CyberAlerts

Cybercrime Gangs Abscond With Thousands of AWS Credentials

Description: The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.

Source: Dark Reading

December 10th, 2024 (4 months ago)

Schneider Electric FoxRTU Station

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: FoxRTU Station Vulnerability: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electricreports that the following products are affected: FoxRTU Station: < 9.3.0 3.2 VULNERABILTY OVERVIEW 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor. CVE-2024-2602 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy, Water and Wastewater, Chemical COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: France 3.4 RESEARCHER Anooja Joy, Sushant Mane and Dr. Faruk Kazi from CoE-CNDS Lab reported this vulnerability to Schneider Electric. 4. MITIGATIONS Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Version 9.3.0 of F...

Source: All CISA Advisories

December 10th, 2024 (4 months ago)

National Instruments LabVIEW

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following National Instruments products are affected: LabVIEW 2024: Versions Q3 (24.3f0) and prior LabVIEW 2023: All versions LabVIEW 2022: All versions LabVIEW 2021 (EOL) and below: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 An out-of-bounds read exists in the HeapObjMapImpl function, which may allow an attacker to disclose information or execute arbitrary code. CVE-2024-10494 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-10494. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 OUT-OF-BOUNDS READ CWE-125 An out-of-bounds read exists when loading the font table, which may allow an attacker to disclose information or execute arbitrary code. CVE-2024-10495 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculate...

Source: All CISA Advisories

December 10th, 2024 (4 months ago)

Schneider Electric EcoStruxure Foxboro DCS Core Control Services

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Foxboro DCS Core Control Services Vulnerabilities: Out-of-bounds Write, Improper Validation of Array Index, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to a loss of system functionality or unauthorized access to system functions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: EcoStruxure Foxboro DCS Core Control Services: Versions 9.8 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 An out-of-bounds write vulnerability exists that could cause local denial of service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. CVE-2024-5679 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H). 3.2.2 IMPROPER VALIDATION OF ARRAY INDEX CWE-129 An improper validation of array index vulnerability exists that could cause local denial of service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. CVE-2024-5680 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/...

Source: All CISA Advisories

December 10th, 2024 (4 months ago)

CISA Releases Seven Industrial Control Systems Advisories

Description: CISA released seven Industrial Control Systems (ICS) advisories on December 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-345-01 MOBATIME Network Master Clock ICSA-24-345-02 Schneider Electric EcoStruxure Foxboro DCS Core Control Services ICSA-24-345-03 Schneider Electric FoxRTU Station ICSA-24-345-04 National Instruments LabVIEW ICSA-24-345-05 Horner Automation Cscape ICSA-24-345-06 Rockwell Automation Arena ICSA-24-338-01 Ruijie Reyee OS (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Source: All CISA Advisories

December 10th, 2024 (4 months ago)

Rockwell Automation Arena

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Arena Vulnerabilities: Use After Free, Out-of-bounds Write, Improper Initialization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Arena are affected: Arena: Versions prior to V16.20.06 3.2 VULNERABILITY OVERVIEW 3.2.1 USE AFTER FREE CWE-416 A "use after free" code execution vulnerability exists in the affected products that could allow a threat actor to craft a DOE file and force the software to reuse a resource. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. CVE-2024-11155 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-11155. A base score of 8.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 OUT-OF-BOUNDS WRITE CWE-787 An "out of bounds write" code execution vulnerability exists in the affected products that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vu...

Source: All CISA Advisories

December 10th, 2024 (4 months ago)

Horner Automation Cscape

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape Vulnerabilities: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Horner Automation products are affected: Cscape: Versions 10.0.363.1 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 The affected product contains a memory corruption vulnerability, which could allow an attacker to disclose information and execute arbitrary code. CVE-2024-9508 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-9508. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 OUT-OF-BOUNDS READ CWE-125 The vulnerability occurs in the parsing of CSP files. The issues result from the lack of proper validation of user-supplied data, which could allow reading past the end of allocated data structures, resulting in execution of arbitrary code. CVE-2024-12212 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated...

Source: All CISA Advisories

December 10th, 2024 (4 months ago)

MOBATIME Network Master Clock

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: MOBATIME Equipment: Network Master Clock - DTS 4801 Vulnerability: Use of Default Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the operating system for this product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Network Master Clock - DTS 4801, a primary clock used to synchronize with secondary clocks, are affected: Network Master Clock - DTS 4801: FW Version 00020419.01.02020154 3.2 VULNERABILITY OVERVIEW 3.2.1 Use of Default Credentials CWE-1392 MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials. CVE-2024-12286 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-12286. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health, Transportation Systems COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Switzerland 3.4 RESEARCHER Mate Csorba and Zoltan Kato from DNV reported this vulnerability to CISA. 4. MITIGATIONS MOBATIME recommends users update to the latest firmware version fro...

Source: All CISA Advisories

December 10th, 2024 (4 months ago)

Inside the incident: Uncovering an advanced phishing attack

Description: Recently, Varonis investigated a phishing campaign in which a malicious email enabled a threat actor to access the organization. This blog post will reveal the tactics used to avoid detection and share what was discovered during the investigation. [...]

Source: BleepingComputer

December 10th, 2024 (4 months ago)

New Cleo zero-day RCE flaw exploited in data theft attacks

Description: Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. [...]

