Cybersecurity Updates: Vulnerabilities, 7/28-8/4

High Severity Vulnerabilities

Apple Security Updates | Multiple CVEs: Apple released patches for multiple vulnerabilities across its ecosystem, including iOS, macOS, tvOS, visionOS, watchOS, and Safari. Specific CVEs were not detailed, but the updates address several critical security issues​

Nvidia AI and Networking Products | CVE-2024-0108: Nvidia has patched several high-severity vulnerabilities in its AI, networking, and other products, including Jetson, Mellanox OS, OnyX, Skyway, and MetroX. These vulnerabilities could potentially lead to remote code execution and other critical impacts.

Medium Severity Vulnerabilities

ServiceNow Exploits | CVE-2024-4879, CVE-2024-5217: Threat actors have begun exploiting newly disclosed vulnerabilities in ServiceNow, soon after public disclosure. These vulnerabilities, while not classified as critical, pose significant risks if left unaddressed.

BIND Denial-of-Service | CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076: Recent updates to BIND address several high-severity denial-of-service (DoS) vulnerabilities that can be exploited remotely. These vulnerabilities can disrupt the normal operations of DNS servers​.

Low Severity Vulnerabilities

Twilio Authy Exploit | CVE-2024-39891: This vulnerability in Twilio Authy has been exploited to disclose phone number data. While the immediate impact may be limited, the potential for phishing and social engineering attacks increases significantly​.

GENERAL RECOMMENDATIONS

Regular Updates: Ensure all software and systems are regularly updated to patch known vulnerabilities.

Vulnerability Management: Prioritize timely remediation of vulnerabilities listed in CISA’s Known Exploited Vulnerabilities Catalog.

Security Audits: Conduct regular security audits to identify and mitigate potential vulnerabilities within your systems and applications.