CyberAlerts

IT threat evolution Q3 2024

Description: In this part of the malware report we discuss the most remarkable findings of Q3 2024, including APT and hacktivist attacks, ransomware, stealers, macOS malware and so on.

Source: Unknown Source

November 29th, 2024 (6 months ago)

IT threat evolution in Q3 2024. Mobile statistics

Description: The Q3 2024 mobile threat statistics encompass data on cyberattacks against Android devices involving malware, adware and potentially unwanted apps.

Source: Unknown Source

November 29th, 2024 (6 months ago)

IT threat evolution in Q3 2024. Non-mobile statistics

Description: The non-mobile threat report for Q3 2024 contains data on ransomware, miners, and macOS and IoT threats.

Source: Unknown Source

November 29th, 2024 (6 months ago)

Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks

Description: Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com. "An

Source: TheHackerNews

November 29th, 2024 (6 months ago)

Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks

Description: Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. "This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multi-factor authentication (MFA)

Source: TheHackerNews

November 29th, 2024 (6 months ago)

U.S. Citizen Sentenced for Spying on Behalf of China's Intelligence Agency

Description: A 59-year-old U.S. citizen who immigrated from the People's Republic of China (PRC) has been sentenced to four years in prison for conspiring to act as a spy for the country and sharing sensitive information about his employer with China's principal civilian intelligence agency. Ping Li, 59, of Wesley Chapel, Florida, is said to have served as a cooperative contact for the Ministry of State

Source: TheHackerNews

November 29th, 2024 (6 months ago)

Multiple FCNT Android devices vulnerable to authentication bypass

Description: Multiple FCNT Android devices contain an authentication bypass vulnerability.

Source: Japan Vulnerability Notes (JVN)

November 29th, 2024 (6 months ago)

Vulnerabilities in multiple Dahua Technology products (DHCC-SA-202407-001)

Description: Dahua Technology has released a security update for its multiple products.

Source: Japan Vulnerability Notes (JVN)

November 29th, 2024 (6 months ago)

CVE-2024-53060

drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported

Description: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported acpi_evaluate_object() may return AE_NOT_FOUND (failure), which would result in dereferencing buffer.pointer (obj) while being NULL. Although this case may be unrealistic for the current code, it is still better to protect against possible bugs. Bail out also when status is AE_NOT_FOUND. This fixes 1 FORWARD_NULL issue reported by Coverity Report: CID 1600951: Null pointer dereferences (FORWARD_NULL) (cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1)

EPSS Score: 0.04%

Source: CVE

November 29th, 2024 (6 months ago)

CVE-2023-52922

can: bcm: Fix UAF in bcm_proc_show()

Description: In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcm_proc_show() BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: dump_stack_lvl+0xd5/0x150 print_report+0xc1/0x5e0 kasan_report+0xba/0xf0 bcm_proc_show+0x969/0xa80 seq_read_iter+0x4f6/0x1260 seq_read+0x165/0x210 proc_reg_read+0x227/0x300 vfs_read+0x1d5/0x8d0 ksys_read+0x11e/0x240 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Allocated by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_kmalloc+0x9e/0xa0 bcm_sendmsg+0x264b/0x44e0 sock_sendmsg+0xda/0x180 ____sys_sendmsg+0x735/0x920 ___sys_sendmsg+0x11d/0x1b0 __sys_sendmsg+0xfa/0x1d0 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x27/0x40 ____kasan_slab_free+0x161/0x1c0 slab_free_freelist_hook+0x119/0x220 __kmem_cache_free+0xb4/0x2e0 rcu_core+0x809/0x1bd0 bcm_op is freed before procfs entry be removed in bcm_release(), this lead to bcm_proc_show() may read the freed bcm_op.

EPSS Score: 0.04%

Source: CVE

November 29th, 2024 (6 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	IT threat evolution Q3 2024 Description: In this part of the malware report we discuss the most remarkable findings of Q3 2024, including APT and hacktivist attacks, ransomware, stealers, macOS malware and so on. Source: Unknown Source November 29th, 2024 (6 months ago)
	IT threat evolution in Q3 2024. Mobile statistics Description: The Q3 2024 mobile threat statistics encompass data on cyberattacks against Android devices involving malware, adware and potentially unwanted apps. Source: Unknown Source November 29th, 2024 (6 months ago)
	IT threat evolution in Q3 2024. Non-mobile statistics Description: The non-mobile threat report for Q3 2024 contains data on ransomware, miners, and macOS and IoT threats. Source: Unknown Source November 29th, 2024 (6 months ago)
	Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks Description: Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com. "An Source: TheHackerNews November 29th, 2024 (6 months ago)
	Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks Description: Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. "This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multi-factor authentication (MFA) Source: TheHackerNews November 29th, 2024 (6 months ago)
	U.S. Citizen Sentenced for Spying on Behalf of China's Intelligence Agency Description: A 59-year-old U.S. citizen who immigrated from the People's Republic of China (PRC) has been sentenced to four years in prison for conspiring to act as a spy for the country and sharing sensitive information about his employer with China's principal civilian intelligence agency. Ping Li, 59, of Wesley Chapel, Florida, is said to have served as a cooperative contact for the Ministry of State Source: TheHackerNews November 29th, 2024 (6 months ago)
	Multiple FCNT Android devices vulnerable to authentication bypass Description: Multiple FCNT Android devices contain an authentication bypass vulnerability. Source: Japan Vulnerability Notes (JVN) November 29th, 2024 (6 months ago)
	Vulnerabilities in multiple Dahua Technology products (DHCC-SA-202407-001) Description: Dahua Technology has released a security update for its multiple products. Source: Japan Vulnerability Notes (JVN) November 29th, 2024 (6 months ago)
CVE-2024-53060	drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported Description: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported acpi_evaluate_object() may return AE_NOT_FOUND (failure), which would result in dereferencing buffer.pointer (obj) while being NULL. Although this case may be unrealistic for the current code, it is still better to protect against possible bugs. Bail out also when status is AE_NOT_FOUND. This fixes 1 FORWARD_NULL issue reported by Coverity Report: CID 1600951: Null pointer dereferences (FORWARD_NULL) (cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1) EPSS Score: 0.04% Source: CVE November 29th, 2024 (6 months ago)
CVE-2023-52922	can: bcm: Fix UAF in bcm_proc_show() Description: In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcm_proc_show() BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: dump_stack_lvl+0xd5/0x150 print_report+0xc1/0x5e0 kasan_report+0xba/0xf0 bcm_proc_show+0x969/0xa80 seq_read_iter+0x4f6/0x1260 seq_read+0x165/0x210 proc_reg_read+0x227/0x300 vfs_read+0x1d5/0x8d0 ksys_read+0x11e/0x240 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Allocated by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_kmalloc+0x9e/0xa0 bcm_sendmsg+0x264b/0x44e0 sock_sendmsg+0xda/0x180 ____sys_sendmsg+0x735/0x920 ___sys_sendmsg+0x11d/0x1b0 __sys_sendmsg+0xfa/0x1d0 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x27/0x40 ____kasan_slab_free+0x161/0x1c0 slab_free_freelist_hook+0x119/0x220 __kmem_cache_free+0xb4/0x2e0 rcu_core+0x809/0x1bd0 bcm_op is freed before procfs entry be removed in bcm_release(), this lead to bcm_proc_show() may read the freed bcm_op. EPSS Score: 0.04% Source: CVE November 29th, 2024 (6 months ago)