Cyble’s Vulnerability Intelligence unit has recently brought to light a wave of cyberattacks targeting critical vulnerabilities within various software systems. The focus of the attacks has been on exploiting weaknesses in systems such as the Ruby SAML library, D-Link NAS devices, and the aiohttp framework. These attacks were detected by Cyble’s honeypot sensors between October 2 and October 8, 2024.
During this period, Cyble’s sensors detected multiple new cyberattacks aimed at leveraging vulnerabilities in high-profile systems, including but not limited to the Ruby SAML library, a range of D-Link NAS devices, the aiohttp client-server framework, and a popular WordPress plugin commonly used by restaurants and other businesses. The cyberattacks underscore the ongoing threat posed by cybercriminals targeting vulnerable software systems.
Furthermore, Cyble’s sensors identified over 350 new phishing email addresses and reported thousands of brute-force attacks intended to exploit known weaknesses in various systems. The increase in these types of attacks highlights the importance of organizations enhancing their cybersecurity measures to combat evolving threats effectively.
Cyble’s comprehensive report delved into more than 40 vulnerabilities currently being actively exploited by threat actors. Among these vulnerabilities, four stood out as particularly concerning:
1. Ruby SAML Improper Verification of Cryptographic Signature Vulnerability (CVE-2024-45409): This vulnerability in the Ruby SAML library allows unauthenticated attackers to forge SAML responses, potentially leading to unauthorized access to systems.
2. aiohttp Path Traversal (CVE-2024-23334): A vulnerability in the aiohttp client-server framework that permits unauthorized users to access sensitive files due to improper handling of static routes.
3. D-Link NAS Devices Hard-Coded Credentials Vulnerability (CVE-2024-3272): Impacting end-of-life D-Link NAS devices, this vulnerability allows for remote exploitation due to hard-coded credentials.
4. PriceListo SQL Injection Vulnerability (CVE-2024-38793): An SQL Injection vulnerability in the PriceListo Best Restaurant Menu WordPress plugin, allowing attackers to manipulate database queries.
These vulnerabilities, along with previously reported vulnerabilities in systems such as PHP, GeoServer, and AVTECH IP cameras, are part of an ongoing landscape of cyber threats that organizations must actively defend against.
Additionally, Cyble recorded a surge in brute-force attacks during this period, with attackers predominantly originating from Vietnam and Russia. Security analysts are advised to implement measures to block frequently targeted ports and enhance overall security protocols.
Furthermore, Cyble identified 351 new phishing email addresses and highlighted various scams, including fake refund scams, lottery scams, donation scams, investment scams, and shipping scams. These fraudulent schemes underscore the need for individuals to remain cautious and skeptical of unsolicited emails and requests for personal information.
In conclusion, the insights provided by Cyble’s Vulnerability Intelligence unit serve as a stark reminder of the ever-present cyber threats faced by organizations and individuals. By adopting proactive strategies, such as patching vulnerabilities, implementing strong password policies, and staying informed about emerging risks, organizations can bolster their defenses against cyber threats effectively. The guidance offered by Cyble’s sensors is invaluable in strengthening vulnerability intelligence and mitigating online risks in an increasingly digital landscape.