🚨 Hugegraph Vulnerability, SSH Snake Bites, Geoserver exploit, Ransomware Attacks Increase, FIN7

Apache Huge Graph Server Vulnerability (CVE-2024-27348)

A critical vulnerability in Apache Huge Graph Server’s Gremlin graph traversal language API allows attackers to execute arbitrary code remotely.

Actions:

1. Upgrade: Users must upgrade to version 1.3.0 of Huge Graph Server to incorporate critical security fixes and enhancements.

2. Enable Security Measures: Implement whitelist IP ports and enable the authentication system to add an extra layer of security to RESTful API executions.

GeoServer Vulnerability (CVE-2024-36401)

A critical remote code execution flaw in GeoServer’s GeoTool plugin is being actively exploited. GeoServer is widely used for geospatial data management.

Actions:

1. Patch Immediately: Federal agencies have been given until August 5th to apply patches. All users should follow suit promptly.

2. Conduct Vulnerability Scans: Regularly scan for vulnerabilities using tools like Nuclei and ensure all geospatial data handling follows best security practices.

CrystalRay Threat Actor

The threat actor Crystal Ray has been exploiting SSH-based malware to gain access to over 1,500 victims, using OSS tools to spread across networks and gather credentials for sale.

Actions:

1. Enhance Monitoring: Utilize security operation tools to detect unauthorized SSH activities and suspicious use of OSS tools like PDTM.

2. Strengthen Credential Policies: Implement robust credential management policies and regularly update SSH keys to prevent unauthorized access.

Scattered Spider Cybercrime Gang

The gang has added Qilin ransomware to their toolkit, using it in attacks against high-profile targets. They employ techniques like MFA bombing and SIM swapping for gaining access.

Actions:

1. **Improve MFA Security:** Use stronger multi-factor authentication methods and educate users about MFA fatigue attacks.

Konfetti Ad Fraud Operation

An ad fraud operation using hundreds of apps on the Google Play Store to perform nefarious activities like ad fraud, monitoring web searches, and installing browser extensions.

Actions:

1. Vet Mobile Apps: Ensure all mobile applications used within the organization are vetted and approved for security compliance.

2. Educate Users: Raise awareness among users about the risks of downloading apps from unverified sources.

Secure Software Development Practices Survey

A survey by the Linux Foundation and Open Source Security Foundation reveals that one-third of software development professionals lack knowledge of secure software development practices.

Actions:

1. Enhance Training Programs: Implement comprehensive onboarding and continuous training programs focusing on secure software development practices.

2. Mentorship Programs: Pair new developers with experienced mentors to accelerate their understanding of security in software development.

Conclusion

Today’s episode highlighted the importance of swift action in mitigating vulnerabilities and the critical need for continuous security education. Stay proactive in addressing security risks, and always prioritize secure development practices to protect your organization from potential threats. Stay cyber safe!

Join James Azar’s subscriber chat

Available in the Substack app and on web

Join chat

✅ Story Links: 

https://thecyberexpress.com/hugegraph-vulnerability-cve-2024-27348/

https://www.bleepingcomputer.com/news/security/cisa-warns-critical-geoserver-geotools-rce-flaw-is-exploited-in-attacks/

https://www.csoonline.com/article/2516651/known-ssh-snake-bites-more-victims-with-multiple-oss-exploitation.html

https://www.bleepingcomputer.com/news/security/microsoft-links-scattered-spider-hackers-to-qilin-ransomware-attacks/

https://www.cybersecuritydive.com/news/ransomware-leak-site-increase/721480/

https://thehackernews.com/2024/07/fin7-group-advertises-security.html

https://thehackernews.com/2024/07/konfety-ad-fraud-uses-250-google-play.html

https://www.cybersecuritydive.com/news/1-in-3-software-unaware-secure-practice/721481/

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1  

✅ Important Links to Follow: 

👉Substack:

CISO Talk by James Azar

The latest on Cybersecurity, Privacy, Technology & Geo-Politics and all from a practitioner and intel point of view

👉Listen here: https://linktr.ee/cyberhubpodcast   

✅ Stay Connected With Us.

👉Rumble: https://rumble.com/c/c-1353861 

👉Facebook: https://www.facebook.com/CyberHubpodcast/ 

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/ 

👉Twitter (X): https://twitter.com/cyberhubpodcast 

👉Instagram: https://www.instagram.com/cyberhubpodcast 

✅ For Business Inquiries:  info@cyberhubpodcast.com

=============================

✅ About The CyberHub Podcast.

The Hub of the Infosec Community. 

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.