Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

May 2024

Understanding CVE-2024-32002: Git Remote Code Execution | Threat SnapShot

Welcome to this week's episode of SnapAttack Threat Snapshot! In this video, we'll dive into CVE-2024-32002, a critical remote code execution (RCE) vulnerability in Git that leverages symlink handling in repositories with submodules. This vulnerability can be exploited through a simple git clone command, potentially allowing attackers to execute arbitrary code on the victim's machine. *Subscribe to SnapAttack for more in-depth analyses and real-world applications of cybersecurity defenses.*

Hunting CVE-2024-30051: Desktop Window Manager Privilege Escalation | Threat SnapShot

In this episode, we dive into CVE-2024-30051, a critical out-of-bounds write vulnerability in the Desktop Window Manager. This bug, similar to CVE-2023-36033, allows attackers to escalate privileges to SYSTEM by exploiting a heap overflow in dwmcore.dll. CVE-2024-30051 has been actively exploited to deploy malware like Qakbot, as identified by Kaspersky. This video covers the process of hunting down a sample, executing it in a sandbox environment, and creating effective detections using logs from the exploit’s activity.

Threat Profiles: Figuring Out Which Threats Matter

In a typical security operations center (SOC), the threat detection and response teams have one key objective: identify and stop the bad guys. To do so, they invest in the best tools, recruit the best team members, and work tirelessly to stay ahead of any potential security incidents that might be on the horizon.

ESXi Ransomware: Trends, Logging, and Detection | Threat SnapShot

Since 2021, ransomware groups have set their sights on VMware ESXi hypervisors, with the SEXi variant, emerging in 2024, being the most recent threat. The Babuk Locker was one of the first to target ESXi, and its leaked source code enabled other strains like ESXiArgs, BlackBasta, and Clop to develop customized variants terminating VMs and encrypting data on ESXi servers. While employing similar tactics like exploiting vulnerabilities and encrypting VM files, these ESXi-focused ransomware exhibit patterns that provide detection opportunities across the board. By analyzing past attacks, we can better prepare for future threats targeting our virtualization environments. Join the SnapAttack community to access in-depth detection content covered in this video and stay ahead of evolving ransomware targeting ESXi.

Operationalizing the 2024 M-Trends Report | Threat SnapShot

Threat reports are invaluable resources, but transforming their insights into actionable defense strategies can be a daunting task. In this week's Threat SnapShot, AJ takes you on a journey through the 2024 M-Trends report, unveiling a seamless path to operationalize its findings using SnapAttack's cutting-edge platform. Whether you're a threat hunter, detection engineer, or security analyst, this video offers valuable insights and practical guidance on staying ahead of emerging threats by operationalizing the 2024 Mandiant Trends Report.