VMware Patches High-Severity Vulnerabilities in Aria Operations Virtualization software vendor VMware on Tuesday released a high-severity bulletin with patches for at least five security defects in its Aria Operations product. The company documented five distinct vulnerabilities in the cloud IT operations platform and warned that malicious hackers can craft exploits to elevate privileges or launch cross-site scripting attacks. See more:
SecurityWeek
VMware Patches High-Severity Vulnerabilities in Aria Operations
The company warns that malicious hackers can craft exploits to elevate privileges or launch cross-site scripting attacks.
 #cybersecurity #vmware
Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites Two critical vulnerabilities in CleanTalk’s anti-spam plugin for WordPress could allow attackers to execute arbitrary code remotely, without authentication, Defiant warns. The issues, tracked as CVE-2024-10542 and CVE-2024-10781 (CVSS score of 9.8), affect the ‘Spam protection, Anti-Spam, FireWall by CleanTalk’ plugin, which has more than 200,000 active installations. Both flaws could allow remote, unauthenticated attackers to install and activate arbitrary plugins, including vulnerable plugins that could be exploited for remote code execution (RCE). See more: Security Week:
SecurityWeek
Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites
Two vulnerabilities in the Anti-Spam by CleanTalk WordPress plugin allowed attackers to execute arbitrary code remotely.
 The Hacker News:
The Hacker News
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Critical flaws in CleanTalk’s WordPress plugin allow remote code execution; update to secure your site.
 #cybersecurity #wordpress #rce
Starbucks, Grocery Stores Hit by Blue Yonder Ransomware Attack A ransomware attack on supply chain management software provider Blue Yonder has caused significant disruptions for some of the company’s customers, including several major firms. Arizona-based Blue Yonder revealed on November 21 that its managed services hosted environment had been experiencing disruptions due to a ransomware attack. The company immediately launched an investigation and started working on restoring impacted services. In the latest update shared on its website on November 24, Blue Yonder said it had been making steady progress, but did not have a timeline for fully restoring services. Blue Yonder said it hired a cybersecurity firm to assist its investigation and restoration efforts, but did not share any other information on the attack itself. See more:
SecurityWeek
Starbucks, Grocery Stores Hit by Blue Yonder Ransomware Attack
Blue Yonder has been targeted in a ransomware attack that caused significant disruptions for some customers.
 #cybersecurity #ransomware
CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that could be exploited to achieve arbitrary code execution remotely. Fixes (version 9.4.0.484) for the security shortcoming were released by the network hardware vendor in March 2023. "Array AG/vxAG remote code execution vulnerability is a web security vulnerability that allows an attacker to browse the filesystem or execute remote code on the SSL VPN gateway using flags attribute in HTTP header without authentication," Array Networks said. "The product can be exploited through a vulnerable URL." See more:
The Hacker News
CISA Urges Agencies to Patch Critical
CISA flags Array Networks flaw CVE-2023-28461 for active exploitation; agencies urged to patch by December 16.
 #cybersecurity #arraynetworks
Recent Zyxel Firewall Vulnerability Exploited in Ransomware Attacks Zyxel has issued a fresh warning on threat actors exploiting a recently patched command injection vulnerability in its firewalls after security firms have observed a ransomware group targeting the flaw for initial compromise. The bug, tracked as CVE-2024-42057, could allow remote attackers to execute OS commands on vulnerable devices, without authentication. Zyxel announced patches for this flaw and six other security defects on September 3, explaining that only devices configured in User-Based-PSK authentication mode on which a valid user with a long username exceeding 28 characters exists are affected. Zyxel addressed these vulnerabilities with the release of firmware version 5.39 for ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series devices. See more:
SecurityWeek
Recent Zyxel Firewall Vulnerability Exploited in Ransomware Attacks
A ransomware group has been observed exploiting a recently patched command injection vulnerability in Zyxel firewalls for initial access.
 #cybersecurity #ransomware #zyxel
Advanced threat predictions for 2025 Report from Kaspersky’s Global Research and Analysis Team about the future threats and rebalancing last year predictions. See more:
Securelist
Advanced threat predictions for 2025
Kaspersky's Global Research and Analysis Team monitors over 900 APT (Advanced Persistent Threat) groups and operations. In this piece of KSB s...
 #cybersecurity
QNAP addresses critical flaws across NAS, router software QNAP has released security bulletins over the weekend, which address multiple vulnerabilities, including three critical severity flaws that users should address as soon as possible. See more:
BleepingComputer
QNAP addresses critical flaws across NAS, router software
QNAP has released security bulletins over the weekend, which address multiple vulnerabilities, including three critical severity flaws that users s...
 #cybersecurity
npm Package Lottie-Player Compromised in Supply Chain Attack A targeted supply chain attack involving the widely used npm package @lottiefiles/lottie-player has been uncovered, highlighting vulnerabilities in software dependencies. The @lottiefiles/lottie-player package was downloaded approximately 84,000 times weekly and is used to embed and play Lottie animations on websites. The malicious updates contained altered code that introduced pop-ups prompting users to connect their web3 wallets. See more:
Infosecurity Magazine
npm Package Lottie-Player Compromised in Supply Chain Attack
npm package @lottiefiles/lottie-player hacked with malicious code, draining crypto wallets via web3 pop-ups
 #cybersecurity #malware #cryptocurrency
Vulnerabilities Expose mySCADA myPRO Systems to Remote Hacking The myPRO product of Czech industrial automation company mySCADA is affected by several critical vulnerabilities, including ones that can allow a remote, unauthenticated attacker to take complete control of the targeted system. myPRO is a human-machine interface (HMI) and supervisory control and data acquisition (SCADA) system designed for visualizing and controlling industrial processes. The product can run on Windows, macOS and Linux, including servers, PCs and embedded devices. See more:
SecurityWeek
Vulnerabilities Expose mySCADA myPRO Systems to Remote Hacking
Critical vulnerabilities patched by mySCADA in its myPRO HMI/SCADA product can allow remote and unauthenticated takeover of the system.
 #cybersecurity
APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asyncshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today. Mysterious Elephant, which is also known as APT-K-47, is a threat actor of South Asian origin that has been active since at least 2022, primarily targeting Pakistani entities. The group's tactics and tooling have been found to share similarities with those of other threat actors operating in the regions, such as SideWinder, Confucius, and Bitter. See more:
The Hacker News
APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
APT-K-47, aka Mysterious Elephant, exploits Hajj themes and Asyncshell malware in Pakistan-targeted cyberattacks.
 #cybersecurity #malware #asyncshell