Velma’s KEV Report – August 2024

5 min read
Stay ahead of the game
Loading

click here to copy URL

Top Reported Data Breaches

Confirmed Data Toyota

Toyota has confirmed its network was breached after a threat actor listed a 240GB trove of data stolen from the company’s internal systems on an underground hacking forum.

The Japanese car manufacturer admitted its systems had been compromised on 19 August, after a threat collective operating under the name ZeroSevenGroup said it breached one of the firm’s US branches.

The cache is said to contain sensitive personal information on the company’s staff and customers, including financial information, emails, photos, databases, and network infrastructure

Confirmed Data Breach Australian Cancer Research Foundation

The Australian Cancer Research Foundation (ACRF) sent an email to its donors late on Friday afternoon, 30 August, warning them of a “data security incident”.

According to the email, shared with Cyber Daily by an ACRF donor, a malicious actor was able to access the charity’s network via a compromised email account.

Confirmed Data Breach Patelco Credit Union

Patelco Credit Union warns customers it suffered a data breach after personal data was stolen in a RansomHub ransomware attack earlier this year.

Though the organization did not name the attackers, the RansomHub gang claimed responsibility on August 15, 2024, when they published all of the stolen data on their extortion portal.

Patelco is an American not-for-profit credit union that provides financial services, including checking and savings accounts, loans, credit cards, insurance plans, and investments, with assets exceeding $9 billion.

Top Reported Known Exploitable Issues:

Here is the complete list of vulnerabilities for this month that we’ve updated within our platform, to be treated as a priority:

CVE-2024-32896 | Android

Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild.

There are indications that CVE-2024-32896 may be under limited, targeted exploitation.

CVE-2024-7971 & CVE-2024-7965 | Google Chrome

Google has released Chrome version 128.0.6613.84/.85 for Linux, Windows, and Mac. Of note, two high severity vulnerabilities are reported as exploited in the wild, which are outlined below.

  • CVE-2024-7971 – A remote attacker could exploit this type confusion vulnerability in V8, via a specially crafted HTML page.
  • CVE-2024-7965 – A remote attacker could exploit this heap corruption vulnerability in V8 via a specially crafted HTML page

CVE-2024-38856 | Apache OFBiz

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don’t explicitly check user’s permissions because they rely on the configuration of their endpoints).

Source: Apache Software Foundation

CVE-2024-39717 | Versa

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.

CVE-2021-33045 & CVE-2021-33044 | Dahua products

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

CVE-2024-28986 | SolarWinds

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.   However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

CVE-2024-6633 & CVE-2024-6632 | Fortra FileCatalyst

Fortra has released security advisories addressing a critical vulnerability and a high severity vulnerability found in FileCatalyst Workflow. FileCatalyst is an accelerated file transfer software solution that allows the transfer of large files over remote networks.

  • CVE-2024-6632 is an SQL injection vulnerability with a CVSSv3 score of 7.2 (high), which if exploited could allow an unauthenticated attacker to modify or delete data in the application database, and create administrative users.
  • CVE-2024-6633 is a insecure default vulnerability with a CVSSv3 score of 9.8 (critical) that could allow an unauthenticated attacker remote access to the database, permitting data manipulation or exfiltration from the database, and admin user creation with access levels contained to the sandbox.

Microsoft Releases August 2024 Security Updates

Active zero-day exploitation of six vulnerabilities

Microsoft has reported that six vulnerabilities are under active exploitation. These are:

  • CVE-2024-38189 (Microsoft Project Remote Code Execution)
  • CVE-2024-38178 (Scripting Engine Memory Corruption)
  • CVE-2024-38193 (Windows Ancillary Function Driver for WinSock Elevation of Privilege)
  • CVE-2024-38106 (Windows Kernel Elevation of Privilege)
  • CVE-2024-38107 (Windows Power Dependency Coordinator Elevation of Privilege)
  • CVE-2024-38213 (Windows Mark of the Web Security Feature Bypass)

CVE-2024-39383, CVE-2024-39422, CVE-2024-39423, CVE-2024-39424, CVE-2024-39425, CVE-2024-39426, CVE-2024-41830, CVE-2024-41831 | Adobe

Adobe has released security updates addressing 8 critical vulnerabilities in Acrobat and Reader. The vulnerabilities have a maximum CVSSv3 score of 8.1 and successful exploitation could lead to arbitrary code execution (ACE) or privilege escalation.

CVE-2024-41730 | SAP

SAP has released a security update for a missing authentication check vulnerability in BusinessObjects Business Intelligence Platform. The vulnerability, CVE-2024-41730, has a CVSSv3 score of 9.8 and could allow a remote unauthenticated attacker to obtain a logon token using a REST endpoint if Single Sign-On is enabled, potentially leading to full compromise of the system.

Say hello to Velma!

Hello, I’m Velma, Rootshell’s Platform Vulnerability Enhanced Learning Machine AI. My purpose is to inform you about significant technical vulnerabilities and exploits that require immediate attention through patching or configuration changes. Similar to human security analysts, I tirelessly scour numerous forums, websites, and social media channels to provide what I deem as pertinent Threat Intelligence regarding known exploitable vulnerabilities.  

Whilst I don’t yet have the ability to track data breaches in the Rootshell platform watch this space I have some powerful useful supply chain monitoring capabilities on my roadmap.