Welcome to this week's episode of SnapAttack Threat Snapshot! In this video, we'll dive into CVE-2024-32002, a critical remote code execution (RCE) vulnerability in Git that leverages symlink handling in repositories with submodules. This vulnerability can be exploited through a simple git clone command, potentially allowing attackers to execute arbitrary code on the victim's machine. *Subscribe to SnapAttack for more in-depth analyses and real-world applications of cybersecurity defenses.*

In this episode, we dive into CVE-2024-30051, a critical out-of-bounds write vulnerability in the Desktop Window Manager. This bug, similar to CVE-2023-36033, allows attackers to escalate privileges to SYSTEM by exploiting a heap overflow in dwmcore.dll. CVE-2024-30051 has been actively exploited to deploy malware like Qakbot, as identified by Kaspersky. This video covers the process of hunting down a sample, executing it in a sandbox environment, and creating effective detections using logs from the exploit’s activity.

Since 2021, ransomware groups have set their sights on VMware ESXi hypervisors, with the SEXi variant, emerging in 2024, being the most recent threat. The Babuk Locker was one of the first to target ESXi, and its leaked source code enabled other strains like ESXiArgs, BlackBasta, and Clop to develop customized variants terminating VMs and encrypting data on ESXi servers. While employing similar tactics like exploiting vulnerabilities and encrypting VM files, these ESXi-focused ransomware exhibit patterns that provide detection opportunities across the board. By analyzing past attacks, we can better prepare for future threats targeting our virtualization environments. Join the SnapAttack community to access in-depth detection content covered in this video and stay ahead of evolving ransomware targeting ESXi.

Threat reports are invaluable resources, but transforming their insights into actionable defense strategies can be a daunting task. In this week's Threat SnapShot, AJ takes you on a journey through the 2024 M-Trends report, unveiling a seamless path to operationalize its findings using SnapAttack's cutting-edge platform. Whether you're a threat hunter, detection engineer, or security analyst, this video offers valuable insights and practical guidance on staying ahead of emerging threats by operationalizing the 2024 Mandiant Trends Report.

If you want easy access to tons of intel, threats, and detections, all wonderfully curated into easy-to-find landing pages, sign up for a SnapAttack community account!

Welcome back to another episode of SnapAttack's Threat SnapShot! I’m AJ King, the Director of Threat Research here at SnapAttack. In today’s episode, I dive into detecting the XZ Backdoor, CVE-2024-3094, a sophisticated supply chain attack that could have had a massive impact on many Linux distributions.