{"id":307,"date":"2024-08-05T17:44:16","date_gmt":"2024-08-05T17:44:16","guid":{"rendered":"https:\/\/danefenner.com\/?p=307"},"modified":"2024-08-12T14:23:12","modified_gmt":"2024-08-12T14:23:12","slug":"cybersecurity-updates-vulnerabilities-7-28-8-4","status":"publish","type":"post","link":"https:\/\/danefenner.com\/?p=307","title":{"rendered":"Cybersecurity Updates: Vulnerabilities, 7\/28-8\/4"},"content":{"rendered":"\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-layout-2 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-layout-1 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<h3 class=\"wp-block-heading\"><strong><mark style=\"background-color:#cf2e2e\" class=\"has-inline-color\">Critical Severity Vulnerabilities<\/mark><\/strong><\/h3>\n\n\n\n<p><strong>VMware ESXi Flaw Exploitation | <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-27085\">CVE-2024-27085<\/a><\/strong>: Ransomware gangs have been exploiting this recently patched VMware ESXi vulnerability. Although VMware did not initially report in-the-wild exploitation, Microsoft has confirmed its active abuse by threat actors\u200b. <\/p>\n\n\n\n<p><strong>Docker AuthZ Plugin Bypass | <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-41110\">CVE-2024-41110<\/a><\/strong>: A critical vulnerability in <a href=\"https:\/\/docs.docker.com\/engine\/extend\/plugins_authorization\/\">Docker&#8217;s authorization plugin<\/a>, originally discovered in 2018, has resurfaced. This flaw allows for a complete bypass of the authorization mechanism, leading to potential unauthorized access and control\u200b. <\/p>\n\n\n\n<p><strong>Ivanti Connect Secure Exploits<\/strong> |<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-21888\"> <strong>CVE-2024-21888<\/strong><\/a>: Privilege escalation vulnerabilities in Ivanti Connect Secure and Policy Secure gateways are being actively exploited by threat actors. These vulnerabilities allow attackers to gain elevated privileges and implant web shells, leading to potential full domain compromise\u200b.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-layout-3 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<h4 class=\"wp-block-heading\"><strong><mark style=\"background-color:#f89d9d\" class=\"has-inline-color\">High Severity Vulnerabilities<\/mark><\/strong><\/h4>\n\n\n\n<p><strong>Apple Security Updates<\/strong> | <strong>Multiple CVEs<\/strong>: Apple released patches for multiple vulnerabilities across its ecosystem, including iOS, macOS, tvOS, visionOS, watchOS, and Safari. Specific CVEs were not detailed, but the updates address several critical security issues\u200b<\/p>\n\n\n\n<p><strong>Nvidia AI and Networking Products | CVE-2024-0108<\/strong>: Nvidia has patched several high-severity vulnerabilities in its AI, networking, and other products, including Jetson, Mellanox OS, OnyX, Skyway, and MetroX. These vulnerabilities could potentially lead to remote code execution and other critical impacts.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<h4 class=\"wp-block-heading\"><strong><mark style=\"background-color:#fcb900\" class=\"has-inline-color\">Medium Severity Vulnerabilities<\/mark><\/strong><\/h4>\n\n\n\n<p><strong>ServiceNow Exploits | CVE-2024-4879, CVE-2024-5217<\/strong>: Threat actors have begun exploiting newly disclosed vulnerabilities in ServiceNow, soon after public disclosure. These vulnerabilities, while not classified as critical, pose significant risks if left unaddressed.<\/p>\n\n\n\n<p><strong>BIND Denial-of-Service <\/strong>| <strong>CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076<\/strong>: Recent updates to BIND address several high-severity denial-of-service (DoS) vulnerabilities that can be exploited remotely. These vulnerabilities can disrupt the normal operations of DNS servers\u200b.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<h4 class=\"wp-block-heading\"><strong><mark style=\"background-color:#ffed65\" class=\"has-inline-color\">Low Severity Vulnerabilities<\/mark><\/strong><\/h4>\n\n\n\n<p><strong>Twilio Authy Exploit | CVE-2024-39891<\/strong>: This vulnerability in Twilio Authy has been exploited to disclose phone number data. While the immediate impact may be limited, the potential for phishing and social engineering attacks increases significantly\u200b.