Threat advisories

Top Middle East Cyber Threats – October 30th, 2024   

Oct-2024 3 min to read

At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats. 

Fortinet Discloses Critical Vulnerability Exploited in Zero-Day Attacks

Fortinet has disclosed a critical FortiManager API vulnerability, tracked as CVE-2024-47575, also known as FortiJump, which was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. FortiJump has a severity rating of 9.8 out of 10.

A missing authentication for a critical function vulnerability [CWE-306] in the FortiManager fgfmd daemon may allow a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.

RECOMMENDATIONS 

Ensure all systems are patched and updated.

Samsung Addresses Critical Zero-Day Vulnerability Exploited in Galaxy Devices

Samsung has addressed a critical zero-day vulnerability classified as a ‘use-after-free’ flaw, which could be exploited in certain Galaxy devices. This vulnerability allows attackers to execute arbitrary code or gain control of the system by manipulating memory after it has been freed, posing a significant threat to device security. Researchers from Google Project Zero confirmed that threat actors are actively exploiting this vulnerability as part of a broader exploit chain.

This flaw, affecting devices with certain Exynos chipsets and Android versions up to Android 12, can potentially lead to full system compromise if exploited.

RECOMMENDATIONS 

Ensure all systems are patched and updated.

Google Releases Security Update Fixing High-Severity Vulnerabilities in Chrome

Google has published a security update to address multiple vulnerabilities in the Chrome browser, now fixed in the latest version (130.0.6723.69/.70 for Windows and Mac, and 130.0.6723.69 for Linux).

The update includes three security fixes contributed by external researchers, all rated as high in severity.

RECOMMENDATIONS 

Ensure all systems are patched and updated.

BIG-IP Monitor Functionality Allows Privilege Escalation for Authenticated Attackers

The BIG-IP monitor functionality may allow an authenticated attacker with at least Manager role privileges to elevate their privileges and/or modify the configuration (CVE-2024-45844).

This vulnerability may enable an authenticated attacker with Manager role privileges or higher, with access to the Configuration utility or TMOS Shell (tmsh), to elevate their privileges and compromise the BIG-IP system. There is no data plane exposure; this is solely a control plane issue.

RECOMMENDATIONS 

Ensure all systems are patched and updated.

CISA Issues Alert on Cyber Actors Exploiting Brute Force Techniques Against Critical Infrastructure

Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory warning of cyber actors targeting multiple critical infrastructure sectors, including healthcare, government, IT, and energy, using brute force attacks and other credential access techniques. These actors aim to compromise user accounts and gain unauthorized network access, which may later be sold on cybercriminal platforms.

Since October 2023, cyber actors have employed brute force methods such as password spraying and multi-factor authentication (MFA) push bombing to access critical systems, including Microsoft 365, Azure, and Citrix environments. Once inside, they often register new MFA devices to maintain persistent access and conduct reconnaissance to gather credentials and sensitive data. These credentials are likely sold on cybercriminal forums for further exploitation.

Key techniques include: