Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
Dangerous Exim Exploit Affecting Security Filters On 1.5 Million Mail Servers A critical vulnerability in Exim, affecting about 15 million mail servers, allows attackers to bypass security filters. The flaw, identified as CVE-2024-39929, can be exploited to execute arbitrary code, posing significant risks to email security. Exim has released patches to address this issue, and organizations are urged to update their systems immediately to avoid potential impacts.
Cisco SSM Exploit Allows Attackers To Change Any User Password A critical vulnerability in Cisco’s SSM On-Prem software allows attackers to change any user’s password, including administrators. Tracked as CVE-2024-20419, this flaw impacts all unpatched versions and has no available workaround.
A second severe bug in Cisco SEG appliances, identified as CVE-2024-20401, enables attackers to add root users and crash the devices using malicious email attachments. The flaw arises from improper email attachment handling.
Cisco urges immediate updates to mitigate the risks of both vulnerabilities.
This Week’s Roundup:
Critical Apache HugeGraph Vulnerability – Immediate Patch Recommended A critical vulnerability in Apache HugeGraph, tracked as CVE-2024-27348 (CVSS score: 9.8), allows remote attackers to execute arbitrary code due to improper input validation. This flaw poses significant risks to systems using HugeGraph for large-scale graph data processing as it can give complete access to an entire system. Your team is strongly advised to apply the provided patches to secure their installations and prevent potential exploitation.
AT&T Confirms Data Breach Impacting 109 Million Customers A data breach at AT&T has resulted in hackers stealing call and text records of nine million customers. The breach, which exploited a vendor’s security flaw, exposed sensitive information, though financial data was not compromised. AT&T is working with law enforcement and has notified affected customers, urging them to monitor their accounts for suspicious activity.
DNS hijacks target crypto platforms registered with Squarespace DNS hijacking attacks have targeted cryptocurrency platforms registered with Squarespace, redirecting users to malicious sites to steal login credentials. These attacks exploit vulnerabilities in domain registration systems, compromising the integrity of DNS records. Squarespace has urged affected teams to enable two-factor authentication and monitor account activity closely.
Atlassian Issues Patches For Exploits In Bamboo, Confluence, Jira Atlassian has patched high-severity vulnerabilities in its Bamboo, Confluence, and Jira products that could allow attackers to execute arbitrary code or escalate privileges. The flaws, identified as CVE-2024-21687 and CVE-2022-41966, pose significant risks to enterprise environments and their data. Organizations utilizing these platforms are strongly urged to update their installations as soon as possible.
Unsecured API Causes Leak Of Over 400,000 Life360 User Phone Numbers A data breach at Life360 exposed over 400,000 user phone numbers via an unsecured Android API. The flaw allowed hackers to obtain phone numbers and first names through the login endpoint, although Life360 has since fixed the issue. You are advised to update your passwords and remain cautious of phishing attempts.
Trello Data Breach Releases Millions Of Users Personal Info A hacker breached Trello and leaked 21.1 GB of user data, exposing personal information such as user IDs, usernames, full names, email addresses, and more. The data breach, which occurred in January 2024 but was revealed in July 2024, was facilitated by an insecure API endpoint that allowed unauthorized access. Trello users are advised to update their passwords and be vigilant against potential phishing attacks.
Kaspersky Exiting U.S. Market Following Ban Kaspersky is exiting the U.S. market following a Commerce Department ban, effective July 20, 2024, due to national security concerns. The ban, stemming from fears that Kaspersky’s software could be used for espionage or cyberattacks, led to the company winding down its U.S. operations and laying off fewer than 50 employees. Existing customers are advised to seek alternative solutions before September 29, 2024.
Urgent Update Released for WP Time Capsule Plugin Addressing Exploit A critical vulnerability was discovered in the WP Time Capsule plugin, which could allow unauthorized users to log in as administrators without a password. This flaw affects versions 1.22.20 and below, and teams are urged to update to version 1.22.21 or later to mitigate the risk. The developers released a partial patch within 6 hours of being informed and a complete fix shortly after.