1.0 Introduction
The Cyber Incident Quarterly Summary Report Q3 2024 provides an overview of computer security incidents handled by the Cyber999 Incident Response Centre of CyberSecurity Malaysia in Q3 2024.
This quarterly Cyber Incident Report also highlights statistics of incidents dealt with by Cyber999 Incident Response Centre in Q3 2024 according to their categories and security alerts and advisories released in this quarter. It should be noted that the statistics provided in this report reflect only the total number of incidents reported and handled by the Cyber999 Incident Response Centre, excluding elements such as monetary value or aftermaths of the incidents. Computer security incidents dealt with by the Cyber999 Incident Response Centre involved IP addresses and domains from Malaysia.
CyberSecurity Malaysia works closely with ISPs, CERTs, Special Interest Groups (SIGs) and Law Enforcement Agencies (LEAs), from local and international, to remediate and mitigate computer security incidents affecting Malaysia's organisations and the public.
2.0 Trends Q3 2024
Malaysian Internet users increased to 33.59 million at the start of 2024.[1] As of January 2024, Malaysia’s estimated number of social media users is 28.68 million, equating to 83.1 percent of the total population. In general, the Cyber999 Incident Response Centre receives incident reports from Internet users, members of the public, home users, small and medium enterprises (SMEs), industries, academia, and non-profit organisations (NGOs). We also proactively seek and gather insights on cyber threats through partnerships and collaborations worldwide that could impact Internet users and organisations in Malaysia and aid in mitigating these threats. The Cyber999 Incident Response Centre received 1,623 incidents in Q3 2024, compared to 1,481 incidents in Q2 2024. This indicates a 10% increase in incidents in Q3 2024.
Tables 1 to 3 below provide details of the incidents, and their figures reported in Q2 2024 and Q3 2024.
Categories of Incidents |
Quarters |
Percentage (%) |
|
Q2 2024 |
Q3 2024 |
||
Denial of Service |
7 |
8 |
14 |
Intrusion |
104 |
71 |
-32 |
Data Breach |
117 |
168 |
44 |
Intrusion Attempt |
106 |
140 |
32 |
Vulnerabilities Report |
14 |
21 |
50 |
Malicious Codes |
163 |
57 |
-65 |
Fraud |
947 |
1139 |
20 |
Spam |
23 |
57 |
148 |
TOTAL |
1481 |
1623 |
10 |
Table 1: Comparison of Incidents Reported in Q2 2024 and Q3 2024
Categories of Incidents |
July |
Aug |
Sept |
Denial of Service |
2 |
5 |
1 |
Intrusion |
29 |
14 |
17 |
Data Breach |
53 |
35 |
80 |
Intrusion Attempt |
69 |
37 |
34 |
Vulnerabilities Report |
4 |
4 |
6 |
Malicious Codes |
34 |
13 |
10 |
Fraud |
365 |
441 |
333 |
Spam |
8 |
4 |
7 |
TOTAL |
564 |
553 |
488 |
Table 2: Breakdown of Incidents Based on Months in Q3 2024
Categories and Sub-categories of Incidents |
Jul |
Aug |
Sept |
Denial of Service |
|
|
|
Denial of Service – DoS |
2 |
5 |
1 |
Fraud |
|
|
|
Fraud -- Bogus Email |
5 |
26 |
9 |
Fraud – Business Email Compromise |
1 |
0 |
1 |
Fraud – Fraud Site |
14 |
6 |
6 |
Fraud – Impersonation & Spoofing |
70 |
108 |
60 |
Fraud – Job Scam |
5 |
6 |
3 |
Fraud – Love/Parcel Scam |
4 |
1 |
0 |
Fraud -- Phishing |
266 |
294 |
254 |
Vulnerabilities Report |
|
|
|
Vulnerabilities Report – Misconfiguration Information Disclosure |
7 |
3 |
1 |
Vulnerabilities Report -- System |
2 |
1 |
0 |
Vulnerabilities Report -- Web |
2 |
3 |
2 |
Intrusion |
|
|
|
Intrusion – Account Compromise |
13 |
14 |
9 |
Intrusion -- Defacement |
16 |
0 |
8 |
Intrusion Attempt |
|
|
|
Intrusion Attempt – Login Brute Force |
27 |
10 |
12 |
Intrusion Attempt – Port Scanning |
0 |
0 |
0 |
Intrusion Attempt – Vulnerability Probes |
42 |
27 |
22 |
Malicious Codes |
|
|
|
Malicious Codes – Botnet C&C |
3 |
3 |
0 |
Malicious Codes – Malware |
25 |
8 |
9 |
Malicious Codes – Malware Hosting |
6 |
2 |
1 |
|
|
|
|
Content Related |
|
|
|
Content Related – Data Breach |
36 |
34 |
47 |
Spam |
8 |
4 |
7 |
TOTAL |
564 |
553 |
488 |
Table 3: Breakdown of categories and sub-categories of incidents in Q3 2024
Figure 1 illustrates and provides an overview of the incidents reported in Q3 2024 in a chart. Figure 2 illustrates the percentage of incidents based on their classification.
