SonicWall Warns of Critical Access Control Flaw in SonicOS

SonicWall has recently issued a warning about a critical access control vulnerability in its SonicOS operating system. Known as CVE-2024-26256, this flaw allows attackers to gain unauthorized access to SonicWall devices, potentially leading to exposure of sensitive data and further malicious actions. The vulnerability poses a significant risk due to the widespread use of SonicWall devices in enterprise networks. 

To mitigate the risk, SonicWall has released security updates and strongly advises users to apply these patches immediately. Regular monitoring for unusual activities on SonicWall systems is also recommended. 

It is recommended that system administrators move to the below versions, which address CVE-2024-40766: 

For Gen 5: Version 5.9.2.14-13o 

For Gen 6: Version 6.5.4.15.116n 

For SM9800, NSsp 12400, and NSsp 12800, version 6.5.2.8-2n is safe 

For Gen 7: Any SonicOS firmware version higher than 7.0.1-5035 

The security updates have been made available for download through mysonicwall.com. 

Halliburton Shuts Down Systems Following Cyberattack

Halliburton, one of the world's largest oilfield services companies, recently faced a significant cyberattack, leading to the shutdown of critical IT systems as a precautionary measure. The attack's specifics, including the method of intrusion and the exact systems affected, are still under investigation. However, the shutdown indicates the severity of the breach and the potential threat it posed to Halliburton’s operations and sensitive information. 

This incident is a strong reminder of the vulnerabilities within the energy sector, particularly for companies involved in critical infrastructure and industrial operations. Such companies are increasingly targeted due to the potential for disruption and the high value of their proprietary data. In response, Halliburton is collaborating with cybersecurity experts and law enforcement agencies to understand the attack's scope, contain the threat, and enhance its security posture. This event underscores the importance for other companies in the sector to assess their cybersecurity defenses and incident response capabilities. 

Code Execution Vulnerability Found in WPML Plugin Installed on 1M+ WordPress Sites

A critical code execution vulnerability has been identified in the WPML (WordPress Multilingual) plugin, which is installed on more than one million WordPress sites. The flaw allows attackers to execute arbitrary code, potentially gaining full control over affected websites. This could lead to unauthorized access, data theft, site defacement, and even further distribution of malware. 

The vulnerability poses a significant threat due to the widespread use of the WPML plugin, which is popular among websites needing multilingual support. The potential impact includes loss of sensitive information, compromised user data, and the degradation of website integrity and availability. To mitigate these risks, the developers of WPML have released an updated version of the plugin that patches the vulnerability. Website administrators are strongly advised to update the plugin immediately and to ensure that all other plugins and themes are kept up-to-date as part of their ongoing security management practices. 

CVE-2024-6386 was resolved in WPML version 4.6.13, which was released on August 20. Users are advised to update to WPML version 4.6.13 as soon as possible, given that PoC code targeting CVE-2024-6386 is publicly available. 

New QR Code Phishing Campaign Exploits

A new phishing campaign exploiting QR codes has been identified. Attackers are using these QR codes to direct users to malicious websites, where they can steal login credentials and personal information. The campaign uses QR codes distributed via email, social media, and other platforms to lead victims to fake login pages. 

With the increasing use of QR codes in both business and daily life, this tactic could effectively bypass traditional email filters and user suspicion. Users should be cautious when scanning QR codes from unknown sources, and organizations should educate employees about the risks associated with QR code phishing. 

Google Tags Tenth Chrome Zero-Day Exploit in 2024 

Google has identified and patched the tenth zero-day vulnerability in Chrome that has been exploited in the wild this year. The high frequency of these zero-day vulnerabilities highlights the ongoing targeting of Chrome by attackers looking to exploit unpatched flaws for malicious purposes. 

Google has fixed this zero-day (CVE-2024-7965) and another (CVE-2024-7971) in Chrome version 128.0.6613.84/.85 for Windows/macOS systems and version 128.0.6613.84 Linux users, which have been rolling out to all users in the Stable Desktop channel since Wednesday. 

Users are urged to keep their Chrome browsers updated to benefit from the latest security patches. Organizations should enforce automated browser updates and monitor for any signs of exploitation attempts. 

Uber Fined by EU for GDPR Violations Related to Driver Data Transfer 

Uber has been fined by the European Union for violating the General Data Protection Regulation (GDPR) in relation to the transfer of driver data. This fine underscores the importance of data privacy compliance, particularly concerning international data transfers. 

The incident serves as a reminder for companies operating in the EU or handling EU citizen data to strictly adhere to GDPR requirements to avoid substantial fines and potential reputational damage. Regular audits of data handling and transfer practices are recommended. 

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.