Contact us
Back to Resources
Threat advisories

Top Middle East Cyber Threats – December 31st, 2024   

3 min to read
10
Top Middle East Cyber Threats – December 31st, 2024   

At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats. 

Google Releases Chrome Security Update

Google has released a security update addressing multiple vulnerabilities in the Chrome browser.

The latest version (131.0.6778.204/.205 for Windows and Mac, 131.0.6778.204 for Linux) includes five security fixes, with four contributed by external researchers.

These vulnerabilities have been classified as high in severity.

Recommendations:

  • Ensure all systems are promptly patched and updated to the latest version of Chrome.

BeyondTrust Confirms Remote Support SaaS Security Incident

BeyondTrust experienced a cyberattack in early December, resulting in the compromise of some Remote Support SaaS instances. An investigation revealed that threat actors accessed a Remote Support SaaS API key, allowing them to reset passwords for local application accounts.

During the investigation, two vulnerabilities were identified:

  • CVE-2024-12356 – A critical command injection flaw affecting Remote Support (RS) and Privileged Remote Access (PRA) products. Exploiting this vulnerability could allow an unauthenticated remote attacker to execute OS commands in the context of the site user.
  • CVE-2024-12686 – A medium-severity vulnerability enabling attackers with administrative privileges to inject commands and upload malicious files.

Although not explicitly confirmed, these vulnerabilities may have been leveraged during the attack.

Patches for both vulnerabilities have been automatically applied to cloud instances. Users with self-hosted instances must manually apply the security update.

Recommendations:

  • Ensure all systems are patched and up to date.
  • Regularly review security configurations and logs for anomalies.

Hacktivist Group Issues DDoS Threat

A hacktivist group known as Xsec 404 Team, along with affiliated entities such as Lulsec, Moroccan Soldiers, and NoName057(16), has issued threats to target UAE government servers with Distributed Denial-of-Service (DDoS) attacks. These threats, communicated via Telegram, are part of their broader campaign expressing political motivations.

Key Indicators:

  • Threat Actor Groups: Xsec 404 Team, Lulsec, Moroccan Soldiers, NoName057(16)
  • Methodology: DDoS attacks targeting UAE government servers
  • Motivation: Political activism and coordinated cyber campaigns

Immediate measures are advised to strengthen defenses and monitor infrastructure for unusual activities.

Recommendations:

  • Ensure sufficient bandwidth and use load balancers to distribute traffic.
  • Configure network hardware to filter unwanted ports and protocols.
  • Deploy DDoS protection solutions for both network and application layers.
  • Continuously monitor web-based activities for irregular behavior.
  • Regularly review system logs to detect potential threats.

Researchers Detect FortiClient EMS Vulnerability Exploitation

Researchers have identified cyberattacks exploiting an SQL injection vulnerability (CVE-2023-48788) in Fortinet FortiClient EMS. This vulnerability has been used to compromise unpatched Windows server systems, allowing unauthorized access, remote code execution, and lateral movement across networks.

Affected Versions:

  • FortiClient EMS: Versions 7.0.1 – 7.0.10 and 7.2.0 – 7.2.2

Impact:

  • Execution of unauthorized commands
  • Deployment of malicious payloads
  • Lateral movement within the network
  • Exfiltration of sensitive data

Recommendations:

  • Apply patches immediately to mitigate vulnerabilities.
  • Implement firewall rules to reduce exposure to the internet.
  • Restrict access to administrative shares and critical registries.
  • Deploy endpoint detection and response (EDR) across all systems.
  • Monitor networks for abnormal activity and shared IoCs.
  • Ensure regular backups are maintained and secured.

Palo Alto Networks Releases PAN-OS Vulnerability Update 

Palo Alto Networks has released a security update to address a high-severity Denial-of-Service (DoS) vulnerability in the DNS Security feature of PAN-OS software (CVE-2024-3393).

This vulnerability, rated at 8.7 on the CVSS scale, allows an unauthenticated attacker to send malicious packets, causing firewall reboots and triggering maintenance mode.

Affected Versions:

  • PAN-OS 10.1.14-h8, 10.2.10-h12, 11.1.5, 11.2.3 (or later)
  • No patches will be issued for PAN-OS 11.0, which reached end-of-life on November 12, 2024.

Recommendations:

  • Apply the latest security updates to all affected PAN-OS versions.
  • Follow Palo Alto’s provided workarounds for Prisma Access customers and instances where patches cannot be immediately applied.
  • Monitor firewall activity for signs of exploitation and ensure system redundancy to maintain operational integrity.

References

https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html

https://www.beyondtrust.com/remote-support-saas-service-security-investigation

https://t.me/Xsec404Team

https://securelist.com/patched-forticlient-ems-vulnerability-exploited-in-the-wild/115046/

https://security.paloaltonetworks.com/CVE-2024-3393

 

Share this article

Top Resources

Related Resources