A critical SSRF vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to impersonate users and access sensitive data. Ivanti patched a critical command injection vulnerability in its Cloud Services Appliance (CSA), which could allow remote code execution by authenticated attackers. Critical vulnerabilities in Devolutions’ Remote Desktop Manager (RDM) allow attackers to intercept encrypted communications through man-in-the-middle (MITM) attacks. Multiple critical vulnerabilities in Progress LoadMaster products could allow attackers to execute arbitrary commands or access sensitive files. Palo Alto Networks has patched a high-severity authentication bypass vulnerability (CVE-2025-0108) in PAN-OS software that attackers are actively exploiting. Organizations must update affected versions immediately and restrict management interface access to trusted IPs to reduce exposure risks. Fortinet addressed vulnerabilities in its VPN software that could lead to denial-of-service attacks or remote code execution due to outdated library usage. Palo Alto Networks disclosed a vulnerability in PAN-OS that allowed unauthenticated attackers to bypass web interface authentication under specific configurations. The NetSupport Remote Access Trojan (RAT) is being weaponized through the “ClickFix” technique, tricking users into executing malicious PowerShell commands. This allows attackers to gain full control over systems, leading to ransomware attacks and data breaches. Organizations should enforce multi-factor authentication (MFA) and educate users on phishing tactics to defend against such attacks. We also explore how industries are addressing critical cybersecurity challenges, such as securing remote work environments and mitigating vulnerabilities in Internet of Things (IoT) devices. Storm-2372 attackers exploit device code authentication to steal tokens, granting unauthorized access to accounts without passwords. Key topics include advanced ransomware attacks and the increasing influence of state-sponsored cyber activities on global security. We’ll also review recent regulatory developments, such as the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA), which are setting new benchmarks for data privacy and security to ensure your compliance strategies remain up-to-date. Over 12,000 systems remain unpatched globally, posing risks of data breaches and ransomware attacks. Attackers are exploiting a critical flaw (CVE-2024-53704) in SonicWall firewalls to bypass authentication and hijack SSL VPN sessions. Additionally, we examine how cutting-edge technologies like artificial intelligence (AI), machine learning (ML), and quantum computing are reshaping cybersecurity—both as tools for protection and as potential vulnerabilities exploited by adversaries. The Astaroth phishing kit targets Gmail, Yahoo, and Office 365 users by intercepting two-factor authentication (2FA) codes through fake login pages. SAP released updates addressing high-severity vulnerabilities, including XSS, authentication bypasses, and authorization flaws across platforms like NetWeaver and BusinessObjects. The China-based Winnti Group has launched a campaign called “RevivalStone,” targeting Japanese organizations in the manufacturing and energy sectors with advanced malware and WebShells. A severe vulnerability (CVE-2024-52875) in GFI KerioControl firewalls allows remote code execution (RCE) through unauthenticated URI paths. Organizations are urged to restrict access, monitor for unusual activity, and apply updates promptly. This flaw allowed physical attackers to disable the feature on locked devices, posing risks to targeted individuals. SonicWall has released patches, and organizations are advised to update immediately to mitigate risks. Organizations are advised to secure API keys and monitor account activity to mitigate these risks. Users are urged to upgrade to patched versions immediately to mitigate these risks. Organizations should monitor Graph API usage and implement stringent access controls to counter such threats effectively. Organizations should upgrade affected systems and restrict interface access to internal IPs only. The attack leverages speculative execution vulnerabilities in Apple’s M-series processors, highlighting weaknesses in advanced kernel isolation techniques. The Chinese state-sponsored group Salt Typhoon exploited over 1,000 unpatched Cisco devices using privilege escalation vulnerabilities (CVE-2023-20198 and CVE-2023-20273). Analysis of over 1 million malware samples reveals that attackers are increasingly leveraging the Application Layer of the OSI model to conduct stealthy Command-and-Control (C2) operations. A sophisticated malware campaign uses Microsoft Outlook as a communication channel through the Graph API, employing custom tools like PATHLOADER and FINALDRAFT for espionage and data exfiltration. A high-severity flaw in OpenSSL versions 3.2–3.4 could enable man-in-the-middle attacks during TLS handshakes using raw public keys (RPKs). Two vulnerabilities in AWS IAM login flows allowed attackers to enumerate valid usernames via MFA prompts and timing discrepancies. A Python script using the tkinter library creates a fake “Blue Screen of Death” (BSOD) as an anti-analysis tactic, disrupting systems temporarily while evading antivirus detection due to its low-profile nature. Microsoft advises training users to recognize phishing attempts and deploying advanced anti-phishing solutions. These attacks target telecommunications providers and universities, emphasizing the need for immediate patching and enhanced network security measures.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 17 Feb 2025 02:35:14 +0000