InfoSecBulletin Cybersecurity for mankind
CISA has warned Microsoft Windows MSHTML Platform Spoofing Vulnerability and Progress WhatsUp Gold SQL Injection Vulnerability actively exploited security flaws, adding them to its Known Exploited Vulnerabilities catalog, and is urging swift action from federal agencies and global organizations.
CVE-2024-43461: Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVSS 8.8)
Check Point said BreachForum post old data
Apple Warns of 3 Zero Day Vulns Actively Exploited
24,000 unique IP attempted to access Palo Alto GlobalProtect portals
CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
Microsoft‘s MSHTML platform has a critical vulnerability, CVE-2024-43461, that allows attackers to fake web pages and deceive users into downloading harmful files. This flaw requires user action, like visiting a malicious website or opening a specially crafted file, and it disguises file extensions to mislead users into thinking the files are safe.
A security advisory from the Zero Day Initiative (ZDI) reveals a vulnerability in Internet Explorer related to file download prompts. This flaw allows attackers to run malicious code using the current user’s privileges. The risk increases as this vulnerability was exploited alongside CVE-2024-38112, a zero-day vulnerability rated 7.5 on the CVSS scale.
In July 2024, Trend Micro researchers identified CVE-2024-38112 as a vulnerability exploited by the advanced persistent threat group “Void Banshee.” This group used the Windows zero-day to deploy Atlantida info-stealer malware, extracting sensitive data like passwords and browser cookies from affected systems. The flaw was first seen in May 2024, with Void Banshee targeting systems that had Internet Explorer disabled, making detection and defense more difficult.
CVE-2024-6670: Progress WhatsUp Gold SQL Injection Vulnerability (CVSS 9.8)
Progress WhatsUp Gold, a network monitoring tool, has a serious SQL injection vulnerability (CVE-2024-6670) with a critical CVSS score of 9.8. This flaw enables unauthenticated attackers to access encrypted user passwords if the app has a single user setup. Additionally, it has been exploited in remote code execution (RCE) attacks.
Trend Micro researchers found that attackers are using an SQL injection vulnerability in the Active Monitor PowerShell Script function via NmPoller.exe, a legitimate WhatsUp Gold process, to run harmful PowerShell scripts. This allows them to download and install remote access tools (RATs) like Atera Agent, Radmin, SimpleHelp Remote Access, and Splashtop Remote, maintaining control over the victim’s system.
Attackers exploited msiexec.exe, a legitimate Windows installer, to secretly install RATs from malicious URLs, evading detection. Once in the network, they operated unnoticed, controlling compromised systems and exfiltrating data or deploying more threats.
