FlagThis

A critical vulnerability, tracked as CVE-2024-8068 and CVE-2024-8069, has been discovered in Citrix StoreFront, also known as Citrix StoreWeb. This vulnerability could allow attackers to execute remote code if the StoreFront application is directly exposed to the internet and session recording is enabled. The vulnerability has been actively scanned for, but no signs of exploitation have been reported yet. Citrix has released patches to address the vulnerability. Organizations using Citrix StoreFront should prioritize applying the patches to mitigate the risk. The vulnerability highlights the importance of securing web applications and ensuring that they are properly configured, especially if they are exposed to the public internet.

Multiple Chinese Advanced Persistent Threat (APT) groups, including Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant, are engaging in sophisticated cyber espionage and disruptive campaigns. These groups employ various techniques, including “living off the land” (LOTL) methods, to compromise critical infrastructure, ISPs, and IoT devices. Volt Typhoon’s focus is on U.S. communication infrastructure, often leveraging compromised Fortinet devices for data exfiltration. Salt Typhoon targets U.S. Internet Service Providers (ISPs), seeking to compromise routers and network devices for data collection. Flax Typhoon utilizes compromised IoT devices to build botnets for command and control purposes, aiming at entities in Taiwan and expanding globally. Velvet Ant, a lesser-known group, targets software supply chains, aiming to indirectly infiltrate larger networks. These groups pose a serious threat to critical infrastructure and national security, requiring vigilant defense strategies to combat their stealthy operations.

Three critical vulnerabilities, CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, were found in Ivanti Cloud Services Appliance (CSA), a device facilitating secure communication and management of devices over the internet. CVE-2024-9379 is an SQL injection vulnerability, CVE-2024-9380 is an OS command injection flaw, and CVE-2024-9381 is a path traversal vulnerability. These vulnerabilities allow a remote authenticated attacker with admin privileges to execute arbitrary commands and bypass restrictions, potentially leading to a complete compromise of the CSA. Active exploitation of these vulnerabilities has been confirmed, and security teams are urged to prioritize patching.

A critical vulnerability was found in Nortek Linear eMerge E3 access control systems, allowing unauthenticated remote attackers to execute commands and gain root access. The eMerge E3 system is a popular access control system used by businesses, government agencies, and other organizations to manage physical access to buildings, facilities, and other secure areas. This vulnerability allows attackers to bypass security measures and gain control over the access control system, potentially disrupting operations and compromising sensitive information.