U.S. Cybersecurity Agency Identifies 6 New Exploited Vulnerabilities
U.S. Cybersecurity Agency has identified six new exploited vulnerabilities. These vulnerabilities present a significant cybersecurity risk and malicious actors actively target them. The agency’s findings underscore the immediate need for mitigation and remediation to safeguard against potential cyber threats.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six new flaws to its Known Exploited Vulnerabilities catalog, (KEV)
Cybercriminals are actively exploiting these vulnerabilities. The newly added flaws consist of three vulnerabilities in Apple software, two flaws in VMware, and one weakness impacting Zyxel devices.
Attackers have utilized two zero-day exploits in Apple software, part of a cyber espionage campaign that began in 2019, enabling them to deploy spyware and execute malicious code.
Researchers have discovered an operation known as “Triangulation” that utilizes TriangleDB to gather a wide range of data from compromised devices.
This includes actions like manipulating files, stealing data, controlling processes, accessing iCloud Keychain credentials, and tracking the user’s location. The attack starts when the victim receives an iMessage with an attachment that triggers the payload automatically, requiring no interaction from the user. This exploit also known as a zero-click attack.
According to Kaspersky’s initial report, the attackers intentionally craft the malicious message to appear malformed and avoid detection. As a result, the message does not trigger any alerts or notifications for the user.
CVE-2023-32434 and CVE-2023-32435 are two of the iOS vulnerabilities exploited in the espionage attack. Another vulnerability, CVE-2022-46690, allowed a rogue app to execute arbitrary code with kernel privileges through an out-of-bounds write issue in IOMobileFrameBuffer. Apple addressed this vulnerability in December 2022 by improving input validation.
Kaspersky found that TriangleDB, the malicious tool used in the operation, contained unused features related to macOS and requested permissions for the device’s microphone, camera, and address book. Consequently, there is a possibility that attackers may exploit these unused features and permissions in the future.
Kaspersky initiated its investigation into Operation Triangulation earlier this year after detecting the compromise in its own enterprise network.
To protect their networks from potential threats, Federal Civilian Executive Branch (FCEB) agencies should apply vendor-provided patches.
Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding three vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 DNS software suite. This alert explicitly emphasizes the importance of promptly addressing these vulnerabilities to effectively maintain network security. The vulnerabilities, specifically identified as CVE-2023-2828, CVE-2023-2829, and CVE-2023-2911 (with CVSS scores of 7.5), possess the potential to be exploited remotely. If successfully exploited, these vulnerabilities enable attackers to unexpectedly terminate the named BIND9 service or exhaust the available memory on the host running named, ultimately resulting in a disruptive denial-of-service (DoS) condition.
The Internet Systems Consortium (ISC) has identified vulnerabilities in BIND9 for the second time within a span of less than six months, prompting them to release recent patches to address these vulnerabilities.
These vulnerabilities have the potential to cause denial-of-service (DoS) incidents and system failures. The timely issuance of these patches reflects the ongoing efforts by ISC to address and mitigate security concerns within the BIND9 software,for more