GitLab has released critical updates to address multiple vulnerabilities, the most severe being CVE-2024-6678, which allows an attacker to trigger pipelines as arbitrary users. This vulnerability could potentially lead to unauthorized access and manipulation of GitLab projects. The vulnerability affects all GitLab versions from 8.14 to 17.3.2. GitLab has released patches for all affected versions and recommends users upgrade their GitLab instances immediately. The vulnerability highlights the importance of keeping software updated with the latest security patches and emphasizes the need for ongoing security awareness and vigilance.
Transport for London (TfL) experienced a significant cyberattack on September 1, 2024. The attack resulted in the potential exposure of customer data, including names, contact details, email addresses, and home addresses. The UK’s National Crime Agency arrested a 17-year-old suspect in connection with the incident, who was later released on bail. Investigations are ongoing, but no disruptions to transport services were reported. This incident serves as a reminder that critical infrastructure remains a target for cyberattacks, even if no ransom demands were made.
Highline Public Schools, a K-12 district in Washington state, was hit by a cyberattack that resulted in the closure of all schools and the cancellation of related activities. The attack impacted the school’s technology systems, necessitating an immediate response to contain the damage and initiate a thorough investigation. The incident highlights the growing threat of cyberattacks targeting educational institutions, which often store a significant amount of sensitive personal and financial data. While the details of the attack remain limited, the disruption underscores the need for robust security measures within the educational sector to prevent data breaches and maintain operational continuity.
Ford has filed a patent for technology that could collect a wide range of driver data, including in-car conversations, to personalize in-car advertisements. The system would use GPS location, driving speed, traffic conditions, historical user data, and conversation analysis to target ads. While Ford emphasizes that the patent does not guarantee implementation, it raises concerns about data privacy and potential misuse. Critics worry about the intrusiveness of the technology and its potential for driver distraction. It’s important to monitor this development and advocate for transparent data collection practices and user control over their data.
Hackers are actively exploiting publicly available exploit code for two critical vulnerabilities in WhatsUp Gold, a network availability and performance monitoring solution developed by Progress Software. The vulnerabilities have been known since August 2024, allowing attackers to compromise systems. This highlights the need for prompt patching and vulnerability management practices to protect organizations from known threats.
TD Bank has been fined $28 million by the Consumer Financial Protection Bureau (CFPB) for allegedly sharing inaccurate customer data with credit reporting agencies. The CFPB found that TD Bank knowingly or suspected that some of the reported data was inaccurate. This incident highlights the importance of data accuracy in financial services and the potential for negative consequences for consumers who are affected by inaccurate credit reports. It also emphasizes the responsibilities of financial institutions to ensure the accuracy of the data they share with credit bureaus and the importance of consumer protections.
A critical zero-day vulnerability has been identified in Adobe Acrobat Reader, allowing for remote code execution. A proof-of-concept exploit for this vulnerability is publicly available, making it easier for attackers to exploit it. Users are strongly advised to upgrade to the latest version of Adobe Acrobat Reader immediately to patch this vulnerability and mitigate the risk of exploitation.
Microsoft’s September 2024 Patch Tuesday addressed a total of 79 vulnerabilities across its products, including 4 zero-day flaws that were actively being exploited by attackers. Notably, one of the zero-days, CVE-2024-38217, had been exploited since at least 2018, affecting Windows Smart App Control (SAC) and SmartScreen. These updates are crucial for patching security loopholes and ensuring system integrity. The updates also include fixes for Windows 10 (22H2 and 21H2) and Windows 11 23H2, as well as performance issues arising from prior updates for Windows Server 2019. Organizations are urged to prioritize timely patching of systems running Microsoft software to mitigate risks.
Intel has issued a security advisory regarding critical vulnerabilities found in the UEFI firmware of certain processors. These vulnerabilities, if exploited, could lead to privilege escalation, denial-of-service (DoS) attacks, or sensitive data leakage. Users are advised to wait for system manufacturers to release firmware updates to address these issues. The impact of these vulnerabilities is potentially widespread, as millions of devices may be affected. The security risks associated with these vulnerabilities are significant, as they could potentially grant attackers control over affected systems.
Avis Budget Group, a major car rental company, disclosed a data breach following an attack that compromised one of its business applications and led to the theft of customer personal information. This incident highlights the increasing vulnerability of businesses to data breaches due to insufficient security measures. The attackers likely exploited a vulnerability in the company’s systems to gain unauthorized access, leading to the compromise of sensitive customer data. The specific vulnerability and attack methodology have not been publicly disclosed, but it indicates a potential weakness in Avis’s security posture. The stolen information may include names, addresses, and other personal identifiers, representing a significant privacy risk to impacted customers. This incident serves as a reminder for businesses to implement comprehensive security measures and ensure the protection of customer data, especially in the face of growing cyber threats.
