Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
QNAP Addressing Critical Exploits Across NAS Devices QNAP has released security updates addressing multiple critical vulnerabilities affecting its NAS devices and router software. Notably, two critical flaws in the Notes Station 3 application—CVE-2024-38643, an authentication bypass, and CVE-2024-38645, a server-side request forgery—could allow remote attackers to gain unauthorized access and manipulate server behavior. Teams are strongly advised to update to Notes Station 3 version 3.9.7 or later.
This Week’s Roundup:
Blue Yonder Ransomware Attacks Disrupting Grocery Stores, Starbucks Blue Yonder, a supply chain management company, suffered a ransomware attack on November 21, 2024, disrupting operations for major retailers, including Starbucks, Morrisons, and Sainsbury’s. The attack impacted critical processes like employee scheduling and warehouse management, creating logistical challenges for these businesses. Blue Yonder is working with cybersecurity experts to recover its systems and has informed affected clients about the breach.
New VPN Attack Used Against Palo Alto Networks, SonicWall Products Security researchers have demonstrated a new attack method targeting VPN products from Palo Alto Networks and SonicWall. This technique exploits vulnerabilities in the VPN implementations, potentially allowing attackers to intercept and decrypt sensitive data transmitted through these networks. Both companies have been informed and are expected to release patches to address these issues.
VMware Patches Severe Flaw in Aria Operations VMware has released patches for five high-severity vulnerabilities in its Aria Operations platform, which could allow attackers to escalate privileges or execute cross-site scripting (XSS) attacks. The affected versions include VMware Aria Operations 8.x and VMware Cloud Foundation 4.x and 5.x utilizing Aria Operations. Organizations are strongly advised to apply these updates promptly, as there are no available workarounds.
Hackers Exploit Critical Bug in Array Networks SSL VPN Products Hackers are actively exploiting a critical vulnerability, identified as CVE-2023-28461, in Array Networks’ SSL VPN products, specifically the AG and vxAG Series running ArrayOS version 9.4.0.481 and earlier. This flaw allows unauthenticated attackers to execute remote code by manipulating the ‘flags’ attribute in HTTP headers. Array Networks released a patch in March 2023 with version 9.4.0.484 to address this issue. Given the active exploitation, organizations are strongly advised to update their systems as soon as possible.
Critical WordPress Anti-Spam Plugin Flaw Exposes 200,000 Websites Two critical security vulnerabilities have been identified in the “Spam protection, Anti-Spam, FireWall” plugin for WordPress, which is installed on over 200,000 sites. These flaws, tracked as CVE-2024-10542 and CVE-2024-10781, both carry a CVSS score of 9.8 out of 10. They allow unauthenticated attackers to install and activate arbitrary plugins, potentially leading to remote code execution. The issues have been addressed in versions 6.44 and 6.45 of the plugin, released in November 2024. Web administrators should update to the most recent version immediately.
Zyxel Firewalls Targeted in Recent Ransomware Attacks Zyxel firewalls have been targeted in recent ransomware attacks exploiting known vulnerabilities. Threat actors are leveraging these security flaws to gain unauthorized access, deploy ransomware, and disrupt network operations. Zyxel has released patches to address these issues and strongly advises teams to update their devices promptly.