Figure 1: Breakdown of incidents based on months in Q3 2024
Figure 2: Percentage of incidents reported by categories in Q3 2024
Based on the above statistics, categories of incidents (Data Breach, Vulnerabilities Report, Intrusion Attempts and Fraud) reported to us have increased in Q3 2024 compared to Q2 2024, and categories have decreased such as Malicious Codes and Intrusion. The data breach incident increased to 44% from Q2 2024. In Q3 2024, the most reported incidents were Fraud, Data Breach and Intrusion Attempts. Fraud represents (68.57%) of the total reported incidents to us. This is followed by Data Breach (10.11%) and Intrusion Attempts (8.43%).
Based on the current trends, fraud incidents will most likely continue to grow in Malaysia in 2024. Data breach incidents have slightly increased for this quarter. Therefore, organisations and Internet users are urged to take proper security measures to prevent data breaches.
Meanwhile, for fraud incidents other than phishing URLs, new tactics and techniques in online scams that concatenate social engineering, and malicious code could potentially continue to grow in Malaysian cyberspace.
2.1 Top Fraud Incidents Reported in Q3 2024
Fraud continuously prevails within the community, targeting various citizens, from students to professionals. It has become a preferred method of criminals as awareness is still lacking among the public, making them an easier target. One thousand one hundred - thirty-nine fraud incidents were handled this quarter, representing a 20% increase compared to Q2 2024. All the fraud incidents were received from organisations and public users. The top fraud incidents reported to the Cyber999 Incident Response Centre are as follows:
Table 4: Top Fraud Incidents Reported in Q3 2024
| Top Fraud incidents | Number of Incidents |
| Phishing | 814 |
| Impersonation and Spoofing | 238 |
| Bogus Email | 40 |
| Fraudulent Website | 26 |
| Job Scam | 14 |
| Love and parcel scam | 5 |
| Business Email compromised – BEC scam | 2 |
Our statistics show over three-quarters of fraud incidents reported are phishing, representing 20% of total Fraud incidents reported in Q3 2024. We observed the following phishing trends in Malaysia based on the incidents reported to us:
i. Contextualised and Localised Phishing Themes
*Government Aid Scams: Phishing emails or SMS impersonate legitimate government programs (e.g., bantuan/sumbangan kerajaan), offering financial aid but requiring victims to provide personal details or click malicious links.
*Fake Promotions and Discounts: Popular brands like Lazada, Shopee, or local retailers are spoofed, luring victims with fraudulent discounts or free vouchers.
*Traffic Summons Scams: Messages claim unpaid police summons, providing fake payment links to steal financial credentials.
*Subscription Services: Services like Netflix or Spotify are impersonated, tricking victims into renewing subscriptions or fixing payment issues on fake websites.
ii. Mobile-Focused Phishing (Smishing and App-Based)
Smishing (SMS Phishing): Attackers send fraudulent SMS messages mimicking banks, e-wallets, or delivery services (e.g., J&T, Pos Malaysia) with malicious links.
iii. Phishing Calls (Vishing)
Phone Scams: Attackers impersonate government agencies (e.g., police or LHDN, MCMC), banks, companies, or even CyberSecurity Malaysia, pressuring victims to disclose sensitive information. Common tactics include threats of legal action, account suspension, or overdue payments.