The US Department of Justice has filed charges against five officers from Russia’s military intelligence service, the GRU, along with a civilian collaborator, for launching destructive cyberattacks against Ukrainian infrastructure and probing computer systems of 26 NATO member countries. The GRU’s Unit 29155, known for sabotage and influence operations, was actively involved in campaigns that began a month before Russia’s invasion. These attacks included data-wiping malware (WhisperGate) and data theft, aimed at undermining trust in Ukrainian government systems. Unit 29155 also used commercial tools and techniques and collaborated with cybercriminals. This indictment highlights the continuing threat posed by nation-state-backed cyberattacks, with a specific focus on Unit 29155’s tactics and techniques. This incident should raise awareness among security professionals concerning the potential for such attacks and encourage the implementation of robust defensive measures against them.
The Telegram messaging platform has been facing increasing scrutiny due to a substantial volume of criminal activity reported on the platform. A New York Times analysis of over 3.2 million messages across 16,000 channels revealed evidence of illegal and extremist activity, including CSAM, drug sales, and white supremacist channels. Telegram Founder, Pavel Durov, has publicly acknowledged the challenge of managing the app’s large user base and pledged to enhance moderation efforts. Telegram’s moderation policy has been under intense debate, with some critics labeling it an ‘anarchic paradise’ for cybercriminal activity. The platform is now actively working on removing features linked to illegal activities and improving its mechanisms for addressing law enforcement requests. Organizations and individuals using Telegram should be cautious of the risks associated with the platform and consider alternative messaging services where security and moderation are prioritized.
A critical vulnerability (CVE-2024-36401, CVSS score 9.8) in GeoServer, an open-source geospatial data server, is being actively exploited by attackers to gain unauthorized access to systems and deploy malware. The vulnerability resides in GeoServer’s request parameters, enabling attackers to execute arbitrary code remotely. Attackers use this flaw to gain initial access, establish persistence, deploy malware, and carry out malicious activities. The malware observed in these campaigns includes GOREVERSE, SideWalk, JenX, Condi Botnet, and various cryptocurrency miners, depending on the attackers’ aims. This attack campaign has been observed targeting organizations across different regions including IT service providers in India, government entities in Belgium, technology companies in the US, and telecommunications companies in Thailand and Brazil. GeoServer users are urged to upgrade to the latest patched versions (2.23.6, 2.24.4, and 2.25.2) to mitigate the risk.
Apache OFBiz, an open-source enterprise resource planning and customer relationship management (CRM) suite, has been affected by a critical remote code execution (RCE) vulnerability (CVE-2024-45195). This flaw allows unauthenticated attackers to execute arbitrary code or SQL queries on affected systems due to missing view authorization checks in the web application. The vulnerability is a patch bypass that expands upon three previous vulnerabilities that stemmed from a fragmentation issue in the controller-view map. It’s crucial for organizations utilizing Apache OFBiz to update to version 18.12.16, which addresses this vulnerability. The exploitation of this flaw can lead to server compromises, data exfiltration, or disruption of critical business operations. The vulnerability’s emergence emphasizes the importance of organizations practicing robust security measures, such as implementing patch management practices, and highlights the growing sophistication of attack techniques that can circumvent past security fixes.
A vulnerability in SonicWall’s SonicOS, tracked as CVE-2024-40766, has been exploited in attacks in the wild, according to a security advisory. This critical vulnerability allows unauthenticated attackers to execute arbitrary code remotely, potentially giving them complete control over affected systems. This vulnerability affects SonicWall firewall devices, impacting the security posture of organizations that use these products. Threat actors are actively exploiting this vulnerability, representing a high risk to impacted organizations. It is critical for organizations to patch their SonicWall devices with the latest software updates to mitigate the risk of exploitation. The vulnerability stems from improper access control within the SonicOS management interface. Attackers can exploit this vulnerability to compromise the firewall and gain unauthorized access to sensitive network resources. This incident serves as a reminder for organizations to implement a robust vulnerability management program and promptly address critical vulnerabilities in their environments.