<\/p>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-layout-4 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<h3 class=\"wp-block-heading\"><strong><mark style=\"background-color:#00b41b\" class=\"has-inline-color has-black-color\">GENERAL RECOMMENDATIONS<\/mark><\/strong><\/h3>\n\n\n\n<p><strong>Regular Updates:<\/strong> Ensure all software and systems are regularly updated to patch known vulnerabilities.<\/p>\n\n\n\n<p><strong>Vulnerability Management:<\/strong> Prioritize timely remediation of vulnerabilities listed in CISA\u2019s Known Exploited Vulnerabilities Catalog.<\/p>\n\n\n\n<p><strong>Security Audits:<\/strong> Conduct regular security audits to identify and mitigate potential vulnerabilities within your systems and applications.<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Critical Severity Vulnerabilities VMware ESXi Flaw Exploitation | CVE-2024-27085: Ransomware gangs have been exploiting this recently patched VMware ESXi vulnerability. Although VMware did not initially report in-the-wild exploitation, Microsoft has confirmed its active abuse by threat actors\u200b. Docker AuthZ Plugin Bypass | CVE-2024-41110: A critical vulnerability in Docker&#8217;s authorization plugin, originally discovered in 2018, has [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":308,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[1],"tags":[17,6,18,14,15,13,16,12],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cybersecurity Updates: Vulnerabilities, 7\/28-8\/4 - Dane Fenner<\/title>\n<meta name=\"description\" content=\"Dane Fenner summarizes this week&#039;s cybersecurity updates and vulnerabilities.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/danefenner.com\/?p=307\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybersecurity Updates: Vulnerabilities, 7\/28-8\/4 - Dane Fenner\" \/>\n<meta property=\"og:description\" content=\"Dane Fenner summarizes this week&#039;s cybersecurity updates and vulnerabilities.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/danefenner.com\/?p=307\" \/>\n<meta property=\"og:site_name\" content=\"Dane Fenner\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-05T17:44:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-12T14:23:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Maria Yap\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Maria Yap\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/danefenner.com\/?p=307\",\"url\":\"https:\/\/danefenner.com\/?p=307\",\"name\":\"Cybersecurity Updates: Vulnerabilities, 7\/28-8\/4 - Dane Fenner\",\"isPartOf\":{\"@id\":\"https:\/\/danefenner.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/danefenner.com\/?p=307#primaryimage\"},\"image\":{\"@id\":\"https:\/\/danefenner.com\/?p=307#primaryimage\"},\"thumbnailUrl\":\"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation.jpg\",\"datePublished\":\"2024-08-05T17:44:16+00:00\",\"dateModified\":\"2024-08-12T14:23:12+00:00\",\"author\":{\"@id\":\"https:\/\/danefenner.com\/#\/schema\/person\/f79cd022251218532e74bcb12983a882\"},\"description\":\"Dane Fenner summarizes this week's cybersecurity updates and vulnerabilities.\",\"breadcrumb\":{\"@id\":\"https:\/\/danefenner.com\/?p=307#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/danefenner.com\/?p=307\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/danefenner.com\/?p=307#primaryimage\",\"url\":\"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation.jpg\",\"contentUrl\":\"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"Cybersecurity News\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/danefenner.com\/?p=307#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/danefenner.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Updates: Vulnerabilities, 7\/28-8\/4\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/danefenner.com\/#website\",\"url\":\"https:\/\/danefenner.com\/\",\"name\":\"Dane Fenner\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/danefenner.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/danefenner.com\/#\/schema\/person\/f79cd022251218532e74bcb12983a882\",\"name\":\"Maria Yap\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/danefenner.