Therefore, Internet users and organisations must be vigilant when conducting online transactions or performing e-commerce transactions to avoid becoming victims of online fraud.
2.2 Top Malware Incidents Reported in Q3 2024
The top malware incidents include malware hosting, ransomware, malicious APK, backdoors, and trojans. The top reported malware incidents are related to malicious APKs. This type of incident is typically received from Internet banking users and sometimes from local financial institutions.
A malicious APK is an Android Package (APK) file containing malware designed to harm devices, steal data, or perform unauthorised actions. APK files are the format used to distribute and install applications on Android devices, and malicious versions exploit this format to spread malware. They often mimic popular apps (e.g., social media, games, or utilities) to trick users into downloading. Attackers may distribute these files through phishing emails, social media, fake websites, or third-party app stores.
Table 5: Types of Malicious APKs Reported in Q3 2024
Types of Malicious APK
|
| Cod APK |
| ?Maxtag APK |
| Lestariservice APK |
| Kad Jemputan Digital APK |
| 2%A2%C2%A6%C3%A4%C2%B9%C2%8B%C3%A6%C2%98%C2%9F APK |
The second top-reported incident within the malware category is malware hosting. Malware hosting primarily targeted vulnerable servers with outdated security patches and updates. These incidents are usually received from foreign entities, such as anti-virus vendors and special interest groups, regarding servers in Malaysia that are hosting malware. System Administrators must be vigilant and keep systems up to date with the latest patches and security updates to prevent servers from being compromised and hosting malware.
Ransomware incidents decreased in Q3 2024 compared to the previous quarter. For Q2 2024, we received 26 incidents, while for Q3 2024, we received 9 incidents, indicating a decrease of 65% compared to Q2 2024. Ransomware is malicious software (malware) that infects a computer and restricts access until the requested ransom is paid. It is also considered one of the costliest attacks, as it is enormous to recover all the data and rectify infected machines.
Our finding identified that businesses are most impacted by ransomware incidents in Malaysia, consistent across the globe. We observed AD servers have become primary targets in Malaysia. Compromising AD servers can significantly amplify the impact of a ransomware attack. Using tools like PsExec, Group Policy Objects (GPOs), or Windows Management Instrumentation (WMI) to execute ransomware on all connected systems. Ryuk and Conti have been observed targeting AD servers for mass deployment and faster network-wide encryption. We also observed attackers exploit vulnerabilities in virtualisation platforms like VMware, and ESXi servers can be targeted directly, allowing attackers to gain control over multiple VMs simultaneously. Ransomware operators use phishing attacks, brute force, or stolen credentials to access VM management consoles or servers. LockBit has been observed deploying scripts to attack VMware environments, including deleting backups and snapshots.
Looking at the current trends, ransomware incidents will continue to grow in Malaysia in 2024. Even though reported ransomware incidents have dropped this quarter, organisations and Internet users must always take proper security measures against ransomware incidents. Good backup management, password security and cyber security awareness are essential in combating ransomware and other types of malware. Implementing the backup procedure, policy, and best practices among organisations and
Table 6: Ransomware Variants Reported in Q3 2024
Types of Ransomware Variant
|
Number of Incidents |
| MoneyIsTime Ransomware | 2 |
| Fog Ransomware | 1 |
| LokiLocker Ransomware | 2 |
| Arcus Media Ransomware | 1 |
| Valencia Ransomware | 1 |
| MedusaLocker Ransomware | 1 |
| NAS Synology | 1 |
Apart from ransomware, we also handled incidents involving botnets that infected computers in Malaysia. A botnet (short for robot network) is a network of computers or devices infected by malicious programs and controlled by a single attacker called a botmaster or bot herder. These infected devices, called bots or zombies, enable the attacker to control them remotely. Botnets are commonly used in:
- Distributed Denial-of-Service (DDoS) Attacks: to overwhelm a target system, server, or network, making it unavailable to legitimate users.
- Massive Spam Campaigns: Sending large amounts of phishing or spam emails.
