Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
Hackers leak 2.7 billion data records with Social Security numbers Hackers have leaked a massive database containing 2.7 billion data records, including Social Security Numbers (SSNs) and other personal information like names and physical mailing addresses. This breach is one of the largest in recent history, significantly increasing the risk of identity theft and fraud for those affected. The database was shared on a hacking forum, making it easily accessible to cybercriminals. Authorities are advising those impacted to closely monitor their credit reports and take immediate steps to protect their identities.
Microsoft Advises of Windows BitLocker Recovery Bug A recent bug in Windows BitLocker can cause devices to prompt users for a recovery key after a system update, leading to potential data access issues. This problem primarily affects users who rely on BitLocker for disk encryption, especially if they don’t have the recovery key readily available. Microsoft has released an update to resolve the issue, and teams can update to prevent this from occurring. The bug doesn’t affect data encryption or security, but it can cause significant inconvenience if users are locked out of their devices.
This Week’s Roundup:
SolarWinds Advises of Immediate Patch After Announcing RCE Bug A critical remote code execution (RCE) vulnerability, tracked as CVE-2024-28986, has been discovered in SolarWinds software, potentially allowing attackers to take control of affected systems. SolarWinds has released an urgent update to fix the issue and is strongly advising users to upgrade immediately. The vulnerability could be exploited through specially crafted input, posing a significant security risk and teams are advised to patch as soon as possible.
Microsoft Warns of Unpatched Office Exploit Leading to Data Exposure Microsoft has issued a warning about an unpatched vulnerability, tracked as CVE-2024-38200, in Office that could allow attackers to execute malicious code through specially crafted documents. The flaw affects several Office versions and could be exploited by simply opening a malicious file. While Microsoft is working on a fix, teams are urged to be cautious and avoid opening unexpected or suspicious documents. The vulnerability has not yet been widely exploited, but the risk remains significant until a patch is released.
Windows Zero-click RCE Affecting All Systems with IPv6 A critical zero-click vulnerability in Windows TCP/IP, tracked as CVE-2024-38063, affects all systems with IPv6 enabled, allowing attackers to execute remote code without any user interaction. Microsoft has released a patch to address this serious issue, and it’s crucial for users to update their systems immediately. The vulnerability could be exploited to take control of a device, potentially leading to widespread damage if left unpatched.
‘0.0.0.0 Day’ Exploit Puts All Browsers at RCE Risk A newly discovered zero-day vulnerability, tracked as CVE-2024-23222, puts users of Chrome, Firefox, and Mozilla browsers at risk of remote code execution (RCE), allowing attackers to take control of affected systems. This flaw can be exploited by tricking users into visiting a malicious website or opening a compromised file and we are urging companies to update their browsers immediately as patches are being released.
High Severity SAP Flaw Allows Hackers to Bypass Authentication A critical vulnerability in SAP software, tracked as CVE-2024-41730 allows remote attackers to bypass authentication, potentially giving them unauthorized access to sensitive systems. This flaw can be exploited without the need for valid credentials, making it a significant security risk. SAP has released a patch to address the issue, and any organization utilizing SAP is strongly advised to update immediately.
Ivanti Announces Critical vTM Auth Bypass with Available Proof of Concept Ivanti has issued a warning about a critical vulnerability in its Virtual Traffic Manager (VTM), tracked as CVE-2024-7593, that allows attackers to bypass authentication, potentially gaining unauthorized access to systems. This flaw is particularly concerning because a proof of concept is already available, increasing the risk of attacks. Ivanti has released a patch to fix the issue, and teams are strongly urged to update their systems immediately to protect themselves.
FreeBSD Flaw Allows for Remote Code Execution – Patch Now A vulnerability has been discovered in FreeBSD’s OpenSSH, tracked as CVE-2024-7589, potentially allowing attackers to bypass security measures and gain unauthorized access to systems. This flaw could be exploited by attackers to elevate their privileges or execute commands without proper authentication. FreeBSD has released updates to address the issue, and organizations are strongly advised to apply these patches promptly to avoid potential attacks and unauthorized access.