The latest weekly report is out and in this issue of AUCloud’s Cyber Threat Intelligence Report we reveal:
Four critical vulnerabilities expose HPE Aruba devices to RCE attacks
HPE Aruba Networking has released security updates to patch ten vulnerabilities in ArubaOS, including four critical issues with a high CVSS score of 9.8. These vulnerabilities, which exploit the Performance Application Programming Interface (PAPI) through UDP port 8211, could let attackers execute arbitrary code by leveraging unauthenticated buffer overflows.
Hackers increasingly abusing Microsoft Graph API for stealthy malware communications
Hackers have increasingly exploited the Microsoft Graph API for covert communication with their command-and-control (C&C) infrastructure on Microsoft cloud services, according to Symantec. Since January 2022, nation-state hacking groups like APT28, REF2924, Red Stinger, Flea, APT29, and OilRig have used this approach to evade detection.
6 Australian senators, MPs confirm being targeted by APT31 in IPAC cyber attack
It’s been reported that APT31, the Chinese state-sponsored hacking group in 2021 sent a large number of pixel tracking emails to the parliamentary emails of Australian MPs and senators from a domain masquerading as a news outlet. The motive was to gather sufficient information to mount more sophisticated follow-on attacks, escalating in severity. However, the parliamentary officials were made aware only recently as the Australian authorities failed to notify them of the incident after discovering it almost 3 years ago.
New attack leaks VPN traffic using rogue DHCP servers
A new threat campaign widely referred to as “TunnelVision” is currently under exploitation which allows attackers to bypass VPN protections and expose user traffic. This is a major concern as VPNs play a critical role in securing traffic and data of users.
Access to the full report and automatically subscribe for future editions.
