Critical Severity Vulnerabilities
VMware ESXi Flaw Exploitation | CVE-2024-27085: Ransomware gangs have been exploiting this recently patched VMware ESXi vulnerability. Although VMware did not initially report in-the-wild exploitation, Microsoft has confirmed its active abuse by threat actors.
Docker AuthZ Plugin Bypass | CVE-2024-41110: A critical vulnerability in Docker\’s authorization plugin, originally discovered in 2018, has resurfaced. This flaw allows for a complete bypass of the authorization mechanism, leading to potential unauthorized access and control.
Ivanti Connect Secure Exploits | CVE-2024-21888: Privilege escalation vulnerabilities in Ivanti Connect Secure and Policy Secure gateways are being actively exploited by threat actors. These vulnerabilities allow attackers to gain elevated privileges and implant web shells, leading to potential full domain compromise.
High Severity Vulnerabilities
Apple Security Updates | Multiple CVEs: Apple released patches for multiple vulnerabilities across its ecosystem, including iOS, macOS, tvOS, visionOS, watchOS, and Safari. Specific CVEs were not detailed, but the updates address several critical security issues
Nvidia AI and Networking Products | CVE-2024-0108: Nvidia has patched several high-severity vulnerabilities in its AI, networking, and other products, including Jetson, Mellanox OS, OnyX, Skyway, and MetroX. These vulnerabilities could potentially lead to remote code execution and other critical impacts.
Medium Severity Vulnerabilities
ServiceNow Exploits | CVE-2024-4879, CVE-2024-5217: Threat actors have begun exploiting newly disclosed vulnerabilities in ServiceNow, soon after public disclosure. These vulnerabilities, while not classified as critical, pose significant risks if left unaddressed.
BIND Denial-of-Service | CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076: Recent updates to BIND address several high-severity denial-of-service (DoS) vulnerabilities that can be exploited remotely. These vulnerabilities can disrupt the normal operations of DNS servers.
Low Severity Vulnerabilities
Twilio Authy Exploit | CVE-2024-39891: This vulnerability in Twilio Authy has been exploited to disclose phone number data. While the immediate impact may be limited, the potential for phishing and social engineering attacks increases significantly.
GENERAL RECOMMENDATIONS
Regular Updates: Ensure all software and systems are regularly updated to patch known vulnerabilities.
Vulnerability Management: Prioritize timely remediation of vulnerabilities listed in CISA’s Known Exploited Vulnerabilities Catalog.
Security Audits: Conduct regular security audits to identify and mitigate potential vulnerabilities within your systems and applications.