Executive Summary
Trending / Critical Vulnerabilities
Current trending vulnerabilities offer insights into the latest emerging and widely discussed threats, helping to make informed decisions.
| CVE-ID | Type of vulnerability | Severity | CVSS | Affected Product | Exploited-in-Wild | EPSS score | CISA-KEV | Zero-day | OSS |
|---|
| CVE-2024-4978 | Embedded Malicious Code vulnerability | High | 8.4 | Justice AV Solutions (JAVS) Viewer software | True | 0.02833 | True | False | False |
| CVE-2024-5274 | Type confusion vulnerability | High | 8.8 | Google Chrome | True | 0.00299 | True | False | True |
| CVE-2024-24919 | Information disclosure vulnerability | High | 8.6 | Check Point Quantum Security Gateways | True | 0.94504 | True | True | False |
| CVE-2024-1086 | Use-after-free vulnerability | High | 7.8 | Linux Kernel | True | 0.00969 | True | False | False |
Exploit Activity and Mass Scanning Observed on Cytellite Sensors
Telemetry collected from Loginsoft sensors were analyzed and processed to derive insights on what is actively being exploited and actively being scanned. As source of truth, source IPv4 addresses & payloads can be provided on need-to-know basis.
| Vulnerabilities | Product | Severity | Title | CISA KEV |
|---|
| CVE-2023-4415 | Ruijie RG-EW1200G 07161417 r483 | High | Improper Authentication vulnerability in Ruijie RG-EW1200G 07161417 r483 | False |
| CVE-2023-38646 | Metabase open source/Enterprise | Critical | Remote code execution vulnerability in Metabase open source and Metabase Enterprise | False |
| CVE-2023-31192 | SoftEther VPN | Medium | Information Disclosure vulnerability in the ClientConnect() functionality of SoftEther VPN | False |
Vulnerabilities abused by Botnet
Identified vulnerabilities exploited by botnets, including recent CVEs logged in Misp. Presenting the top 5 CVEs with payloads suggestive of botnet activities, like utilizing wget with IP addresses.
| Vulnerability | Product | Description | Exploit | Abused by Botnet |
|---|
| CVE-2023-1389 | TP-Link Archer AX21 | An unauthenticated command injection vulnerability found in the TP-Link Archer AX21 WiFi router. | True | AGoent, Gafgyt, Moobot, Miori, Mirai, Condi |
| CVE-2023-26801 | Lb-Link Devices | Command injection vulnerability in LB-LINK | True | Mirai |
| CVE-2016-10372 | Eir D1000 modem | Improper protocol access control vulnerability in Eir D1000 modem | True | Bashlite, BrickerBot, Tsunami, Mirai |
Vulnerabilities Abused by Malware
We proactively monitor the vulnerabilities which are targeted by adversaries. Each vulnerability is humanly studied and mapped with Mitre ATT&CK tactics and techniques. Source of information is derived from our vulnerability intelligence platform collected and curated information from various sources such as Twitter, Telegram, OSINT groups, Blogs, Data leak Sites and more.
| Vulnerability | Severity | Description | Patch | Targeted By Malware |
|---|
| CVE-2024-4978 | High | Embedded Malicious Code vulnerability in Justice AV Solutions Viewer Setup 8.3.7.250-1 | Patch | RustDoor, GateDoor |
PRE-NVD observed for this week
It refers to vulnerabilities discovered and potentially exploited before their official inclusion in the National Vulnerability Database. The LOVI Platform aggregates and distributes data from open sources and social media, currently tracking over 100 security alerts and planning to expand.
| CVE-ID | Type of vulnerability | Product | Reference |
|---|
| CVE-2024-1868 | Local Privilege Escalation | G DATA Total Security | Resources |
| CVE-2023-26322 | Remote Code Execution | Xiaomi Pro 13 | Resources |
| CVE-2023-50738 | Remote Code Execution | Lexmark CX331adwe | Resources |
