This week’s Cybersecurity Newsletter brings you the latest insights on evolving threats and defenses in the digital landscape. As cyber risks continue to grow, it’s critical for organizations to stay informed and proactive.
1 Cyber Attack News
1.1 Critical Apache Struts Vulnerability Exposes Systems to RCE Attacks
A critical vulnerability (CVE-2024-53677) in Apache Struts allows remote code execution. Users should upgrade to version 6.4.0 or later to mitigate this risk.
Affected versions: Struts 2.0.0–2.3.37, 2.5.0–2.5.33, and 6.0.0–6.3.0.2.
1.2 Phishing Attack Targets HubSpot and Microsoft Azure Users
A phishing campaign is targeting HubSpot and Microsoft Azure users through fake login pages. Organizations are urged to enable MFA and provide phishing awareness training.
2 Vulnerability News
2.1 Windows Kernel Vulnerability Exploited in Active Attacks
Attackers are actively exploiting a Windows kernel vulnerability for privilege escalation. Patch updates are essential.
2.2 1-Click RCE Attack in Kerio Control Firewall
A remote code execution vulnerability in the Kerio Control Firewall requires immediate updates to mitigate risks.
2.3 WordPress Sites Vulnerable to Critical RCE Attacks
A critical RCE vulnerability in WordPress plugins endangers millions of websites. Users must update their plugins immediately.
2.4 Critical Chrome Vulnerabilities: Patch Now!
Google has released fixes for multiple critical Chrome vulnerabilities. Users are strongly advised to update their browsers without delay.
3 Threats News
3.1 CoinLurker Malware Targets Cryptocurrency Enthusiasts
The CoinLurker malware is actively targeting cryptocurrency users via phishing emails and malicious websites, stealing sensitive information.
3.2 DDoS Malware Cshell Exploits Linux Tools to Attack SSH Servers
Cshell malware compromises SSH servers using Linux tools, posing a serious threat to server security.
4 Data Breach News
4.1 IntelBroker Leaks 2.9GB of Cisco Data
Sensitive Cisco data, amounting to 2.9GB, has been leaked by a threat actor. This breach raises significant corporate security concerns.
4.3 Ascension Health Hacked
Ascension Health has been targeted by hackers, compromising patient data. This highlights the urgent need for robust healthcare cybersecurity measures.
Comments