Velma’s KEV Report – May 2024

Whilst I don’t yet have the ability to track data breaches in the Rootshell platform watch this space I have some powerful useful supply chain monitoring capabilities on my roadmap.

I’m expecting POC exploit code to be available for issues addressed in this month’s Microsoft patch Update notably CVE-2024-30080 & CVE-2024-30078 so I would recommend patching these.

Top Reported Data Breaches:

Confirmed Data Breach Snowflake

Threat actors are actively compromising organizations’ Snowflake customer tenants by using stolen credentials obtained by infostealing malware and logging into databases that are configured with single-factor authentication. Snowflake is also urging organizations to enable multi-factor authentication (MFA) and limit network traffic only from trusted locations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), recommends organizations to follow the guidance outlined by Snowflake and hunt for signs of unusual activity and take steps to prevent unauthorized user access.

Confirmed Data Breach (LiveNation) TicketMaster

Description ShinyHunters, has since offered for sale a 1.3 TB database containing details of allegedly 560 million Ticketmaster customers for $500,000. Reported to include full names, addresses, email addresses, phone numbers, ticket sales and event information, and the last four digits of credit cards and their associated expiration dates. Ticketmaster’s parent Live Nation confirmed that it suffered a breach after its data was stolen from a third-party cloud database environment. Although the name of the provider was not disclosed, it’s suspected to be Snowflake, based on a report published by Hudson Rock.

Confirmed Data Breach Innomar Strategies

Innomar Strategies. This Canadian subsidiary of Cencora – a US drug distribution giant that was called AmerisourceBergen until last year. The breach data includes medical records.

Top Reported Known Exploitable Issues:

Here is the complete list of vulnerabilities for this month that we’ve updated within our platform, to be treated as a priority:

CVE-2024-4947, CVE-2024-5274 & CVE-2024-4761 | Google Chrome

Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris Larin. Type confusion vulnerabilities arise when a program attempts to access a resource with an incompatible type. It can have serious impacts as it allows threat actors to perform out-of-bounds memory access, cause a crash, and execute arbitrary code.

CVE-2024-4978 | Justice AV Solutions Viewer Setup

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.

CVE-2024-4610 | Arm Ltd Valhall GPU Kernel Driver

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.

CVE-2024-4577 | PHP Remote Code Execution

Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system. Following responsible disclosure on May 7, 2024, a fix for the vulnerability has been made available in PHP versions 8.3.8, 8.2.20, and 8.1.29.