Cybercriminals Exploit CrowdStrike Update to Launch Cyberattacks
Vulnerabilities and Exploitation Attempts
Cybercriminals Exploit CrowdStrike Update to Launch Cyberattacks
Recently, an issue in a content update for the CrowdStrike Falcon sensor affecting Windows operating systems was discovered and quickly resolved. However, this incident has provided cybercriminals with multiple vectors to launch various cyberattacks, exploiting the confusion and urgency created by the update mishap.
Remote Code Execution Vulnerability in Apache HugeGraph-Server
A critical security flaw identified as CVE-2024-27348 (CVSS score 9.8) was detected in Apache HugeGraph Server, a service designed for large-scale graph processing, that could lead to remote code execution attacks.
Critical Vulnerability in Cisco Smart Software Manager On-Prem
Cisco has announced a security advisory concerning a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) product. This vulnerability, identified as CVE-2024-20419 (CVSS Score 10), is due to flaws in the authentication system of the software, which is used for managing software licenses and entitlements within enterprise environments.
Recommended by LinkedIn
Malware Developments
APT41’s Global Cyber Espionage Campaign
The China-based APT41 hacking group has launched a sustained campaign targeting organizations in the shipping, logistics, media, entertainment, technology, and automotive sectors across Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. This campaign, ongoing since 2023, has allowed APT41 to maintain prolonged unauthorized access to victims’ networks, extracting sensitive data over extended periods.
Void Banshee APT Exploits Windows Zero-Day CVE-2024-38112
The Void Banshee APT group has been observed exploiting a critical Windows zero-day vulnerability (CVE-2024-38112, CVSS 7.5) to execute malicious code through the disabled Internet Explorer. This vulnerability, a Windows MSHTML Platform Spoofing Vulnerability, allows attackers to bypass security measures and deploy the Atlantida info-stealer malware.
Gain deeper CTI insights!
CyberProof’s CTI service offers comprehensive threat intelligence coverage, ensuring that your organization stays ahead of active threats that pose the greatest risk to your assets.
Our advanced CTI team investigates the threat landscape, providing you with detailed reports, related Indicators of Compromise (IOCs), technical recommendations, and MITRE ATT&CK mapping.