Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
Three Ivanti Zero-Days Under Attack Ivanti has disclosed three critical zero-day vulnerabilities affecting its Cloud Services Appliance (CSA). These vulnerabilities could allow attackers to bypass authentication and gain unauthorized access, putting organizations’ systems and data at risk. The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings, emphasizing the need for immediate patching, and organizations using Ivanti CSA should prioritize these updates.
Palo Alto Fixes Severe Flaws in PAN-OS Firewalls Palo Alto Networks has patched critical vulnerabilities in its PAN-OS, the software that powers its next-gen firewalls. The flaws, including a high-severity vulnerability CVE-2024-9463 (CVSS 9.9), could allow attackers to gain unauthorized access and potentially take control of affected devices. These vulnerabilities are concerning as a proof of concept (POC) already exists. Teams are urged to update immediately.
This Week’s Roundup:
Mozilla Fixes Zero-Day Actively Being Exploited – Update Now Mozilla has released a security update to fix a critical zero-day vulnerability in Firefox that is being actively exploited in the wild (CVE-2024-9680). This flaw allows attackers to execute arbitrary code, posing a significant risk to users’ systems. Given its active exploitation, it’s crucial for organizations to update their Firefox browser immediately to protect against potential attacks.
Internet Archive Hacked, Impacting 31 Million Users The Internet Archive has suffered a data breach impacting approximately 31 million users. Hackers accessed sensitive information, including email addresses, hashed passwords, and user activity data. Affected users are advised to change their passwords immediately and monitor their accounts for suspicious activity.
Microsoft Fixes Five Zero-Days in October Patch Tuesday Microsoft has patched five zero-day vulnerabilities in its latest security update, all of which were actively exploited in attacks. These flaws affect a range of Microsoft products, including Windows and Office, allowing attackers to execute arbitrary code, escalate privileges, and bypass security features. Given the active exploitation, it is critical for organizations to apply these patches immediately to protect their systems from potential breaches.
Qualcomm Fixes Exploit Used in Limited Attacks A critical zero-day vulnerability in Qualcomm chipsets has been discovered and is being actively exploited in targeted attacks. The flaw affects millions of devices, potentially allowing attackers to gain unauthorized access, execute code, and steal sensitive information from compromised systems. Google Threat Analysis Group claims that CVE-2024-43047 may be under limited, targeted exploitation.
American Water Shuts Down Some Systems Following Cyberattack American Water, one of the largest water and wastewater service providers in the U.S., has been hit by a cyberattack. The incident compromised several internal systems, prompting the company to implement containment measures and investigate the breach. While the extent of the damage is still under review, the attack highlights the growing risk to critical infrastructure providers. Authorities are collaborating with American Water to restore services and enhance cybersecurity defenses to prevent future incidents.
Okta Fixes Critical Exploit Allowing Sign-On Bypass Okta has patched a critical vulnerability that allowed attackers to bypass sign-on policies, posing a significant security risk to organizations using the platform for identity and access management. The flaw could have been exploited to gain unauthorized access to sensitive systems and data, undermining an organization’s security controls. Okta urges all teams to update their systems immediately to prevent potential exploitation.