Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
HPE’s Aruba Access Point Devices Critical Vulnerability Hewlett Packard Enterprise (HPE) has released critical security updates for Aruba Networking Access Point products to address multiple vulnerabilities, including two critical command injection flaws (CVE-2024-42509 and CVE-2024-47460) that could allow unauthenticated remote code execution. These vulnerabilities affect Access Points running Instant AOS-8 and AOS-10 firmware versions. Users are advised to patch necessary devices immediately and implement temporary workarounds if needed.
Ivanti Releases Updates for Over 50 Vulnerabilities in their Products Ivanti has released patches addressing nearly 50 vulnerabilities across multiple products, including eight critical flaws in Connect Secure, Policy Secure, and Endpoint Manager. These critical vulnerabilities, tracked as CVE-2024-38655, CVE-2024-38656, CVE-2024-39710 to CVE-2024-39712, and CVE-2024-11005 to CVE-2024-11007, are command injection issues that could allow authenticated attackers with administrator privileges to execute remote code. The company has updated Connect Secure to version 22.7R2.3 and Policy Secure to version 22.7R1.2 to address these and other high- and medium-severity vulnerabilities. Additionally, Ivanti has fixed a critical SQL injection vulnerability, tracked as CVE-2024-50330, in Endpoint Manager, which could be exploited remotely without authentication to execute arbitrary code. Users are strongly advised to apply these updates promptly to secure their systems.
This Week’s Roundup:
EOL D-Link Devices Being Actively Exploited in the Wild Attackers are actively exploiting a critical remote code execution (RCE) vulnerability, tracked as CVE-2024-10914, in over 90,000 end-of-life D-Link Network Attached Storage (NAS) devices. This flaw arises from a hardcoded account with an empty password and a command injection issue, allowing unauthorized access and control over the devices. D-Link has stated that these models are no longer supported and recommends users retire or replace them to mitigate security risks.
Microsoft November Patch Tuesday 2024 Microsoft’s November 2024 Patch Tuesday update addresses 91 security vulnerabilities across its software portfolio, including four zero-day flaws, two of which have been actively exploited. The actively exploited vulnerabilities include CVE-2024-43451, an NTLM Hash Disclosure Spoofing vulnerability that exposes NTLMv2 hashes to remote attackers with minimal user interaction, and CVE-2024-49039, a Windows Task Scheduler Elevation of Privilege vulnerability that allows attackers to execute RPC functions typically restricted to privileged accounts, potentially leading to unauthorized code execution. Additionally, two publicly disclosed but not yet exploited vulnerabilities were addressed: CVE-2024-49040, a Microsoft Exchange Server Spoofing vulnerability enabling threat actors to spoof sender email addresses, and CVE-2024-49041, a Windows MSHTML Platform Spoofing vulnerability that could deceive users into interacting with malicious content. This update also includes fixes for 52 remote code execution vulnerabilities, 26 elevation of privilege vulnerabilities, and other security issues. Users are strongly advised to apply these updates promptly to protect their systems.
Citrix and Fortinet Address Multiple Critical Vulnerabilities Citrix and Fortinet have released patches addressing multiple high-severity vulnerabilities in their products. Citrix’s updates fix issues in NetScaler ADC, NetScaler Gateway, Session Recording, XenServer, and Hypervisor, including a memory safety flaw, tracked as CVE-2024-8534, that could lead to memory corruption or denial-of-service attacks. Fortinet’s patches address vulnerabilities in FortiOS, FortiAnalyzer, and FortiManager, such as CVE-2023-50176, which could allow unauthenticated attackers to hijack user sessions via phishing SAML authentication links. Users are advised to apply these updates promptly to mitigate potential security risks.
BitLocker Releases ShrinkLocker Ransomware Decryption Tool Bitdefender has released a free decryptor for the ShrinkLocker ransomware, enabling victims to recover their encrypted files without paying a ransom. ShrinkLocker, a ransomware strain that emerged in 2024, encrypts victims’ files and demands payment for decryption. The availability of this decryptor allows affected users to restore their data securely and at no cost. Bitdefender advises users to download the tool from their official website and follow the provided instructions to decrypt their files.
FBI Warning of Cyberattacks Involving Emergency Data Requests The FBI has issued a warning about cybercriminals exploiting emergency data requests (EDRs) to obtain personal information from tech companies. EDRs are intended for law enforcement to access data without a subpoena during emergencies. However, hackers are forging these requests to deceive companies into disclosing user data, including addresses, phone numbers, and IP addresses. The FBI advises companies to verify the legitimacy of such requests to prevent unauthorized data disclosures.
FBI and CISA Warning of Compromised U.S. Telecommunication Providers A cyber espionage campaign linked to China has compromised U.S. telecommunications providers, exposing sensitive data of government officials. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) reported that Chinese hackers accessed customer call records and private communications of individuals involved in government and political activities. They also copied information subject to U.S. law enforcement requests under court orders. The hacking group, known as Salt Typhoon, is believed to be connected to China’s Ministry of State Security and has been active since at least 2020. This breach has raised significant national security concerns, prompting the U.S. government to form a multi-agency team to address the issue.
