CyberSecurity updates
Updated: 2024-11-10 12:04:40 Pacfic


ciso2ciso.com
Critical Vulnerability in Ivanti Cloud Service Appliance Actively Exploited - 25d

A critical vulnerability in Ivanti’s Cloud Service Appliance (CSA) has been actively exploited by attackers. The flaw, tracked as CVE-2024-8190, allows attackers to gain unauthorized access to sensitive data and execute arbitrary commands on vulnerable systems. The vulnerability exists in the CSA’s authentication mechanism and can be exploited by attackers who can send specially crafted requests to the CSA. This attack vector allows attackers to bypass the CSA’s security measures and gain access to the underlying operating system. The vulnerability has been exploited in the wild by a suspected nation-state adversary. There are strong indications that China is behind the attacks. Organizations using Ivanti CSA should prioritize patching the vulnerability immediately to reduce their risk of being compromised.

securityonline.info
CISA Adds Three Actively Exploited Vulnerabilities to KEV Catalog, Urges Urgent Patching - 30d

The US Cybersecurity and Infrastructure Security Agency (CISA) has added three new security vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, due to confirmed reports of active exploitation in the wild. These vulnerabilities pose significant risks to organizations and require immediate attention. The three vulnerabilities added to the KEV Catalog include a format string vulnerability in multiple Fortinet products, a SQL injection vulnerability in Ivanti Cloud Services Appliance (CSA), and an OS command injection vulnerability in Ivanti CSA. The addition of these vulnerabilities to the KEV Catalog highlights the ongoing threat posed by malicious cyber actors who actively exploit known vulnerabilities. CISA urges all organizations to prioritize timely remediation of vulnerabilities listed in the KEV Catalog as part of their vulnerability management practices to reduce their exposure to cyberattacks.

cyble.com
Critical Vulnerabilities in Ivanti Products Actively Exploited - 24d

Multiple critical vulnerabilities have been identified in Ivanti Cloud Services Appliance (CSA), a key component for secure device management and communication. These vulnerabilities, CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, are actively exploited by threat actors. CVE-2024-9379 allows remote, authenticated attackers with administrator privileges to execute SQL injection attacks. CVE-2024-9380 enables attackers to achieve remote code execution through OS command injection. CVE-2024-9381 provides a path traversal vulnerability, enabling attackers to bypass restrictions. The vulnerabilities are chained with CVE-2024-8963, highlighting the severity of the situation. CISA has issued an urgent advisory, urging security teams to patch the flaws immediately.

msrc.microsoft.com
Microsoft Releases Critical Patch Tuesday Updates Addressing Exploited Vulnerabilities - 16h

Microsoft has released its October 2024 Patch Tuesday updates, addressing a total of 117 vulnerabilities across its ecosystem. This includes three critical vulnerabilities, two of which have been actively exploited in the wild, highlighting the importance of prompt patching to mitigate these risks. The first actively exploited vulnerability, CVE-2024-43572, is a remote code execution vulnerability in the Microsoft Management Console (MMC). It allows attackers to execute arbitrary code on a targeted system by tricking users into loading a malicious MMC snap-in. The second actively exploited vulnerability, CVE-2024-43573, is a platform spoofing vulnerability in Windows MSHTML. This vulnerability allows attackers to disguise themselves as trusted sources, potentially gaining unauthorized access to systems or data. The third critical vulnerability, CVE-2024-43468, is a remote code execution vulnerability in Microsoft Configuration Manager, which could allow attackers to execute commands on the targeted server or database without user interaction. The release also includes other critical vulnerabilities affecting various Microsoft products, including .NET, OpenSSH for Windows, Power BI, and Windows Hyper-V. Organizations are strongly advised to prioritize the installation of these security updates to protect their systems from potential attacks.

cyble.com
Critical Vulnerabilities in Ivanti Cloud Services Appliance (CSA) - 25d

Three critical vulnerabilities, CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, were found in Ivanti Cloud Services Appliance (CSA), a device facilitating secure communication and management of devices over the internet. CVE-2024-9379 is an SQL injection vulnerability, CVE-2024-9380 is an OS command injection flaw, and CVE-2024-9381 is a path traversal vulnerability. These vulnerabilities allow a remote authenticated attacker with admin privileges to execute arbitrary commands and bypass restrictions, potentially leading to a complete compromise of the CSA. Active exploitation of these vulnerabilities has been confirmed, and security teams are urged to prioritize patching.

malware.news
Qualcomm Addresses Exploited Zero-Day and a Critical RCE Vulnerability in October 2024 Security Bulletin - 18h

Qualcomm released its monthly security bulletin in October 2024, addressing numerous vulnerabilities impacting its proprietary software and open-source components. Notably, one critical vulnerability in Qualcomm’s proprietary software and another in open-source components are actively exploited in the wild. The vulnerabilities impact Snapdragon mobile platforms and FastConnect solutions, posing a significant risk to system integrity and potentially allowing attackers to execute arbitrary code on affected devices. CVE-2024-43047, a high-severity Use-After-Free flaw in the DSP Service, has been confirmed to be under limited, targeted exploitation. Qualcomm has provided patches for this vulnerability, urging immediate deployment to mitigate the risk. CVE-2024-33066, another critical vulnerability in the WLAN Resource Manager, could lead to memory corruption and remote code execution (RCE), potentially allowing attackers to fully compromise the device. This vulnerability arises from improper input validation, making it crucial for users with affected devices to update their Snapdragon components to the latest firmware version as soon as possible.


This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.