Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
Synology Urges Patch for RCE Flaw Affecting Millions of Devices Synology has urged users to patch a critical zero-click remote code execution vulnerability (CVE-2024-10443) impacting DiskStation and BeeStation NAS devices. Demonstrated at the Pwn2Own Ireland 2024 contest, the flaw allows attackers to gain root-level access without user interaction. Millions of devices are affected, and Synology has released patches for impacted software versions. Teams are strongly advised to update their systems immediately.
Critical Bug in Cisco Access Points Allows Root Access to Attackers Cisco has released a critical security update addressing a vulnerability (CVE-2024-20418) in its Ultra-Reliable Wireless Backhaul (URWB) access points. This flaw allows unauthenticated remote attackers to execute commands with root privileges, posing significant risks such as unauthorized access and potential network compromise. The vulnerability affects the Unified Industrial Wireless Software used by URWB devices. Cisco has provided patches in version 17.15.1 to mitigate this issue, and organizations are strongly advised to update their systems as soon as possible.
This Week’s Roundup:
Microsoft Delays Windows Recall Release Over Privacy Concerns Microsoft has announced a further delay in the release of its Recall feature for Windows Copilot+ PCs, now expected to be available for preview by December 2024. Initially slated for October, the postponement aims to enhance security and refine the user experience. Recall is designed to create a visual timeline of user activities, capturing screenshots to assist in retrieving information from various applications and documents. However, privacy and security concerns have prompted Microsoft to make the feature opt-in and implement additional safeguards.
Google Warns of Actively Exploited Vulnerability in Android System Google has issued a warning regarding an actively exploited vulnerability in the Android operating system, identified as CVE-2024-43093. While specific details of the exploitation are limited, Google acknowledges indications of limited, targeted attacks leveraging this vulnerability. Organizations are advised to apply the latest security patches to protect users.
PTZOptics Flaw Added to CISA Vulnerability Catalog The U.S. CISA has added two actively exploited vulnerabilities in PTZOptics PT30X-SDI/NDI cameras (CVE-2024-8957 and CVE-2024-8956) to its Known Exploited Vulnerabilities catalog. These flaws allow privilege escalation to root and authentication bypass, posing serious risks to organizations. CISA urges affected teams to apply vendor-provided patches or discontinue use, with federal agencies required to mitigate by November 25, 2024.
Windows Infected with Backdoored Linux VMs in New Phishing Attack A recent phishing campaign, dubbed ‘CRON#TRAP,’ has been identified by Securonix researchers. This campaign targets Windows systems by distributing a ZIP archive containing a Windows shortcut and a ‘data’ folder with the QEMU virtual machine application. When executed, it installs a custom TinyCore Linux virtual machine preloaded with a backdoor, enabling attackers to establish persistent command and control (C2) communication. This method allows threat actors to operate stealthily within corporate networks, as the virtual machine runs undetected by standard security tools.
OWASP Releases AI Security Guidance The Open Worldwide Application Security Project (OWASP) has released new guidance to help organizations manage risks associated with large language models (LLMs) and generative AI applications. This includes a “Guide for Preparing and Responding to Deepfake Events,” a “Center of Excellence Guide” for establishing AI security practices, and an “AI Security Solution Landscape Guide” for securing both open source and commercial AI applications. These resources aim to assist security leaders and developers in staying ahead of evolving AI-driven threats.
Google Cloud to Make MFA Mandatory by End of 2025 Google Cloud will mandate multi-factor authentication (MFA) for all accounts by the end of 2025 to improve security. The rollout will begin in November 2024 with reminders and prompts for users to enable MFA, leading to full enforcement by late 2025. This move aims to protect accounts from unauthorized access and bolster overall security.
