// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of July 8, 2024
Signal Brief · Archived

Week of July 8, 2024

2024-07-08 — 2024-07-14 · 6 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of July 8, 2024, ColdRecon logged 6 public endpoint-security events from open-source reporting — 4 vuln disclosures, 2 incidents. Vendors in the record this week: Trend Micro, Trellix, IBM.

The Week's Public Record

Events

2024-07-14
vuln disclosure
Trend Micro Apex One RCE Enables Endpoint Security BypassTrend Micro Apex One RCE
Two critical vulnerabilities in Trend Micro Apex One allow remote code execution, leading to complete endpoint security bypass. The flaws enable attackers to disable the EDR agent and evade detection. This poses a significant risk to organizations relying on Apex One for endpoint protection.
2024-07-14
incident
RansomHouse Claims Breach of Trellix Source Code RepositoriesTrellix Source Code Breach by RansomHouse
The RansomHouse extortion group claims to have breached Trellix's source code repositories, exposing internal security vendor code. This incident potentially enables supply chain attacks and provides adversaries with insights into Trellix's endpoint security products. The breach underscores risks to security vendors as high-value targets.
2024-07-10
vuln disclosure
IBM Security QRadar EDR 3.12 Missing Secure Cookie AttributeCVE-2023-33860
IBM Security QRadar EDR 3.12 fails to set the 'Secure' attribute on authorization tokens or session cookies. This allows attackers to potentially intercept cookie values by tricking users into accessing an HTTP link, leading to session hijacking. A patch is available from IBM.
2024-07-10
vuln disclosure
CVE-2024-5912: Cortex XDR Agent Improper File Signature Verification Allows Executable Blocking BypassCVE-2024-5912
A vulnerability in Palo Alto Networks Cortex XDR agent allows attackers to bypass the agent's executable blocking capabilities due to improper file signature verification. This could enable execution of untrusted software without detection or blocking. The issue is fixed in agent versions 7.9.102-CE, 8.1.3, 8.2.2, and later.
2024-07-10
incident
LockBit Ransomware Uses Living-off-the-Land Techniques to Evade DetectionLockBit LOTL Attack Chain
ThreatDown MDR detected and stopped a LockBit ransomware attack in its early stages. The attackers used legitimate Windows tools (Nltest, WMIC, PowerShell, Rundll32) for reconnaissance, lateral movement, and payload delivery. The incident highlights how ransomware gangs leverage LOTL techniques to avoid detection by security tools.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →