The Information Highway

Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.

Threat update

A new email threat, StrelaStealer malware, is targeting European and United States organizations. It spreads through phishing emails with attachments that execute its dynamic-link library (DLL) payload designed to steal email login data. This Cybersecurity Threat Advisory reviews the threat in detail and provides recommendations on how organizations can mitigate their risks. 

A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. 

CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks.

Threat update

Microsoft announced that a recently disclosed security flaw had been exploited just one day after it released fixes for the vulnerability. CVE-2024-21410, an Exchange Server vulnerability, with a CVSS score of 9.8, allows threat actors to escalate privileges of the affected Exchange Server.

A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache.

A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads.

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.

On the first day of Pwn2Own Vancouver 2024, contestants demoed 19 zero-day vulnerabilities in Windows 11, Tesla, Ubuntu Linux and other devices and software to win $732,500 and a Tesla Model 3 car.

Threat update

 Fortinet has released security updates for an unauthorized code execution vulnerability impacting their FortiClientEMS (Endpoint Management Server) product. The vulnerability, CVE-2023-48788, is related to a flaw that allows unauthenticated malicious actors to execute code or commands onto the server via purposely crafted requests. This Cybersecurity Threat Advisory highlights various recommendations to mitigate the potential impact on your devices.

Threat update

A critical vulnerability (CVE-2024-1403) affecting Progress Software OpenEdge Authentication Gateway and AdminServer impacts versions 11.7.18 and earlier, 12.2.13 and earlier, and 12.8.0. The vulnerability allows unauthorized access due to manipulation of username and password combinations during the authentication process. Review this Cybersecurity Threat Advisory to minimize the potential impact on your systems.

Threat update

 A critical vulnerability is affecting many Fortinet devices. Approximately 150,000 Fortinet OS and FortiProxy Secure Web Gateway systems are believed to be exposed to this flaw. Continue reading this Cybersecurity Threat Advisory to learn how you can mitigate the potential risk and impact of this vulnerability.

Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise.

Threat update

Critical authentication bypass vulnerabilities have been identified in QNAP network attached storage (NAS) devices. These flaws pose significant risks, allowing unauthorized access to affected devices. Review the recommendations in this Cybersecurity Threat Advisory to ensure your systems are secure. 

A new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools.

SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.

Nissan Oceania is warning of a data breach impacting 100,000 people after suffering a cyberattack in December 2023 that was claimed by the Akira ransomware operation.

Threat update

There have been increasing reports of threat actors leveraging a classic malware delivery method in recent months: USB attacks. Continue reading to learn how you can prevent these attacks and reduce risks for your customers. 

Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. 

Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions.