Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 5 – 2024

Publication date

02.02.2024

Featured Story

Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities

Ivanti Malware

Google-owned Mandiant identified new malware used by China-nexus espionage actor UNC5221 and others during post-exploitation targeting Ivanti Connect Secure VPN and Policy Secure devices. These attacks exploit CVE-2023-46805 and CVE-2024-21887 to execute arbitrary commands with elevated privileges.

The vulnerabilities have been exploited since December 2023. Germany’s BSI has confirmed multiple compromised systems. Open-source tools like Impacket, CrackMapExec, iodine, and Enum4linux support the post-exploitation stage.

Ivanti has also disclosed CVE-2024-21888 and CVE-2024-21893, with the latter under active exploitation. CISA urged agencies to disconnect affected systems and investigate before reconnecting.

Analysis from our SOC team:
Ivanti continues to be a high-value target due to repeated zero-day exploits. We recommend isolating unpatched systems and applying updates immediately. See Ivanti’s official blog for patch information.

Other Highlights

Root Access Vulnerability in GNU Library C (glibc) Impacts Many Linux Distros

Qualys discovered multiple glibc vulnerabilities, including CVE-2023-6246, a heap-based buffer overflow allowing privilege escalation via syslog. It affects glibc versions since 2.37 (August 2022) and major Linux distros like Debian, Ubuntu, and Fedora.

Analysis from our SOC team:
Even though this is not remotely exploitable, it impacts a wide range of internal systems. Patch management is essential. We can assist in prioritizing and remediating affected hosts.

Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware

Telegram has become a key platform for distributing phishing kits, malware, and even hacker services, with ready-to-use kits selling for as little as $230. This accessibility is driving a surge in phishing campaigns globally.

Analysis from our SOC team:
Phishing remains a top entry point for attackers. Combine technical defenses with training, awareness campaigns, and clear reporting mechanisms to reduce risk.

HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining

HeadCrab malware has evolved into a fileless variant infecting Redis servers. Aqua Security reports over 2,300 infected servers running cryptocurrency mining operations while evading detection through stealthy techniques and kernel-level control.

Analysis from our SOC team:
Redis servers exposed to the internet are prime targets. Prioritize patching, implement access restrictions, and ensure logging and monitoring are enabled.

Beware of Investment Fraud Exploiting Deepfakes

Safeonweb has issued a warning about deepfake-driven investment scams. Fraudsters are using AI-manipulated videos of Belgian public figures to promote fake investment opportunities, luring victims into financial traps.

Analysis from our SOC team:
Verify all financial advice through trusted channels. Be skeptical of unsolicited opportunities, especially those using public figure endorsements. Report suspicious activity to authorities immediately.

Need help assessing your exposure, patching priorities, or response readiness? Contact our SOC team today.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?