Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
Windows Update Causing Blue Screens and Reboot Loops The Windows 11 KB5043145 update, released in September 2024, caused issues such as reboot loops, blue screens (BSOD), and problems with USB and Bluetooth connectivity on systems running versions 22H2 and 23H2. Affected users reported BitLocker recovery and the Automatic Repair tool being triggered. Microsoft has now released a fix that addresses these issues, and organizations experiencing these problems are advised to install the new patch to resolve them.
Optigo Network Switches Impacted by RCE Flaw The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of two critical vulnerabilities in Optigo Networks’ ONS-S8 Aggregation Switches, used in critical infrastructure. These flaws allow remote code execution and authentication bypass, making it easy for attackers to exploit them with minimal effort. Since no patches are available, CISA recommends mitigations like network isolation and securing access. The flaws, rated 9.3/10 on the CVSS scale, pose significant risks to critical systems if not addressed.
This Week’s Roundup:
Rackspace Breach Via ScienceLogic Zero-day Attack Rackspace suffered a data breach after attackers exploited a zero-day vulnerability in a third-party tool used by ScienceLogic’s SL1 platform. The breach exposed limited monitoring data, including customer account names, IP addresses, and encrypted internal credentials. ScienceLogic quickly patched the flaw after it was discovered. Rackspace confirmed that no sensitive customer data or hosted services were accessed, and customers do not need to take further action.
Severe Nvidia Container Toolkit Exploit Allows Access to Host A critical vulnerability was discovered in the NVIDIA Container Toolkit, which could allow attackers to gain access to the underlying host system. This flaw could be exploited by compromising containerized applications to escalate privileges and access sensitive resources on the host machine. NVIDIA has released patches to address the issue, and teams are urged to update as soon as possible. The flaw affects environments using containerization for software development and deployment.
Critical CUPS Flaw Allows RCE On Linux Systems Security researchers discovered multiple vulnerabilities in CUPS (Common Unix Printing System), which could allow remote code execution (RCE) on Linux systems under certain conditions. These flaws impact several Linux distributions, potentially letting attackers execute arbitrary code with elevated privileges if exploited. Organizations are urged to patch any Linux system immediately.
Kia Cars Vulnerable to Remote Hacking Researchers found vulnerabilities in Kia’s vehicle systems that could allow hackers to remotely control millions of cars. By exploiting flaws in the Kia owners’ portal, attackers could access personal information, such as names and addresses, and send commands like unlocking the vehicle or starting the engine. The attack could be initiated using just the car’s license plate, making it quick and difficult to detect. Kia has since patched the vulnerabilities after being informed by the researchers in June 2024.
DrayTek Fixes Flaws in 700,000 Exposed Routers DrayTek has patched 14 critical vulnerabilities in its routers, including a remote code execution flaw rated 10/10 on the CVSS scale. Over 700,000 routers are exposed online, with the web interface open to the internet, putting users at risk. The vulnerabilities, discovered by Vedere Labs, affect both supported and end-of-life router models. DrayTek has released fixes, and teams are urged to update their firmware and disable remote access to prevent exploitation.
Zimbra Critical RCE Exploit Using Emails to Backdoor Servers Hackers are exploiting a critical remote code execution (RCE) vulnerability in Zimbra email servers (CVE-2024-45519) by sending specially crafted emails. The vulnerability allows attackers to install webshells on vulnerable servers, giving them full access to the systems. The flaw is being actively exploited, and the attacks involve injecting malicious commands into the email’s CC field, which are executed by Zimbra’s postjournal service. Zimbra has released patches to fix the issue, and administrators are urged to update or apply mitigations.
Ivanti Endpoint Manager Flaw Now Actively Exploited, CISA Warns A critical SQL injection vulnerability (CVE-2024-29824) in Ivanti Endpoint Manager is being actively exploited, prompting CISA to warn organizations to patch immediately. As previously reported, this flaw, with a CVSS score of 9.6, allows unauthenticated attackers to execute remote code on vulnerable systems. Federal agencies are required to update by October 23, 2024, to protect against this and other recent Ivanti exploits.