CyberSecurity news

FlagThis - #vulnerabilities

Anna Ribeiro@Industrial Cyber //
Cybersecurity researchers have uncovered 46 new vulnerabilities in solar inverters from leading vendors Sungrow, Growatt, and SMA. These flaws could be exploited by malicious actors to seize control of the devices remotely, posing severe risks to electrical grids. The vulnerabilities, collectively named SUN:DOWN by Forescout Vedere Labs, can enable attackers to execute arbitrary commands, take over accounts, and gain a foothold in vendor infrastructure, potentially leading to control of inverter owners' devices.

Researchers found that these flaws could be used to conduct coordinated large-scale cyber-attacks that target power generation and ultimately, grid failures. The vulnerabilities impact various components within solar power systems, including panels, PV inverters, and communication dongles. While Sungrow and SMA have patched the reported issues, Growatt's response was slower, and the researchers believe an attacker gaining control of a large number of inverters could cause instability to power grids, leading to potential blackouts.

Recommended read:
References :
  • ciso2ciso.com: Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA – Source:thehackernews.com
  • The Hacker News: Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids.
  • : Solar Power System Vulnerabilities Could Result in Blackouts
  • www.scworld.com: 46 new bugs in solar power inverters raise concerns over power grid stability
  • Industrial Cyber: Forescout SUN:DOWN research uncovers critical vulnerabilities in solar inverters that threaten power grid stability
  • www.cybersecuritydive.com: Solar power gear vulnerable to remote sabotage
  • www.techradar.com: Several top solar invertor products were found to have vulnerabilities that could lead to device takeover.
  • The DefendOps Diaries: Securing Solar Inverters: Addressing Vulnerabilities in Renewable Energy Systems
  • Cyber Security News: Critical security flaws in global solar power infrastructure could potentially allow malicious actors to seize control of solar inverters and manipulate power generation at scale.
  • Cyber Security News: 46 New Vulnerabilities in Solar Inverters Let Attackers Manipulate Settings
  • www.techradar.com: Hackers could exploit weak security in solar inverters, manipulating energy production, stealing user data, and even disrupting entire power networks with alarming ease.

@ciso2ciso.com //
A series of cyber incidents have been reported, highlighting the evolving nature of online threats. A concerning trend involves a sophisticated phishing campaign targeting users in Poland and Germany, using PureCrypter malware to deliver multiple payloads, including Agent Tesla and Snake Keylogger, as well as a novel backdoor called TorNet. This TorNet backdoor employs advanced detection evasion tactics, requiring immediate and proactive defense measures. The campaign, which has been active since at least mid-summer 2024, indicates financially motivated threat actors behind the attacks. Security tools are available with threat intelligence to assist in detecting and preventing such intrusions.

Multiple additional vulnerabilities have been discovered, including over 10,000 WordPress websites unknowingly delivering MacOS and Windows malware through fake Google browser update pages. This cross-platform malware attack is notable as it delivers AMOS for Apple users and SocGholish for Windows users, and is the first time these variants have been delivered through a client-side attack. Moreover, an OAuth redirect flaw in an airline travel integration system has exposed millions of users to account hijacking. By manipulating parameters within the login process, attackers can redirect authentication responses, gain unauthorized access to user accounts, and perform actions like booking hotels and car rentals. These incidents underscore the importance of constant vigilance and robust security measures across all platforms.

Recommended read:
References :
  • BleepingComputer: Hackers are believed to be exploiting recently fixed SimpleHelp Remote Monitoring and Management (RMM) software vulnerabilities to gain initial access to target networks.
  • securityaffairs.com: Attackers exploit SimpleHelp RMM software flaws for initial access.
  • Help Net Security: Attackers are leveraging vulnerabilities in SimpleHelp.
  • www.bleepingcomputer.com: Hackers are exploiting flaws in SimpleHelp RMM to breach networks
  • ciso2ciso.com: TorNet Backdoor Detection: An Ongoing Phishing Email Campaign Uses PureCrypter Malware to Drop Other Payloads – Source: socprime.com
  • cside.dev: 10,000 WordPress Websites Found Delivering MacOS and Microsoft Malware
  • The Hacker News: OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking

Microsoft Threat@Microsoft Security Blog //
The U.S. Department of Justice has indicted 12 Chinese individuals for over a decade of global hacking intrusions, including a breach of the U.S. Treasury last year. The individuals include eight staffers for the contractor i-Soon, two officials at China’s Ministry of Public Security, and two other alleged hackers belonging to the APT27 group, also known as Silk Typhoon. The group is accused of targeting U.S. state and federal agencies, foreign ministries across Asia, Chinese dissidents, and U.S.-based media outlets critical of the Chinese government.

