Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
BetterHelp to pay $7.8 million in Data Sharing Settlement* BetterHelp has agreed to a $7.8 million settlement with the Federal Trade Commission (FTC). It was found that the online counseling service improperly shared sensitive mental health data of its users with advertisers, including large platforms like Facebook and Snapchat.
*Every vendor has a different policy around privacy and information sharing, so you need to determine which vendors are trustworthy before it’s too late. We provide vendor assessment forms as part of our compliance program to assist with vetting your vendors.
This week’s roundup:
VMWare Patches Severe Security Flaws in New Update VMware has released updates to address four severe vulnerabilities, the most critical being CVE-2024-22267 (CVSS: 9.3), in its Workstation and Fusion products, which could lead to sensitive information access, denial-of-service attacks, and unauthorized code execution. Patches are now available in versions 17.5.2 and 13.5.2. VMWare has also advised disabling certain features, like Bluetooth support and 3D acceleration, as temporary workarounds. Due to the high risk of attack this creates, we recommend updating any of your clients using VMWare to the newest patch immediately.
Actively Exploited Chrome Vulnerability, Update Immediately Google has urgently patched a new zero-day vulnerability in Chrome, identified as CVE-2024-4761, after it was found to be actively exploited. This high-severity flaw, an out-of-bounds write in the V8 JavaScript engine, could allow attackers to execute arbitrary code on affected systems. We advise you and your customers to update your Chrome browsers immediately to the latest version to prevent exploitation.
Microsoft Patch Tuesday Addresses 61 Security Flaws Microsoft’s latest Patch Tuesday addressed 61 security flaws across its software, including two zero-day vulnerabilities actively exploited in the wild: CVE-2024-30040 and CVE-2024-30051. These vulnerabilities involved a security feature bypass in the MSHTML platform and an elevation of privilege in the Windows Desktop Window Manager, respectively. Your team is urged to apply the fixes immediately, especially since these vulnerabilities have been included in the U.S. CISA’s Known Exploited Vulnerabilities catalog.
Critical Vulnerabilities in Cinterion Modems Actively Exploited Recent news has identified significant vulnerabilities, including CVE-2023-47610, in widely used Cinterion cellular modems. These critical flaws allow attackers to execute malicious code on the modem’s operating system which enables access to the RAM and flash memory without the need for authentication. This poses a major risk to numerous industrial devices connected to these modems.
RCE Zero-Day in D-Link EXO AX4800 Routers A proof-of-concept (PoC) exploit has been released for a zero-day remote command execution vulnerability in D-Link EXO AX4800 routers. This critical security flaw allows unauthenticated attackers to execute commands remotely through the Home Network Administration Protocol (HNAP) port. The exploit enables attackers to bypass authentication and run commands as the root user, posing significant risks to affected devices. We recommend disabling the remote access management interface until a fix is provided for any of these devices your clients may have in their environment.
Foxit PDF Reader Targeted by Exploit A newly discovered vulnerability in Foxit PDF Reader allows attackers to inject malicious code into PDF files. By enticing users to open these compromised documents, attackers can remotely execute arbitrary commands or cause the application to crash. Foxit has acknowledged this flaw and has advised they would be resolving this issue in a future release. As a best response, we recommend limiting the use of Foxit PDF Reader until this update has been made available.
Second Ranking Healthcare System, Ascension, Hit with Cyber Attack Ascension, a major U.S. healthcare provider, recently experienced a cyberattack that compromised its IT systems. Ascension is ranked among the top healthcare providers in the nation, which highlights the significant impact of such security breaches. The notice lacks details about the incident at Ascension, and while it is unclear if information was stolen, the severity of the security breach and the emergency response procedures initiated suggest it was a ransomware attack.