intelligence gathering

Rapid Software LLC's industrial automation platform, Rapid SCADA, has been found to be susceptible to multiple critical vulnerabilities, posing significant risks of remote code execution, unauthorized access and privilege escalation. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a bulletin detailing the potential vulnerabilities and urging immediate action.

An investigation into cyberattacks in the energy sector has revealed that the attacks may not have been perpetrated by a state-sponsored organization, but rather two waves of attacks that exploited vulnerabilities against the unpatched Zyxel firewall. The attacks were not limited to Denmark, but also included Europe and the United States.

Juniper Networks (NASDAQ: JUNIER) has issued a security vulnerability advisory to fix a critical Remote Code Execution (RCE) vulnerability in the SRX Series Firewalls and EX Series Switches (CVE-2024-21591), as well as another high-risk vulnerability in Junos OS and Junos OS Evolved (CVE- 2024-21611), which can also be exploited by unauthenticated network attackers to cause a denial of service attack. 2024-21611) in Junos OS and Junos OS Evolved, which can also be exploited by an unauthenticated attacker to cause a denial-of-service attack.

GitLab has released a security update that fixes two critical vulnerabilities, one of which (CVE-2023-7028) allows an attacker to exploit a flaw in the mailbox authentication process to hijack a user account by sending a password reset email to an unauthenticated mailbox. The vulnerability affects multiple versions of GitLab Community Edition (CE) and Enterprise Edition (EE).GitLab has released a fix and advises users to upgrade to the fixed version as soon as possible and enable dual authentication for added security.

The U.S. Securities and Exchange Commission compromised the X (formerly twitter) account after unidentified individuals took control of the X (formerly twitter) account cell phone number. Approval for the Bitcoin ETF to be listed on all registered national stock exchanges was posted through the account, which did not have two-factor authentication enabled at the time of the theft.The X security team recommends that all users enable two-factor authentication to secure their accounts.

The Syrian hacker group calling itself Anonymous Arabia has released a remote access Trojan horse called Silver RAT, which bypasses security software and covertly launches hidden applications.

Turkish hackers have recently utilized Microsoft SQL (MS SQL) servers, which have weak security globally, to carry out attacks. This action was designed to gain initial access and was linked to financial gain. The attack targeted the U.S., EU and Latin America (LATAM) regions. Researchers at the security firm Securonix named the operation RE#TURGENCE.

A new variant of Bandook Remote Access Trojan (RAT) is spread through carefully designed phishing emails targeting Windows users. The new variant utilizes a link embedded in a disguised PDF file to induce users to download and decompress a .7z compressed file containing malware, which is then injected into the msinfo32.exe system file to manipulate computers and steal information behind the scenes.

Remcos RAT is a powerful remote-control Trojan horse capable of stealing system data, cookies, and web browser login information, which was used by UAC-0050 for espionage purposes, targeting Ukrainian and Polish entities for intelligence gathering.

The information-stealing malware is actively utilizing an unspecified Google OAuth endpoint called MultiLogin to hijack user sessions and allow users to continue accessing Google services even after resetting their passwords.