A critical vulnerability in Ivanti’s Cloud Service Appliance (CSA) has been actively exploited by attackers. The flaw, tracked as CVE-2024-8190, allows attackers to gain unauthorized access to sensitive data and execute arbitrary commands on vulnerable systems. The vulnerability exists in the CSA’s authentication mechanism and can be exploited by attackers who can send specially crafted requests to the CSA. This attack vector allows attackers to bypass the CSA’s security measures and gain access to the underlying operating system. The vulnerability has been exploited in the wild by a suspected nation-state adversary. There are strong indications that China is behind the attacks. Organizations using Ivanti CSA should prioritize patching the vulnerability immediately to reduce their risk of being compromised.
The BlackCat ransomware, known for its Rust-based code and sophisticated attack techniques, went inactive after successfully extorting a $22 million ransom from Change Healthcare. The group cited law enforcement interference as the reason for its shutdown. However, a new ransomware strain, Cicada3301, has emerged with striking similarities to BlackCat, suggesting a possible rebranding or continuation of the same operation. Both strains use similar toolsets, share code similarities, and exhibit similar functionality, including methods for shadow copy deletion and tampering. The similarities between BlackCat and Cicada3301 raise concerns about the potential return of a highly effective and dangerous ransomware group.
Microsoft released patches for 117 security vulnerabilities in its October 2024 Patch Tuesday update, including two zero-days that were actively being exploited in the wild. CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console (MMC), are both critical vulnerabilities that could allow attackers to gain control of affected systems. Organizations are urged to apply these patches as soon as possible to mitigate the risk.
Three critical vulnerabilities, CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, were found in Ivanti Cloud Services Appliance (CSA), a device facilitating secure communication and management of devices over the internet. CVE-2024-9379 is an SQL injection vulnerability, CVE-2024-9380 is an OS command injection flaw, and CVE-2024-9381 is a path traversal vulnerability. These vulnerabilities allow a remote authenticated attacker with admin privileges to execute arbitrary commands and bypass restrictions, potentially leading to a complete compromise of the CSA. Active exploitation of these vulnerabilities has been confirmed, and security teams are urged to prioritize patching.