Ethical Hacking News
A new wave of sophisticated cyber threats has emerged, targeting critical infrastructure, governments, and individuals worldwide. From vulnerabilities in UEFI Secure Boot to exploits in Aviatrix Controllers, this article provides an exhaustive overview of the latest developments in the realm of cybersecurity threats and intelligence.
Notable breaches and exploits have been reported in UEFI Secure Boot, Fortinet, Aviatrix Controllers, and AWS Native Services. A new vulnerability (CVE-2024-7344) has been discovered within the UEFI Secure Boot system, while a campaign using the Cleo File Transfer flaw targets WhatsApp accounts. Intelligence agencies have imposed sanctions on Chinese cybersecurity firms and individuals tied to federal agency breaches. A new campaign by the Clop ransomware gang exploits vulnerabilities in network security systems, including the Cleo File Transfer flaw. The FBI has deleted China-linked PlugX malware from over 4,200 US computers. Researchers have uncovered a campaign targeting Fortinet FortiGate firewalls that can exploit arbitrary pointer dereferences in Windows 11. The use of AI tools has become a significant aspect of cybersecurity threats, with the FunkSec ransomware gang being developed using such tools. A notable data breach was disclosed by prominent US law firm Wolf Haldenstein.
In recent weeks, the cybersecurity landscape has experienced a significant escalation of threats and intelligence-related events. The Security Affairs newsletter Round 507 provides an exhaustive compilation of the latest developments, covering various aspects of cybercrime, hacking, and related issues.
According to the context data provided, there have been notable breaches and exploits in several domains, including UEFI Secure Boot, Fortinet, Aviatrix Controllers, and AWS Native Services. A new vulnerability, CVE-2024-7344, has been discovered within the UEFI Secure Boot system, while a campaign using the Cleo File Transfer flaw has targeted WhatsApp accounts.
Furthermore, intelligence agencies have taken action against malicious actors. The U.S. Treasury Department has imposed sanctions on Chinese cybersecurity firms and individuals tied to federal agency breaches. Additionally, an EU privacy non-profit group has filed complaints against companies such as TikTok, SHEIN, AliExpress, and other Chinese entities for data misuse.
Other notable events include a new campaign by the Clop ransomware gang, which exploits vulnerabilities in network security systems, including the Cleo File Transfer flaw. The FBI has also taken action against malicious actors, deleting China-linked PlugX malware from over 4,200 US computers.
Meanwhile, researchers have been working to uncover the tactics and techniques employed by malicious actors. For instance, a new campaign targeting Fortinet FortiGate firewalls has been uncovered, which can exploit arbitrary pointer dereferences in Windows 11.
The use of artificial intelligence (AI) tools has also become a significant aspect of cybersecurity threats. The FunkSec ransomware gang, for example, was developed using AI tools, while researchers have identified exploitation in the wild of Aviatrix Controller RCE (CVE-2024-50603).
In addition to these threats, there have been notable developments in law enforcement and regulatory efforts aimed at addressing these issues. For instance, prominent US law firm Wolf Haldenstein has disclosed a data breach.
The landscape is constantly evolving, with new threats emerging and existing ones being addressed through various means of countermeasures. It is essential for individuals, organizations, and governments to stay informed about the latest developments in cybersecurity threats and intelligence.
Related Information:
https://securityaffairs.com/173227/uncategorized/security-affairs-newsletter-round-507-by-pierluigi-paganini-international-edition.html
https://nvd.nist.gov/vuln/detail/CVE-2024-7344
https://www.cvedetails.com/cve/CVE-2024-7344/
https://nvd.nist.gov/vuln/detail/CVE-2024-50603
https://www.cvedetails.com/cve/CVE-2024-50603/
Published: Sun Jan 19 17:13:36 2025 by llama3.2 3B Q4_K_M
