Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Cyber Security Briefing, 13 - 19 July
New vulnerabilities in Ivanti
Ivanti has issued a new security advisory in which it fixes up to four new vulnerabilities in its Endpoint Manager and Endpoint Manager for Mobile products. Among these flaws, the one registered as CVE-2024-37381, CVSSv3 of 8.8 according to the manufacturer, affects the Endpoint Manager (EPM) 2024 flat core server and could be exploited by authenticated attackers with access to the network to execute arbitrary code.
It should be noted that Ivanti has published a fix for this vulnerability, applicable only to EPM 2024 flat, and security updates addressing this flaw are planned for future releases. Consequently, Ivanti has fixed other vulnerabilities affecting all versions of its Endpoint Manager for Mobile (EPMM), namely CVE-2024-36130, CVSSv3 of 8.8 by vendor, CVE-2024-36131, CVSSv3 of 8.2 by vendor and CVE-2024-36132, CVSSv3 of 5.3 by vendor, which are fixed in EPMM versions 11.12.0.3, 12.0.0.3 and 12.1.0.1.
Critical Vulnerability in Cisco SSM On-Prem
The company Cisco has issued a security advisory informing about a critical vulnerability affecting Cisco Smart Software Manager On-Prem. Specifically, the security flaw has been reported as CVE-2024-20419, CVSSv3 of 10 according to the vendor, and is caused by an unverified password change vulnerability in the SSM On-Prem authentication system.
An unauthenticated remote attacker could exploit this vulnerability to set new user passwords without knowing the original credentials. It should be noted that this affects versions of SSM On-Prem prior to version 7.0, which are known as Cisco Smart Software Manager Satellite (SSM Satellite). Cisco recommends that users update to the latest version of this asset and indicates that it has not identified any public exploits or exploitation attempts targeting this vulnerability.
67% of companies in the energy sector received ransomware attacks
Sophos has released its 2024 State of Ransomware in Critical Infrastructure report, which highlights that in the last year, 67% of organizations in the energy, oil, and gas sector were attacked by ransomware. Sophos highlights that half of successful attacks were carried out through the exploitation of unpatched or unmitigated vulnerabilities.
Atomic Stealer for Mac in fake copies of Teams
Malwarebytes has warned of the existence of a distribution campaign for the Atomic Stealer malware through illegitimate URLs that impersonate Microsoft when the user searches Google for Teams software. The threat actor managed to get his malicious website to appear as Microsoft's official one on the results page, adding credibility to the scam. In the campaign detected by Malwarebytes, the URL downloads a fake copy of Teams for Mac infected with Atomic Stealer.
◾ This newsletter is one of the deliverables of our Operational and Strategic Intelligence service. If you are interested in knowing the rest of the Operational and Strategic Intelligence contents included in the service, please contact us →
