ServiceNow Vulnerabilities Exploited for Credential Theft
Malware Developments
Stargazer Goblin's Ghost Network Unveils a New Threat on GitHub
"Stargazer Goblin," a threat actor that has orchestrated a complex malware distribution scheme known as the Stargazers Ghost Network. This sophisticated operation exploits the credibility of GitHub, a platform synonymous with secure and collaborative software development, to surreptitiously spread malware.
Python Package Exploits macOS Vulnerabilities for Data Theft Leveraging Social Engineering
In a concerning development within the open-source software ecosystem, the Python package "lr-utils-lib" was discovered to contain dangerous hidden code intended to compromise macOS systems. Upon installation, the package activates a hidden script that targets Google Cloud Platform credentials, exfiltrating them to an attacker-controlled server.
Vulnerabilities and Exploitation Attempts
ServiceNow Vulnerabilities Exploited for Credential Theft
Critical vulnerabilities in ServiceNow have been exploited by attackers to breach organizations and steal credentials, including CVE-2024-4879 (CVSS score: 9.3), CVE-2024-5217 (CVSS score: 9.2), and CVE-2024-5178 (CVSS score: 6.9). Notably, CVE-2024-4879 allows for remote code execution.
Security Flaw in Docker Engine Allows AuthZ Plugin Bypass via Zero-Length API Requests
Docker has issued an advisory about a critical flaw, identified as CVE-2024-41110 with a CVSS score of 10.0, affecting Docker Engine versions from v19.03 onwards.
Recommended by LinkedIn
Novel Flaw in GCP Cloud Functions Leading to Elevated Privileges - ConfusedFunction
A security flaw dubbed “ConfusedFunction” was recently found in Google Cloud Platform, particularly affecting Cloud Functions and Cloud Build services. The issue arises during the creation or update of a Cloud Function, which inadvertently assigns a default service account to the Cloud Build instance, a process not visible to regular users.
UEFI Secure Boot Compromised by PKfail Untrusted Platform Keys
The discovery of the PKfail vulnerability has revealed a significant weakness in the Secure Boot process of the UEFI system, impacting a wide range of devices. The critical issue stems from the use of a default Platform Key (PK) which was meant for testing purposes within device firmware.
Identified Trends
Ransomware on the Rise, to Technology Becomes the Most Targeted Sector
In the second quarter of 2024, the cybersecurity landscape saw significant shifts, with Business Email Compromise (BEC) and ransomware emerging as the predominant threats, together accounting for 60% of engagements.
Gain deeper CTI insights!
CyberProof’s CTI service offers comprehensive threat intelligence coverage, ensuring that your organization stays ahead of active threats that pose the greatest risk to your assets.
Our advanced CTI team investigates the threat landscape, providing you with detailed reports, related Indicators of Compromise (IOCs), technical recommendations, and MITRE ATT&CK mapping.