Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
Severe Veeam Vulnerability Exploited to Spread Ransomware A critical vulnerability in Veeam Backup & Replication, CVE-2024-40711, is being actively exploited in the wild, with attackers using it to gain unauthorized access to backup data. This flaw allows for remote code execution, enabling attackers to manipulate or encrypt backups. We are seeing increased exploitation due to the availability of a proof-of-concept and the ease of executing the attack, making it a significant risk for organizations that haven’t yet applied the necessary updates.
Uptick in Scams in Relation to Hurricane Helene and Milton The Acting U.S. Attorney for Colorado has issued a public warning about potential charity scams in the aftermath of Hurricanes Helene and Milton. Scammers often exploit disasters by setting up fraudulent charities to steal money from well-meaning donors. The public is urged to be cautious when donating and to verify the legitimacy of any charity before contributing. Authorities recommend checking trusted resources, such as the IRS website or state charity regulators, to avoid falling victim to these scams.
This Week’s Roundup:
Cisco Investigating Breach After Data Leaked Cisco is investigating a data breach after a hacker claimed to have stolen and posted sensitive company data for sale on a hacking forum. The attackers reportedly gained access by exploiting a compromised employee account. While the nature of the stolen data remains unclear, Cisco is actively working to determine the full scope of the breach and has not yet confirmed the extent of the incident. The company has assured that it is taking steps to protect its customers and mitigate any potential impacts.
OpenAI Confirms Hackers Using ChatGPT to Write Malicious Apps OpenAI has confirmed that threat actors are leveraging ChatGPT to assist in writing malware, raising concerns about the misuse of AI tools for cyberattacks. Malicious actors have been using ChatGPT’s capabilities to craft sophisticated phishing emails, create malicious code, and automate other nefarious activities. While OpenAI has implemented safeguards to prevent abuse, some attackers have found ways to bypass these measures. The company is actively working to enhance security and prevent the misuse of its AI technology for harmful purposes.
Kubernetes Image Builder Exploit Gives SSH Root Access to VMs A critical vulnerability in Kubernetes’ image builder, CVE-2024-9486, has been discovered that could allow attackers to gain SSH root access to virtual machines. This flaw arises during the creation of images, where SSH keys may be exposed, enabling unauthorized access. If exploited, attackers could take full control of affected systems, leading to significant security risks. It is crucial for teams using Kubernetes image builder to apply the recommended patches and review any existing VMs as they may need to be rebuilt.
Microsoft Patches Critical Privilege Escalation in Power Platform Microsoft has patched multiple vulnerabilities in its Power Platform and Imagine Cup websites that could have allowed attackers to access sensitive information or compromise accounts. These flaws, if exploited, could have potentially enabled unauthorized access to user data and internal systems. Microsoft’s quick response and release of security updates have mitigated the risk, and they recommend that organizations apply these patches immediately. No evidence of active exploitation has been reported at this time.
GitHub Releases Patch for Enterprise Server Flaw GitHub has patched a critical vulnerability, CVE-2024-9487, in GitHub Enterprise Server that could have allowed attackers to execute arbitrary code remotely. This flaw, related to the improper validation of user input, posed a significant risk as it could enable unauthorized control of servers hosting the platform. GitHub strongly advises teams to apply the available updates as soon as possible.
Critical WordPress Jetpack Plugin Flaw Impacting 27 Million Sites A critical vulnerability has been identified in the WordPress Jetpack plugin, which is installed on over 27 million websites. The flaw, discovered in the plugin’s API, could allow unauthorized attackers to manipulate website content or exploit other site functions. Jetpack has released an update to address this issue, and WordPress site administrators are strongly urged to apply the patch immediately.
VMware Fixes Severe SQL Injection Flaw A critical SQL injection vulnerability, CVE-2024-38814, has been discovered in VMware’s Aria Operations for Logs. If exploited, this flaw could allow attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access or manipulation. VMware has released patches to address this vulnerability and urges organizations updates are needed to be applied as soon as possible.