- Credential Theft: Logging keystrokes to steal passwords or sensitive information.
- Cryptojacking: Using infected devices to mine cryptocurrency without consent.
Below is the list of top botnets that infected computers, primarily belonging to individuals and organisations in Malaysia, as reported to the Cyber999 Incident Response Centre in Q3 2024:
Table 7: Types of Botnet Reported in Q3 2024
Types of Botnets
|
| smokeloader |
| tsifiri |
| ranbyus |
| cobaltstrike |
| nymaim |
| 911-socks5-proxy |
| avalanche |
| avalanche-ranbyus |
| nobelium,cobalt-strike |
| android.vo1d |
Apart from ransomware, botnets and malware hosting, we also handled incidents related to infostealer in Q3 2024. Infostealer is malicious software created to breach computer systems and steal sensitive information—including login details. Generally, data from the infostealers contained login credentials from various sources, including information saved on web browsers (such as passwords and credit logins), auto-filled logins, FTP clients, email apps, instant messaging clients, and VPNs.
Below is a list of infostealers associated with data breach reported to us in Q3 2024:
Table 8: Info stealers reported in Q3 2024
Types of Info Stealers
|
Number of Incidents |
| Info stealer | 8 |
| Anubis stealer | 97 |
| Redline stealer | 19 |
| Starlink stealer | 46 |
2.3 Data Breach Incidents Growing in Malaysia
Data breach incidents are growing in Malaysia, with a nearly 44 percent increase this quarter, underscoring the need for better security measures to ensure national security and public trust. High-profile breaches often involve massive datasets, including personal identifier information (PII) like identification numbers, addresses, and financial details, and often involve PII from national databases. Serious security measures must consistently be implemented to prevent and mitigate data breaches, especially for personal data.
We are also observing a trend where perpetrators exfiltrate or steal sensitive data from organisations and hold the data hostage. Perpetrators will then threaten the organisation to release or sell the data on the dark web unless the organisation pays ransom within a timeframe set by the perpetrators. In the case of extortion by perpetrators, we always advise organisations to refer the matter to the LEAs, such as the police, for assistance. Other trends we observed in this quarter include resurfacing of previous data breaches. Perpetrators claimed and posted on the dark web that they have breached data belonging to specific organisations. However, our analysis confirmed these are resurfaces of previous data breaches that happened a few years back and not new breaches.
Table 9: Data Breaches Reported in Q3 2024
Types of Data Breach
|
Description |
| Personal Identifier Information (PII) | Full name, identity card numbers, home address, age, handphone number, date of birth, and salary.
|
| Account Credential | Username and password of email accounts, username and password of Internet banking accounts.
|
| Appliances Credential | Admin panel access, Joomla, wordpress, ftp access, wp-admin access and etc.
|
3.0 Security Advisories and Alerts Released in Q3 2024
In Q3 2024, the Cyber999 Incident Response Centre issued 32 Security Advisories and two Alerts, each with descriptions, mitigation steps, and recommendations for organisations and Internet users to follow. The security advisories involved Mozilla, Microsoft, Apple, VMware, and several other CVEs listed in Table 10. The security alerts concern growing online fraud and malware threats that we identified as potentially serious to citizens and organisations in Malaysia. If not correctly identified and mitigated, such threats could have serious consequences for citizens and organisations.
