InfoSecBulletin Cybersecurity for mankind
CISA has warned Microsoft Windows MSHTML Platform Spoofing Vulnerability and Progress WhatsUp Gold SQL Injection Vulnerability actively exploited security flaws, adding them to its Known Exploited Vulnerabilities catalog, and is urging swift action from federal agencies and global organizations.
CVE-2024-43461: Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVSS 8.8)
CERT-In Flags Multiple Critical Vulnerabilities in Zoom app
Daily Security Digest Dated 11/23/24
SafetyDetectives’ Research
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)
Over 145,000 ICS Across 175 Countries Found Exposed Online
World to see AI powered “human washing machines”
Hacker compromised over 2000 Palo Alto Networks Firewalls
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
Microsoft‘s MSHTML platform has a critical vulnerability, CVE-2024-43461, that allows attackers to fake web pages and deceive users into downloading harmful files. This flaw requires user action, like visiting a malicious website or opening a specially crafted file, and it disguises file extensions to mislead users into thinking the files are safe.
A security advisory from the Zero Day Initiative (ZDI) reveals a vulnerability in Internet Explorer related to file download prompts. This flaw allows attackers to run malicious code using the current user’s privileges. The risk increases as this vulnerability was exploited alongside CVE-2024-38112, a zero-day vulnerability rated 7.5 on the CVSS scale.
In July 2024, Trend Micro researchers identified CVE-2024-38112 as a vulnerability exploited by the advanced persistent threat group “Void Banshee.” This group used the Windows zero-day to deploy Atlantida info-stealer malware, extracting sensitive data like passwords and browser cookies from affected systems. The flaw was first seen in May 2024, with Void Banshee targeting systems that had Internet Explorer disabled, making detection and defense more difficult.
CVE-2024-6670: Progress WhatsUp Gold SQL Injection Vulnerability (CVSS 9.8)
Progress WhatsUp Gold, a network monitoring tool, has a serious SQL injection vulnerability (CVE-2024-6670) with a critical CVSS score of 9.8. This flaw enables unauthenticated attackers to access encrypted user passwords if the app has a single user setup. Additionally, it has been exploited in remote code execution (RCE) attacks.
Trend Micro researchers found that attackers are using an SQL injection vulnerability in the Active Monitor PowerShell Script function via NmPoller.exe, a legitimate WhatsUp Gold process, to run harmful PowerShell scripts. This allows them to download and install remote access tools (RATs) like Atera Agent, Radmin, SimpleHelp Remote Access, and Splashtop Remote, maintaining control over the victim’s system.
Attackers exploited msiexec.exe, a legitimate Windows installer, to secretly install RATs from malicious URLs, evading detection. Once in the network, they operated unnoticed, controlling compromised systems and exfiltrating data or deploying more threats.
