Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, March 16th & March 23rd, 2024
Mozilla Fixes Critical Vulnerability in Firefox – CVE-2024-2615
Mozilla has released security patches for both its Firefox browser (Firefox 124, Firefox ESR 115.9) and Thunderbird email client (Thunderbird 115.9), addressing 14 vulnerabilities that could leave users open to severe attacks.
The most critical vulnerability, tracked as CVE-2024-2615 that allows attackers to potentially run malicious code on your computer without your knowledge or interaction. Five other vulnerabilities are marked ‘high‘ risk, making this update essential. These vulnerabilities could affect everything from personal emails and financial information to the very stability of your operating system. There are no reports of these flaws being actively exploited yet, but that could change quickly.
Atlassian fixes Critical Vulnerability in Bamboo -CVE-2024-1597
Atlassian released patches to address multiple vulnerabilities in its Bamboo, Bitbucket, Confluence, and Jira products. The most severe vulnerability, tracked as CVE-2024-1597 with a CVSS score of 10, is a SQL injection flaw that impacts the org.postgresql:postgresql third-party dependency of Bamboo Data Center and Server.
This org.postgresql:postgresql Dependency vulnerability could allow an unauthenticated attacker to expose assets in your environment susceptible to exploitation, which has a high impact to CIA and requires no user interaction. The vulnerability impacts Bamboo Data Center and Server versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0. The vulnerability was addressed with the release of versions 9.6.0 (LTS), 9.5.2, 9.4.4, and 9.2.12 (LTS).
PhatomBlu Phishing Campaign
Threat actors are luring employees across organizations in the US with a phishing campaign dubbed “PhantomBlu,” which is masquerading as a message from an accounting service. A significant evolution in the tactics, techniques, and procedures (TTPs) employed by cybercriminals leveraging social engineering and advanced evasion techniques to deploy malicious code.
The attackers crafted the email messages that appeared to originate from a legitimate accounting service with an instruction to the recipients to download an attached Office Word document (.docx) purportedly containing their “monthly salary report.”
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
PoC released for the Windows Vulnerability – CVE-2023-36424
A security researcher has published details and proof-of-concept code for a Windows CVE-2023-36424 vulnerability that could be exploited to elevate privileges from a Medium Integrity Level to a High Integrity Level. The vulnerability is assigned a CVSS score of 7.8, this flaw could allow attackers to gain SYSTEM-level access on a compromised machine.
Microsoft patched the vulnerability in November 2023 but the release of proof-of-concept code by security researcher Nassim-Asrir has brought new urgency to the situation. The PoC demonstrates how a malicious actor could exploit this bug to elevate privileges from Medium Integrity Level to High Integrity Level, potentially granting them full control over a targeted system.
Fujitsu reveals Malware attack
Fujitsu revealed that it had suffered a malware attack, and threat actors may have stolen personal and customer information. Fujitsu revealed that multiple work computers were infected with malware. In response to the compromise, the security staff disconnected impacted systems from the network. The company launched an investigation into the incident and discovered that threat actors may have exfiltrated files containing personal and customer information.
IMF discloses a Cyberattack
Last week, International Monetary Fund (IMF) disclosed that a cyberattack in February led to the compromise of 11 email accounts. The IMF, a lender made up of 190 member countries, is an international financial institution designed to stabilize economies by providing billions in funding to governments around the world each year.
As per the official statement, the IMF said the cyber incident was detected on February 16 and a subsequent investigation, with the assistance of independent cybersecurity experts, determined the nature of the breach, and remediation actions were taken. The investigation determined that eleven (11) IMF email accounts were compromised.
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
