Threat Intel: Thursday, June 13

Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.

Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.

Threat Intelligence Email Blasts This Week:

Cybersecurity Firm and AV Vendor Cylance Confirms Data Breach BlackBerry-owned cybersecurity firm Cylance has confirmed a data breach, which resulted from a compromise of a third-party platform. The threat actor, known as “Sp1d3r,” claims to have accessed sensitive data from Cylance, and this data has reportedly been offered for sale on the dark web. Although BlackBerry disputes the significance of the data, asserting that it is a few years old, the breach highlights ongoing security challenges faced by vendors attempting to secure customer data. If you have been affected by the Cylance breach, we recommend increased scrutiny to detect any targeted phishing emails and even identity monitoring services.

Google, Microsoft, Yahoo, and Apple Set New SPF, DKIM, and DMARC Requirements to Fight Spam Starting February 1, 2024, Google and Yahoo will enforce new email authentication requirements to enhance security and reduce spam. All senders must implement SPF and DKIM authentication methods and maintain a low spam rate. Bulk senders (over 5,000 emails per day) also need to ensure DMARC alignment and include one-click unsubscribe options by June 1, 2024. Failure to comply may result in emails being blocked or marked as spam, significantly impacting deliverability.

This Week’s Roundup:

Google Warning of Pixel Zero-day Actively Exploited Google has issued a warning about a zero-day vulnerability in the firmware of its Pixel smartphones that is actively being exploited. The flaw, tracked as CVE-2024-32896, allows attackers to compromise the devices and potentially gain full control. Google has released a security patch to address the issue and urges users to update their devices immediately to mitigate the risk.

Microsoft Patches Zero-Click Vulnerability in versions of Outlook 2016, Office LTSC 2021, 365 Apps for Enterprise, and Office 2019. Microsoft has released a patch for a zero-click vulnerability that spans a number of key Microsoft products, identified as CVE-2024-30103, which could soon be exploited by attackers. This vulnerability allows threat actors to compromise systems merely by sending a specially crafted email, requiring no user interaction. Due to emails being auto opened by software like Outlook, especially through the preview pane, this vulnerability could be quite severe. Microsoft strongly advises users to apply these security updates immediately to protect their systems from potential exploitation.

JetBrains Fixed IntelliJ IDE Flaw That Exposes GitHub Access Tokens JetBrains has addressed a critical security flaw in its IntelliJ-based IDE software, identified as CVE-2024-37051. This vulnerability allowed for code execution in Untrusted Project mode through a malicious plugin repository specified in the project configuration. We strongly advise that all users of JetBrain’s IntelliJ IDEs update their IntelliJ IDE’s to version 2023.1 or later to mitigate this risk and ensure their systems are protected from potential exploits. JetBrains has released a full list of fixed versions available as well as an update to an affected GitHub plugin.

Adobe Patches a Batch of Flaws in Their Products Adobe has released 10 security patches to address 166 vulnerabilities across a wide range of their products. Multiple vulnerabilities hold a critical rating and would allow attackers to execute malicious codes on affected systems. We urge all users to immediately update to the latest versions of these applications to protect against potential exploits immediately.

SolarWinds Serv-U Vulnerabilities Disclosed SolarWinds has addressed a high severity directory traversal vulnerability in its Serv-U file transfer software, identified as CVE-2024-28995. This vulnerability allows unauthenticated attackers to read sensitive files on the host machine. Although there are currently no reports of this vulnerability being exploited in the wild so far, it is considered easily exploitable, and immediate application of the provided hotfix (Serv-U 15.4.2 HF 2) is recommended to mitigate potential risks. Don’t wait for their regular patch cycle to occur!

Updates for PHP Advised for Vulnerability Leading to Remote Code Execution A critical remote code execution vulnerability (CVE-2024-4577) has been found in multiple versions of PHP for Windows, allowing unauthenticated attackers to execute arbitrary code. Since identifying exactly which versions of PHP are affected is tricky, security advocates are urging administrators to update to the latest PHP versions (8.3.8, 8.2.20, or 8.1.29) to mitigate this risk, especially for systems using certain locales like Traditional Chinese, Simplified Chinese, or Japanese.

Leave a Reply