Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
ServiceNow Critical RCE Bugs Under Active Exploit ServiceNow has issued hotfixes for critical remote code execution (RCE) vulnerabilities, CVE-2024-4879 and CVE-2024-5217, which are being actively exploited. These flaws allow attackers to gain unauthorized access and steal sensitive information from vulnerable systems. We strongly advise organizations to apply the available patches immediately to protect their systems from ongoing attacks.
Accounts Receivables Increasingly Becoming Targeted in Cyberattacks Accounts receivable (AR) departments are increasingly becoming targets for cyberattacks, particularly business email compromise (BEC) scams. These attacks involve hackers altering invoice details or impersonating employees to redirect payments to fraudulent accounts. Enhancing AR technology with automation and robust security measures can help mitigate these risks by preventing unauthorized changes and allowing professionals to focus on higher-value tasks.
This Week’s Roundup:
Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk A critical vulnerability in Telerik Report Server (CVE-2024-6327) has been discovered, which allows remote code execution through insecure deserialization. The flaw affects versions prior to 2024 Q2 (10.1.24.709) and has a CVSS score of 9.9. It is strongly urged to update to the latest version to protect your team.
“Sitting Ducks” DNS Attack Lets Hackers Take Over Domains Hackers have been exploiting DNS vulnerabilities in DeFi apps hosted on Squarespace, redirecting users to malicious sites to steal sensitive information and funds. This attack, affecting over 120 protocols, highlights the importance of securing DNS settings to prevent such breaches.
Large Azure Outage Caused By DDoS Attack States Microsoft Microsoft confirmed that a recent nine-hour Azure outage was caused by a distributed denial-of-service (DDoS) attack. The outage affected multiple Microsoft services including Microsoft 365 and Azure, and an error in the implementation of DDoS defenses amplified the impact. Microsoft is investigating and plans to release detailed reviews of the incident.
Apple Fixes Vulnerabilities in iOS and MacOS Including Auth Bypass Apple has released iOS 17.6 and iPadOS 17.6, fixing multiple vulnerabilities, including critical ones that could lead to remote code execution. These updates address flaws in various components such as Kernel, WebKit, and libxml2, enhancing the security of Apple devices. We advise you to update your devices promptly to protect against potential exploits.
VMware ESXI Exploited By Ransomware Using Admin Access A critical VMware ESXi flaw, CVE-2024-37085, is being actively exploited by ransomware groups to gain administrative access and deploy malware. This vulnerability allows attackers to bypass Active Directory integration and elevate privileges, affecting systems using AD for user management. VMware has issued a patch, and organizations are urged to update their systems promptly to mitigate the risk of these attacks.
Millions of Users Threatened By XSS Hotjar Flaw A critical vulnerability in the Hotjar web analytics platform exposed millions of users to potential data theft by combining Cross-Site Scripting (XSS) and OAuth flaws. This flaw allowed attackers to hijack user accounts through malicious links. Hotjar has patched the issue so we strongly advise that you update with the latest patch, but other services using OAuth may still be at risk.
DigiCert Revoking 83,000 Certificates of 6,800 Customers DigiCert is revoking 83,000 certificates from 6,800 customers due to a validation issue that could potentially allow unauthorized certificate issuance. This urgent action is required by CA/Browser Forum rules, impacting critical infrastructure sectors like healthcare and telecommunications. While some customers have quickly reissued their certificates, others face challenges in meeting the 24-hour deadline, leading to potential service disruptions.