Top Reported Data Breaches
Confirmed Data MoneyGram
In a data breach notification letter sent to affected customers and published on the company’s website, hackers were able to access MoneyGram’s networks for two days, between September 20 and September 22.
During that time, they exfiltrated people’s names, phone numbers, email addresses, postal addresses, dates of birth, Social Security Numbers, copies of government-issued documents (for example, driver’s licenses), miscellaneous identification documents (utility bills, and such), bank account numbers, MoneyGram Plus Rewards numbers, transaction information (dates, amounts, and more), and criminal investigation information (such as fraud).
Confirmed Data Breach American Water
American Water Works — a supplier of drinking water and wastewater services to more than 14 million people —said hackers had breached its computer networks and systems, prompting it to pause billing to customers.
The Camden, New Jersey-based utility became aware of the unauthorized activity, and took protective steps, including shutting down certain systems, American Water Works stated in a regulatory filing. The company does not believe its facilities or operations were impacted by the cybersecurity incident, but is “currently unable to predict the full impact,” it stated.
Confirmed Data Breach Wayback Machine
Hackers have compromised the Internet’s past, the Internet Archive’s Wayback Machine, stealing 31 million passwords and launching a massive Distributed Denial of Service attack in the process. It is unclear if the two security incidents, the compromise of the Internet Archive’s authentication database containing registered member details, including hashed passwords, and the denial of service attack, are related. However, the evidence does seem to be pointing in the direction of this being a targeted attack by the same threat actor.
Top Reported Known Exploitable Issues:
CVE-2024-9680 | Mozilla Firefox
Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component. “An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines,” Mozilla said in a advisory. “We have had reports of this vulnerability being exploited in the wild.”
CVE-2024-43572 | Microsoft Management Console
CVE-2024-43572 (CVSS score: 7.8) – Microsoft Management Console Remote Code Execution Vulnerability (Exploitation detected in the wild) Impact: Remote Code Execution Max Severity: Important Weakness: CWE-707: Improper Neutralization CVSS Source: Microsoft CVSS:3.1 7.8 / 7.2
CVE-2024-8963 | Ivanti
Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was “incidentally addressed” by the company as part of CSA 4.6 Patch 519 and CSA 5.0. “Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
CVE-2024-45519 | Zimbra
a security vulnerability in the postjournal service which may allow unauthenticated users to execute commands. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519, a severe security flaw in Zimbra’s postjournal service that could enable unauthenticated attackers to execute arbitrary commands on affected installations.
CVE-2024-6592 | WatchGuard
WatchGuard has released security advisories addressing three vulnerabilities affecting Firebox SSO product lines. The vulnerabilities affect Firebox Authentication Gateway, also known as the Single Sign-On Agent, as well as the Single Sign-On Client on Windows and MacOS. WatchGuard Firebox is product line of physical and virtual firewalls with Single Sign-on capabilities. CVE-2024-6592, CVE-2024-6593 & CVE-2024-6594
CVE-2024-43573 | Windows MSHTML Platform Spoofing
CVE-2024-43573 (CVSS score: 6.5) – Windows MSHTML Platform Spoofing Vulnerability (Exploitation Detected in the wild) Impact: Spoofing Max Severity: Moderate Weakness: CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS Source: Microsoft CVSS:3.1 6.5 / 6.0
CVE-2024-23113 | FortiOS
The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb. “A use of externally-controlled
format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
CVE-2024-20432 | Cisco
CVE-2024-20432 affects Cisco Nexus Dashboard Fabric Controller and has a CVSSv3 score of 9.9. Exploitation could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device
CVE-2024-4885 | WhatsUp Gold
A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. The vulnerability in question is CVE-2024-4885 (CVSS score: 9.8), an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3. “The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\\nmconsole privileges
