Cyware Daily Threat Intelligence
Daily Threat Briefing • Aug 14, 2024
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Aug 14, 2024
A wave of critical updates has just hit the cybersecurity landscape, with major players like Microsoft, Siemens, and SAP rolling out significant patches to address vulnerabilities in their systems. Microsoft’s August 2024 Patch Tuesday leads the charge, tackling 90 vulnerabilities across its products, with seven rated as critical. Siemens has also stepped up, issuing updates for several of its products, including SINEC NMS, TIA Multiuser Server, and SCALANCE devices.
In a devious twist on old tricks, cybercriminals have turned everyday annoyances—like email floods and relentless phone calls—into weapons of choice for a new social engineering campaign, luring victims into a web of digital deception. The attackers also deployed a series of malicious payloads to seize control of compromised systems and siphon off sensitive data.
For detailed Cyber Threat Intel, click ‘Read More’.
**Microsoft’s August 2024 Patch Tuesday **
The August 2024 Patch Tuesday from Microsoft addressed a total of 90 vulnerabilities in various products, with seven being rated as critical. Among the vulnerabilities, six are actively exploited, including remote code execution flaws in Windows components. The most severe vulnerabilities allow unauthenticated attackers to execute code remotely through specially crafted packets, posing a significant security risk. Microsoft has released security updates to address these issues and recommends disabling IPv6 as a precautionary measure.
Siemens product security update
Siemens released an update to fix vulnerabilities in its products. The affected products include SINEC NMS, SINEC Traffic Analyzer, TIA Multiuser Server, TIA Project-Server, NX, RUGGEDCOM RM1224 LTE, and various SCALANCE products. The vulnerabilities range from privilege escalation to remote code execution and unauthorized access. Siemens has provided vulnerability patches for some products, with instructions to update to the latest version.
Critical SAP bug spotted
SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass flaw (CVE-2024-41730) in SAP BusinessObjects Business Intelligence Platform versions 430 and 440. This flaw could allow remote attackers to fully compromise the system. Another critical vulnerability (CVE-2024-29415) is a server-side request forgery flaw in applications built with SAP Build Apps older than version 4.11.130. The remaining fixes listed in SAP's bulletin include high severity vulnerabilities such as XML injection issue, prototype pollution flaw, denial of service vulnerability, and information disclosure issue in various SAP products.
Massive set of code execution flaws in Adobe
Adobe has released patches for 72 security vulnerabilities across various products, warning that Windows and macOS users are at risk of code execution, memory leaks, and denial-of-service attacks. The vulnerabilities affect products such as Acrobat, Reader, Illustrator, Photoshop, InDesign, Adobe Commerce, Dimension, Bridge, Substance 3D Stager, Substance 3D Sampler, Substance 3D Designer, and InCopy.
High profile phishing campaign hit list
Two Russia-aligned phishing campaigns targeted human rights organizations, independent media, and civil society members from Eastern Europe and the U.S. The campaigns, attributed to groups named Coldriver and Coldwastrel, utilized malicious emails with fake PDF attachments to collect victims' passwords and authentication codes. While no malware was deployed, unauthorized access to email accounts may have occurred.The phishing activities were highly personalized and tailored to deceive targets.
**Ongoing social engineering campaign **
Rapid7 identified a social engineering campaign involving threat actors using email bombing, phone calls, and fake solutions to trick users into downloading a remote access tool. The threat actors then used various payloads, including SystemBC malware and reverse SSH tunnels, to gain control and exfiltrate data from compromised systems. The malicious activities included exploiting a vulnerability (CVE-2022-26923) for privilege escalation and using Level Remote Monitoring and Management (RMM) tool for lateral movement within environments.