This week’s cybersecurity roundup dives deep into the critical vulnerabilities, geopolitical cyber campaigns, and emerging threats shaping the security landscape. These ten stories highlight why staying informed and proactive is key to protecting your organisation. Let’s explore the details.
1. PAN-OS Firewall Zero-Day Actively Exploited
A critical zero-day vulnerability in Palo Alto Networks’ PAN-OS firewall management interface is being actively exploited by threat actors. Attackers have been observed deploying web shells on compromised systems, granting them persistent remote access to sensitive infrastructure. This vulnerability has been assigned a CVSS score of 9.3, indicating its severe impact.
Palo Alto Networks has urgently released patches for affected versions, including updates that address privilege escalation and authentication bypass issues. The vulnerability requires no user interaction or privileges to exploit, making it a low-complexity yet high-impact threat. Organisations using PAN-OS firewalls must apply these patches immediately and restrict access to management interfaces to reduce exposure.
This incident highlights the growing risks associated with misconfigured or exposed firewall management systems and underscores the importance of proactive monitoring and timely patching. (Source: The Hacker News)
2. Fortinet VPN Zero-Day Exploited by DeepData Malware
APT41, a Chinese state-backed advanced persistent threat (APT) group, has been exploiting a previously unknown zero-day in Fortinet’s Windows VPN client. The attack is part of a campaign leveraging the DeepData malware framework, designed to steal credentials and exfiltrate sensitive information from compromised systems.
DeepData operates through modular plugins, targeting browsers, communication platforms, and password managers, while also enabling attackers to record audio through a victim’s microphone. Despite being reported months ago, this vulnerability remains unpatched, exposing users to significant risk.
Organisations using Fortinet’s VPN solutions are urged to closely monitor their systems for suspicious activity and apply mitigation strategies while awaiting an official fix. This incident highlights the importance of rigorous endpoint monitoring and vendor accountability in maintaining secure systems. (Source: SecurityWeek)
3. Germany Prepares for Cyber Threats Amid Snap Elections
Germany’s upcoming snap elections have triggered heightened cybersecurity concerns. With advanced persistent threats (APTs) identified as targeting critical infrastructure and public institutions, the German Interior Ministry has emphasised the need to fortify digital defences. Interior Minister Nancy Faeser stressed the importance of protecting democracy in the digital realm against disinformation, cyber espionage, and disruptive attacks.
The Federal Office for Information Security has reported an increased threat level, citing Russian-aligned groups as key actors leveraging geopolitical tensions to destabilise European democracies. Efforts to modernise IT security legislation earlier this year have expanded reporting obligations for cyber incidents, but the government warns that persistent vulnerabilities in firewalls and VPN systems need urgent attention.
This situation underscores the broader trend of elections becoming key targets for state-sponsored cyber operations. (Source: Euronews)
4. VMware vCenter Server Bug Exploited in the Wild
A critical vulnerability in VMware’s vCenter Server (CVE-2024-38812) has reached active exploitation status. This flaw allows remote attackers to execute arbitrary code via a heap-overflow in the Distributed Computing Environment / Remote Procedure Call (DCERPC) protocol.
Despite releasing an initial patch in September, VMware confirmed that the fix was incomplete, necessitating further updates to address the issue. Attackers have already exploited the vulnerability in live environments, with limited information on the scope of these attacks or indicators of compromise (IoCs). VMware strongly urges users to apply the latest patches and prioritise securing exposed instances.
This incident serves as a stark reminder of the complexities involved in patch management and the necessity of comprehensive vulnerability testing. (Source: SecurityWeek)
5. Sitting Ducks Attack Puts 1M Domains at Risk
A recently uncovered attack vector, dubbed “Sitting Ducks,” is exposing over one million domains to hijacking due to DNS misconfigurations. This technique allows threat actors to gain full control of a domain by exploiting weaknesses in DNS configurations, enabling phishing campaigns, malware distribution, and fraud.
Cybersecurity researchers identified 70,000 hijacked domains, many of which have been used for investment scams, phishing pages, and other malicious activities. Major threat groups, including Vacant Viper and Hasty Hawk, are using these domains to target global enterprises and individuals.
Businesses are encouraged to audit their DNS configurations, implement robust ownership verification processes, and adopt advanced security tools to detect and mitigate domain hijacking threats. (Source: Cybersecurity News)
6. PostgreSQL Vulnerability Enables Code Execution
A high-severity vulnerability (CVE-2024-10979) in PostgreSQL allows attackers to manipulate environment variables, enabling arbitrary code execution or information disclosure. The flaw resides in how PostgreSQL processes user-defined values, which can be exploited by unprivileged users to alter sensitive process variables.
PostgreSQL has released patches across multiple versions, urging users to update immediately. Additional mitigation steps include restricting CREATE FUNCTION permissions and limiting the use of shared preload libraries. This vulnerability highlights the ongoing risks associated with database misconfigurations and unpatched software in enterprise environments. (Source: The Hacker News)
7. Iranian Hackers Deploy WezRat Malware in Phishing Campaigns
The Iranian APT group Cotton Sandstorm (formerly Emennet Pasargad) has been linked to a sophisticated phishing campaign targeting Israeli organisations. Disguised as urgent Chrome updates, the phishing emails deploy WezRat malware, enabling attackers to execute commands, capture screenshots, and exfiltrate sensitive data.
The malware’s modular design includes keylogging capabilities and cookie theft, with additional commands downloaded from command-and-control servers. Organisations are advised to scrutinise unexpected email communications and enhance endpoint detection to mitigate risks. (Source: The Hacker News)
8. T-Mobile Hit in Chinese Cyberespionage Campaign
T-Mobile has become the latest target of the Chinese threat actor Salt Typhoon in a sweeping espionage campaign. The attack aimed to access sensitive call data and law enforcement information by infiltrating telecom networks.
While T-Mobile has reported no significant impacts, the incident underscores the vulnerabilities within the telecommunications sector. Cybersecurity agencies warn that this campaign reflects broader efforts by China to expand its digital surveillance and influence. (Source: SecurityWeek)
9. ChatGPT Prompt Injection Raises Security Concerns
Mozilla researchers have uncovered vulnerabilities in ChatGPT’s prompt handling, exposing internal configurations and increasing risks for enterprise deployments. These prompt injection flaws could allow attackers to bypass safety mechanisms or leak sensitive data.
While OpenAI asserts that such features are intentional, experts caution against the risks of reverse-engineering these configurations, particularly for custom GPT models used in enterprise applications. This highlights the need for robust safeguards in generative AI deployments. (Source: Dark Reading)
10. Trump Administration Could Shift Cybersecurity Focus
As the Trump administration prepares for its second term, cybersecurity experts anticipate significant shifts in policy. Analysts predict a reduction in regulatory oversight for most industries, alongside an increased focus on protecting critical infrastructure and trade-related cybersecurity.
Global tensions, particularly with China, are expected to escalate, potentially leading to a surge in nation-state cyberattacks targeting power grids, water systems, and communication networks. Enterprises must prepare for an evolving threat landscape as political dynamics drive new motivations for adversaries. (Source: Dark Reading)
Stay ahead of the latest cybersecurity developments by keeping an eye on these stories, and ensure your organisation's security protocols remain up to date.
Do you want to know more about this topic?
Our experts and sales teams are at your service. Leave your contact information and we will get back to you shortly.