Featured Story
Unix Printing Vulnerabilities Enable Easy DDoS Attacks
New vulnerabilities in the Common Unix Printing System (CUPS) allow attackers to launch DDoS attacks at a cost of less than 1 cent. Over 58,000 exposed systems can generate between 1GB and 6GB of traffic toward a target by sending a single malicious packet.
Initially disclosed for RCE potential, researchers from Akamai later demonstrated how CUPS flaws can be repurposed for large-scale denial-of-service attacks. Cloudflare noted a surge in related DDoS activity during the first half of the year.
These CUPS vulnerabilities pose dual risks—remote code execution and DDoS. Patch immediately or disable the printing service on systems that do not need it. Also, block UDP port 631 externally. Our SOC can assist with threat exposure reviews and mitigation steps.
Other Stories
Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch
CVE-2024-29824 (CVSS 9.6) affects Ivanti Endpoint Manager 2022 SU5 and earlier. It allows unauthenticated attackers to execute code via SQL injection. CISA added the vulnerability to its KEV catalog after confirming active exploitation in the wild.
Ivanti has become a popular target. Patch immediately, and if not feasible, enforce strong segmentation and monitor for post-exploitation signs. Horizon3.ai has published PoC code, raising the urgency for remediation.
Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals
Spear-phishing campaigns are targeting HR teams with malware disguised as resumes. Victims are tricked into opening malicious LNK files that install the More_eggs backdoor, which can steal credentials and enable full compromise.
HR teams are a high-risk entry point for social engineering. We recommend enhanced email security, awareness training, and accepting job applications only through verified channels. Our SOC can simulate phishing scenarios to test defenses.
WARNING: Four Critical Vulnerabilities Are Affecting PHP
PHP versions below 8.1.30, 8.2.24, and 8.3.12 contain four critical flaws (CVE-2024-8925 through 8927, and 9026). These bugs enable attackers to perform log tampering, file inclusion, and parameter injection, potentially compromising entire environments.
Patch now if you’re running PHP-based web servers. These vulnerabilities are easily exploited and can lead to full system takeover. Our SOC can assist with patch prioritization and host-based threat detection configuration.
Contact the Approach Cyber SOC team for tailored support and training programs.
