Cleo File Transfer Tool Vulnerability Exploited in Wild Against Enterprises

December 10, 2024 at 09:48AM Huntress warned of an exploited vulnerability (CVE-2024-50623) in Cleo’s file transfer products, affecting over 1,700 servers, mostly in consumer and shipping sectors. Despite a patch, it failed to secure systems, allowing unauthorized access and persistent threats. Cleo plans to release a new patch shortly. **Meeting Takeaways:** 1. **Vulnerability Identified**: Huntress … Read more

SAP Patches Critical Vulnerability in NetWeaver

December 10, 2024 at 08:57AM SAP released nine new and four updated security notes on December 2024 Security Patch Day, addressing critical vulnerabilities in NetWeaver AS for Java. Notably, CVE-2024-47578 poses a significant risk of complete system compromise. Users are urged to implement the security updates promptly, although there are no known active exploits. ### … Read more

Microsoft NTLM Zero-Day to Remain Unpatched Until April

December 9, 2024 at 05:44PM Microsoft issued guidance to mitigate NTLM relay attacks following the discovery of a zero-day bug affecting all Windows versions, enabling credential theft through malicious files. The bug’s fix is anticipated in April. Organizations are advised to enable Extended Protection for Authentication (EPA) to strengthen defenses against these vulnerabilities. ### Meeting … Read more

Large-Scale Incidents & the Art of Vulnerability Prioritization

December 9, 2024 at 10:04AM Cybersecurity defenders face increasing vulnerabilities due to a growing IT environment. Recent reports indicate that 14% of breaches exploit vulnerabilities, emphasizing the need for clear prioritization strategies. Learning from past incidents like MOVEit and Log4j can guide effective vulnerability evaluation and management, including the adoption of secure-by-design principles. ### Meeting … Read more

QNAP Patches Vulnerabilities Exploited at Pwn2Own

December 9, 2024 at 08:29AM QNAP Systems announced security patches for vulnerabilities discovered at Pwn2Own Ireland 2024, including a severe command injection flaw (CVE-2024-50393) and a CRLF injection bug (CVE-2024-48868), both with CVSS scores of 8.7. Users are urged to update their systems to protect against potential attacks. ### Meeting Takeaways 1. **Vulnerability Patches Released**: … Read more

Blue Yonder ransomware termites claim credit

December 8, 2024 at 10:10PM The Termite ransomware gang claimed responsibility for a ransomware attack on Blue Yonder, stealing 680GB of data. Blue Yonder’s operations were disrupted, affecting clients like Starbucks and UK grocery chains. Additionally, a Nigerian scammer received eight years in prison for a business email compromise scheme that stole over $6 million. … Read more

Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

December 6, 2024 at 07:18AM Cybersecurity researchers uncovered multiple vulnerabilities in open-source machine learning tools like MLflow, H2O, and PyTorch, which can enable code execution. Detected by JFrog, these flaws potentially allow attackers to access sensitive information and perform lateral movements within organizations, highlighting the need for caution with untrusted ML models. ### Meeting Takeaways … Read more

PoC Exploit Published for Unpatched Mitel MiCollab Vulnerability

December 6, 2024 at 06:38AM WatchTowr warned of an unpatched vulnerability in the Mitel MiCollab platform, allowing attackers to access restricted resources. Over 16,000 instances are affected, with an arbitrary file read flaw requiring admin authentication to exploit. Mitel has released patches for related vulnerabilities and recommends users update to the latest version. **Meeting Takeaways:** … Read more

PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

December 6, 2024 at 01:07AM A zero-day file read vulnerability in Mitel MiCollab can be exploited with a previously patched bug, allowing unauthorized access to sensitive files. Despite reporting the issue to Mitel over 100 days ago, it remains unpatched. The vulnerability is particularly concerning given the platform’s widespread use. **Meeting Takeaways:** 1. **Vulnerability Overview**: … Read more

Critical Vulnerability Discovered in SailPoint IdentityIQ

December 6, 2024 at 12:55AM SailPoint warned of a critical vulnerability (CVE-2024-10905) in its IdentityIQ IAM platform that allows unauthorized access to files due to improper access control. Affected versions have a CVSS score of 10/10. E-fixes are available, and users are urged to update promptly to prevent potential data compromise. **Meeting Takeaways: SailPoint IdentityIQ … Read more