Early Warning Alerts

CVE-2024-1212 is a critical security vulnerability identified in Progress Kemp LoadMaster, a widely used load balancer and application delivery controller.

Armis examines Salt Typhoon, a sophisticated Chinese state-sponsored threat actor that has conducted high-profile cyberespionage campaigns targeting U.S. telecommunications providers and political communication systems. Known for its stealthy techniques and ties to the Ministry of State Security, this group exemplifies the escalating risks posed to critical infrastructure by advanced persistent threats.

CVE-2021-41277 is a Local File Inclusion (LFI) vulnerability discovered in the GeoJSON API of Metabase, a widely used open-source business intelligence and analytics platform.

Armis dives into the 15 most exploited vulnerabilities reported by CISA, providing an overview of each CVE, and offering insights into the types of attacks, exploitation patterns, and how long they’ve been active.

CVE-2024-40711 is a critical remote code execution vulnerability affecting Veeam Backup & Replication (VBR) servers, which attackers are actively exploiting in ransomware attacks.

CVE-2019-1069, also known as the Task Scheduler Elevation of Privilege Vulnerability, was identified in Microsoft Windows Task Scheduler.

The exploit requires 10,000 attempts and specific conditions related to the GNU C Library (glibc), making widespread exploitation unlikely.

This is an easily exploitable unauthenticated remote code execution vulnerability affecting NextGen HealthCare’s Mirth Connect data integration platform.

JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.

Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability.

Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature.

Microsoft Windows Print Spooler service contains a privilege escalation vulnerability.

CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS).

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.

Check Point Quantum Security Gateways contains an unspecified information disclosure vulnerability.

Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.

Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability.

CVE-2016-3714 is a critical vulnerability in ImageMagick that allows remote code execution due to insufficient input filtering. ImageMagick is a popular software suite for creating, editing, and converting bitmap images.

CrowdStrike is actively working with customers impacted by the defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.