Featured Story
Microsoft Fixes Four Actively Exploited Zero-Days
Microsoft’s latest Patch Tuesday update addressed four critical zero-day vulnerabilities that were actively exploited:
- CVE-2024-43491: RCE in Windows Update (CVSS 9.8), allowing unauthenticated code execution.
- CVE-2024-38014: Elevation of Privilege in Windows Installer with potential for full system control.
- CVE-2024-38217: MoTW bypass, likely exploited since 2018 and used in ransomware campaigns.
- CVE-2024-38226: Microsoft Publisher macro protections bypass.
SOC Analysis: Several major flaws have been reported (e.g. CVE-2024-43491 CVSS 9.8), some already exploited in the wild. Apply Microsoft’s latest patch as soon as possible. Defender users can identify exposure via the Vulnerability Management tab.
Other Stories
DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe
The campaign installs malware (BadIIS, PlugX) via vulnerable phpMyAdmin/WordPress apps to hijack search results.
SOC Analysis: Ensure web-facing services are patched. WAFs and patch management for CMS apps like WordPress can reduce exposure. Approach can help implement WAF technologies.
Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances
The evolving Quad7 botnet now targets devices from TP-Link, ASUS, Zyxel, Ruckus, and others using ports like 7777 and 11288.
SOC Analysis: Monitor and block unused ports. Deploy Zeek, Snort or Suricata to track and alert on suspicious activity across edge devices. Approach can assist in this monitoring.
WARNING: Ivanti Releases Urgent Security Updates for Endpoint Manager
CVE-2024-29847 (CVSS 10) allows unauthenticated code execution. Additional SQLi flaws affect admin users. Updates released for EPM 2024 and 2022 SU5.
SOC Analysis: Patch Ivanti systems immediately. VPN and security tools are increasingly targeted by ransomware groups. A vulnerability management process is essential.
Want to enhance your organization’s cyber awareness or compliance strategy?
Contact the Approach Cyber SOC team for tailored support and training programs.
Contact the Approach Cyber SOC team for tailored support and training programs.