Table 10: List of Significant CVEs in Q3 2024
CVE |
Description |
| CVE-2024-5806 | Improper Authentication in Progress MOVEit Transfer This vulnerability in the SFTP module can lead to Authentication Bypass. Affects MOVEit Transfer versions from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, and from 2024.0.0 before 2024.0.2 |
| CVE-2024-6387 | Race Condition in OpenSSH A race condition in OpenSSH's server (sshd) can lead to unsafe signal handling. An unauthenticated, remote attacker may trigger it by failing to authenticate within a set time period |
| CVE-2024-5491 | Denial of Service in NetScaler ADC and Gateway This vulnerability affects versions before 14.1-25.53, 13.1-53.17, and 13.0-92.31 |
| CVE-2024-5492 | Open Redirect in NetScaler ADC and Gateway
llows a remote unauthenticated attacker to redirect users to arbitrary websites |
| CVE-2024-6235 | Sensitive Information Disclosure in NetScaler Console This vulnerability has a CVSS score of 9.4, indicating critical severity |
| CVE-2024-6236 | Denial of Service in NetScaler Console, Agent, and SDX (SVM) Affects versions before 14.1-25.53, 13.1-53.17, and 13.0-92.31 |
| CVE-2024-6148 | Bypass of GACS Policy Configuration in Citrix Workspace app for HTML5 Allows bypassing of policy configuration settings |
| CVE-2024-6149 | Redirection to Vulnerable URL in Citrix Workspace app for HTML5 Allows redirection of users to a vulnerable URL |
| CVE-2024-6150 | Disruption in Target VM Availability in Citrix Provisioning Allows a non-admin user to cause short-term disruption in Target VM availability |
| CVE-2024-6151 | Local Privilege Escalation in Citrix Virtual Delivery Agent for Windows Used by Citrix Virtual Apps and Desktops and Citrix DaaS |
| CVE-2024-22280 | SQL Injection in VMware Aria Automation Due to improper input validation, allowing authenticated users to perform unauthorized read/write operations in the database |
| CVE-202-30013 | Remote Code Execution in Windows MultiPoint Services Allows remote code execution |
| CVE-2024-21417 | Elevation of Privilege in Windows Text Services Framework Allows elevation of privilege |
| CVE-2024-39060 | Reserved Reserved for future use |
| CVE-2024-38104 | Remote Code Execution in Windows Fax Service Allows remote code execution |
| CVE-2024-38112 | Spoofing in Windows MSHTML Platform Allows spoofing |
| CVE-2024-38023 | Remote Code Execution in Microsoft SharePoint Server Allows remote code execution |
| CVE-2024-38021 | Remote Code Execution in Microsoft Outlook Allows remote code execution |
| CVE-2024-6772 | Out of Bounds Memory Access in V8 in Google Chrome Allows out of bounds memory access via a crafted HTML page |
| CVE-2024-6773 | Heap Corruption in V8 in Google Chrome Allows potential heap corruption via a crafted HTML page |
| CVE-2024-6774 | Use After Free in Screen Capture in Google Chrome Allows a remote attacker to potentially exploit heap corruption via a crafted HTML page |
| CVE-2024-6775 | Use After Free in Media Stream in Google Chrome Allows a remote attacker to potentially exploit heap corruption via a crafted HTML page |
| CVE-2024-6776 | Use After Free in Audio in Google Chrome Allows a remote attacker to potentially exploit heap corruption via a crafted HTML page |
| CVE-2024-6777 | Use After Free in Navigation in Google Chrome Allows an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension |
| CVE-2024-6778 | Race in DevTools in Google Chrome Allows an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension |
| CVE-2024-6779 | Out of Bounds Memory Access in V8 in Google Chrome Allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page |
| CVE-2024-6606 | Out-of-Bounds Read in Firefox and Thunderbird Clipboard code failed to check the index on an array access, leading to an out-of-bounds read. Affects Firefox < 128 and Thunderbird < 128 |
| CVE-2024-6605 | Tapjacking in Firefox Android Allowed immediate interaction with permission prompts, which could be used for tapjacking. Affects Firefox < 128 |
| CVE-2024-6604 | Memory Safety Bugs in Firefox and Thunderbird Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and could have been exploited to run arbitrary code. Affects Firefox < 128 |
| CVE-2024-37085 | Authentication Bypass in VMware ESXi A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management |
| CVE-2024-6990 | Uninitialized Use in Dawn in Google Chrome on Android This critical vulnerability allows a remote attacker to perform out of bounds memory access via a crafted HTML page. Fixed in version 127.0.6533.88 |
| CVE-2024-7255 | Out of Bounds Read in WebTransport in Google Chrome This vulnerability allows a remote attacker to perform out of bounds memory access via a crafted HTML page. Fixed in version 127.0.6533.88 |
| CVE-2024-7256 | Insufficient Data Validation in Dawn in Google Chrome on Android This high-severity issue allows a remote attacker to execute arbitrary code via a crafted HTML page. Fixed in version 127.0.6533.88 |
