Latest Intelligence
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
Over 100 fake Chrome extensions have been discovered that are designed to hijack user sessions, steal credentials, and inject advertisements. These malicious extensions are created by an unknown threat actor and pose significant risks to users by masquerading as legitimate tools.
NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch
VMware has released security patches addressing vulnerabilities that could lead to data leakage, command execution, and denial-of-service attacks. Notably, one of the vulnerabilities has been flagged by NATO, underscoring its significance and urgency for users to apply the patches.
South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware
A new cyber campaign by the SideWinder APT group has targeted high-level government institutions in Sri Lanka, Bangladesh, and Pakistan using spear phishing tactics and geofenced payloads. This attack highlights the ongoing threat to governmental cybersecurity in South Asia, emphasizing the need for enhanced protective measures.
AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
Cybersecurity researchers have identified risky default IAM roles in AWS that can lead to privilege escalation and manipulation of other services, potentially compromising entire AWS accounts. This issue highlights the importance of reviewing and tightening IAM permissions to prevent unauthorized access.
Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers
NIST and CISA researchers have proposed the Likely Exploited Vulnerabilities (LEV) equations to enhance remediation prioritization based on KEV and EPSS metrics. This development is significant as it aims to improve the effectiveness of addressing vulnerabilities that are likely to be exploited.
Event Preview: 2025 Threat Detection & Incident Response (Virtual) Summit
The 2025 Threat Detection & Incident Response Summit is a virtual event set to occur on May 21st, focusing on cybersecurity strategies and solutions. This summit highlights the importance of effective threat detection and response mechanisms in the evolving landscape of cyber threats.
TrustCloud Raises $15 Million for Security Assurance Platform
TrustCloud, an AI-native security assurance firm, has successfully raised $15 million in funding to enhance its security assurance platform. This financial boost is significant as it highlights the growing investment in cybersecurity solutions amidst increasing security challenges.
Danfoss AK-SM 8xxA Series
The Danfoss AK-SM 8xxA Series has a vulnerability due to improper authentication, allowing remote attackers to bypass authentication and execute arbitrary code. This issue is significant as it affects critical infrastructure and could lead to serious security breaches if exploited.
Vertiv Liebert RDU101 and UNITY
The Vertiv Liebert RDU101 and UNITY products have critical vulnerabilities that allow for authentication bypass and stack-based buffer overflow, posing risks of denial-of-service and remote code execution. Users are urged to update their systems to mitigate these risks.
Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products
Mitsubishi Electric Iconics Digital Solutions has reported a vulnerability in their ICONICS Product Suite and MC Works64 that allows for execution with unnecessary privileges, potentially leading to information tampering. This vulnerability poses a significant risk as it could result in a denial-of-service condition on affected workstations.
AutomationDirect MB-Gateway
The AutomationDirect MB-Gateway has a critical vulnerability due to missing authentication for critical functions, allowing unauthorized remote access and potential for configuration changes or arbitrary code execution. This vulnerability has a CVSS score of 10.0, indicating its severity and the urgent need for remediation.
ABUP IoT Cloud Platform
The ABUP IoT Cloud Platform has a vulnerability related to incorrect privilege assignment, allowing unauthorized access to device profiles through a crafted JSON Web Token. Although the vendor has removed the vulnerable method, users are advised to modify authentication information due to a prior exposure period.
Assured Telematics Inc (ATI) Fleet Management System with Geotab Integration
Assured Telematics Inc. has reported a vulnerability in their Fleet Management System that allows unauthorized access to sensitive system information, potentially leading to the exposure of administrative credentials. This issue is significant as it could compromise critical infrastructure in transportation systems worldwide.
Schneider Electric PrismaSeT Active - Wireless Panel Server
The Schneider Electric PrismaSeT Active - Wireless Panel Server has a critical vulnerability (CVE-2023-4041) that allows unauthorized code execution due to a buffer overflow issue, posing risks to voltage loss monitoring. This vulnerability, which has a CVSS score of 9.8, affects all versions of the product and could lead to significant operational disruptions.
Schneider Electric Modicon Controllers
Schneider Electric's Modicon Controllers have a vulnerability that allows unauthenticated attackers to manipulate a controller's webserver URL, potentially leading to a loss of confidentiality. This issue affects multiple product versions and poses a significant risk, particularly in critical infrastructure sectors.