Threat Intel: Thursday, May 23

Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.

Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.

Threat Intelligence Email Blasts This Week:

QNAP QTS Operating Systems Found to Have Fifteen Vulnerabilities A zero-day vulnerability (CVE-2023-22809) in QNAP’s QTS operating system’s share feature has been publicly exploited, allowing attackers to execute remote code on affected systems. This exploit can potentially compromise data and control over the device. Due to QNAP’s slow response time, we are recommending the IMMEDIATE removal of QNAP QTS devices for you until further patches are offered.

Multiple Google Chrome Zero-Day Vulnerabilities Patched Google has fixed a third zero-day vulnerability (CVE-2024-4947) in Chrome within a week, which was being actively exploited by attackers. This vulnerability could allow malicious actors to execute arbitrary code on affected systems. All are advised to update their Chrome browsers to the latest version to protect against potential threats as soon as possible.

Fluent Bit Vulnerability Affecting Major Cloud Providers A critical vulnerability (CVE-2024-0154) in Fluent Bit has been discovered, which could allow attackers to execute arbitrary code on affected systems. This flaw is particularly concerning for environments relying on Fluent Bit for logging and data processing and affects all major cloud providers. This underscores the importance of vetting our 3rd-party vendors. We will be releasing a new Threat Intel Email later this week to speak on this further.

This week’s roundup:

Veeam Backup Enterprise Manager Flaw Leading to Authentication Bypass Veeam has addressed a critical vulnerability (CVE-2024-29849) in its Backup Enterprise Manager that could allow attackers to bypass authentication. This flaw, rated with a CVSS score of 9.8, enables unauthorized access to the web interface. The best steps for you are to update to version to mitigate this and other associated risks with this product.

Ivanti Releases Patches for Critical Vulnerabilities Ivanti has released updates to fix critical code execution vulnerabilities in its Endpoint Manager, including six severe SQL injection bugs with a CVSS score of 9.6. These flaws could allow unauthenticated attackers to execute arbitrary code. We advise you to apply the latest updates from Ivanti to ensure the most up-to-date security.

CISA and Rockwell Automation Release Alert for ICS Devices Rockwell Automation has issued a warning to administrators to disconnect industrial control systems (ICS) not designed for online exposure from the internet due to increasing cyber threats. They emphasize that taking these systems offline can significantly reduce the attack surface and protect against unauthorized access and potential cyberattacks.

GitHub Enterprise Server Flaw Leading to Authentication Bypass GitHub has patched a critical vulnerability (CVE-2024-4985) in its Enterprise Server that allows attackers to bypass authentication. This flaw, rated with a CVSS score of 10.0, affects versions prior to 3.13.0 and can enable unauthorized access to instances using SAML single sign-on with encrypted assertions. It is imperative for you to update to the latest versions immediately to prevent exploitation.

Leave a Reply