The Russian General Staff Main Intelligence Directorate’s (GRU) 161st Specialist Training Center (Unit 29155), also known as Cadet Blizzard, has been identified as a significant threat actor carrying out cyberattacks against global targets, including critical infrastructure. This group’s activities include espionage, sabotage, and reputational harm, with operations observed as early as January 2022. The U.S. government, along with a coalition of international partners, has officially linked this APT group to the GRU and is offering a $10 million reward for information leading to the disruption of its activities. Their techniques and tactics are constantly evolving, posing challenges to cybersecurity professionals. It’s crucial for organizations globally to remain vigilant and adopt enhanced security measures to counter these sophisticated threats.
A new ransomware strain named ShrinkLocker has been identified, exploiting the legitimate Windows BitLocker feature to encrypt data and destabilize systems. This ransomware utilizes BitLocker’s secure boot partition to render data recovery challenging, potentially causing major damage to impacted systems. ShrinkLocker modifies key system registry settings to control RDP and TPM configurations. It disables key protectors, shrinks partitions, formats them and reconfigures boot files. It also exfiltrates data to a command-and-control server and deletes logs to obfuscate its activity. The use of BitLocker for encryption poses significant challenges for decryption and recovery, making data recovery complex and potentially costly. The vulnerability exploited by ShrinkLocker is still under investigation. Organizations and individuals need to be aware of the threat posed by this ransomware and implement comprehensive security measures to protect their data and systems. The encryption technique used by the ransomware is sophisticated and can cause disruption to users. It is vital for organizations and users to maintain regular backups and practice proper security hygiene to mitigate the impact of such attacks.
The Penpie DeFi protocol, built on the Pendle platform, experienced a significant security breach in early September 2024. Attackers exploited a vulnerability in Penpie’s reward distribution mechanism, enabling them to deploy a malicious smart contract that inflated their staking balance. This manipulation allowed the attackers to claim an excessive share of rewards, resulting in the theft of approximately $27 million in cryptocurrency. The incident highlights the ongoing security challenges in the decentralized finance (DeFi) space, as vulnerabilities in smart contracts can lead to substantial financial losses. The Penpie team has responded by suspending deposits and withdrawals and contacting law enforcement agencies, including the FBI and Singaporean police. The hack also triggered a message on the blockchain from a notorious Euler Finance hacker praising the Penpie hacker for their actions, underscoring the growing sophistication and boldness of cybercriminal activity in the DeFi space.
GitLab Pipeline Execution Vulnerability (CVE-2024-6678): Critical Patch Released (2h)
Find
Transport for London (TfL) Cyberattack: 17-Year-Old Suspect Arrested, Customer Data Potentially Impacted (2h)
Find
WhatsUp Gold Network Monitoring Solution Exploited via Critical Vulnerabilities (3h)
Find
TD Bank Fined $28 Million by CFPB for Sharing Inaccurate Customer Data with Credit Reporting Agencies (10h)
Find
Ford Patents Technology to Collect Driver Data, Including Conversations, for Personalized In-Car Ads (12h)
Find
Multiple Critical Vulnerabilities Found in Intel's UEFI Firmware Affecting Millions of Devices (15h)
Find
Critical Vulnerabilities in Adobe Acrobat Reader Exploited in the Wild: Public Proof-of-Concept Exploit Available for Remote Code Execution Zero-Day (19h)
Find
Microsoft Patch Tuesday September 2024 Addresses 79 Vulnerabilities Including 4 Zero-Days and a 6-Year-Old Flaw (1d)
Find
Highline Public Schools Suffers Cyberattack, Leading to School Closures (2d)
Find
Russian GRU Unit 29155 (Cadet Blizzard) Cyber Espionage and Sabotage Operations Targeting Global Critical Infrastructure (3d)
Find
GeoServer Vulnerability (CVE-2024-36401) Exploited in Global Malware Campaign (4d)
Find
Telegram Messaging App Faces Scrutiny for High Volume of Criminal Activity, Including CSAM and Drug Trafficking (4d)
Find
Avis Car Rental Suffers Data Breach, Customer Personal Information Stolen (4d)
Find
SonicWall SonicOS Vulnerability CVE-2024-40766 Exploited in Attacks, Potentially Leading to Remote Code Execution (4d)
Find
ShrinkLocker Ransomware Exploits BitLocker to Encrypt Data and Destabilize Systems, Creating Challenges for Decryption (4d)
Find
Apache OFBiz Remote Code Execution Vulnerability Exploited in Attacks, Patch Released (5d)
Find
Penpie DeFi Protocol Suffers $27 Million Crypto Hack, Exploiting Reward Distribution Vulnerability (5d)
Find
GRU Unit 29155's Destructive Cyberattacks Target Ukrainian and NATO Infrastructure (6d)
Find