In recent news, threat actors have been exploiting zero-day vulnerabilities in popular software and browsers, including Cisco security appliances, Microsoft Sharepoint, and Google Chrome.
The first vulnerability, known as CVE-2024-20481, affects Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. This vulnerability allows an unauthenticated remote attacker to cause a denial of service (DoS) of the Remote Access VPN (RAVPN) service. Cisco has released fixes for this vulnerability, along with several others affecting the Cisco Secure Firewall Management Center (FMC) Software.
Interestingly, the attackers behind CVE-2024-20481 were found to have triggered the flaw while conducting password spraying attacks. This revelation comes from a report by Cisco Talos, which highlighted a growing trend of adversaries leveraging such attacks to gain unauthorized access.
Moving on to CVE-2024-38094, this vulnerability impacts Microsoft Sharepoint, a popular enterprise-grade solution for content management. The flaw allows an authenticated attacker with Site Owner permissions to inject arbitrary code and execute it within the context of Sharepoint Server. While Microsoft patched this vulnerability in July 2024, it has recently been added to the Known Exploited Vulnerabilities (KEV) catalog by the Cybersecurity and Infrastructure Security Agency (CISA).
Lastly, CVE-2024-4947 is a vulnerability in Google Chrome’s JavaScript engine that was exploited by North Korean threat actors. The attackers used a social engineering campaign through a fake tank game website to target individuals in the cryptocurrency space and infect them with a custom backdoor named “Manuscrypt”. Researchers at Kaspersky discovered this attack and promptly reported it to Google, who fixed the vulnerability.
In addition to CVE-2024-4947, the attackers also exploited a V8 sandbox bypass vulnerability to further compromise their targets. This additional security issue was reported and fixed by Google in March 2024.
Overall, these incidents highlight the ongoing challenges faced by organizations and individuals in securing their systems against sophisticated threat actors. It is crucial for software vendors to promptly release patches for identified vulnerabilities, and for users to remain vigilant against social engineering tactics used by malicious actors.