InfoSecBulletin Cybersecurity for mankind
CISA has warned Microsoft Windows MSHTML Platform Spoofing Vulnerability and Progress WhatsUp Gold SQL Injection Vulnerability actively exploited security flaws, adding them to its Known Exploited Vulnerabilities catalog, and is urging swift action from federal agencies and global organizations.
CVE-2024-43461: Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVSS 8.8)
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
CVE-2023-39780
Botnet hacks thousands of ASUS routers
Bangladesh Bank instructed using AI to prevent online gambling
251 Amazon-Hosted IPs Used in Exploit Scan for ColdFusion, Struts, and Elasticsearch
Zero-Trust Policy bypass to Exploit Vulns & Manipulate NHI Secrets
Evaly E-commerce Platform Allegedly Hacked
Microsoft‘s MSHTML platform has a critical vulnerability, CVE-2024-43461, that allows attackers to fake web pages and deceive users into downloading harmful files. This flaw requires user action, like visiting a malicious website or opening a specially crafted file, and it disguises file extensions to mislead users into thinking the files are safe.
A security advisory from the Zero Day Initiative (ZDI) reveals a vulnerability in Internet Explorer related to file download prompts. This flaw allows attackers to run malicious code using the current user’s privileges. The risk increases as this vulnerability was exploited alongside CVE-2024-38112, a zero-day vulnerability rated 7.5 on the CVSS scale.
In July 2024, Trend Micro researchers identified CVE-2024-38112 as a vulnerability exploited by the advanced persistent threat group “Void Banshee.” This group used the Windows zero-day to deploy Atlantida info-stealer malware, extracting sensitive data like passwords and browser cookies from affected systems. The flaw was first seen in May 2024, with Void Banshee targeting systems that had Internet Explorer disabled, making detection and defense more difficult.
CVE-2024-6670: Progress WhatsUp Gold SQL Injection Vulnerability (CVSS 9.8)
Progress WhatsUp Gold, a network monitoring tool, has a serious SQL injection vulnerability (CVE-2024-6670) with a critical CVSS score of 9.8. This flaw enables unauthenticated attackers to access encrypted user passwords if the app has a single user setup. Additionally, it has been exploited in remote code execution (RCE) attacks.
Trend Micro researchers found that attackers are using an SQL injection vulnerability in the Active Monitor PowerShell Script function via NmPoller.exe, a legitimate WhatsUp Gold process, to run harmful PowerShell scripts. This allows them to download and install remote access tools (RATs) like Atera Agent, Radmin, SimpleHelp Remote Access, and Splashtop Remote, maintaining control over the victim’s system.
Attackers exploited msiexec.exe, a legitimate Windows installer, to secretly install RATs from malicious URLs, evading detection. Once in the network, they operated unnoticed, controlling compromised systems and exfiltrating data or deploying more threats.
