Happy Halloween!
Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
QNAP Fixes NAS Backup Software Zero-Day QNAP recently addressed a zero-day vulnerability in their NAS backup software, fixed after being exploited at the Pwn2Own Ireland 2024 competition. The flaw, tracked as CVE-2024-50388, allowed remote code execution on QNAP systems, presenting a serious risk for users relying on QNAP devices for data storage and backup. QNAP has advised all organizations to update their systems immediately to protect against potential exploitation and data theft.
Google Patches Critical Exploits in Chrome Browser Google recently patched two critical vulnerabilities in Chrome, tracked as CVE-2024-10487 and CVE-2024-10488, both of which could allow attackers to execute arbitrary code on a victim’s system. These flaws were found in the WebGPU and WebRTC, marking them as high-risk due to the potential for remote exploitation through specially crafted content. Security researchers discovered these issues, prompting Google to release an urgent update, and teams are advised to update as soon as possible.
This Week’s Roundup:
Microsoft Entra “Security Defaults” Making MFA Setup Mandatory Microsoft is updating its Entra ID security defaults to require mandatory multi-factor authentication (MFA) setup for new and existing users, enhancing baseline security across organizations. This change aims to reduce account compromises by ensuring users enable MFA, which adds an additional layer of protection against unauthorized access. Microsoft plans to roll out the new defaults gradually, encouraging administrators to adopt these requirements to secure Entra ID-managed resources effectively.
Recurring Windows Flaw Could Expose User Credentials A recurring Windows vulnerability, recently highlighted by security researchers, could allow attackers to steal user credentials through network requests. This flaw exploits the way Windows handles authentication protocols, potentially enabling attackers to intercept and misuse user credentials in man-in-the-middle attacks. Microsoft has advised users to implement security best practices, such as disabling NTLM authentication and enforcing strict credential policies, to mitigate the risk.
Apple Patches Over 70 Vulnerabilities Across iOS, macOS Apple recently released security updates addressing over 70 vulnerabilities across iOS, macOS, and other products, with several classified as high-severity flaws. These vulnerabilities, if exploited, could allow attackers to execute arbitrary code, access sensitive information, or bypass security protections on affected devices. Apple recommends all organizations update their devices immediately to protect against potential attacks, as some of the flaws could be targeted in the wild.
Over 1000 Online Shops Hacked to Show Fake Product Listings Over a thousand online stores were recently compromised to display fake product listings, tricking customers into purchasing nonexistent items. Attackers exploited vulnerabilities in the shops’ systems to inject malicious code, redirecting unsuspecting users to fraudulent checkout pages. This widespread breach highlights the need for organizations to secure their platforms against such threats to protect customer data and prevent financial losses.
Fog and Akira Ransomware Attacks Focusing SonicWall VPN Flaw A ransomware campaign leveraging the Akira variant has been exploiting a critical flaw in SonicWall VPN devices, tracked as CVE-2024-40766 with a CVSS score of 9.3, to gain unauthorized network access. This vulnerability enables attackers to infiltrate systems, encrypt files, and demand ransom payments from affected organizations. The campaign highlights the critical need for patching VPN appliances, as unpatched devices offer prime entry points for sophisticated ransomware attacks. Teams using SonicWall VPNs are strongly urged to apply available patches to prevent compromise by Akira or similar ransomware strains.
LiteSpeed Cache WordPress Plugin Poses Significant Risk A high-severity vulnerability in the LiteSpeed Cache plugin for WordPress, identified as CVE-2024-50550 with a CVSS score of 8.1, could allow attackers to inject malicious code or manipulate site content. This flaw affects millions of sites that use the popular caching plugin to enhance performance, putting them at risk for potential attacks if exploited. Website admins are advised to apply the latest LiteSpeed update.
