CCTR
CCTR
  • Brewing Cyber Coffee
  • CCTR.23.MAY.24
  • CCTR.22.MAY.24
  • CCTR.21.MAY.24
  • CCTR.20.MAY.24
  • CCTR.19.May.24
  • CCTR.18.April.24
  • CCTR.17.April.24
  • CCTR.16.April.24
  • CCTR.15.April.24
  • CCTR.14.April.24
  • CCTR.13.March.24
  • CCTR.12.March.24
  • CCTR.11.March.24
  • CCTR.10.FEB.24
  • CCTR.9.FEB.24
  • CCTR.8.FEB.24
  • CCTR.7.FEB.24
  • CCTR.6.FEB.24
  • CCTR.5.JAN.24
  • CCTR.4.JAN.24
  • CCTR.3.JAN.24
  • CCTR.2.JAN.24
  • CCTR.1.JAN.24
Powered by GitBook
On this page

CCTR.23.MAY.24

Bugs, Breaches and More bugs

PreviousBrewing Cyber CoffeeNextCCTR.22.MAY.24

Last updated 11 months ago

Monday morning Cyber coffee read CCTR.24.MAY.24

The ACSC reports increased cyber threat activity targeting Snowflake environments, with several companies successfully compromised. The threat actor obtained credentials for a demo account belonging to a former Snowflake employee through info-stealing malware to gain access to the organisation. Snowflake has informed a set of their customers who may have been affected, and the investigation is ongoing. Additionally, Snowflake is currently observing and investigating an increase in cyber threat activity targeting some of their customers' accounts.

If you are using Snowflake, it is recommended to

  • Resetting and rotating Snowflake credentials.

  • Enforcing Multi-Factor Authentication (MFA) on all accounts.

  • Setting up Network Policy Rules to allow only authorised users or traffic from trusted locations.

  • Performing a threat hunt to ensure the security of your environment.

Check Point has released a patch to address a VPN zero-day vulnerability CVE-2024-24919, which is actively being exploited in the wild. Check Point labelled this as an information disclosure vulnerability, which is technically correct, but in reality, it allows for arbitrary file reads. This vulnerability enables attackers to read any file on the system, including sensitive files containing credentials. OK, now this sounds exactly like an information disclosure.

CISA has also added this issue to its Known Exploited Vulnerabilities (KEV) catalogue.

Over three months after Fortinet released security updates to patch the vulnerability CVE-2024-23108 in its FortiSIEM solution, Horizon3 shared a proof-of-concept (PoC) exploit and published a technical write-up. This vulnerability allows attackers to execute commands as root on vulnerable FortiSIEM appliances.

Fortinet vulnerabilities are frequently exploited in ransomware and cyber espionage attacks targeting corporate and government networks.

Lumen Technologies identified a destructive event where over 600,000 Small Office/Home Office (SOHO) routers from a single ISP were taken offline in October 2023, rendering them permanently inoperable and necessitating hardware replacements.

Public scan data confirmed a 49% drop in modems from the affected ISP's autonomous system number during this period.

Recommendations to secure SOHO routers

  • Avoid using common default passwords.

  • Ensure management interfaces are properly secured and not accessible via the internet.

  • Regularly reboot routers and install security updates and patches.

https://community.snowflake.com/s/article/Communication-ID-0108977-Additional-Information
https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
https://github.com/horizon3ai/CVE-2024-23108
https://blog.lumen.com/the-pumpkin-eclipse/