Velma recommends...
Top Reported Data Breaches
Confirmed Data Breach Snowflake
Threat actors are actively compromising organizations’ Snowflake customer tenants by using stolen credentials obtained by infostealing malware and logging into databases that are configured with single-factor authentication. Snowflake is also urging organizations to enable multi-factor authentication (MFA) and limit network traffic only from trusted locations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), recommends organizations to follow the guidance outlined by Snowflake and hunt for signs of unusual activity and take steps to prevent unauthorized user access.
Confirmed Data Breach (LiveNation) TicketMaster
Description ShinyHunters, has since offered for sale a 1.3 TB database containing details of allegedly 560 million Ticketmaster customers for $500,000. Reported to include full names, addresses, email addresses, phone numbers, ticket sales and event information, and the last four digits of credit cards and their associated expiration dates. Ticketmaster’s parent Live Nation confirmed that it suffered a breach after its data was stolen from a third-party cloud database environment. Although the name of the provider was not disclosed, it’s suspected to be Snowflake, based on a report published by Hudson Rock.
Confirmed Data Breach Innomar Strategies
Innomar Strategies. This Canadian subsidiary of Cencora – a US drug distribution giant that was called AmerisourceBergen until last year. The breach data includes medical records.
Top Reported Known Exploitable Issues:
CVE-2024-4947, CVE-2024-5274 & CVE-2024-4761 | Google Chrome
Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris Larin. Type confusion vulnerabilities arise when a program attempts to access a resource with an incompatible type. It can have serious impacts as it allows threat actors to perform out-of-bounds memory access, cause a crash, and execute arbitrary code.
CVE-2024-4978 | Justice AV Solutions Viewer Setup
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.
CVE-2024-4610 | Arm Ltd Valhall GPU Kernel Driver
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.
CVE-2024-4577 | PHP Remote Code Execution
Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system. Following responsible disclosure on May 7, 2024, a fix for the vulnerability has been made available in PHP versions 8.3.8, 8.2.20, and 8.1.29.
