Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
Supply Chain Attack Via Polyfill.io Javascript Impacting Over 100k Sites A supply chain attack on the popular JavaScript library Polyfill has affected over 100,000 websites. This attack is currently being exploited by threat actors to inject malicious code into websites using the compromised JavaScript library. Users are being redirected to sports betting or adult domains, likely based on location. It is critical for teams to review and update their dependencies to minimize the danger of this attack.
Juniper Released Critical Patch for Severe Auth Bypass Flaw Juniper Networks has issued an out-of-cycle security update to address a critical authentication bypass vulnerability, identified as CVE-2024-2973, in its Junos OS. The flaw, which has a maximum severity rating, could allow unauthorized access to systems. Your team is urged to apply the designated patches immediately as no other workarounds currently exist due to Juniper products being targeted during previous cyberattacks.
This Week’s Roundup:
OpenSSH RCE Bug Named regreSSHion Giving Root to Linux Servers A new critical OpenSSH vulnerability, identified as CVE-2024-6387, known as “regreSSHion,” allows remote code execution with root privileges on Linux servers using versions 8.5p1 to 9.7p1. The flaw stems from a signal handler race condition in sshd and could lead to complete system compromise. We strongly advise you to update to OpenSSH 9.8p1 and apply mitigations such as restricting SSH access and setting ‘LoginGraceTime’ to 0 until the update can be applied.
Cisco Actively Exploited Zero-Day Patched Cisco has patched a critical vulnerability, CVE-2024-20399, in its IOS XE software that was actively exploited by hackers to compromise over 50,000 devices. These flaws allowed attackers to gain full administrative control, create privileged accounts, and install malware on affected systems. It is advised that you update to the latest software version and apply mitigations immediately to secure their networks.
Link DIR-859 Router Flaw Used To Steal Passwords Hackers are exploiting a severe flaw in D-Link DIR-859 routers to steal user passwords and other sensitive data. This vulnerability, identified as CVE-2024-0769, affects all firmware versions of the router, which has reached end-of-life and won’t receive a fix. It is advised that you replace your router with supported models immediately to protect your network.
Splunk Patches High Risk Vulnerabilities in Enterprise Product Splunk has fixed several critical security flaws in its Enterprise and Cloud products, including three remote code execution vulnerabilities. These bugs could allow attackers to execute malicious code if they have authenticated access. It is strongly advised that you should update to the latest versions of Splunk Enterprise to secure systems against potential exploitation. Additionally, administrators can mitigate risks by disabling certain vulnerable components until the updates are applied.
TeamViewer Advises of APT Hack on Corporate Network TeamViewer’s corporate network was breached in an alleged Advanced Persistent Threat (APT) attack. TeamViewer has reported that the Russian state-sponsored group Midnight Blizzard is behind the attack. The incident involved hackers gaining access to internal systems, though the company has assured that customer data was not compromised and there is no evidence TeamViewer remote connections were affected at all.
Patelco Credit Union Struggling to Restore Systems After Ransomware Attack Patelco Credit Union is working urgently to restore its systems following a ransomware attack that disrupted its operations. The attack has impacted online banking services, ATMs, and in-branch systems, causing significant inconvenience for customers. Patelco is collaborating with cybersecurity experts and law enforcement to investigate the breach and ensure a secure recovery.
Prudential Financial States 2.5 Million Impacted by Data Breach Prudential Financial has revealed that a data breach has affected over 2.5 million individuals, which is in heavy contrast to the originally reported 36,000 affected. This breach provided unauthorized access to sensitive personal information that includes names, social security numbers, and other confidential data. To help mitigate potential risks, the company is offering free identity protection services, including credit monitoring and identity theft insurance, to those impacted by the breach.