Our threat intelligence round up is here! From stolen Dell APIs to Microsoft Exchange Server vulnerabilities, we've got you covered in significant cyber incidents, attacks and vulnerabilities that have occured across the last two weeks.
Looking for more regular insights? Those that have subscriptions to our cyber security management platform, Cybaverse.ai, receive real-time updates on emerging cyber threats.
Dell API Used To Steal Customer Records
Dell experienced a significant breach when cyber criminals exploited an API vulnerability to steal 49 million customer records.
The stolen data, which included names, email addresses, warranty information, and hashed passwords, was briefly available on a hacking forum.
Businesses must conduct regular security audits, enhance employee training, implement multi-factor authentication, and partner with trusted vendors to mitigate cyber security risks and protect sensitive data.
Sliver Pen-Testing Suite Backdoor Compromises Macs via PyPi Package
A malicious Python package on PyPI, impersonating the 'requests' library, targeted macOS devices using the Sliver C2 framework.
Discovered by Phylum, the package used steganography within a PNG image to install Sliver, and although it has been removed, this incident highlights the growing use of Sliver among cybercriminals for remote access to corporate networks.
Ransomware Gang Targets Windows Admins via PuTTy and WinSCP Malvertising
A ransomware operation targets Windows system administrators through Google ads promoting fake download sites for PuTTY and WinSCP.
These tools are commonly used by admins with high network privileges, making them valuable targets. The downloads contain a renamed pythonw.exe and a harmful python311.dll.
When executed, this setup uses DLL sideloading to install the Sliver toolkit, allowing threat actors to drop further payloads like Cobalt Strike beacons, exfiltrate data, and deploy ransomware.
Fluent Bit Vulnerability Affects Major Cloud Providers
A critical vulnerability in Fluent Bit, a widely-used logging solution, can be exploited for denial-of-service (DoS) and remote code execution, affecting major cloud providers and tech companies.
Embedded in Kubernetes distributions from AWS, GCP, and Azure, Fluent Bit has seen over 13 billion deployments. The flaw, CVE-2024-4323, stems from a heap buffer overflow in the HTTP server, allowing unauthenticated attackers to trigger DoS attacks or capture sensitive information.
Patches are available in Fluent Bit 3.0.4, with mitigations including limiting API access to authorised users and disabling the vulnerable endpoint.
Microsoft Exchange Server Vulnerabilities Exploited by State-Sponsored Hackers
State-sponsored hackers have been exploiting two critical Microsoft Exchange Server vulnerabilities (CVE-2022-41040 and CVE-2022-41082) to deploy keylogger malware and steal data.
Microsoft recommends applying URL Rewrite rules, enforcing Multi-Factor Authentication (MFA), disabling legacy authentication, and educating users on phishing to mitigate these risks.
Since 2021, over 30 entities, including government agencies and banks in Africa and the Middle East, have been targeted, highlighting the urgent need for security updates.
