Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
SolarWinds Fixes Critical RCE Exploit Affecting Web Help Desk – Patch Now SolarWinds has released a patch for a critical remote code execution (RCE) vulnerability affecting all versions of its Web Help Desk software. This flaw could allow attackers to execute malicious code on vulnerable systems without needing authentication, making it a serious security risk. The vulnerability, identified as CVE-2024-28986, could be exploited to gain full control over the affected system, potentially leading to data theft, unauthorized access, and disruption of services.
SolarWinds strongly urges all users to update their systems immediately to protect against potential attacks. This incident underscores the importance of timely patching and maintaining up-to-date software to safeguard against evolving threats. Organizations relying on Web Help Desk should review their security measures and ensure that the update is applied immediately.
Microchip Technology Suffers Cyberattack, Disrupting Business Operations Microchip Technology recently suffered a cyberattack that disrupted its operations, causing significant issues for the company. The attack forced the company to shut down certain systems to prevent further damage, leading to delays in production and impacting its supply chain. While Microchip Technology has not disclosed specific details about the attack, such as the type of malware used or the attackers’ identity, the company is working to restore normal operations as quickly as possible.
This incident highlights the growing threat of cyberattacks on critical infrastructure and manufacturing sectors. The disruption could have a ripple effect on various industries that rely on Microchip’s products as well as the stock market. As the investigation continues, businesses are reminded of the importance of maintaining strong defenses against cyber threats to avoid similar disruptions.
This Week’s Roundup:
Microsoft Copilot Studio Flaw Disclosing Information A critical vulnerability, CVE-2024-38206 (CVSS score: 8.5), has been discovered in Copilot Studio, a tool used by developers to write code efficiently. This flaw could allow attackers to execute arbitrary code on the system, potentially leading to unauthorized access and data breaches. Teams utilizing Copilot Studio are advised to update their software immediately to avoid exposing sensitive data.
WordPress Plugin Litespeed Cache Flaw Opens 5 Million Sites to Exploitation A critical vulnerability, CVE-2024-28000, has been identified in a popular caching plugin used on over 5 million WordPress sites, potentially allowing attackers to take control of affected websites. Security experts expect this flaw to be exploited soon, making it essential for site administrators to update the plugin immediately.
Amazon AWS Configuration Issue Exposes Thousands of Apps to Attacks A configuration issue in AWS Application Load Balancer (ALB) has exposed thousands of apps to potential attacks. This misconfiguration could allow attackers to bypass security controls and gain unauthorized access to sensitive data. Developers using AWS ALB are urged to review their configurations and apply recommended security measures to prevent exploitation.
Google Addresses Chrome’s Sixth Exploited Zero-Day This Year Google has released a patch for the sixth Chrome zero-day vulnerability exploited in 2024. This flaw, CVE-2024-7971, actively exploited by attackers, could allow them to execute arbitrary code on users’ systems, making it critical for all Chrome users to update their browsers immediately.
Backdoor in Mifare Smart Cards Could Open Doors Around the World A newly discovered backdoor in MIFARE smart cards could allow attackers to clone or manipulate the cards, leading to unauthorized access to secure facilities. This vulnerability affects a wide range of systems using these smart cards for security, including transportation and corporate access controls. Teams are advised to review their security measures and consider updating or replacing affected cards.
GitHub Patches Critical Flaw in GitHub Enterprise Server A critical vulnerability, CVE-2024-6800 (CVSS score of 9.5), has been discovered in GitHub Enterprise Server, potentially allowing attackers to execute arbitrary code on the server. This flaw poses a significant risk to organizations using the platform, as it could lead to unauthorized access and data breaches. GitHub has released a security update to address the issue, and organizations are strongly advised to apply the update immediately to secure their environments.
Attackers Use PWA Apps on iOS, Android to Steal Banking Credentials Hackers have been stealing banking credentials from iOS and Android users by exploiting Progressive Web Apps (PWAs). These malicious PWAs, disguised as legitimate apps, trick users into entering sensitive information, which is then sent directly to the attackers. This tactic highlights the growing threat of PWA-based attacks, and all users are advised to be cautious when downloading apps, especially from unofficial sources.
Azure Kubernetes Services Exposing Sensitive Info Via Vulnerability Microsoft has patched a critical vulnerability in Azure Kubernetes Service (AKS) that could have exposed sensitive information. The flaw allowed attackers to gain unauthorized access to private resources and potentially compromise entire clusters. It’s crucial for teams to update their AKS environments to secure them against this vulnerability.
Atlassian Patches Exploits in Bamboo, Confluence, Crowd, and Jira Atlassian has released patches to address multiple critical vulnerabilities in its Bamboo, Confluence, Crowd, and Jira products. These vulnerabilities could allow attackers to bypass authentication, execute arbitrary code, or gain unauthorized access to sensitive data. Organizations are urged to update their systems immediately to protect against potential exploits.
