The Holiday Season is Upon Us, and So Too Are a New Wave of Cyber Attacks and Threats

The Holiday Season is Upon Us, and So Too Are a New Wave of Cyber Attacks and Threats

Cyderes Cyderes

Cyderes

Cyber Defense & Response. It's what we do.

发布日期: 2024年11月28日
+ 关注

In this edition of Cyderes Intel, we’re arming you with the biggest takeaways from November 2024, and how to continue to maintain your organization's cybersecurity posture in 2025.

TOP CYBERSECURITY TRENDS OF 2025

Based on current developments and emerging technologies, we've compiled some cybersecurity predictions for 2025.

Article contributed by George Innes


Increased Use of Artificial Intelligence (AI) and Machine Learning (ML)

  • Enhanced threat detection: AI can quickly analyze vast data to identify anomalies and potential threats.
  • Automated incident response: AI can automate routine tasks like patching vulnerabilities and blocking attacks.
  • Improved threat intelligence: AI can help gather and analyze information about emerging threats.


Quantum Computing and Post-Quantum Encryption

  • Breaking current encryption: Quantum computers could break encryption algorithms, making data vulnerable.
  • Development of post-quantum encryption: Researchers are working on new encryption algorithms resistant to quantum attacks.


Zero Trust Architecture (ZTA)

  • Increased adoption: ZTA's principle of "never trust, always verify" is gaining popularity as a way to protect against breaches.
  • Integration with other security controls: ZTA can be combined with other security measures, such as identity and access management (IAM) and network security.


Supply Chain Security

  • Increased focus: As supply chains become more complex, attacks targeting third-party vendors and suppliers are rising.
  • Enhanced security measures: Organizations are implementing more robust security controls for their supply chains, including risk assessments and vulnerability management.


IoT and 5G Security

  • Growing attack surface: The proliferation of IoT devices and the rollout of 5G networks create new vulnerabilities.
  • Improved security measures: Manufacturers and network operators focus on securing IoT devices and 5G networks.


Ransomware and Extortion

  • Continued threat: Ransomware attacks will likely remain significant, with attackers targeting critical infrastructure and demanding higher ransoms.
  • Improved prevention and response: Organizations invest in ransomware prevention and response strategies, including backups, incident response planning, and cybersecurity awareness training.


Cloud Security

  • Evolving threats: As more organizations move to the cloud, new security challenges such as data privacy, and compliance arise.
  • Enhanced cloud security measures: Cloud providers and organizations are implementing more robust security controls, including encryption, access controls, and threat detection.


These trends will likely shape the cybersecurity landscape in 2025 and beyond.

Organizations must stay informed about these developments, and adapt their security strategies to protect themselves from emerging cyber threats.


Gain more cybersecurity insights from our blog >>

SOC CONVOS: NATIONAL VULNERABILITY DATABASE

The National Vulnerability Database (NVD) is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP).

This data enables the automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security related software flaws, misconfigurations, product names, and impact metrics.??

?

Critical Vulnerabilities


CVE-2024-42327 (Base Score: 9.9)

Description: A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.

References:?https://support.zabbix.com/browse/ZBX-25623

CVE-2024-42330 (Base Score: 9.1)

Description: The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.

References:?https://support.zabbix.com/browse/ZBX-25626

?

High Vulnerabilities


CVE-2024-52323 (Base Score: 8.1)

Description: Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.

References:?https://www.manageengine.com/analytics-plus/CVE-2024-52323.html

CVE-2024-36467 (Base Score: 7.5)

Description: An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.

References:?https://support.zabbix.com/browse/ZBX-25614

CVE-2024-11667 (Base Score: 7.5)

Description: A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.

References:?https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-21-2024

CVE-2024-52323 (Base Score: 7.5)

Description: Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.

References:?https://www.manageengine.com/analytics-plus/CVE-2024-52323.html

CVE-2024-53603 (Base Score: 7.3)

Description: A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.

References:?https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/COVID19/SQL%20Injection%20vulnerability.pdf


Gain more cybersecurity insights from our blog >>

Thank you for being part of our cybersecurity community!

Please leave your comments and share this knowledge with your network.

Together, we can stay one step ahead of the cyber threats we all face.

To our secure future,


The Cyderes Team

Cyderes Intel Cyderes Intel

Cyderes Intel

20,291 位关注者

订阅

要查看或添加评论,请登录

更多精彩文章