Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On June 26, 2024, TeamViewer published a statement disclosing they detected an irregularity in TeamViewer’s internal corporate IT environment. TeamViewer is an organization that provides remote access software for devices and is extensively utilized by businesses and individuals globally. Upon detecting the incident on June 26th, TeamViewer immediately activated their response team and procedures and started investigations while implementing necessary remediation measures.

On July 1, 2024, OpenSSH released fixes for CVE-2024-6387, a vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems allowing for potential Remote Code Execution (RCE). OpenSSH is a widely-used suite of secure networking tools based on the SSH protocol, providing encryption for secure communication and file transfers, and is essential for remote management on Unix systems. CVE-2024-6387 is a signal handler race condition that allows unauthenticated Remote Code Execution (RCE) as root.

On June 28, 2024, Juniper released fixes for a critical authentication bypass vulnerability discovered during internal testing, CVE-2024-3937. Juniper has stated that this vulnerability affects only Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products running in high-availability redundant configurations.

On June 25, 2024, Fortra published a security advisory for a vulnerability affecting their FileCatalyst Workflow product. The vulnerability, labelled as CVE-2024-5275, is rated as critical severity due to its low attack complexity and high impact.

Cybersecurity moves fast, and the latest threats to reach organizations worldwide are being built on the back of artificial intelligence (AI) models that spit out accurate code, realistic messages, and lifelike audio and video designed to fool people. But as headline-grabbing as AI-based attacks appear to be, they aren’t driving the most breaches globally. That would be BEC attacks, in which attackers leverage stolen access to a business email account to create a scam that results in financial gain.

On June 25, 2024, Progress disclosed two vulnerabilities affecting MOVEit Transfer and MOVEit Gateway: CVE-2024-5805: A critical severity authentication bypass vulnerability affecting MOVEit Gateway (SFTP module). MOVEit Gateway is a proxy for MOVEit Transfer, designed to securely handle inbound connections when deployed behind a firewall.

On June 17, 2024, VMware disclosed two critical vulnerabilities (CVE-2024-37079 & CVE-2024-37080) affecting vCenter Server and Cloud Foundation. These vulnerabilities stem from a heap-overflow issue in the implementation of the DCERPC protocol which can be exploited by remote threat actors. By sending specially crafted network packets, threat actors could exploit CVE-2024-37079 and CVE-2024-37080 to achieve Remote Code Execution (RCE) on both vCenter Server and Cloud Foundation systems.

On June 19, 2024, CDK Global notified customers that a cyber incident had led to a shutdown of its systems, significantly impacting car dealerships across the United States. CDK Global serves nearly 15,000 dealership locations, and the incident caused substantial disruption, forcing car dealerships to halt operations and revert to manual processes. Dealerships were initially notified about the incident around 2AM Eastern time on June 19, 2024, with an update at 8AM confirming the incident.

In 2023, the FBI’s Internet Crime Complaint Center (IC3) received 21,489 BEC complaints with adjusted losses over $2.9 billion USD, according to their 2023 Internet Crime Report. By way of comparison, ransomware, the cyber attack that grabs all the headlines and keeps IT and security teams up at night, accounted for only 2,825 complaints, with adjusted losses of less than $60 million USD.

Since April 2024, Arctic Wolf has been tracking an ongoing campaign by Black Basta ransomware group affiliates leveraging Microsoft’s Quick Assist for initial access. The Black Basta affiliates have been conducting vishing (voice phishing) attacks by impersonating IT or help desk personnel, claiming they need to fix an issue on the victim’s device. In other instances, the threat actors leverage an email bomb attack to flood the victim’s mailbox with emails from subscription services.