The Impact of CISA's Latest Vulnerabilities on Cybersecurity Practices

Current trending vulnerabilities offer insights into the latest emerging and widely discussed threats, helping to make informed decisions.  

CVE-2024-43461
A high severity spoofing vulnerability in the Windows MSHTML platform, rated with an EPSS score of 0.16239, has been leveraged by the Void Banshee threat actor group to deploy Atlantida malware. This vulnerability is now on the CISA Known Exploited Vulnerabilities (KEV) list, underscoring its importance and the necessity for prompt mitigation.  

‍CVE-2024-6670
‍A critical SQL injection vulnerability in WhatsUp Gold, scoring 0.95634 on the EPSS, enables attackers to bypass authentication and access encrypted user passwords without needing credentials. This issue has been included in the CISA Known Exploited Vulnerabilities (KEV) list, highlighting the urgent need for remediation due to the presence of an active proof-of-concept (POC) exploit.

‍CVE-2024-27348
Recently added to CISA’s Known Exploited Vulnerabilities (KEV), the critical flaw in Apache HugeGraph-server, with a CVSS score of 9.8 and a low EPSS score of 0.0021 enables authenticated attackers to execute arbitrary code on the affected server with SYSTEM privileges.

‍CVE-2024-8963
A critical path traversal vulnerability in the Ivanti Cloud Services Appliance, with a CVSS score of 9.8, allows remote authenticated attackers to access restricted functionality on vulnerable systems. This vulnerability was recently added to the CISA Known Exploited Vulnerabilities (KEV) list, highlighting its severity.

‍CVE-2024-8190
A critical OS command injection vulnerability in the Ivanti Cloud Service Appliance, with an EPSS score of 0.15116, permits remote authenticated attackers to execute code remotely. It has also been listed recently in the CISA Known Exploited Vulnerabilities (KEV) catalog.

‍CVE-2022-21445
A critical remote code execution vulnerability in Oracle JDeveloper, rated CVSS 9.8 with an EPSS score of 0.00705, allows attackers to execute arbitrary code on vulnerable systems. This flaw has been added to the CISA Known Exploited Vulnerabilities (KEV) list for prioritized remediation.

‍CVE-2020-14644
A critical impact remote code execution vulnerability in Oracle WebLogic Server, rated CVSS 9.8 with an EPSS score of 0.04636, has been exploited in the wild, allowing attackers to gain full control of affected systems. It has been added to the CISA KEV list for critical response.

‍CVE-2020-0618
A high-severity remote code execution vulnerability in Microsoft SQL Server, recently added to the CISA KEV list, carries a high EPSS score of 0.97335. It enables attackers to execute arbitrary code within the context of the Report Server service account, posing a significant security risk.

‍CVE-2019-1069
A high-severity elevation of privilege vulnerability in Microsoft Windows Task Scheduler, with a low EPSS score of 0.00434, was previously exploited by Conti and Ryuk ransomware. This vulnerability has recently been added to the CISA Known Exploited Vulnerabilities (KEV) list, highlighting its continued risk.

‍CVE-2014-0497, CVE-2014-0502, CVE-2013-0643, and CVE-2013-0648
Persistent high-severity vulnerabilities in Adobe Flash Player, dating back a decade, still pose a serious risk by allowing remote attackers to run arbitrary code on compromised systems. The CISA Known Exploited Vulnerabilities (KEV) list has now been updated to include these vulnerabilities, underscoring the critical need for immediate mitigation.

Telemetry collected from Loginsoft sensors were analyzed and processed to derive insights on what is actively being exploited and actively being scanned.  As source of truth, source IPv4 addresses & payloads can be provided on need-to-know basis.

Identified vulnerabilities exploited by botnets, including recent CVEs logged in Misp. Presenting the top 5 CVEs with payloads suggestive of botnet activities, like utilizing wget with IP addresses.

We proactively monitor the vulnerabilities which are targeted by adversaries. Each vulnerability is humanly studied and mapped with Mitre ATT&CK tactics and techniques. Source of information is derived from our vulnerability intelligence platform collected and curated information from various sources such as Twitter, Telegram, OSINT groups, Blogs, Data leak Sites and more.  

CVE-2024-43461
According to recent findings by The Register, the Void Banshee threat actor exploited this spoofing vulnerability in Windows MSHTML as a zero-day to deploy Atlantida malware. This attack was part of a broader exploit chain that included CVE-2024-38112, another spoofing flaw.

‍CVE-2023-48788
Recent investigations by Bitdefender revealed that this critical SQL injection vulnerability in Fortinet's EMS systems was exploited by Medusa ransomware to gain initial access.

It refers to vulnerabilities discovered and potentially exploited before their official inclusion in the National Vulnerability Database. The LOVI Platform aggregates and distributes data from open sources and social media, currently tracking over 100 security alerts and planning to expand.

1. https://www.cisa.gov/news-events/alerts/2024/09/18/cisa-adds-five-known-exploited-vulnerabilities-catalog  
2. https://www.cisa.gov/news-events/alerts/2024/09/17/cisa-adds-four-known-exploited-vulnerabilities-catalog  
3. https://www.cisa.gov/news-events/alerts/2024/09/19/cisa-adds-one-known-exploited-vulnerability-catalog
4. https://www.theregister.com/2024/09/17/microsoft_zero_day_spoofing_flaw/
5. https://www.cisa.gov/news-events/alerts/2024/09/16/cisa-adds-two-known-exploited-vulnerabilities-catalog  
6. https://www.bitdefender.com/blog/businessinsights/medusa-ransomware-a-growing-threat-with-a-bold-online-presence/