Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
Zyxel Advises of Severe OS Command Injection Exploit in Routers Zyxel has released a patch for a critical OS command injection vulnerability (CVE-2024-7261) that affects several models of its business routers and access points. This vulnerability, with a CVSS score of 9.8, allows unauthenticated attackers to remotely execute arbitrary commands by sending a specially crafted request to the device.
Affected devices include Zyxel’s NWA and WAC series, as well as the USG LITE 60AX security router. If left unpatched, this flaw could enable attackers to take control of the device, potentially disrupting networks. All organizations are strongly urged to update their devices immediately.
Cisco Releases Patch for Two Critical Flaws in Smart Licensing Utility Cisco has released security patches to address two critical vulnerabilities (CVE-2024-20439 and CVE-2024-20440) affecting its Small Business Switches. These flaws, rated 9.8 on the CVSS scale, could allow remote attackers to execute arbitrary code or cause denial-of-service (DoS) by sending specially crafted requests to the web-based management interface. Organizations are advised to patch immediately.
This Week’s Roundup:
Airport Security Screenings Bypassed Via SQL Injection Researchers discovered a critical vulnerability in the FlyCASS system, which is used in air transport security to manage Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs. This flaw, an SQL injection in the login system, allowed unauthorized access to add or modify crew members, bypassing standard security checks at airports. Despite initial reports to the Department of Homeland Security, the vulnerability was downplayed, but it could have serious implications for airline security if exploited.
VMware Addresses Critical Vulnerability in Fusion Hypervisor VMware has released a patch for a critical code execution vulnerability (CVE-2024-38811) affecting its Fusion hypervisor. This flaw allows attackers with standard user privileges to execute arbitrary code within the Fusion application by exploiting an insecure environment variable. Rated with a CVSS score of 8.8, the vulnerability impacts VMware Fusion versions 13.x, and there are no workarounds available. VMware recommends updating to version 13.6 as soon as possible.
Eucleak Attacks Allowing Threat Actors to Clone Yubikey FIDO Keys A researcher has discovered an unfixable vulnerability in certain YubiKey devices, including YubiKey 5 Series and YubiKey 5 FIPS models before version 5.7. The flaw, which involves improper key handling, could allow attackers to bypass the device’s protection mechanisms. While the vulnerability is difficult to exploit, it remains a concern for users relying on these security keys for critical authentication tasks. Yubico has released an advisory urging affected teams to upgrade to the latest firmware to protect themselves from the issue.
Hackers Use Cisco Store to Steal Credit Cards via Malicious Injected Javascript Hackers injected malicious JavaScript into Cisco’s online merchandise store, stealing sensitive information, including credit card details and login credentials. The obfuscated script was designed to collect data during the checkout process. This attack likely exploited a vulnerability known as CosmicSting, which affects the Magento platform. Although the compromised store mainly serves Cisco employees, this breach can expose sensitive employee information. Cisco’s store has been taken offline for maintenance to address the issue.
Discontinued D-Link Routers Affected By RCE – No Patch Available D-Link has identified multiple remote code execution vulnerabilities (CVE-2024-44341, CVE-2024-44342) in its discontinued DIR-846 router model. These flaws, with a critical CVSS score of 9.8, allow remote attackers to exploit the device via crafted POST requests, enabling them to execute arbitrary code. D-Link has advised teams to replace the affected devices as they are no longer supported and will not receive updates.
22,000 PyPI Packages Threatened by “Revival Hijack” A new supply chain attack called “Revival Hijack” is threatening over 22,000 packages in the PyPI ecosystem. Hackers are registering names of previously deleted packages to upload malicious updates. Once developers pull these updates, they unknowingly install trojans or harmful scripts. One observed case involved the “pingdomv3” package, which was hijacked to include a Python trojan targeting Jenkins environments. Developers are encouraged to use package pinning and carefully audit updates to reduce risks.