Vulnerability CVE-2023-4969, nicknamed LeftoverLocals, has been disclosed by Trail of Bits. It allows a local attacker to read memory from other processes. The attacker can use a vulnerable GPU’s (Graphical Processing Unit) programmable interface to access memory that is expected to be isolated from other users and processes. Trail of Bits has proven that a GPU kernel can observe memory values from a different GPU kernel even when both are isolated between two different applications.
This critical vulnerability, defined as CVE-2023-22527 (CVSS 3.0: 10.0), is susceptible to template-injection techniques and affects versions of the software that are out-of-date. If exploited, it can execute code remotely. Users of affected versions are urged by Atlassian to remediate this vulnerability immediately.
A critical 9.3 CVSS 4.0 vulnerability has been discovered in Junos OS J-Web interface on SRX series firewall and EX series switches. Identified as CVE-2024-21591, this out-of-bounds write vulnerability impacts the J-Web interface of affected operating systems. The vulnerability is caused by an insecure function that allows an attacker to overwrite arbitrary memory. An unauthenticated, network-bound hacker can cause a Denial of Service (DoS) or Remote Code Execution (RCE) on the device to obtain root privileges. Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
HMG Healthcare, LLC, a Texas-based healthcare services provider, recently disclosed a cyberattack that transpired in November of 2023. This significant breach compromises the sensitive health information of approximately 80,000 individuals. The breach was discovered after anomalous network activity was detected, prompting a comprehensive forensic investigation. The cyber intruders are thought to have gained unauthorized access to the organization's network as early as August 2023, perpetuating their activities undetected for several months. The breach involved the surreptitious copying of unencrypted files, the nature of which we don’t know. While the organization has not explicitly detailed the incident as a ransomware attack, their response strategy seems aimed at preventing further dissemination of the pilfered data, which suggests this involved an extortion attempt.
The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability to its known exploited vulnerability catalog, CVE-2023-29357, that has a CVSS score of 9.8 CRITICAL and is an Escalation of Privilege vulnerability that affects Microsoft SharePoint Server. For CISA to add vulnerabilities to its Known Exploited Vulnerabilities catalog, three key criteria must be met. First, the vulnerability must have a CVE ID, second, reliable evidence that the vulnerability has been actively exploited in the wild exists, and third, clear remediation action for the vulnerability is available. When a vulnerability is added to this list, it should be patched with urgency and in a particular way.
loanDepot, a cornerstone in the U.S. mortgage lending sector, finds itself at the center of a cybersecurity incident for the second time since 2022. A recent cyberattack has forced the company to enact a temporary shutdown of its IT systems, causing significant disruptions to its online payment-processing capabilities and customer service operations. Customers attempting to access loanDepot's payment portal or contact the company by phone encountered issues, prompting an inquiry. loanDepot has publicly acknowledged the cyber incident and is working to resolve the situation.
A vulnerability is present in Ivanti EndPoint Manager version 2021/2022 prior to SU5. This vulnerability is classified as CVE-2023-39336 and was given a critical CVSS score of 9.6. If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication. This can potentially allow for an attacker to control all machines running an agent from the end point manager. If the core server is configured to use Microsoft SQL Express, this could lead to remote-code execution on the core server.
SSH transport protocol with specific OpenSSH extensions (AsyncSSH) that are version 9.6 or less are susceptible to CVE-2023-48795 (CVSS 3.1: 5.9) Terrapin attacks. After performing a MiTM attack, remote attackers are able to then intercept and spy on communications and spoof the identity of both the recipient and the sender. Secure Shell Protocol (SSH) is the new standard for remote login and file transfers within organizations. Currently there is an attack which requires a man-in-the-middle attack in order for the Terrapin attack to be attempted.
A vulnerability was discovered in iOS/iPadOS 16 and macOS 13 by Félix Poulin-Bélanger identified as CVE-2023-41974. Poulin-Bélanger recently generated extensive proof-of-concept code, which can win a race condition and exploit a use-after-free which results in Kernel read and write operations. This vulnerability was recently patched by Apple in a security release for iOS and iPadOS 17. There are also updates for macOS regarding other use-after-free vulnerabilities here.