ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories

A significant vulnerability in the curl command-line tool, present for 24 years, was publicly disclosed this week, impacting numerous applications and systems that rely on the widely used data transfer utility. The bug, identified as CVE-2024-24761, allows for potential security bypasses under specific configurations. Separately, researchers have identified new "smart TV proxyware" campaigns that exploit vulnerabilities in smart television devices to reroute user traffic, potentially for malicious purposes. These campaigns leverage the growing prevalence of internet-connected televisions to create new attack vectors. Furthermore, the proliferation of AI-powered tools is increasingly being observed in the creation and operation of cybercrime forums, according to threat intelligence reports. These forums are reportedly using AI to automate tasks, generate malicious content, and enhance their operational security, making them more sophisticated and harder to track. The bulletin also highlighted other security concerns including the continued effectiveness of old credentials in unauthorized access, the exploitation of trusted applications for malicious activities, and the use of browser-based techniques for phishing attacks, indicating a broad and persistent threat landscape.