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9c6ec2a4c531e381d8e429104aaee3d0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9c6ec2a4c531e381d8e429104aaee3d0?s=96&d=mm&r=g\",\"caption\":\"Maria Yap\"},\"sameAs\":[\"http:\/\/mavenbymaria.com\"],\"url\":\"https:\/\/danefenner.com\/?author=2\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cybersecurity Updates: Vulnerabilities, 7\/28-8\/4 - Dane Fenner","description":"Dane Fenner summarizes this week's cybersecurity updates and vulnerabilities.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/danefenner.com\/?p=307","og_locale":"en_US","og_type":"article","og_title":"Cybersecurity Updates: Vulnerabilities, 7\/28-8\/4 - Dane Fenner","og_description":"Dane Fenner summarizes this week's cybersecurity updates and vulnerabilities.","og_url":"https:\/\/danefenner.com\/?p=307","og_site_name":"Dane Fenner","article_published_time":"2024-08-05T17:44:16+00:00","article_modified_time":"2024-08-12T14:23:12+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation.jpg","type":"image\/jpeg"}],"author":"Maria Yap","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Maria Yap","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/danefenner.com\/?p=307","url":"https:\/\/danefenner.com\/?p=307","name":"Cybersecurity Updates: Vulnerabilities, 7\/28-8\/4 - Dane Fenner","isPartOf":{"@id":"https:\/\/danefenner.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/danefenner.com\/?p=307#primaryimage"},"image":{"@id":"https:\/\/danefenner.com\/?p=307#primaryimage"},"thumbnailUrl":"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation.jpg","datePublished":"2024-08-05T17:44:16+00:00","dateModified":"2024-08-12T14:23:12+00:00","author":{"@id":"https:\/\/danefenner.com\/#\/schema\/person\/f79cd022251218532e74bcb12983a882"},"description":"Dane Fenner summarizes this week's cybersecurity updates and vulnerabilities.","breadcrumb":{"@id":"https:\/\/danefenner.com\/?p=307#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/danefenner.com\/?p=307"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/danefenner.com\/?p=307#primaryimage","url":"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation.jpg","contentUrl":"https:\/\/danefenner.com\/wp-content\/uploads\/2024\/08\/Black-and-Violet-Dark-Professional-Real-Estate-Weekly-Team-Updates-Presentation.jpg","width":1920,"height":1080,"caption":"Cybersecurity News"},{"@type":"BreadcrumbList","@id":"https:\/\/danefenner.com\/?p=307#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/danefenner.com\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Updates: Vulnerabilities, 7\/28-8\/4"}]},{"@type":"WebSite","@id":"https:\/\/danefenner.com\/#website","url":"https:\/\/danefenner.com\/","name":"Dane Fenner","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/danefenner.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/danefenner.com\/#\/schema\/person\/f79cd022251218532e74bcb12983a882","name":"Maria Yap","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/danefenner.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/9c6ec2a4c531e381d8e429104aaee3d0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9c6ec2a4c531e381d8e429104aaee3d0?s=96&d=mm&r=g","caption":"Maria Yap"},"sameAs":["http:\/\/mavenbymaria.com"],"url":"https:\/\/danefenner.com\/?author=2"}]}},"_links":{"self":[{"href":"https:\/\/danefenner.com\/index.php?rest_route=\/wp\/v2\/posts\/307"}],"collection":[{"href":"https:\/\/danefenner.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/danefenner.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/danefenner.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/danefenner.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=307"}],"version-history":[{"count":5,"href":"https:\/\/danefenner.com\/index.php?rest_route=\/wp\/v2\/posts\/307\/revisions"}],"predecessor-version":[{"id":325,"href":"https:\/\/danefenner.com\/index.php?rest_route=\/wp\/v2\/posts\/307\/revisions\/325"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/danefenner.com\/index.php?rest_route=\/wp\/v2\/media\/308"}],"wp:attachment":[{"href":"https:\/\/danefenner.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/danefenner.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/danefenner.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}