CISA warns about the active exploitation of a critical vulnerability in GitLab (CVE-2023-7028). Attackers are leveraging the vulnerability to send password reset requests to an unverified email address, eventually leading to full account takeover. Followingly, they might be able to exfiltrate information, steal credentials, and compromise source code repositories. The flaw, discovered last January, has existed since the release of a new GitLab version in May 2023.
Palo Alto updated its remediation recommendations related to the critical PAN-OS vulnerability which has been recently exploited in the wild (CVE-2024-3400). Beyondupdating PAN-OS version, the company now advises a private data reset in case of potential infiltration (if a device’s file, mostly running_config.xml, has been copied to a location accessible via a Web request); and a full factory reset if evidence of interactive command execution is found.
A few months ago, Russian hackers have stolen information from Ukrainian government and military targets by gaining initial access through the exploitation of an old Microsoft Office RCE vulnerability (CVE-2017-8570). The exploit was disguised in a Powerpoint file claiming to contain a US Army mine clearing manual sent to victims through Signal.
Mitigate it
in TrendMicro, make sure AS Pattern 4860 is activated.
The US and its allies assert that, since 2022, pro-Russian hacktivists have targeted small-scale OT systems in water systems, dams, energy, food and agriculture sectors. The attackers gained initial access by using weak passwords and by exploiting vulnerabilities in outdated and internet-exposed virtual network computing (VNC) remote access software.
In 2023, CISA made 1,800 notifications to organizations with internet-exposed devices vulnerable to ransomware attacks. Of those, around 850 were patched, mitigated or taken offline. The initiative takes place under the “Ransomware Vulnerability Warning Pilot” launched in January 2023 and jointly led by CISA and the FBI.
A new DataBreach Investigations Report shows that, in 2023, 14% of 10,000 analyzed breaches started with vulnerability exploitation – an impressive 180% increase from 2022. Moreover, the report proves that the exploitation window is widening: attackers are quicker(50% of the vulnerabilities were scanned for by attackers less than 5 days after being disclosed) while defenders’ response remain slow (it takes in average 55 days from patch release to remediate 50% of critical KEV-listed vulnerabilities).
A new report shows that USB-borne malwares focus on exploiting outdated flaws, sometimes decade old, to conduct USB attacks. Most of the malwares was content-based and tried to exploit existing documents and scripting functions in software such asMicrosoft Office, Adobe Acrobat and Adobe flash reader.
Two American senators are promoting a new legislation requiring NIST and CISA to register AI vulnerabilities and incorporate them into the National Vulnerability Database (NVD). The bill demands to assign CVE IDs to flaws in AI systems or to establish any other model for that purpose.
Mitigate it
Mitigate it
Mitigate it
Mitigate it
Mitigate it
Mitigate it
Sources
- https://www.cisa.gov/news-events/alerts/2024/05/01/cisa-adds-one-known-exploited-vulnerability-catalog
- https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CrO6CAK
- https://www.deepinstinct.com/blog/uncorking-old-wine-zero-day-cobalt-strike-loader
- https://www.cisa.gov/sites/default/files/2024-05/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity-508c.pdf
- https://www.cisa.gov/news-events/news/cyber-hygiene-helps-organizations-mitigate-ransomware-related-vulnerabilities
- https://www.verizon.com/business/resources/reports/2024-dbir-data-breach-investigations-report.pdf
- https://hcenews.honeywell.com/CYB-2024-Threat-Report-LP.html
- https://www.warner.senate.gov/public/_cache/files/3/c/3c24cbde-e4f5-419c-9e92-6e03dc41b801/C703EAA7ADE81649290CC7518FA1916F.secure-ai-act-one-pager-v2.pdf