As part of plans to favour the release of more advanced alternative applications such as JavaScript and PowerShell, Microsoft on Wednesday announced the deprecation of Visual Basic Script (VBScript) in the second half of 2024. This development is becoming a reality after the initial announcement in October 2023. A report by the program manager of the tech giant explained, “Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as JavaScript and PowerShell. These languages offer broader capabilities and are better suited for modern web development and automation tasks.”
Identified Critical Remote Code Execution Flaws in Ivanti Endpoint Manager gets Patched
Among the 10 vulnerabilities identified in Ivanti, six of them, ranging from CVE-2024-29822 through CVE-2024-29827 with a CVSS score of 9.6 relating to SQL injection flaw, allow unauthenticated attackers within the same network execute arbitrary code. Four of these flaws tagged CVE-2024-29828, CVE-2024-29829, CVE-2024-29830, and CVE-2024-29846, each with CVSS scores of 8.4, require attacker’s authentication before possible execution of arbitrary code. As part of the means to tighten security, the company has patched a high-severity flaw (CVE-2024-29848, CVSS score: 7.2) present in Avalanche version 6.4.3.602. five high-severity vulnerabilities were also addressed.
Chinese APT Group’s Stealthy Tactics Exposed
Cybersecurity analysts have exposed that the Chinese advanced persistent threat (APT) group now targets governmental entities in the Middle East, Africa and Asia. A deeper investigation revealed the campaign Operation Diplomatic Specter has been active since 2022. Reports from two Palo Alto Network researchers reported that “An analysis of this threat actor’s activity reveals long-term espionage operations against at least seven governmental entities. The threat actor performed intelligence collection efforts at a large scale, leveraging rare email exfiltration techniques against compromised servers.”
The Bianlian ransomware group has launched a ransomware attack resulting in varying effects against three businesses listed below.
Nutec Group: This company specializes in industrial kilns and furnaces and high-temperature insulation. It serves over 50 countries around the world and provides high-quality, reliable products and services that help customers control industrial heating costs and achieve energy savings through efficiencies. The company has over 5,000 employees and a revenue of $19.1 million.
Critchfield and Johnston: Critchfield, Critchfield & Johnston, Ltd., through its attorneys and staff, is dedicated to providing superior solutions for its clients. We accomplish this by consistently delivering quality legal services in a timely manner, at a fair value, and with the highest ethical standards. The company has over 200 employees and a revenue of $9.8 million.
MAH Machine Company: This company aims to ship customers’ products on time and supply them with the highest quality at a reasonable price. The company has over 200 employees and a revenue of $20.4 million.
