Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
Microsoft Warning As No-User-Interaction 2FA Bypass Attack Confirmed Security researchers have identified a method to bypass Microsoft’s two-factor authentication (2FA) without user interaction, potentially endangering approximately 400 million users. The attack exploits a vulnerability that allows unauthorized access to accounts, circumventing the additional security layer provided by 2FA. Microsoft is aware of the issue and is expected to release updates to address this critical security flaw.
This Week’s Roundup:
Fortinet Patches Critical FortiWLM Exploit Fortinet has released patches for a critical path traversal vulnerability in its Wireless Manager (FortiWLM) software, identified as CVE-2023-34990 with a CVSS score of 9.6. This flaw allows unauthenticated remote attackers to read sensitive files and potentially execute arbitrary code. Affected versions include FortiWLM 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4; teams are advised to update to versions 8.6.6 or 8.5.5 to mitigate the risk.
US Considering Banning TP-Link Routers Over Security Concerns U.S. authorities are considering banning TP-Link routers due to national security concerns. Investigations by the Commerce, Defense, and Justice departments have revealed that TP-Link devices, which hold a 65% market share in the U.S., are frequently exploited in cyberattacks, with some linked to Chinese state-sponsored hackers. Critics argue that TP-Link’s products often contain security vulnerabilities, and there are suspicions of anti-competitive practices, such as selling routers below production costs. TP-Link has stated its commitment to adhering to security standards and willingness to cooperate with U.S. authorities.
New Attacks Exploit VSCode Extensions and npm Packages Security researchers have uncovered a malicious campaign exploiting Visual Studio Code (VSCode) extensions and npm packages to compromise development environments and potentially infiltrate software supply chains. Initially targeting the cryptocurrency community, the campaign expanded by late 2024 to impersonate widely used applications like Zoom, employing tactics such as inflated install counts and fabricated reviews to appear credible. The attackers utilized obfuscated JavaScript and deceptive domains mimicking trusted sources to evade detection. Developers are advised to audit plugins and dependencies regularly, validate development tools before use, and conduct frequent security assessments to mitigate such risks.
Over 25,000 SonicWall VPN Firewalls Exposed to Exploit Over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical security flaws, with approximately 20,000 running outdated and unsupported firmware versions. These vulnerabilities have been exploited by ransomware groups, such as Fog and Akira, to gain unauthorized access to corporate networks. Administrators are strongly advised to update their devices to the latest firmware versions and implement security best practices, including restricting access to management interfaces and enabling multi-factor authentication, to protect against potential risks.
Dell Warns of Code Execution Flaw in Power Manager Dell Technologies has issued a security advisory regarding a critical vulnerability in its Dell Power Manager software, identified as CVE-2024-49600. This flaw, stemming from improper access control, allows low-privileged local users to execute arbitrary code and gain elevated privileges on affected systems. Organizations are strongly advised to update to version 3.17 or later.
Critical Apache Struts Flaw Detected, Patch Now A critical vulnerability, identified as CVE-2024-53677 with a CVSS score of 9.5, has been discovered in Apache Struts, a widely used open-source web application framework. This flaw allows attackers to perform path traversal during file uploads, potentially leading to remote code execution. The issue affects Struts versions 2.0.0 through 2.3.37, 2.5.0 through 2.5.33, and 6.0.0 through 6.3.0.2. Teams are urged to upgrade to Struts version 6.4.0 or later immediately.
