Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
Acronis Cyber Infrastructure Abused By Default Password Attacks Acronis has advised of a critical vulnerability involving a default password in their cyber infrastructure. This flaw is being actively exploited by attackers to gain unauthorized access. Unauthenticated attackers can leverage the CVE-2023-45249 vulnerability in simple attacks that do not require user intervention to achieve remote code execution on unpatched ACI servers. All organizations are urged to change default passwords immediately to protect themselves from attacks.
Critical Vulnerability In WhatsUp Gold Under Attack A critical security flaw in Progress Software’s WhatsUp Gold IT monitoring software, identified as CVE-2024-4885, has been discovered, allowing attackers to gain unauthorized access and potentially control over affected systems. With a severity score of 9.8, this vulnerability stems from improper input handling. A proof of concept for this exploit exists, underscoring the urgent need for companies using WhatsUp Gold to apply the latest patches as soon as possible.
This Week’s Roundup:
Zero-Day Flaw in Apache OFBiz ERP Allows Code Execution A newly discovered zero-day vulnerability in Apache OFBiz ERP, identified as CVE-2024-38856, allows unauthenticated attackers to execute arbitrary code remotely. This critical flaw stems from improper input validation and can be exploited without user interaction, significantly threatening unpatched systems. Teams using Apache OFBiz ERP are strongly advised to apply security updates immediately to protect their systems from attack.
Windows Update Downgrade Attack Removes Patches On Updated Systems A newly discovered set of vulnerabilities in Windows Update, identified as CVE-2024-38202 and CVE-2024-21302, allows attackers to downgrade fully updated systems to unpatched versions. These severe flaws, which have a high severity score of 9.8, expose systems to previously patched vulnerabilities, significantly increasing the risk of exploitation. While Microsoft states it has not seen this exploited in the wild, it has advised that an update to mitigate this attack has not yet been released.
Google Updates To Fix Android Kernel Zero-Day A newly discovered zero-day vulnerability in the Android kernel, identified as CVE-2024-36971, has been fixed by Google. This critical flaw was actively exploited in targeted attacks, allowing attackers to gain unauthorized control over affected devices. With a high severity score, this vulnerability posed a significant risk, prompting Google to release an urgent security update. Organizations are advised to update their devices to the newest set of Google-provided patches.
AWS Patches Exploits Allowing For Account Takeovers AWS has addressed multiple vulnerabilities that could potentially lead to account takeovers. These security flaws, if left unpatched, would allow attackers to gain unauthorized access to user accounts, posing significant risks to the integrity and security of data stored within AWS environments. It is crucial for AWS users to apply these patches promptly to protect their accounts and prevent any unauthorized access.
Critical Roundcube Webmail XSS Bug Allows Hackers To Steal Data A set of critical cross-site scripting (XSS) vulnerabilities in Roundcube Webmail, identified as CVE-2024-42009, and CVE-2024-42008, have been disclosed. These flaws could allow attackers to execute arbitrary scripts in the context of a user’s webmail session, potentially leading to account compromise and unauthorized access to sensitive emails. The Roundcube development team has released an urgent patch to address these security issues and is advising teams to update to the latest version to safeguard their webmail accounts.
Data Breach: National Public Data Records 3 Billion Records With SSNs Released To The Web A significant data breach involving National Public Data Records has resulted in the exposure of sensitive personal information, including Social Security Numbers (SSNs). This breach was disclosed by a hacker known as “Fenice”, who posted compromised data on a popular hacking forum called BreachForums. National Public Data Records is a company that aggregates public records from various sources, providing comprehensive data reports for background checks and other services. We recommend an increased awareness of tailored phishing emails as well as reserving identity monitoring and protection services if you were affected by this breach.