Blog

U.S. Treasury Suffers a “Major Cybersecurity Incident” Chinese state-sponsored hackers have exploited a compromised API key from BeyondTrust’s remote support software to breach the U.S. Treasury Department’s systems. This attack enabled unauthorized access to certain workstations and unclassified documents within the department. The Treasury Department has since deactivated the affected service and is collaborating with cybersecurity agencies to assess and mitigate the breach.

Dozens of Chrome Browser Extensions Hacked Hackers compromised at least 36 Chrome browser extensions, affecting up to 2.6 million users. By phishing developers, attackers gained control to inject malicious code into these extensions, enabling the theft of passwords, cookies, and other sensitive data. Notably, Cyberhaven’s extension was among those hijacked, with a malicious version active for approximately 25 hours before remediation. Teams are advised to update their extensions immediately.

Four-Faith Routers Exposed to Remote Code Execution Vulnerability A critical vulnerability, identified as CVE-2024-12856, has been discovered in Four-Faith industrial routers, specifically models F3x24 and F3x36. This flaw allows remote attackers to execute arbitrary commands by exploiting the /apply.cgi endpoint, particularly targeting the adj_time_year parameter. Approximately 15,000 internet-facing devices with default credentials are at high risk. Organizations are advised to update their firmware, change default passwords, and implement network monitoring measures.

Apache MINA Flaw Enables RCE via Unsafe Serialization A critical vulnerability with a CVSS score of 10.0 has been identified in Apache MINA, affecting its ObjectSerializationDecoder component. This flaw enables attackers to execute remote code by sending specially crafted serialized data. The issue impacts multiple versions of Apache MINA, and teams are strongly advised to update to the latest patched versions and configure the decoder to restrict acceptable classes for added security.

Misconfigured Kubernates RBAC Could Expose Entire Cluster Researchers have identified three security weaknesses in Microsoft’s Azure Data Factory integration with Apache Airflow, potentially allowing attackers to gain unauthorized access to entire Airflow Azure Kubernetes Service (AKS) clusters. These vulnerabilities include misconfigured Kubernetes Role-Based Access Control (RBAC) in the Airflow cluster, improper secret handling in Azure’s internal Geneva service, and weak authentication for Geneva. Exploiting these flaws could enable persistent access, data exfiltration, and malware deployment within the cluster. Microsoft has classified these issues as low severity.

New Doubleclickjacking Exploit Puts Major Websites At Risk  A new exploit called “DoubleClickjacking” has been discovered, allowing attackers to bypass existing clickjacking protections on major websites. This technique manipulates the timing between double-clicks to deceive users into performing unintended actions, such as granting unauthorized permissions. Traditional defenses like X-Frame-Options and SameSite cookies are ineffective against this method. Website owners are advised to implement client-side measures that detect user interactions before enabling critical buttons.

Microsoft Urges to Update .NET Immediately Microsoft has issued an urgent advisory to .NET developers to update their applications and development pipelines to replace references to ‘azureedge.net’ domains. This action is necessary due to the impending shutdown of the CDN provider Edgio, which hosts these domains. Specifically, the domains “dotnetcli.azureedge.net” and “dotnetbuilds.azureedge.net” will be taken offline in the coming months, potentially disrupting projects that depend on them. Developers are advised to search their code, scripts, and configurations for any references to these domains and update them to “builds.dotnet.microsoft.com” to ensure continued functionality.