyberattacks. …
The “H1 2024 Malware and Vulnerability Trends Report” highlights the evolving tactics of threat actors, particularly in exploiting zero-day vulnerabilities and the rise of infostealer malware. Key trends …
Summary: Security researchers have disclosed a critical zero-day vulnerability in Windows, tracked as CVE-2024-30051, that allows attackers to escalate privileges to SYSTEM level through a heap-based buffer overflow. The vulnerability …
Short Summary:
The cyber threat landscape in Mexico is characterized by a mix of global and local threats, including cyber espionage from state-sponsored actors and increasing incidents of ransomware and …
Summary: The healthcare sector is at risk due to vulnerabilities in the widely used Apache Tomcat web server, which is essential for hosting various healthcare applications. Federal authorities warn that …
Summary: Cisco has addressed critical vulnerabilities in its Smart Licensing Utility (CSLU) that allowed unauthorized access through a backdoor account and the potential exposure of sensitive data. The company has …
Summary: FortiGuard Labs has identified a new ransomware variant named Underground, linked to the Russia-based RomCom group, which encrypts files on Windows machines and demands a ransom for decryption. Active …
Summary: CISA has identified three critical vulnerabilities in its KEV catalog, emphasizing their active exploitation and urging immediate patching by organizations. Notably, vulnerabilities in Draytek routers and Kingsoft WPS Office …
Summary: Google has patched a high-severity privilege escalation vulnerability in its Android operating system, tracked as CVE-2024-32896, which is currently being exploited in the wild. The vulnerability allows for local …
The oil and gas extraction industry is increasingly vulnerable to cyberattacks due to its reliance on digital technologies and geopolitical tensions. A significant percentage of energy professionals are …
Summary: A North Korea-linked group known as Citrine Sleet has exploited a recently patched Google Chrome zero-day vulnerability (CVE-2024-7971) to deploy the FudModule rootkit, targeting the cryptocurrency sector for financial …
Summary: The QiAnXin Threat Intelligence Center has revealed details of “Operation DevilTiger,” a sophisticated cyber espionage campaign by the APT-Q-12 group, also known as “Pseudo Hunter,” targeting East Asian entities. …
RansomHub ransomware, which emerged in February 2024, poses a significant threat to various sectors, including critical infrastructure. Utilizing a double-extortion model, it encrypts and exfiltrates data to demand …
Summary: Malicious hackers are exploiting a critical vulnerability in the AVM1203 security camera to spread a variant of the Mirai malware, which targets Internet of Things (IoT) devices for distributed …
Summary: The Department of Information and Communications Technology (DICT) in the Philippines has unveiled its National CyberSecurity Plan (NCSP) 2023-2028, aimed at enhancing the country’s cybersecurity landscape through various strategic …
Short Summary:
On August 19, 2024, Microsoft reported that a North Korean threat actor, Citrine Sleet, exploited a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution, targeting the …
Short Summary:
ESET researchers identified a code execution vulnerability (CVE-2024-7262) in WPS Office for Windows, exploited by the APT-C-60 group to target East Asian countries. A subsequent analysis revealed another …
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the Google Chromium V8 Inappropriate Implementation Vulnerability CVE-2024-38856 to its Known Exploited Vulnerabilities catalog, highlighting its critical nature with …