Weekly Threat Digest: November 18 – November 24, 2024
For a detailed threat digest, download the pdf file here
Summary
HiveForce Labs has unveiled a series of significant cybersecurity threats, emphasizing the accelerating pace and complexity of cyber incidents. Over the past week, five attacks were identified, nine critical vulnerabilities were actively exploited, and one active threat group was closely monitored, highlighting an unyielding surge in cyber intrusions.
One standout vulnerability, CVE-2024-11120, represents a critical OS command injection flaw affecting outdated GeoVision devices. Actively weaponized by botnets such as Mirai for DDoS attacks and crypto mining, this flaw presents a severe risk, particularly with no available patches.
In parallel, Palo Alto Networks released essential updates addressing two actively exploited zero-day vulnerabilities, while Apple tackled two critical zero-day flaws, CVE-2024-44308 and CVE-2024-44309, impacting Intel-based Mac systems.
Adding to the urgency, the Helldown ransomware campaign continues to wreak havoc, compromising over 30 organizations with a double extortion approach encrypting data while threatening to expose it. This campaign exploits vulnerabilities such as CVE-2024-42057 in Zyxel firewalls. These alarming developments underline the escalating sophistication of cybercriminal tactics and reinforce the urgent need for robust global cybersecurity measures.
Subscribe to receive our weekly threat digests and newsletters directly in your inbox.