Top Reported Data Breaches
Confirmed Data Breach Disney
Disney Data Breach: A hacking group going by the name “NullBulge” has managed to get its hands on reams of internal company Slack messages sent by employees of Disney. The messages – which were lifted from more than 10,000 channels and amount to around 1.2 TB of data – were allegedly obtained through a form of cookie hacking.
Confirmed Data Breach AT&T
AT&T Data Breach Update: It has been revealed that telecommunications behemoth AT&T – which suffered a severe data breach this year impacting nearly all of its customers – paid $370,000 to a hacker to ensure that they deleted the customer information they’d extracted from the company’s system. The hackers were paid in Bitcoin back in May
Confirmed Data Breach Truist Bank
Truist Bank Data Breach: One of the largest banks in America – Truist Bank – reveals that it suffered a data breach back in October 2023 after employee information appeared for sale online. A hacking group known as Sp1d3r has claimed responsibility and is reportedly selling the dataset for around $1 million. Truist – which looks after more than $500 billion in assets and has 65,000 staff members on its payroll – said they notified “a small number of clients” at the time of the breach.
Confirmed Data Breach Tile
Tile Data Breach: Life360, the company behind the Tile tracker device, reveals that its databases have been breached, and that the company is being targeted for extortion. In a statement, the company shared that the affected data includes names, addresses, email addresses, phone numbers and Tile device identification numbers.
Top Reported Known Exploitable Issues:
CVE-2024-20419 | Cisco
Imminent exploitation of CVE-2024-20419 is highly likely and strongly encourages organizations to follow the remediation guidance. CVE-2024-20419 affects Cisco Smart Software Manager On-Prem (SSM On-Prem) and Smart Software Manager Satellite (SSM Satellite). CVE-2024-20419 is extremely trivial to exploit.
CVE-2024-6327 | Telerik Report Server
Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier. “In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability,” the company said in an advisory. Deserialization flaws occur when an application reconstructs untrusted data that an attacker has control over without adequate validation in place, resulting in the execution of unauthorized commands. Progress Software said the flaw has been addressed in version 10.1.24.709. As temporary mitigation, it’s recommended to change the user for the Report Server Application Pool to one with limited permission.
CVE-2024-41110 | Docker
Docker has released a security advisory addressing a vulnerability in Moby, a software package that contains the core containerisation code for Docker Engine (docker-ce). Docker Engine is an open-source containerisation technology for building and containerising applications, which allows for rapid deployment on a system-agnostic architecture. AuthZ plugins allow administrators to implement access controls in the Docker daemon, which are not available by default. CVE-2024-41110 has a CVSSv3 score of 10.0 and could lead to privilege escalation. An attacker could send a specifically-crafted API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which might approve the request incorrectly.
CVE-2024-39891 | Twilio Authy AP
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. (Authy accounts were not compromised, however.)
Other Top Reported CVE’s to Keep an Eye on
SolarWinds
Multiple issues with Solarwinds
SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability (CVE-2024-23475)
SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability (CVE-2024-28992)
SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability (CVE-2024-23468)
SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability (CVE-2024-23472)
SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability (CVE-2024-28074
SolarWinds Access Rights Manager Exposed Dangerous Method Remote Code Execution Vulnerability (CVE-2024-23469)
SolarWinds Access Rights Manager (ARM) ChangeHumster Exposed Dangerous Method Authentication Bypass Vulnerability (CVE-2024-23465)
SolarWinds Access Rights Manager Traversal and Information Disclosure Vulnerability (CVE-2024-28993)
SolarWinds Access Rights Manager Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23466)
SolarWinds Access Rights Manager (ARM) UserScriptHumster Exposed Dangerous Method Remote Command Execution Vulnerability (CVE-2024-23470)
SolarWinds Access Rights Manager (ARM) deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability (CVE-2024-23474)
SolarWinds Access Rights Manager (ARM) CreateFile Directory Traversal Remote Code Execution Vulnerability (CVE-2024-23471)
SolarWinds Access Rights Manager Traversal Remote Code Execution Vulnerability (CVE-2024-23467)
Ivanti
Ivanti has disclosed four vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. The advisory addresses three high severity vulnerabilities and one medium severity. Ivanti EPMM is a mobile management software engine that enables IT to set policies for mobile devices, applications, and content.
- CVE-2024-36130 has a CVSSv3 score of 8.8 and could allow an unauthorised attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.
- CVE-2024-36131 has a CVSSv3 score of 8.8 and could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of the appliance.
- CVE-2024-36132 has a CVSSv3 score of 8.2 and could allow a remote attacker to bypass authentication and access sensitive resources.
Additionally, CVE-2024-34788 has a CVSSv3 score of 5.5 and could allow remote attacker to access potentially sensitive information.
Ivanti has released a security advisory to address a high severity vulnerability affecting Ivanti Endpoint Manager (EPM). Ivanti EPM is an all-in-one solution for managing devices endpoints within a network.
The vulnerability CVE-2024-37381 has a CVSSv3 score of 8.4 and could allow an authenticated attacker within the same network to execute arbitrary code via SQL injection.
Fortinet
Fortinet has released a security update to address a medium severity vulnerability in the FortiOS and FortiProxy web secure sockets layer (SSL) virtual private network (VPN) user interface (UI).
CVE-2024-26006 is an ‘improper neutralisation of input during web page generation’ vulnerability with a CVSSv3 score of 6.9. A remote attacker could perform a cross-site scripting (XSS) attack after luring a user into bookmarking a malicious Samba server and then opening the bookmark. A successful XSS attack could allow the attacker the ability to execute unauthorised code or commands.
Bind 9 DNS
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition.
“A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory.
The list of four vulnerabilities is listed below –
- CVE-2024-4076 (CVSS score: 7.5) – Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure
- CVE-2024-1975 (CVSS score: 7.5) – Validating DNS messages signed using the SIG(0) protocol could cause excessive CPU load, leading to a denial-of-service condition.
- CVE-2024-1737 (CVSS score: 7.5) – It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing
- CVE-2024-0760 (CVSS score: 7.5) – A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to respond slowly or not at all for other clients
Successful exploitation of the aforementioned bugs could cause a named instance to terminate unexpectedly, deplete available CPU resources, slow down query processing by a factor of 100, and render the server unresponsive.
The flaws have been addressed in BIND 9 versions 9.18.28, 9.20.0, and 9.18.28-S1 released earlier this month. There is no evidence that any of the shortcomings have been exploited in the wild.
