Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the weeks ending Saturday, November 30, 2024.
Exploring Microsoft AD CS bug CVE-2024-49019
Security researchers from TrustedSec have uncovered a critical zero-day vulnerability affecting Active Directory Certificate Services (AD CS) and were patched in Microsoft’s November Patch Tuesday, but its implications warrant closer scrutiny
The vulnerability tracked as CVE-2024-49019 with a CVSS score of 7.8 stems from the ability to manipulate default version 1 certificate templates to inject malicious application policies allowing attackers with enrollment rights to escalate privileges dramatically……
Salt Typhoon Emergence and T-Mobile Cyber Incident
Salt Typhoon, a Chinese threat actor also known by aliases such as Earth Estries, FamousSparrow, GhostEmperor, and UNC2286, has been conducting cyber-espionage activities against high-value government and telecommunications organizations for several years. Recently, it introduced a new backdoor malware named GhostSpider.
Trend Micro also speculates that Salt Typhoon might have used Inc ransomware in some of its operations.It’s been engaging in a long-term espionage against governments and other targets since 2020. However, around mid-2022, they shifted tactics. Previously focused on employee phishing, they now target Internet-facing devices, exploiting n-day vulnerabilities, and open ports or protocols to gain access……
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
PHP Patches Multiple Vulnerabilities Including CVE-2024-8932
The PHP development team has released patches to address multiple vulnerabilities affecting versions prior to 8.1.31, 8.2.26, and 8.3.14 potentially allowing attackers to leak sensitive information, execute arbitrary code, or launch denial-of-service attacks.
The first critical vulnerability tracked as CVE-2024-8932 with a CVSS score 9.8, allows for out-of-bounds (OOB) access in the ldap_escape function could enable attackers to execute arbitrary code on affected systems……
Russian RomCom exploiting twin bugs
Security researchers at ESET have uncovered an attack chain that exploits multiple vulnerabilities to deploy the RomCom backdoor without requiring any user interaction.
RomCom, also known as Tropical Scorpius or UNC2596, is known for conventional cybercrime operations. The group has increasingly shifted toward espionage, targeting industries and government entities in Ukraine, Europe, and the United States……
Nvidia fixed CVE-2024-0130 in UFM Enterprise
NVIDIA has patched a high-severity vulnerability affecting its UFM Enterprise, UFM Appliance, and UFM CyberAI products. could allow an attacker to gain escalated privileges, tamper with data, deny service, and disclose sensitive information.
The vulnerability, identified as CVE-2024-0130 with a CVSS score of 8.8, stems from an improper authentication issue that can be exploited by sending a malformed request through the Ethernet management interface. A successful exploit could grant an attacker unauthorized access and control over the affected systems……
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
