Ivanti warns of maximum severity CSA auth bypass vulnerability Today, Ivanti warned customers about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. The security flaw (tracked as CVE-2024-11639 and reported by CrowdStrike's Advanced Research Team) enables remote attackers to gain administrative privileges on vulnerable appliances running Ivanti CSA 5.0.2 or earlier without requiring authentication or user interaction by circumventing authentication using an alternate path or channel. Ivanti advises admins to upgrade vulnerable appliances to CSA 5.0.3 using detailed information available in this support document. "We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program," the company said on Tuesday. "Currently, there is no known public exploitation of this these vulnerabilities that could be used to provide a list of indicators of compromise." See more: BleepingComputer :
BleepingComputer
Ivanti warns of maximum severity CSA auth bypass vulnerability
Ivanti warned customers on Tuesday about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution.
 The Hacker News:
The Hacker News
Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
Ivanti releases patches for critical flaws in CSA and Connect Secure, addressing privilege escalation and code execution risks.
 #cybersecurity #ivanti #authenticationbypass
New Cleo zero-day RCE flaw exploited in data theft attacks Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. The flaw is found in the company's secure file transfer products, Cleo LexiCom, VLTrader, and Harmony, and is a flaw that allows unrestricted file upload and downloads that leads to remote code execution. The Cleo MFT vulnerability affects versions 5[.]8[.]0[.]21 and earlier and is a bypass for a previously fixed flaw, CVE-2024-50623, which Cleo addressed in October 2024. However, the fix was incomplete, allowing threat actors to bypass it and continue to exploit it in attacks. Cleo says its software is used by 4,000 companies worldwide, including Target, Walmart, Lowes, CVS, The Home Depot, FedEx, Kroger, Wayfair, Dollar General, Victrola, and Duraflame. See more: BleepingComputer :
BleepingComputer
New Cleo zero-day RCE flaw exploited in data theft attacks
Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft...
 The Hacker News:
The Hacker News
Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged
Critical Cleo software flaw exploited en masse; update Harmony, VLTrader, LexiCom to prevent ransomware attacks.
 Security Week:
SecurityWeek
Cleo File Transfer Tool Vulnerability Exploited in Wild Against Enterprises
CVE-2024-50623, an improperly patched vulnerability affecting Cleo file transfer tools, has been exploited in the wild.
 #cybersecurity #rce #cleo
Chinese hackers use Visual Studio Code tunnels for remote access Chinese hackers targeting large IT service providers in Southern Europe were seen abusing Visual Studio Code (VSCode) tunnels to maintain persistent remote access to compromised systems. VSCode tunnels are part of Microsoft's Remote Development feature, which enables developers to securely access and work on remote systems via Visual Studio Code. Developers can also execute command and access the file system of remote devices, making it a powerful development tool. The tunnels are established using Microsoft Azure infrastructure, with executables signed by Microsoft, providing trustworthy access. Attack chains observed by the companies entail the use of SQL injection as an initial access vector to breach internet-facing applications and database servers. The code injection is accomplished by means of a legitimate penetration testing tool called SQLmap that automates the process of detecting and exploiting SQL injection flaws. See more: BleepingComputer :
BleepingComputer
Chinese hackers use Visual Studio Code tunnels for remote access
Chinese hackers targeting large IT service providers in Southern Europe were seen abusing Visual Studio Code (VSCode) tunnels to maintain persisten...
 The Hacker News:
The Hacker News
Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage
Operation Digital Eye targets IT providers in Southern Europe, leveraging Visual Studio Code for stealthy cyber espionage.
