CyberWatch

Weekly reports on emerging malware, ransomware, and vulnerabilities

April 18, 2024

PuTTY Vulnerable to Private Key Compromise Attack

PuTTY, a popular SSH and Telnet client, is currently subject to a vulnerability that can allow an attacker to compromise private keys. This vulnerability, identified as CVE-2024-31497 (CVSSv3: 5.9), affects 521-bit ECSA keys, and allows an attacker to recover a user’s NIST P-521 secret key utilizing a quick attack in roughly 60 signatures. The attacker, after compromising the private key, can log into any service for which that key is used.

Find out more
April 18, 2024

Exploit Code Available for Cisco IMC Vulnerability

A vulnerability, classified as CVE-2024-20295 (CVSSv3: 8.8) is present in the CLI of the Cisco Integrated Management Controller (IMC) which could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. The Cisco PSIRT is aware of proof-of-concept exploit code that is available for the vulnerability, however they are not aware of any malicious use of it yet.

Find out more
April 17, 2024

Zero Day Exploited by Threat Actors in PAN-OS

A vulnerability is present in PAN-OS 10.2, 11.0, and 11.1 firewalls configured with GlobalProtect gateway or portal with device telemetry enabled. This critical weakness identified as CVE-2024-3400 (CVSS 3.0: 10) is a command injection vulnerability which may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability. Threat actors utilized a backdoor after exploitation to perform data exfiltration and lateral movement throughout the network.

Find out more
April 2, 2024

Critical RCE Vulnerability Patched in Ivanti Standalone Sentry

Ivanti’s internal security team discovered a Critical Remote Code Execution (RCE) vulnerability in one of their products in late 2023. This vulnerability, known as CVE-2024-41724 (CVSS: 9.6) allows an unauthenticated attacker to execute arbitrary commands on the operating system of the appliance within the same physical or logical network.

Find out more
April 2, 2024

Microsoft Gaming Services Elevation-of-Privilege Vulnerability

A vulnerability researcher has found a way to exploit Microsoft Xbox Gaming Services store application to perform an elevation of privileges from a user to SYSTEM level. The vulnerability categorized as CVE-2024-28916 (CVSS: 8.8) allows for a local attacker with the ability to create folder and performance traces on the machine to gain SYSTEM level privileges. Proof of concept exploit code was developed by security researcher Filip Dragović and reported to Microsoft, which subsequently patched/mitigated the vulnerability.

Find out more
March 5, 2024

Vulnerabilities Patched in Recent Microsoft Edge Release

Three vulnerabilities were patched in the recent Edge release. Two are Remote Code Execution vulnerabilities and are considered a Type Confusion in V8, they allow a remote attacker to exploit heap corruption via a crafted HTML page. These vulnerabilities are CVE-2024-1939 and CVE-2024-1938. The other vulnerability is a low severity information disclosure vulnerability present in Microsoft Edge for Android. It is classified as CVE-2024-26186. These vulnerabilities are fixed in the latest Microsoft Edge Stable Channel, 122.0.2363.63.

Find out more
February 29, 2024

Vulnerability Patched in NX-OS Software

A vulnerability has been discovered and patched in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software.

Find out more
February 27, 2024

Hacking Health: A Cyber Snag in the Prescription Pipeline

On the 21st of February, a significant cybersecurity incident was reported by Change Healthcare, a leading provider of healthcare technology...

Find out more
February 27, 2024

Vim Fix Available for Buffer Overflow Vulnerability

A vulnerability has been discovered in Vim, an open-source text editor program. It is identified as CVE-2024-22667 (CVSSv3: 7.8) and is a stack-based...

Find out more