Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
PHP fixes critical RCE flaw impacting all versions for Windows PHP has fixed a critical remote code execution (RCE) flaw affecting all Windows versions, identified as CVE-2024-4577. This vulnerability allows attackers to execute arbitrary code on affected systems, posing a severe security risk. To remediate this issue, you should immediately update to the latest PHP versions as provided in the official PHP releases.
VMware Advises Immediate Remediation After Disclosing Critical Vulnerabilities VMware has disclosed multiple critical vulnerabilities affecting its products, including VMware vSphere and VMware Cloud Foundation. These flaws, CVE-2024-37079 and CVE-2024-37080, could allow attackers to execute arbitrary code, gain unauthorized access, and potentially take control of affected systems. VMware has released patches to address these security issues and any environment utilizing VMware is urged to apply the updates immediately.
Security Bug Allows Anyone to Spoof Microsoft Employee Emails Microsoft recently identified a vulnerability that allows attackers to spoof emails to Outlook accounts from Microsoft employees, posing significant risks for phishing attacks. To protect against this, companies should ensure robust email security measures are in place, including DMARC, DKIM, and SPF configurations, and monitor email logs for suspicious activities
This Week’s Roundup:
Microsoft Delays Release of Windows Recall Around Privacy Concerns Microsoft has delayed a planned Windows update due to privacy and security concerns raised by users and experts. The decision was influenced by potential risks associated with the update, prompting further review. Microsoft has also released group policies in advance for disabling this feature organization wide.
ASUS Patches Critical Authentication Bypass in Routers ASUS has patched a critical authentication bypass vulnerability in multiple models of their routers, identified as CVE-2024-3080. This flaw could allow attackers to gain unauthorized access to the device, compromising network security. Organizations are urged to update their firmware immediately to protect against potential attacks.
Hackings Exploiting Legit Websites to Deliver BadSpace Malware Hackers are exploiting legitimate websites to deliver the malware BadSpace in a widespread campaign. By compromising trusted sites, they distribute BadSpace to unsuspecting visitors, posing significant security risks. Companies are recommended to keep browsers up to date and rely on trusted sites to mitigate risk.
New TIKTAG ARM Attack Goes After Google Chrome, Linux Systems A newly discovered attack method called ARM ‘TikTag’ impacts Google Chrome and Linux systems. This exploit allows attackers to manipulate system operations, potentially leading to unauthorized access and data breaches.
Ascension Hack Caused by Employee Downloading Malicious File Ascension experienced a significant data breach after an employee downloaded a malicious file. The attack led to the exposure of sensitive information, emphasizing the severe impact of such security incidents. This breach highlights the importance of user training against phishing attacks.
AMD Investigating Breach After Data Reported On Sale On Hacking Forum AMD is investigating a potential data breach after a threat actor, IntelBroker, claimed to have stolen and posted AMD data for sale on a hacking forum. The compromised data reportedly includes employee information, financial documents, and confidential details about future AMD products.