TheCyberThrone Security Week In Review – January 6 & 13, 2024

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 6, January 13, 2024

Microsoft Patch Tuesday -January 2024

Microsoft patched 49 CVEs in its January 2024 Patch Tuesday release, with two rated critical and 46 rated as important. For the second straight month, Microsoft did not patch any zero-day vulnerabilities that were exploited or publicly disclosed.

Vulnerabilities Category

• 10 Elevation of Privilege Vulnerabilities
• 7 Security Feature Bypass Vulnerabilities
• 12 Remote Code Execution Vulnerabilities
• 11 Information Disclosure Vulnerabilities
• 6 Denial of Service Vulnerabilities
• 3 Spoofing Vulnerabilities

Ivanti Patches a Critical Vulnerability CVE-2023-39336

Ivanti has patched a critical vulnerability, tracked as CVE-2023-39336 with a CVSS score 9.6, impacting its endpoint manager (EPM) solution. The exploitation of this vulnerability could lead to remote code execution on vulnerable servers.

Once the vulnerability is exploited and leveraged, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and extract the output without the need for authentication.

Snappfood Iran discloses a data breach

Snappfood, an online food delivery service in Iran, has disclosed a data breach in which personal information of millions of customers was stolen.

n the wake of this data breach, an individual operating under the alias “irleaks” publicly disclosed a sample of the stolen data on the notorious Breach Forums, indicating the specifics of the compromised information. The hacker claimed to have acquired an extensive trove of data exceeding 3TB. Allegedly, the stolen records include: Customer Information, Vendor Records, Payment Information,Device Data, Product Orders, Biker/Rider Details, and Trip Details

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Sea Turtle APT group in action

Researchers have observed Sea Turtle cyber espionage group targeting telcos, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. Active since at least 2017, the Sea Turtle APT group focuses primarily on targeting organizations in Europe and the Middle East. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns.

The group targeted the infrastructure with supply chain and island-hopping attacks. The threat actors gathered personal information on minority groups and potential political dissents.

MS SQL Servers exploited by Threat Actors using Mimic ransomware

Researchers have discovered an attack campaign codenamed RE#TURGENCE that aims to infiltrate Microsoft SQL (MSSQL) database servers across the United States, European Union, and Latin America, with the primary aim of deploying Mimic ransomware payloads.

The threat actors are based out of turkey, and they are financially motivated. The outcome of the attack campaign leads to the illicit sale of access to the compromised assets. The nature of the attackers is not yet revealed or its unknown.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram