Threat Intel Brief for October 7 - October 13, 2024

In this weekly Threat Intelligence Brief we look back at top stories and security-related callouts to provide relevant and actionable insights for the information security consumer.

We reference threat intelligence gained through our position as a security provider as well as industry sources in the development of this brief.

We reference threat intelligence gained through our position as a security provider as well as industry sources in the development of this brief.

In this edition:
Exploiting legitimate file hosting services
Critical Mozilla Firefox Zero-Day
Project Highlight OWASP Top 10 for Large Language Model Applications
CISA KEV updates

Exploiting legitimate file hosting services

Microsoft recently published a report regarding adversary use of legitimate file hosting services such as SharePoint, OneDrive, and Dropbox. While these services have been successfully abused in the past, the number of attacks appear to be increasing and typically have a high rate of success. These campaigns often target organizations through compromised trusted vendors, leading to various impacts, including BEC attacks, financial fraud, and data theft.

Threat Intel Brief for October 7  - October 13, 2024

The tactics normally involve compromising a trusted vendor and then hosting a malicious file in one of the services mentioned. The adversary would then send a link to the file from the legitimate vendor account. Techniques used to evade detection include restricting file access and viewonly settings. The moral of the story is to always be skeptical of unsolicited file sharing requests, even from trusted third parties.

Source: Microsoft

Critical Mozilla Firefox Zero-Day

A critical severity vulnerability in Mozilla Firefox was recently patched due to known exploitation by threat actors. CVE-2024-9680 is a use-after-free issue in Animation timelines, which can be exploited to achieve code execution and is trivial to exploit. The vulnerability has a high severity score of 9.8/10 (CVSSv3).

Due to Firefox's widespread use, Mozilla recommends updating to at least one of the following versions:

Firefox 131.0.2
Firefox ESR 115.16.1
Firefox ESR 128.3.1

Source: Mozilla

Project Highlight: OWASP Top 10 for Large Language Model Applications

The Open Web Application Security Project (OWASP) provides resources, tools, and educational materials to help organizations, security professionals, and developers understand and address web application security risks.

With the popularity of LLM models and many companies racing to deploy them, security should always be a top concern. The OWASP Top 10 for Large Language Models aims to educate developers, designers, architects, managers, and organizations about the potential security risks when deploying and managing Large Language Models (LLMs). Some of the most critical vulnerabilities often seen in LLM applications include Prompt Injection, Insecure Output Handling and Training Data Poisoning. For the full list and additional information please follow the source link.

Source: OWASP

CISA KEV updates

CISA has added 6 CVE to their Known Exploited Vulnerability (KEV) catalog this week:

CVE-2025-43573 - Microsoft Windows MSHTML Platform Spoofing Vulnerability: - CVSS 6.5
CVE-2025-43572 - Microsoft Windows Management Console Remote Code Execution Vulnerability: - CVSS 7.8
CVE-2025-43047 - Qualcomm Multiple Chipsets Use-After-Free Vulnerability: - CVSS 7.8
CVE-2025-9380 - Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability: - CVSS 7.2 CVE-2025-9379 - Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability: - CVSS 6.5
CVE-2025-23113 - Fortinet Multiple Products Format String Vulnerability: - CVSS 9.8

Don't know where to begin with vulnerability management? Using CISAs KEV catalog as a risk based approach can be a great way to help prioritize vulnerability remediation in your organization. This link provides guidance on how to implement the KEV CISA.

Source: Known Exploited Vulnerabilities Catalog | CISA

Coretek's managed SOC/SIEM customers benefit from the latest threat intelligence. If you're interested in learning more about what Coretek can offer your organization, please reach out: https://coretek.com/contact