- The Cybersecurity Digest Newsletter
- Posts
- End of Week Cybersecurity Digest: 30 Aug 2024
End of Week Cybersecurity Digest: 30 Aug 2024
VPN Credentials Threatened, Tickler Malware, and Voldemort!
Greg
August 30, 2024
The Cybersecurity Digest Newsletter
Date: 30 Aug 2024
Happy Friday and welcome to the Cybersecurity Digest! We have made it to the end of the week!
Thank you to everyone who has subscribed to the newsletter so far! If you enjoy the content, I ask that you please share it with someone you know who would benefit from the information that this Newsletter provides! The more subscribers the newsletter gets the easier it will be to continue to provide this FREE resource!
In addition to this newsletter, we have a weekly podcast which will be published on Mondays that recaps the top 10 stories from the previous week. If there are any specific stories you want to see, please comment!
There is ALOT today. In order to make sure it isnt too overwhelming I have linked ALL of the news and articles I have, however there will not be all the summaries.
**Please note that Blue Article Titles and words in sections are links directing to source material. Additionally, if the background is too dark for text on mobile, try turning off your phones dark mode.
Upcoming In Today's Issue
Notable News
PoC Exploit for Zero-Click Vulnerability Made Available to the Masses - DarkReading
Employee arrested for locking Windows admins out of 254 servers in extortion plot - BleepingComputer
Researchers find SQL injection to bypass airport TSA security checks - BleepingComputer
Threat actors exploit Atlassian Confluence bug in cryptomining campaigns - SecurityAffairs
Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign - TheHackerNews
Readworthy Research
Proofpoint researchers take a look at a malware that the threat actor named Voldemort!
A look at a malicious actor targeting US orgs VPN Credentials for access into a company.
Iranian threat actor observed deploying a new backdoor Microsoft is calling tickler.
ESET Research looks at CVE-2024-7262 and CVE-2024-7263
TrendMicro looks at a fake Global Protect tool targeting users in the Middle East.
Unit 42 takes a deep dive into some of the scam campaigns they have recently observed.
Mandiant releases details of a suspected counterintelligence operation that is collecting data on Iranians.
Cisco Talos discusses how BlackByte has been leveraging its same tactics while also trying to exploit newer vulnerabilities.
Unit42 investigates 19 new TLDs that were released within the last year
Sophos takes a deep look at an EDR Killer that bypasses EDR protection and how these tools have evolved.
Mandiant looks at how digital anlaytic tools can be used for malicious data analytics.
SentinelOne Labs talks about VirusTotal and the data contained on the site, as well as how this information can be used for threat research.
Checkmarx looks at a malware campaign that has been targeting Roblox developers for over a year.
Prevalent Patches
CVSS 9.9 affects WPML Multilingual CMS <= 4.6.12
Impacted Devices:
Alienware Area 51m R2 version: 1.29.0 or later version
Alienware Aurora R15 AMD version: 1.15.0 or later version
Alienware m15 R3 version: 1.29.0 or later version
Alienware m15 R4 version: 1.24.0 or later version
Alienware m17 R3 version: 1.29.0 or later version
Alienware m17 R4 version: 1.24.0 or later version
Alienware x14 version: 1.21.0 or later version
Alienware x15 R1 version: 1.24.0 or later version
Alienware x15 R2 version: 1.22.0 or later version
Alienware x17 R1 version: 1.24.0 or later version
Alienware x17 R2 version: 1.22.0 or later version
Cisco Released Several Patches
Affected Product(s) | Advisory | CVSS |
|---|---|---|
NX-OS | 8.6 | |
APIC and Cloud Network Controller | 6.5 | |
NX-OS | 5.3 | |
NX-OS | 4.4 |
ManageEngine published a fix for a SQL Injection Vulnerability for these products.
This patche resolves a vulnerability that exists within the following SAP BEx Java Runtime Web Service:
BI-BASE-E version 7.5
BI-BASE-B version 7.5
BI-IBC version 7.5
BI-BASE-S version 7.5
BIWEBAPP version 7.5
Fortra published a fix for this CVSS 9.8 vulnerability.
CISA Corner
CISA has been busy since our last newsletter has been published. They have published an adivosry on the RansomHub Threat actor, one on Iran, 3 ICS advisories, and added one more addition to the KEV.
RansomHub recently was linked to the attack on Haliburton. One of the items in response was CISA putting out this advisory.
CISA and others warn of attacks being enabled by Iran-based threat actors on US sectors such as education, healthcare, finance, and defense sectors.
Advisory is for 3 different Industrial Control Systems:
- Rockwell Automation ThinManager ThinServer
- Delta Electronics DTN Soft
- Rockwell Automation FactoryTalk View Site Edition (Update A)
KEV Additions
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Conclusion:
Thank you for reading this edition of the Cybersecurity Digest Newsletter.
If you enjoyed this newsletter please share with someone you know who would benefit from this information.
For previous newsletters, announcements, and links please check out our full website
Before you go here is your Dad Joke:
I experienced a first today, I tried to changed my password to ChuckNorris and the computer yelled at me for my password being too strong.
Until next time, Stay Secure!
Interested in creating your own Newsletter? Try BeeHiiv for free for 30-days + get 20% off 3 months here.
Reply