Cyble Research & Intelligence Labs (CRIL) recently released its weekly vulnerability report, which identified 154 vulnerabilities, including critical flaws in products from major companies like Microsoft, VMware, Veeam, and ASUS. Of these vulnerabilities, a staggering 126 were found in Siemens industrial control systems (ICS) products, raising concerns about the security of critical manufacturing infrastructure.
With approximately 25,000 new security vulnerabilities being discovered each year, the focus is on prioritizing the most significant threats and vulnerabilities. The Cyber Express has partnered with Cyble’s dark web and threat intelligence researchers to highlight the vulnerabilities that require immediate attention.
The report highlighted nine specific vulnerabilities, including critical and high-severity issues affecting VMware vCenter Server, ASUS routers, Veeam Recovery Orchestrator, Microsoft Outlook, Windows Wi-Fi Driver, and JetBrains GitHub Plugin. These vulnerabilities range from heap-overflow and privilege escalation flaws to authentication bypass and arbitrary firmware upload vulnerabilities, posing serious risks to organizations and individuals.
One critical vulnerability identified is the CVE-2024-30103, a remote code execution flaw in Microsoft Outlook that could be exploited by threat actors to target government and private entities. Similarly, the CVE-2024-30078 affecting Windows Wi-Fi Driver could allow threat actors to gain initial access to devices and install malware. The report also highlighted vulnerabilities in ASUS routers, VMware products, and JetBrains GitHub Plugin, showcasing the diverse range of security risks present in modern technologies.
Additionally, five vulnerabilities from the Cyble report were added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, including vulnerabilities in Android Pixel, Microsoft Windows error reporting service, Progress Telerik Report Server, Arm Mali GPU Kernel Driver, and PHP. These vulnerabilities have criticality scores ranging from 5.5 to 9.8, underscoring the importance of addressing them promptly to prevent exploitation.
Cyble’s comprehensive report provides detailed insights into these vulnerabilities, along with discussions on exploits found in the dark web, industrial control system intelligence, and cybersecurity defenses. Security analysts conducted scans of customer environments and identified over 2 million exposures to 13 of the vulnerabilities, emphasizing the widespread impact of these security issues.
To stay informed about the latest cybersecurity threats and vulnerabilities, organizations are encouraged to subscribe to the Weekly Vulnerability Intelligence Report by Cyble, powered by advanced AI-driven threat intelligence. By staying ahead of cyber threats, businesses can enhance their security posture and protect against evolving risks in the digital landscape.