Microsoft Threat Intelligence has detected a new variant of XCSSET, a macOS malware targeting Xcode projects, since 2022. This variant features enhanced obfuscation, updated persistence mechanisms, and new infection strategies. It steals and exfiltrates files and system/user information, including digital wallet data and notes. The malware's modular approach and encoded payloads make detection and removal challenging, even allowing it to remain fileless.

Recommended read:
References :

@www.bleepingcomputer.com //
Critical security vulnerabilities have been patched in Juniper Networks Session Smart Routers and several Atlassian products. A critical authentication bypass vulnerability, identified as CVE-2025-21589, affects Juniper's Session Smart Router, Conductor, and WAN Assurance Managed Routers. Juniper Networks has released a patch to address this flaw, which could allow attackers to bypass authentication and gain control of affected Session Smart Router devices.

Australian software firm Atlassian has also released security patches to address 12 critical and high-severity vulnerabilities across its product suite, including Bamboo, Bitbucket, Confluence, Crowd, and Jira. Among the most severe vulnerabilities fixed is CVE-2024-50379, which has a CVSS score of 9.8 and could lead to remote code execution. Users of these products are strongly advised to apply the available patches as soon as possible to mitigate potential risks.

Recommended read:
References :
  • Anonymous ???????? :af:: Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices.
  • securityaffairs.com: Australian software firm Atlassian patched 12 critical and high-severity flaws in Bamboo, Bitbucket, Confluence, Crowd, and Jira. Software firm Atlassian released security patches to address 12 critical- and high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd, and Jira products. The most severe vulnerabilities addressed by the company are: CVE-2024-50379 – (CVSS score of 9.8) – RCE

CISO2CISO Editor 2@ciso2ciso.com //
Oracle has released its January 2025 Critical Patch Update (CPU), addressing 318 new security vulnerabilities across over 90 products and services within 27 categories. The update includes patches for roughly 200 unique CVEs. The vulnerabilities affect a wide range of Oracle products, including its Communications applications, Construction and Engineering appliances, middleware and servers, and the E-Business Suite. This update is critical for organizations using Oracle products, highlighting the importance of robust vulnerability management and patching procedures.

The severity of the addressed vulnerabilities varies, with some having a CVSS score of 4 to 6 while others are considered critical. The most severe vulnerability, with a CVSS score of 9.9, affects the Oracle Agile Product Lifecycle Management (PLM) Framework, allowing a low-privileged attacker to compromise susceptible instances via HTTP. Oracle is urging customers to apply the Critical Patch Update as soon as possible, as some older Oracle flaws remain unpatched on some networks as evidenced by the US Cybersecurity and Infrastructure Security Agency (CISA) adding an older vulnerability in Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog.

Recommended read:
References :
  • ciso2ciso.com: Oracle To Address 320 Vulnerabilities in January Patch Update
  • ciso2ciso.com: Software giant Oracle is expected to release patches for 320 new security vulnerabilities affecting over 90 products and services across 27 categories.
  • The Hacker News: Oracle releases January 2025 patch to address 300+ vulnerabilities
  • ciso2ciso.com: Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products – Source:thehackernews.com
  • ciso2ciso.com: Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

Pierluigi Paganini@Security Affairs //
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities affect Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM), posing significant risks to organizations. The advisory issued by CISA strongly urges immediate remediation to mitigate the threat of potential exploitation.

These vulnerabilities include CVE-2017-3066 in Adobe ColdFusion and CVE-2024-20953 in Oracle Agile PLM. The agency has set a deadline of March 17, 2025, for federal agencies to secure their networks against these flaws. Active exploitation attempts have been reported, highlighting the urgency of applying necessary updates.

Recommended read:
References :
  • Talkback Resources: Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA [exp] [net]
  • thecyberexpress.com: CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities
  • cyble.com: Overview The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog.
  • Talkback Resources: Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA [exp] [net]