Source: BleepingComputer

December 10th, 2024 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Cybercrime Gangs Abscond With Thousands of AWS Credentials Description: The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing. Source: Dark Reading December 10th, 2024 (4 months ago)
	Schneider Electric FoxRTU Station Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: FoxRTU Station Vulnerability: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electricreports that the following products are affected: FoxRTU Station: < 9.3.0 3.2 VULNERABILTY OVERVIEW 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor. CVE-2024-2602 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy, Water and Wastewater, Chemical COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: France 3.4 RESEARCHER Anooja Joy, Sushant Mane and Dr. Faruk Kazi from CoE-CNDS Lab reported this vulnerability to Schneider Electric. 4. MITIGATIONS Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Version 9.3.0 of F... Source: All CISA Advisories December 10th, 2024 (4 months ago)
	National Instruments LabVIEW Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following National Instruments products are affected: LabVIEW 2024: Versions Q3 (24.3f0) and prior LabVIEW 2023: All versions LabVIEW 2022: All versions LabVIEW 2021 (EOL) and below: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 An out-of-bounds read exists in the HeapObjMapImpl function, which may allow an attacker to disclose information or execute arbitrary code. CVE-2024-10494 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-10494. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 OUT-OF-BOUNDS READ CWE-125 An out-of-bounds read exists when loading the font table, which may allow an attacker to disclose information or execute arbitrary code. CVE-2024-10495 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculate... Source: All CISA Advisories December 10th, 2024 (4 months ago)
	Schneider Electric EcoStruxure Foxboro DCS Core Control Services Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Foxboro DCS Core Control Services Vulnerabilities: Out-of-bounds Write, Improper Validation of Array Index, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to a loss of system functionality or unauthorized access to system functions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: EcoStruxure Foxboro DCS Core Control Services: Versions 9.8 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 An out-of-bounds write vulnerability exists that could cause local denial of service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. CVE-2024-5679 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H). 3.2.2 IMPROPER VALIDATION OF ARRAY INDEX CWE-129 An improper validation of array index vulnerability exists that could cause local denial of service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. CVE-2024-5680 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/... Source: All CISA Advisories December 10th, 2024 (4 months ago)
	CISA Releases Seven Industrial Control Systems Advisories Description: CISA released seven Industrial Control Systems (ICS) advisories on December 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-345-01 MOBATIME Network Master Clock ICSA-24-345-02 Schneider Electric EcoStruxure Foxboro DCS Core Control Services ICSA-24-345-03 Schneider Electric FoxRTU Station ICSA-24-345-04 National Instruments LabVIEW ICSA-24-345-05 Horner Automation Cscape ICSA-24-345-06 Rockwell Automation Arena ICSA-24-338-01 Ruijie Reyee OS (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source: All CISA Advisories December 10th, 2024 (4 months ago)
	Rockwell Automation Arena Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Arena Vulnerabilities: Use After Free, Out-of-bounds Write, Improper Initialization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Arena are affected: Arena: Versions prior to V16.20.06 3.2 VULNERABILITY OVERVIEW 3.2.1 USE AFTER FREE CWE-416 A "use after free" code execution vulnerability exists in the affected products that could allow a threat actor to craft a DOE file and force the software to reuse a resource. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. CVE-2024-11155 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-11155. A base score of 8.5 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 OUT-OF-BOUNDS WRITE CWE-787 An "out of bounds write" code execution vulnerability exists in the affected products that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vu... Source: All CISA Advisories December 10th, 2024 (4 months ago)
	Horner Automation Cscape Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape Vulnerabilities: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Horner Automation products are affected: Cscape: Versions 10.0.363.1 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 The affected product contains a memory corruption vulnerability, which could allow an attacker to disclose information and execute arbitrary code. CVE-2024-9508 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-9508. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 OUT-OF-BOUNDS READ CWE-125 The vulnerability occurs in the parsing of CSP files. The issues result from the lack of proper validation of user-supplied data, which could allow reading past the end of allocated data structures, resulting in execution of arbitrary code. CVE-2024-12212 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated... Source: All CISA Advisories December 10th, 2024 (4 months ago)
	MOBATIME Network Master Clock Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: MOBATIME Equipment: Network Master Clock - DTS 4801 Vulnerability: Use of Default Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the operating system for this product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Network Master Clock - DTS 4801, a primary clock used to synchronize with secondary clocks, are affected: Network Master Clock - DTS 4801: FW Version 00020419.01.02020154 3.2 VULNERABILITY OVERVIEW 3.2.1 Use of Default Credentials CWE-1392 MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials. CVE-2024-12286 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-12286. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health, Transportation Systems COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Switzerland 3.4 RESEARCHER Mate Csorba and Zoltan Kato from DNV reported this vulnerability to CISA. 4. MITIGATIONS MOBATIME recommends users update to the latest firmware version fro... Source: All CISA Advisories December 10th, 2024 (4 months ago)
	Inside the incident: Uncovering an advanced phishing attack Description: Recently, Varonis investigated a phishing campaign in which a malicious email enabled a threat actor to access the organization. This blog post will reveal the tactics used to avoid detection and share what was discovered during the investigation. [...] Source: BleepingComputer December 10th, 2024 (4 months ago)
	New Cleo zero-day RCE flaw exploited in data theft attacks Description: Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. [...] Source: BleepingComputer December 10th, 2024 (4 months ago)