• VulnVerse
  • Posts
  • Security Week Review - VulnVerse #21

Security Week Review - VulnVerse #21

Author

Marko Živanović
December 16, 2024

Welcome back to VulnVerse! It's our 21th weekly dispatch, and we've got another jam-packed edition for you. Let's dive into the latest vulnerabilities, exploits, and cyber threats.

Content:

Vulnerabilities and Exploits 🔥

Over 300,000 Prometheus servers are vulnerable to DoS attacks, and most admins don’t even know it. Aqua Security’s research shows that these exposed servers can be exploited to knock out critical monitoring systems. Update your configurations, or risk losing visibility into your entire infrastructure.

A vulnerability in the WPForms plugin could’ve affected over 6 million WordPress sites. Luckily, Wordfence stepped in and patched up the issue before it turned into a disaster.

CVE-2024-50623 is a nasty one. Found in the Cleo software platform, it lets attackers execute arbitrary code, giving them full control over compromised systems.

TP-Link Archer routers have a handful of vulnerabilities that could let attackers take full control of your home or office network. The attack surface is wide, from remote code execution to sensitive data leaks.

QNAP NAS devices just dropped some serious vulnerabilities that could leave your data exposed or even give attackers a backdoor into your network.

CVE-2024-49138 is just the tip of the iceberg. Microsoft’s Patch Tuesday for December includes 70 CVEs, and many are ripe for exploitation. If you’re not immediately patching, you might as well be handing attackers the keys to your systems.

Apple’s releasing patches, and you better be on top of them. Vulnerabilities in iPhones, Macs, and more are ripe for exploitation. Apple might make it easy to update, but it’s not going to push you to do it.

Password spraying: the stealthier cousin of brute-force attacks. Citrix’s Netscaler devices are getting hammered by these kinds of attacks. The strategy? Use a few common passwords across a range of accounts to fly under the radar. If you’re not using MFA on your Citrix systems, it’s time to start.

Curl’s got a CVE, and it’s a big one. A CVSS score of 9.1 means this vulnerability is a hacker’s dream come true. When redirected, user credentials get exposed.

MFA is the holy grail, right? Not always. A vulnerability in Microsoft Azure's MFA implementation allows attackers to bypass it entirely. This flaw shows that even "bulletproof" security systems can have their weaknesses.

Hackers are actively exploiting a vulnerability in Cleo software, allowing them to bypass security controls and take full control of sensitive systems.

GitLab 17.6.2 fixes critical RCE vulnerabilities. Update now to avoid putting your repos at risk.

CVE-2024-49138 is the nightmare .NET developers didn’t know they were facing. This one lets attackers run code on your server remotely. Not only does it scream “RCE,” but it’s a ticking time bomb.

Google just dropped a fresh Chrome update that patches a slew of vulnerabilities. If you’re still procrastinating, think again attackers love exploiting browser bugs.

WP Umbrella just handed hackers an open door. Local file inclusion flaws let attackers snoop around your server or inject malicious code without even breaking a sweat.

There’s a hole in WPForms Lite that lets authenticated users mess with payment and subscription data. Missing authorization checks mean that a low-level user can initiate refunds and cancel payments.

Data Breaches 💥

4.8 million healthcare records exposed because of a misconfigured server. That's the story. This breach is an example of how an organization’s failure to lock down sensitive data can put millions at risk.

Malware and Ransomware 🐛

Glutton is a silent killer in the PHP world, targeting mainstream frameworks and injecting itself into web applications without raising any alarms. It’s designed to exfiltrate data while staying under the radar. If you’re using popular PHP frameworks, you better check your code before this thing starts eating away at your systems.

A popular PyPI package just got hijacked via GitHub Actions. Cache poisoning. Sounds fancy, but it’s a method where attackers inject malicious code into commonly-used libraries, compromising everything downstream.

The NPM registry has become a playground for malicious actors. Developers might be getting lazy and not checking every package they pull. Enter the malicious wrapper packages. These look like legit code but sneak in some nasty surprises. If you’re not checking your dependencies closely, you’re setting yourself up for a backdoor entry. Time to rethink that careless “npm install” habit.