| CVE-2024-21302 | Elevation of Privilege in Windows Secure Kernel Mode This vulnerability allows an attacker with administrator privileges to replace updated Windows system files with older versions, potentially reintroducing vulnerabilities and circumventing VBS security features |
| CVE-2024-38202 | Elevation of Privilege in Windows Update This vulnerability allows an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS) |
| CVE-2024-36971 | Use After Free in Linux Kernel A race condition in __dst_negative_advice() allows an attacker to trigger use after free (UAF) in the Linux kernel. Affects various versions from 4.6 to 6.1.94 |
| CVE-2024-38856 | Incorrect Authorization in Apache OFBiz This vulnerability allows unauthenticated endpoints to execute screen rendering code if certain preconditions are met. Affects Apache OFBiz through version 18.12.14 |
| CVE-2024-7532 | Out of Bounds Memory Access in ANGLE in Google Chrome This critical vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. Fixed in version 127.0.6533.99 |
| CVE-2024-7533 | Use After Free in Sharing in Google Chrome on iOS This high-severity vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. Fixed in version 127.0.6533.99 |
| CVE-2024-7534 | Heap Buffer Overflow in Google Chrome Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page |
| CVE-2024-7535 | Inappropriate Implementation in V8 in Google Chrome Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page |
| CVE-2024-7536 | Use After Free in WebAudio in Google Chrome Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page |
| CVE-2024-27181 | Privilege Escalation in Apache Linkis In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0 |
| CVE-2024-27182 | Arbitrary File Deletion in Apache Linkis In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on a user with an administrator account could delete any file accessible by the Linkis system user. Upgrade to version 1.6.0 |
| CVE-2024-7518 | Spoofing Attack in Firefox Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. Affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1 |
| CVE-2024-7519 | Memory Corruption in Firefox Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. Affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1 |
| CVE-2024-7520 | Type Confusion in WebAssembly in Firefox A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. Affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1 |
| CVE-2024-7521 | Use After Free in WebAssembly in Firefox Incomplete WebAssembly exception handling could have led to a use-after-free. Affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1 |
| CVE-2024-7522 | Out of Bounds Read in Editor Component in Firefox Editor code failed to check an attribute value. This could have led to an out-of-bounds read. Affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1 |
| CVE-2024-7523 | Document Content Obscuring Security Prompts in Firefox A select option could partially obscure security prompts, which could be used by a malicious site to trick a user into granting permissions. This issue affects Android versions of Firefox. |
| CVE-2024-7524 | CSP Strict-Dynamic Bypass Using Web-Compatibility Shims in Firefox Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. An attacker could use a DOM Clobbering attack on some of the shims to achieve XSS, bypassing CSP strict-dynamic protection |
| CVE-2024-7525 | Missing Permission Check When Creating a StreamFilter in Firefox It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site |
| CVE-2024-7526 | Uninitialized Memory Used by WebGL in Firefox ANGLE failed to initialize parameters, leading to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory |
| CVE-2024-7527 | Use-After-Free in JavaScript Garbage Collection in Firefox Unexpected marking work at the start of sweeping could have led to a use-after-free |
| CVE-2024-7529 | Date Picker Obscuring Security Prompts in Firefox The date picker could partially obscure security prompts, which could be used by a malicious site to trick a user into granting permissions |
| CVE-2024-7530 | Use-After-Free in JavaScript Code Coverage Collection in Firefox Incorrect garbage collection interaction could have led to a use-after-free |
| CVE-2024-7531 | Plaintext Exposure in NSS Using CKM_CHACHA20 in Firefox Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor |
| CVE-2024-38200 | Microsoft Office Spoofing Vulnerability This vulnerability allows an attacker to spoof content in Microsoft Office, potentially leading to exposure of sensitive information |
| CVE-2024-7589 | Race Condition in OpenSSH A signal handler in sshd (8) may call a logging function that is not async-signal-safe, creating a race condition that a determined attacker may exploit to execute unauthenticated code as root |
