Threat Intelligence

The NCSC has joined the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other international partners to release an advisory outlining a People’s Republic of China (PRC) state-sponsored cyber group, APT40, and the current threat it poses to Australian networks. Authoring agencies include the ASD’s ACSC, the United States...

// Overview  On June 7th, 2024, Qualys Threat Researcher Unit [1] discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. This vulnerability, being a single handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based...

AMARU is aware of a multi-stage phishing campaign currently impacting New Zealand organisations, active since at least 05 June 2024. Compromised user accounts are being used to send phishing emails which may originate from trusted or known contacts. These are being sent via Microsoft OneDrive/SharePoint sharing invitations, in an effort to redirect users...

AMARU would like to draw your attention to CVE-2024-4358 and CVE-2024-1800 affecting Progress Telerik Report Servers. The chaining of these two vulnerabilities can lead to unauthenticated remote code execution on vulnerable servers. We are aware of a publicly available proof of concept (PoC). CVE-2024-4358 can allow an unauthenticated attacker to gain...

Amaru would like to draw your attention to a crucial alert we received from The National Cyber Security Centre (NCSC) regarding two zero-day vulnerabilities discovered in Microsoft Products. These vulnerabilities pose severe threats to the security of organisations and individuals alike. Vulnerability Details: 1. CVE-2024-21410 – Microsoft Exchange Server:...