AppLite is a newly discovered malware variant that targets mobile employee devices using sophisticated techniques to bypass security. It exploits vulnerabilities in mobile operating systems to steal sensitive company data.

Romania's energy sector is under threat from Lynx ransomware, which targets critical infrastructure for large-scale data encryption and financial extortion. The government has urged organizations in this sector to conduct proactive security scans and strengthen their defenses to avoid falling victim to the increasingly sophisticated attacks.

Think you’re downloading a utility app? Think again. A fresh Android banking Trojan is tricking Indian users into downloading fake apps that steal banking credentials. The Trojan’s tactic is simple: mimic popular apps to hook users into inputting their personal data.

EagleMSGSpy is Chinese spyware that infiltrates Android devices by masquerading as a messaging app, stealing data, tracking calls, and logging GPS locations.

ZLoader now uses DNS tunneling to bypass firewalls undetected. Make sure you monitor DNS traffic to spot this sneaky malware before it takes root.

Pumakit isn’t your average malware. It’s a specialized tool for messing with cloud infrastructure, and Elastic’s research shows just how it works.

Software and System Issues ⚙️

Airlines are increasingly reliant on mobile devices and apps, which makes them prime targets for cyberattacks. Zimperium’s insights highlight why securing this tech is non-negotiable. If you're not locking down these mobile systems, you’re setting your airline up for a big fall.

You can’t keep patching vulnerabilities in a vacuum. It’s time to make vulnerability remediation part of your daily operations. Automate, prioritize, and integrate remediation into your workflows. If you’re just throwing patches at the wall and hoping something sticks, you’re missing the point.

EDR? More like EDR-evaded. A sneaky attack using Windows UI automation bypasses endpoint detection systems. Hackers can manipulate the user interface without triggering alerts, making it easier to carry out malicious tasks without anyone noticing.

Cloud ☁️

AWS just dropped some big security updates at re:Invent 2024, including more granular threat detection and tighter access controls. If you’re running workloads in AWS, these new features could be game-changers in tightening up your cloud security. Don’t miss out—start leveraging these tools to patch up your cloud environments.

Cloud misconfigurations are a hacker’s best friend. In this tale, attackers waltz right into a cloud environment because of a simple oversight. They don’t even need to exploit vulnerabilities just misconfigure something, and boom, you’ve got unwanted guests.

Tools 🛠️

Want to mess with malware safely? Vanir is Google’s open-source malware sandbox designed to let researchers test malicious code without putting their systems at risk.

BadRam is exploiting vulnerabilities in Industrial Control Systems (ICS), targeting critical infrastructure like factories and power plants. Keep your ICS isolated and secure.

Cybersecurity Measures and Recommendations 🔒️

Hackers are no longer breaking in; they're stealing your trust. By impersonating trusted sources, they bypass security measures with convincing social engineering. Your trust is the new target.

Hackers are typosquatting a popular TypeScript plugin on npm. Double-check your dependencies to avoid falling for these deceptive packages.

Advanced Persistent Threats (APT) 🕵️

Salt Typhoon’s attack on global telecoms was a masterclass in stealth. They infiltrated critical infrastructure, disrupted services, and exfiltrated sensitive data—without making much noise.

Careto, the cyberespionage group once believed to be dormant, is back and more dangerous than ever. They've upped their game with new malware designed to exploit Microsoft Office vulnerabilities, giving them easy access to targets in defense, energy, and telecom.

Encrypted messaging isn’t as private as you think. Law enforcement just intercepted 2.3 million messages from a supposedly “secure” service. The message here: encryption is only as secure as the people running the service.

Cyber warfare is a brutal game of tool-sharing. The Russian group Secret Blizzard is using tactics borrowed from other threat actors to strike Ukraine

APT-C-60 is a sophisticated hacker group targeting critical infrastructure using custom malware and phishing. They’re after everything from energy grids to telecom systems.

So there you have it! An electrifying overview of the latest vulnerabilities, exploits, data breaches, malware, ransomware, APTs, software and system issues, and practical cybersecurity measures.

Have any questions, comments, or feedback? Feel free to reply directly, I'd love to hear from you. I’m all ears!

If you find this newsletter helpful and think others would too, please consider forwarding it to them. 🙏

Thanks for reading!

exit(0);

Reply

or to participate.