| CVE-2024-1305 | Buffer Overflow in tap-windows6 Driver The tap-windows6 driver version 9.26 and earlier does not properly check the size data of incoming write operations, which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space |
| CVE-2024-27459 | Stack Overflow in OpenVPN The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow, which can be used to execute arbitrary code with more privileges |
| CVE-2024-24974 | Unauthorized Access in OpenVPN The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service |
| CVE-2024-27903 | Arbitrary Plug-in Loading in OpenVPN OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in that can be used to interact with the privileged OpenVPN interactive service |
| CVE-2024-38218 | Memory Corruption in Microsoft Edge (HTML-based) This vulnerability in Microsoft Edge (HTML-based) allows memory corruption, potentially leading to arbitrary code execution |
| CVE-2024-38219 | Remote Code Execution in Microsoft Edge (Chromium-based) This vulnerability in Microsoft Edge (Chromium-based) allows remote code execution |
| CVE-2024-39818 | Information Disclosure in Zoom Workplace Apps and SDKs Protection mechanism failure in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access |
| CVE-2024-6500 | Unauthorized Access and Deletion in InPost for WooCommerce and InPost PL Plugins The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function |
| CVE-2024-43472 | Elevation of Privilege in Microsoft Edge (Chromium-based) This vulnerability allows an attacker to elevate privileges in Microsoft Edge (Chromium-based). It affects versions up to 127.0.2651.105 |
| CVE-2024-7971 | Type Confusion in V8 in Google Chrome This vulnerability allows a remote attacker to exploit heap corruption via a crafted HTML page. It affects versions prior to 128.0.6613.84 |
| CVE-2024-28000 | Incorrect Privilege Assignment in LiteSpeed Cache This vulnerability in LiteSpeed Cache allows privilege escalation. It affects versions from 1.9 through 6.3.0.1 |
| CVE-2024-6800 | XML Signature Wrapping in GitHub Enterprise Server This vulnerability allows an attacker to forge a SAML response to gain access to a user with site administrator privileges. It affects all versions prior to 3.14 |
| CVE-2024-41879 | Out-of-Bounds Write in Acrobat Reader This vulnerability in Acrobat Reader could result in arbitrary code execution in the context of the current user. It affects versions 127.0.2651.105 and earlier |
| CVE-2024-38208 | Spoofing Vulnerability in Microsoft Edge for Android This vulnerability allows an attacker to spoof content in Microsoft Edge for Android |
| CVE-2024-38207 | Memory Corruption in Microsoft Edge (HTML-based) This vulnerability allows memory corruption in Microsoft Edge (HTML-based), potentially leading to arbitrary code execution |
| CVE-2024-38210 | Remote Code Execution in Microsoft Edge (Chromium-based) This vulnerability allows remote code execution in Microsoft Edge (Chromium-based). It affects versions up to 128.0.2739.42 |
| CVE-2024-38209 | Remote Code Execution in Microsoft Edge (Chromium-based) This vulnerability allows remote code execution in Microsoft Edge (Chromium-based). It affects versions up to 128.0.2739.42 |
4.0 Conclusion
Overall, the number of computer security incidents reported to the Cyber999 Incident Response Centre in Q3 2024 was 1,623 incidents. The reported incidents increased about 10% for Q3 2024 without any significant or severe incidents observed this quarter. Nevertheless, organisations and individuals must always be vigilant with readiness and preventive and mitigation steps against potential threats. Perpetrators are very motivated, eager and determined with new and sophisticated tactics and techniques to execute cyber-attacks.
Hence, we strongly recommend that all internet users be constantly aware of today's cybercrime trends and adhere to the best cyber hygiene practices. This also includes secure handling of emails from unknown sources, safe web browsing, purchasing goods online, and using social media applications. Users must keep systems up to date with the latest security patches and updates to prevent their computers from being compromised or infected with malware. Always check the legibility of the applications, portal, merchants, services, and products before conducting any online transaction.
As the complexity of cyber threats continues to increase, organisations and individuals could be potential targets if they are not equipped with security awareness. Providing security awareness campaigns to citizens and organisations is among the best efforts to improve national cyber security and public trust.
Malaysian Internet users and organisations may contact us to report cyber security incidents at the below contact:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my
References: