Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the weeks ending Saturday, November 2, 2024.
PSAUX Ransomware exploits CyberPanel Vulnerabilities
The PSAUX ransomware has seen exploiting CyberPanel vulnerabilities affects versions 2.3.6 and 2.3.7 and permits unauthenticated attackers to gain root access, enabling complete control over affected systems.
The vulnerabilities are tracked as CVE-2024-51567, CVE-2024-51568, and CVE-2024-51378, each with a CVSS v3.1 score of 10, to compromise servers and deploy PSAUX ransomware. These vulnerabilities, allows unauthenticated remote root access……
SonicWall Vulnerability exploited by Fog and Akira Ransomware
Sonicwall SSL VPN vulnerability tracked as CVE-2024-40766 has been exploited in the recent cyberattacks involving Akira and Fog ransomware.
Initial access to victim environments was facilitated through compromised SonicWall SSL VPN accounts, often local to the devices and lacking MFA, which were exploited by threat actors who leveraged vulnerabilities like CVE-2024-40766 or brute-force attacks. Malicious logins frequently originated from VPS providers and were associated with ransomware groups like Akira. The deletion of firewall logs often marked successful intrusions to hinder investigation efforts…..
Google fixes CVE-2024-10487 and CVE-2024-10488 in latest Chrome version
Google has released updates to address two vulnerabilities in the Chrome browser that could potentially allow attackers to take control of users’ systems.
The vulnerabilities, identified as CVE-2024-10487 (Critical) and CVE-2024-10488(High), affect Chrome across Windows, Mac, and Linux platforms….
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Progress fixes Critical vulnerability in Whatsup Gold
Progress Software has disclosed a critical vulnerability in its popular network monitoring solution, WhatsUp Gold, that exposes organizations to potential cyberattacks by allowing unauthorized access to user credentials.
The vulnerability tracked as CVE-2024-7763 with a CVSS 9.8, enables attackers to bypass authentication controls and obtain encrypted credentials, posing a critical risk to any network using affected versions that includes all versions released before 2024.0.0. Attackers exploiting this vulnerability gain access to encrypted user credentials, potentially opening the door to further unauthorized access…..
QNAP fixes CVE-2024-50388 that’s exploited in Pwn2Own Ireland
QNAP has addressed a critical zero-day vulnerability in its HBS 3 Hybrid Backup Sync software, following its successful exploitation at the recent Pwn2Own Ireland 2024 competition.
The vulnerability, tracked as CVE-2024-50388 with a CVSS score of 7.8, allowed to execute arbitrary commands on a QNAP TS-464 NAS device, highlighting the potential for serious security breaches……
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
Nice post 🌺🌺
Nice information.