ThaiCERT

443/67 Monday, December 16, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerability CVE-2024-50623 (CVSS score 8.8), which affects Cleo Harmony, VLTrader, and LexiCom products, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability involves unrestricted file upload and download, which could lead to remote code execution (RCE). Users are advised to […]

442/67 Monday, December 16, 2024 OpenWrt, a popular open-source operating system for routers and network devices, has been revealed to contain a critical security vulnerability in its Attended Sysupgrade (ASU) feature. This vulnerability, identified as CVE-2024-54143, has received a CVSS severity score of 9.3 out of 10, indicating a high level of risk. The vulnerability […]

441/67 Thursday, December 12, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in the Microsoft Windows Common Log File System (CLFS), identified as CVE-2024-49138, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, with a CVSS score of 7.8, was addressed in Microsoft’s December 2024 Patch Tuesday security update, which […]

440/67 Thursday, December 12, 2024 Adobe, a leading software developer, has released its December 2024 Patch Tuesday security update, addressing over 160 vulnerabilities across 16 popular products such as Reader, Illustrator, Photoshop, and Connect. Key details of the fixes include: While Adobe confirmed that no active exploits of these vulnerabilities have been detected, the company […]

439/67 Wednesday, December 11, 2024 Anna Jaques Hospital in Massachusetts, USA, has disclosed a ransomware attack on December 25, 2023, which led to the leak of sensitive health information for over 316,000 patients. The hospital, which provides a range of services including emergency care, maternity, oncology, cardiology, and orthopedic surgery, immediately suspended the affected systems […]

438/67 Wednesday, December 11, 2024 The newly established ransomware group “Termite” has claimed responsibility for a cyberattack that caused significant damage to Blue Yonder, a major U.S.-based supply chain technology company. The attack has disrupted operations for leading organizations such as Starbucks and prominent UK retailers Morrisons and Sainsbury’s. Blue Yonder, headquartered in Arizona, revealed […]

437/67 Monday, December 9, 2024 Romania’s Intelligence Service revealed that the country’s electoral system was targeted by more than 85,000 cyberattacks. The attackers accessed data from election-related websites and disseminated the information on Russian cybercrime forums prior to the presidential election. Intelligence officials suggested the attacks may have exploited user account breaches or vulnerabilities in […]

436/67 Monday, December 9, 2024 Internal threats have emerged as a significant challenge for businesses worldwide. According to the 2024 Insider Threat Report by Cybersecurity Insiders, 83% of organizations experienced at least one insider attack in the past year. Alarmingly, the number of organizations facing 11–20 attacks surged fivefold, increasing from 4% in 2023 to […]

435/67 Friday, December 6, 2024 Cisco has issued a warning to customers regarding a decade-old vulnerability in its Cisco Adaptive Security Appliance (ASA) software, identified as CVE-2014-2120. This vulnerability is currently being widely exploited. It exists in the WebVPN login page of ASA software, allowing unauthenticated attackers to execute Cross-Site Scripting (XSS) attacks on WebVPN […]

434/67 Friday, December 6, 2024 U.S. federal officials have issued an urgent warning to telecom companies, calling for enhanced security measures following a significant cyberattack attributed to a Chinese hacker group known as Salt Typhoon. The attack targeted personal data of Americans, including text messages, phone conversations, and metadata about dates, times, and contacts of […]