A vulnerability present in the R programming language on versions 1.4.0 through 4.4.0., categorized as CVE-2024-27322 (CVSSv3: 8.8), allows a remote attacker to send a maliciously crafted RDS-formatted file or R package to run arbitrary code on a user’s system. This vulnerability requires the user to interact with the RDS formatted file or R package. The research for this vulnerability comes from HiddenLayer.

A vulnerability categorized as CVE-2024-23463 (CVSSv3: 8.8), is present in the Zscaler Client Connector in versions prior to 4.2.1. It allows the anti-tampering protection of the client to be bypassed when the Repair App functionality is running under certain conditions.

Ivanti has released a security advisory detailing several vulnerabilities being remediated with an update to Ivanti Avalanche. Two critical (CVSSv3: 9.8) heap overflow vulnerabilities have been patched in the WLAvalancheService (CVE-2024-29204) and WLInfoRailService (CVE-2024-24996) components of Ivanti Avalanche. These vulnerabilities allow for an unauthenticated remote attacker to execute arbitrary commands. An update to Ivanti Avalanche 6.4.3 will remediate these vulnerabilities as well as several others. Ivanti is currently not aware of any of their customers being exploited by these vulnerabilities.

In February, Change Healthcare, a key player in healthcare claims management and a subsidiary of UnitedHealth Group, experienced a significant cybersecurity breach. Orchestrated by the notorious ransomware group BlackCat, also known as AlphV, the breach not only disrupted the company's operations but also led to the exposure and sale of sensitive patient data by another group, RansomHub. This article delves into the intricacies of the attack and its ramifications for the U.S. healthcare system.

PuTTY, a popular SSH and Telnet client, is currently subject to a vulnerability that can allow an attacker to compromise private keys. This vulnerability, identified as CVE-2024-31497 (CVSSv3: 5.9), affects 521-bit ECSA keys, and allows an attacker to recover a user’s NIST P-521 secret key utilizing a quick attack in roughly 60 signatures. The attacker, after compromising the private key, can log into any service for which that key is used.

A vulnerability, classified as CVE-2024-20295 (CVSSv3: 8.8) is present in the CLI of the Cisco Integrated Management Controller (IMC) which could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. The Cisco PSIRT is aware of proof-of-concept exploit code that is available for the vulnerability, however they are not aware of any malicious use of it yet.

A vulnerability is present in PAN-OS 10.2, 11.0, and 11.1 firewalls configured with GlobalProtect gateway or portal with device telemetry enabled. This critical weakness identified as CVE-2024-3400 (CVSS 3.0: 10) is a command injection vulnerability which may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability. Threat actors utilized a backdoor after exploitation to perform data exfiltration and lateral movement throughout the network.

Ivanti’s internal security team discovered a Critical Remote Code Execution (RCE) vulnerability in one of their products in late 2023. This vulnerability, known as CVE-2024-41724 (CVSS: 9.6) allows an unauthenticated attacker to execute arbitrary commands on the operating system of the appliance within the same physical or logical network.

A vulnerability researcher has found a way to exploit Microsoft Xbox Gaming Services store application to perform an elevation of privileges from a user to SYSTEM level. The vulnerability categorized as CVE-2024-28916 (CVSS: 8.8) allows for a local attacker with the ability to create folder and performance traces on the machine to gain SYSTEM level privileges. Proof of concept exploit code was developed by security researcher Filip Dragović and reported to Microsoft, which subsequently patched/mitigated the vulnerability.