A critical vulnerability (CVE-2024-40711) has been discovered in Veeam Backup & Replication, enabling attackers to execute arbitrary code remotely without authentication. This flaw has been exploited by Akira and Fog ransomware groups, potentially leading to data breaches and system takeovers. The vulnerability affects various Veeam products, including Veeam Backup & Replication, Veeam ONE, and Veeam Agent for Linux, among others. Organizations should prioritize patching affected systems to mitigate the risk of exploitation.
Microsoft has acknowledged a significant security incident that resulted in the loss of customer security logs for a month. The incident, attributed to a vulnerability, impacted various Microsoft services, including Microsoft Entra, Microsoft Sentinel, Azure Logic Apps, Azure Monitor, Azure Healthcare APIs, Azure Trusted Signing, Azure Virtual Desktop, and Power Platform.
This incident underscores the importance of robust security measures and the need for companies to promptly disclose security incidents to their customers. The lack of security logs during this period could pose significant risks for organizations relying on these services for security monitoring and threat detection.
A critical vulnerability in Ivanti’s Cloud Service Appliance (CSA) has been actively exploited by attackers. The flaw, tracked as CVE-2024-8190, allows attackers to gain unauthorized access to sensitive data and execute arbitrary commands on vulnerable systems. The vulnerability exists in the CSA’s authentication mechanism and can be exploited by attackers who can send specially crafted requests to the CSA. This attack vector allows attackers to bypass the CSA’s security measures and gain access to the underlying operating system. The vulnerability has been exploited in the wild by a suspected nation-state adversary. There are strong indications that China is behind the attacks. Organizations using Ivanti CSA should prioritize patching the vulnerability immediately to reduce their risk of being compromised.
Microsoft has released its October 2024 Patch Tuesday updates, addressing a total of 117 vulnerabilities across its ecosystem. This includes three critical vulnerabilities, two of which have been actively exploited in the wild, highlighting the importance of prompt patching to mitigate these risks. The first actively exploited vulnerability, CVE-2024-43572, is a remote code execution vulnerability in the Microsoft Management Console (MMC). It allows attackers to execute arbitrary code on a targeted system by tricking users into loading a malicious MMC snap-in. The second actively exploited vulnerability, CVE-2024-43573, is a platform spoofing vulnerability in Windows MSHTML. This vulnerability allows attackers to disguise themselves as trusted sources, potentially gaining unauthorized access to systems or data. The third critical vulnerability, CVE-2024-43468, is a remote code execution vulnerability in Microsoft Configuration Manager, which could allow attackers to execute commands on the targeted server or database without user interaction. The release also includes other critical vulnerabilities affecting various Microsoft products, including .NET, OpenSSH for Windows, Power BI, and Windows Hyper-V. Organizations are strongly advised to prioritize the installation of these security updates to protect their systems from potential attacks.
HijackLoader malware is being used to distribute LummaStealer. This malware is using stolen code-signing certificates for authentication, allowing it to evade detection by security solutions. This exploitation of genuine certificates highlights the increasing sophistication of cybercriminals and the need for enhanced security measures. It’s crucial to be aware of this technique and adopt robust security practices to mitigate the risk.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added three new security vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, due to confirmed reports of active exploitation in the wild. These vulnerabilities pose significant risks to organizations and require immediate attention. The three vulnerabilities added to the KEV Catalog include a format string vulnerability in multiple Fortinet products, a SQL injection vulnerability in Ivanti Cloud Services Appliance (CSA), and an OS command injection vulnerability in Ivanti CSA. The addition of these vulnerabilities to the KEV Catalog highlights the ongoing threat posed by malicious cyber actors who actively exploit known vulnerabilities. CISA urges all organizations to prioritize timely remediation of vulnerabilities listed in the KEV Catalog as part of their vulnerability management practices to reduce their exposure to cyberattacks.