InfoSecBulletin Cybersecurity for mankind
CISA has warned Microsoft Windows MSHTML Platform Spoofing Vulnerability and Progress WhatsUp Gold SQL Injection Vulnerability actively exploited security flaws, adding them to its Known Exploited Vulnerabilities catalog, and is urging swift action from federal agencies and global organizations.
CVE-2024-43461: Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVSS 8.8)
Ransomware hit Bangladeshi Globe Pharmaceuticals Ltd
Joint cybersecurity advisory
Botnet infects 260,000 SOHO routers, IP cameras with malware
Chrome 129 Released Fix with multiple Security Flaws
Broadcom fixed RCE bug in VMware vCenter Server
Cybercriminal now misuse Microsoft Azure tool to steal data
Apple warns users to install iOS 18 to Fix 33 iPhone Vulnerabilities
CISA adds windows and whatsUp Gold vuls to its KEV
Petroleum and Fuel Industry
FleetPanda exposes Nearly One Million Documents
DESCO faces cyber attack: Customers Data Breach
Alert! Google Fixes GCP Composer Flaw
Microsoft‘s MSHTML platform has a critical vulnerability, CVE-2024-43461, that allows attackers to fake web pages and deceive users into downloading harmful files. This flaw requires user action, like visiting a malicious website or opening a specially crafted file, and it disguises file extensions to mislead users into thinking the files are safe.
A security advisory from the Zero Day Initiative (ZDI) reveals a vulnerability in Internet Explorer related to file download prompts. This flaw allows attackers to run malicious code using the current user’s privileges. The risk increases as this vulnerability was exploited alongside CVE-2024-38112, a zero-day vulnerability rated 7.5 on the CVSS scale.
In July 2024, Trend Micro researchers identified CVE-2024-38112 as a vulnerability exploited by the advanced persistent threat group “Void Banshee.” This group used the Windows zero-day to deploy Atlantida info-stealer malware, extracting sensitive data like passwords and browser cookies from affected systems. The flaw was first seen in May 2024, with Void Banshee targeting systems that had Internet Explorer disabled, making detection and defense more difficult.
CVE-2024-6670: Progress WhatsUp Gold SQL Injection Vulnerability (CVSS 9.8)
Progress WhatsUp Gold, a network monitoring tool, has a serious SQL injection vulnerability (CVE-2024-6670) with a critical CVSS score of 9.8. This flaw enables unauthenticated attackers to access encrypted user passwords if the app has a single user setup. Additionally, it has been exploited in remote code execution (RCE) attacks.
Trend Micro researchers found that attackers are using an SQL injection vulnerability in the Active Monitor PowerShell Script function via NmPoller.exe, a legitimate WhatsUp Gold process, to run harmful PowerShell scripts. This allows them to download and install remote access tools (RATs) like Atera Agent, Radmin, SimpleHelp Remote Access, and Splashtop Remote, maintaining control over the victim’s system.
Attackers exploited msiexec.exe, a legitimate Windows installer, to secretly install RATs from malicious URLs, evading detection. Once in the network, they operated unnoticed, controlling compromised systems and exfiltrating data or deploying more threats.
