Threat Intel: Thursday, May 30

Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.

Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.

Threat Intelligence Email Blasts This Week:

Fortinet RCE Exploit Released, Maximum Severity A critical remote code execution vulnerability in Fortinet’s security products has been exploited, allowing attackers to compromise vulnerable systems. Tracked as CVE-2024-23108, this flaw poses a significant threat, emphasizing the urgent need for anyone with Fortinet devices in their environment to apply patches immediately.

This is a very dangerous vulnerability and should be treated with the utmost importance.  The use of this attack vector can give access to your entire network and your data backups.

Veeam Reporting Critical Auth Bypass Exploit Veeam Backup & Replication Enterprise Manager is under scrutiny due to a critical authentication bypass vulnerability, tracked as CVE-2024-29849, posing a serious risk to data security. Exploiting this flaw could grant unauthorized access to sensitive backup data and creates a possibility for ransomware attacks. Due to the severity of this exploit, we are advising you and your team to apply patches urgently to safeguard your data.

This Week’s Roundup:

Ticketmaster Data Breach Possibly Affecting 560 Million Users  Hackers from the ShinyHunters group claim to have breached Ticketmaster, exposing personal data of 560 million users. The stolen data, including names, addresses, email addresses, and partial payment details, is being sold for $500,000. Any users of Ticketmaster are recommended to change passwords, monitor financial accounts, and even change credit cards tied to Ticketmaster accounts immediately.

Newly Discovered Ransomware “ShrinkLocker” Uses Bitlocker to Encrypt User Data A newly discovered ransomware dubbed ShrinkLocker has emerged, leveraging BitLocker encryption to lock victims’ data. This ransomware operates autonomously, encrypting victim data using the BitLocker encryption feature already present on Windows systems, even without an internet connection, signaling a concerning shift towards offline encryption tactics by cybercriminals. It is imperative that if using BitLocker in your environment that strong passwords are used and recovery keys are stored in secure locations.

TP-Link Archer Routers Affected by RCE Flaw A critical security flaw has been discovered in TP-Link Archer C5400X routers, tracked as CVE-2024-5035, which exposes them to remote hacking. Exploiting this vulnerability could grant attackers unauthorized access to sensitive network configurations and data. You should update your router firmware to the latest patched version to mitigate the risk of exploitation.

Check Point VPN Exploited by Zero-Day Attacks Check Point VPNs have been targeted by attackers exploiting the zero-day vulnerability CVE-2024-24919 since April 2024. This vulnerability allows threat actors to extract password hashes from VPN-enabled Check Point Security Gateways, potentially leading to unauthorized network access and lateral movement. Check Point has released a hotfix and advises against using password-only authentication for VPN logins.

Vulnerability Affecting WordPress Plugin “Slider Revolution” with 9 Million Users A significant cross-site scripting (XSS) vulnerability has been identified in the WordPress plugin Slider Revolution, affecting versions up to 6.6.14. This flaw could allow attackers to inject malicious scripts into websites using the plugin, potentially leading to unauthorized redirects, advertisements, or other harmful payloads. We advise you to immediately update your WordPress plugin to version 6.6.15 or later.

Okta Warns of Credential Stuffing Attacks Okta has issued a warning about credential stuffing attacks targeting its Customer Identity Cloud’s cross-origin authentication feature. These attacks involve using compromised username and password combinations from previous breaches or phishing campaigns. We strongly advise you to implement stronger security measures such as password rotation, MFA, and passkeys to prevent this kind of attack.

Leave a Reply