» Annie Blog

Executive Summary Cyberhaven has announced that their Cyberhaven Chrome extension was compromised on December 25, 2024, after a phishing attack on an administrator account allowed attackers to upload a malicious update (v24.10.4) to the Chrome Web Store. The compromised extension exfiltrated cookies, session tokens, and sensitive user data to an attacker-controlled domain, potentially enabling account…

Executive Summary Fortinet has recently addressed a critical vulnerability, designated CVE-2023-34990 in its Wireless LAN Manager (FortiWLM) software, which could allow remote, unauthenticated attackers to access sensitive files and potentially gain admin privileges. Exploited via a lack of input validation in log-reading functionality, this vulnerability exposes session IDs that attackers can use to hijack authenticated sessions. CVE-2023-34990, which affects…

Summary Four major Chinese state-sponsored Advanced Persistent Threat (APT) groups, Volt Typhoon, Salt Typhoon, Flax Typhoon, and Brass Typhoon, are targeting global critical infrastructure and network devices as part of coordinated cyber espionage campaigns. These groups exploit vulnerabilities in network appliances, IoT devices, and software supply chains to maintain persistent access and exfiltrate sensitive data. Their tactics include living-off-the-land…

Summary Ivanti has disclosed a critical authentication bypass vulnerability, designated CVE-2024-11639, in its Cloud Services Appliance (CSA) solution, which could allow remote attackers to gain administrative privileges without authentication. The flaw affects CSA version 5.0.2 and earlier, with Ivanti advising immediate upgrades to version 5.0.3. While there is no evidence of exploitation in the wild, this…

In today’s digital-first retail landscape, maintaining PCI compliance across multiple sales channels isn’t just a regulatory box to tick – it’s a critical safeguard for your business. Consider this: 60% of small businesses close their doors within six months of a data breach. That’s a wake-up call for retailers everywhere! From e-commerce platforms to mobile…