On June 3, Cybersecurity researchers Sina Kheirkhah of Summoning Team and Soroush Dalili successfully completed a proof of concept exploit leveraging two vulnerabilities, CVE-2024-4358 and CVE-2024-1800. These vulnerabilities affect Progress Telerik Report Server and allow remote code execution utilizing deserialization and authentication bypass.
A critical vulnerability has been confirmed in select D-Link NAS devices, including DNS-340L, DNS-320L, DNS-327L, and DNS-325. Evidence suggests that other D-Link NAS devices may also be affected. The vulnerability, identified as CVE-2024-3273 (CVSS: 9.8), exploits the /cgi-bin/nas_sharing.cgi component of the HTTP GET Request Handler. By manipulating this component, an attacker can perform remote command injection to obtain hardcoded credentials. A publicly disclosed exploit developed by NetSecFish has confirmed the presence of this vulnerability. Network scans indicate that over 92,000 devices are affected.
Last November, a ransomware collective did something unprecedented. A week after breaching a fintech company, it wrote to the U.S. government. The criminals reported their own crime. They didn’t intend to turn themselves in, or give up anything they’d stolen, though. Quite the contrary: they wanted to wield the power of U.S. regulatory law against their victim. The stunt reflected a broader, sweeping change to how organizations across America must now handle their data breaches. And if fear was the goal, it certainly worked.
A critical vulnerability categorized as CVE-2024-24919 (CVSS 3.1: 7.5) has been identified in multiple Check Point products by the Check Point Research Division. This zero-day vulnerability allows attackers to access specific information on gateways connected to the internet with Remote Access VPN or Mobile Access enabled. On May 24th, Check Point detected increased threat actor activity targeting Remote Access VPN environments. On May 27th, a customer reported an attack leveraging this vulnerability.
On October 3rd, the prescription management company Sav-Rx experienced a significant cyberattack that resulted in the exposure of sensitive information. The incident was discovered on October 8th when the company experienced a network disruption. Despite the breach, Sav-Rx successfully restored its IT system within 24 hours. An investigation, which concluded on April 30th, revealed that the hackers accessed non-clinical systems and obtained files related to the company's medication benefits management services. The company has since notified law enforcement and affected individuals.
A vulnerability exists in the Universal Disk Format (UDF) for MacOS Sonoma versions prior to 14.5. This vulnerability, classified as CVE-2024-27842, was discovered by CertiK SkyFall. According to Apple, an attacker may be able to make an app execute arbitrary code with kernel-level privileges. Security researcher Wang Tielei has released Proof of Concept (PoC) exploit code demonstrating the existence of this vulnerability.
GitHub has remediated an authentication bypass vulnerability under CVE-2024-4985 (CVSSv4: 10.0). This vulnerability allows an attacker to use SAML single sign-on (SSO) authentication to sign in as a user with administrator privileges. This affects GitHub Enterprise Server (GHES) versions prior to 3.13.0 that use SAML SSO with encrypted assertions.
In August 2023, the Singing River Health System, a healthcare provider operating multiple hospitals and medical facilities across the Gulf Coast, was the victim of a ransomware attack. The Rhysida ransomware group, notorious for targeting healthcare providers, claimed responsibility for the attack. In a similar incident, WebTPA, a third-party administrator for health plans and insurance companies, disclosed a data breach by the same ransomware group. Affected individuals were notified on May 8, 2024, and offered two years of credit monitoring, identity theft protection, and fraud consultation services through Kroll. These incidents highlight the escalating threat of ransomware in the healthcare sector and the urgent need for enhanced cybersecurity measures.
CVE-2024-34359 (CVSSv3: 9.7) is a critical vulnerability in the Jinja2 template engine within the llama_cpp_python package, used in AI applications. The inadequate security measures in Jinja2 allow attackers to inject malicious templates that can execute arbitrary code on the host system. The vulnerability was discovered by retr0reg, who also provided a proof-of-concept exploit.