QuoIntelligence’s Weekly Intelligence Snapshot for the week of 11 – 17 January 2024 is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!
Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!
Cyber Highlights:
Vulnerability
GitLab Vulnerability: Risk of Account Takeover through Password Reset Flaw
Unknown threat actors are currently exploiting the recent password reset flaw in public GitLab CE (Community Edition) and GitLab EE (Enterprise Edition), identified as CVE-2023-7028. Through successful exploitation, attackers can manipulate the password reset feature, redirecting the password reset notifications to the attacker’s email instead of the intended recipient’s, thereby gaining unauthorized access.
Rollups
Industry impacted: Information Technology
- Threat Actors Exploit Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN
- Novel Python-Based Malware FBot Targets Web Servers, Cloud Services and Software-as-a-Service Platforms
- Study Finds Volt Typhoon Compromises 30% Of Cisco RV320/325 Devices In 37 Days Targeting US, UK, And Australian Critical Infrastructure
- Azorult Malware Resurfaces with Enhanced Stealth Capabilities
- Over 178,000 SonicWall Firewalls Found To Be Publicly Exploitable
- Remote Code Execution in Confluence Data Center and Confluence Server Instances
- Have I Been Pwned adds 71 million emails from Naz.API stolen account list
Geopolitical Highlights
Updates On The Security Situation in The Red Sea And Its Implications
QuoIntelligence analyzes the security situation in the Read Sea and its global implications.
Industry impacted: Industrials
QuoIntelligence analyzes the security situation in the Read Sea and its global implications.
Rollups
Industry impacted: Financials, Information Technology
- Microsoft Announces Its European Cloud Customers Can Now Process And Store Personal Data Within The EU
- China Releases Draft Guidelines to Implement AI Industry Standards By 2026 and Close the Gap With US
- EU Parliament Approves Directive Against Greenwashing and Misleading Claims
- EU Council and Parliament Reach Provisional Agreement on Comprehensive Anti-Money Laundering Package
Outlook
- International Conference on Network Security & Applications (CNSA 2024)
- The Spring 2024 Defensive Cyber Industry Day
Interested in becoming a premium customer? Let’s talk