 #cybersecurity #visualstudiocode #sqlinjection
Exploits and vulnerabilities in Q3 2024 Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mitigations for whole sets of vulnerabilities in commonly used subsystems. For example, a log integrity check is set to appear in the Common Log Filing System (CLFS) in Windows, so the number of exploits for it will drop. As for Linux, this operating system has the Linux Kernel Runtime Guard (LKRG), implemented as a separate kernel module. Although the first version of LKRG was released back in 2018, it is undergoing constant refinement. And it is becoming more actively used in various Linux builds. See more:
Securelist
Analyzing the vulnerability landscape in Q3 2024
The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q3 2024, such as regreSSHion
 #cybersecurity #exploits #vulnerabilities
IT threat evolution in Q3 2024. Mobile statistics According to Kaspersky Security Network, in Q3 2024: - As many as 6.7 million attacks involving malware, adware or potentially unwanted mobile apps were prevented. - Adware was the most common mobile threat, accounting for 36% of all detected threats. - More than 222,000 malicious and potentially unwanted installation packages were detected, of which: A) 17,822 were associated with mobile banking Trojans. B) 1576 packages were mobile ransomware Trojans See more:
Securelist
Mobile threat statistics for Q3 2024
The Q3 2024 mobile threat statistics encompass data on cyberattacks against Android devices involving malware, adware and potentially unwanted apps.
 #cybersecurity #mobile #malware
SecurityWeek sums up the last week news: ENISA and NCSC release cybersecurity reports, abuse of Cloudflare services, FBI warns of gen-AI enabling fraud. See more:
SecurityWeek
In Other News: Cloudflare Abuse, UK and EU Cybersecurity Reports, FBI Gen-AI Alert
ENISA and NCSC release cybersecurity reports, abuse of Cloudflare services, FBI warns of gen-AI enabling fraud.
 #cybersecurity
Data Breach News! Atrium Health Data Breach Impacts 585,000 People Healthcare company Atrium Health has notified the US Department of Health and Human Services (HHS) that a recently discovered data breach impacts more than 585,000 individuals. See more:
SecurityWeek
Atrium Health Data Breach Impacts 585,000 People
Atrium Health has notified the HHS of a data breach impacting 585,000 individuals, and the incident may be related to online tracking.
 Blue Yonder SaaS giant breached by Termite ransomware gang The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. Its list of over 3,000 customers includes other high-profile companies like Microsoft, Renault, Bayer, Tesco, Lenovo, DHL, 3M, Ace Hardware, Procter & Gamble, Carlsberg, Dole, Wallgreens, Western Digital, and 7-Eleven. See more:
BleepingComputer
Blue Yonder SaaS giant breached by Termite ransomware gang
​The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder.
 #cybersecurity #databreach #privacy
Ultralytics AI model hijacked to infect thousands with cryptominer The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI) Ultralytics is a software development company specializing in computer vision and artificial intelligence (AI), specifically in object detection and image processing. It's best known for its "YOLO" (You Only Look Once) advanced object detection model, which can quickly and accurately detect and identify objects in video streams in real time. Ultralytics tools are open-source and are used by numerous projects spanning a wide range of industries and applications. The library has been starred 33,600 times and forked 6,500 times on GitHub, and it has had over 260,000 downloads over the past 24 hours from PyPI alone. See more: BleepingComputer:
BleepingComputer
Ultralytics AI model hijacked to infect thousands with cryptominer
The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3....
 The Hacker News:
The Hacker News
Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions
Two Ultralytics AI library versions compromised to deliver cryptominers. Update to secure versions immediately.
 #cybersecurity #malware #ai
New Windows zero-day exposes NTLM credentials, gets unofficial patch A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. The flaw was discovered by the 0patch team, a platform that provides unofficial support for end-of-life Windows versions, and was reported to Microsoft. However, no official fix has been released yet. According to 0patch, the issue, which currently has no CVE ID, impacts all Windows versions from Windows 7 and Server 2008 R2 up to the latest Windows 11 24H2 and Server 2022. See more:
BleepingComputer
New Windows zero-day exposes NTLM credentials, gets unofficial patch
A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a mal...
 #cybersecurity #windows #patch
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month. Unlike the first set that involved flaws on the server-side, the newly detailed ones allow exploitation of ML clients and reside in libraries that handle safe model formats like Safetensors. "Hijacking an ML client in an organization can allow the attackers to perform extensive lateral movement within the organization," the company said. "An ML client is very likely to have access to important ML services such as ML Model Registries or MLOps Pipelines." See more:
The Hacker News
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks
Critical flaws in MLflow, PyTorch, and more enable remote code execution, threatening AI and ML security.
 #cybersecurity #machinelearning #malware