Two significant security vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog following confirmed exploitation in the wild. The vulnerabilities include:
1. Adobe ColdFusion (CVE-2024-20767)
– Severity: 7.4 CVSS
– Impact: Unauthorized access to restricted files via admin panel
– Patch Status: Fixed in March 2024
2. Microsoft Windows Kernel-Mode Driver (CVE-2024-35250)
– Severity: 7.8 CVSS
– Affects: Microsoft Kernel Streaming Service
– Patch Status: Fixed in June 2024
FBI Alerts on HiatusRAT IoT Threats
The FBI has reported HiatusRAT campaigns targeting IoT devices, particularly:
– Affected Devices: Hikvision, D-Link, and Dahua cameras and DVRs
– Target Regions: US, Australia, Canada, New Zealand, UK
– Attack Methods: Vulnerability exploitation and password cracking
– Tools Used: Ingram and Medusa
Major DrayTek Router Campaign Uncovered
A significant ransomware operation targeting DrayTek Vigor routers has been identified:
– Scale: Over 20,000 devices affected
– Timeline: August-September 2023
– Threat Actors:
– Monstrous Mantis (Ragnar Locker)
– Ruthless Mantis (PTI-288)
– LARVA-15 (Wazawaka)
– Impact: Credential theft and ransomware deployment
– Ransomware Variants: RagnarLocker, Nokoyawa, RansomHouse, and Qilin
Federal agencies must implement patches by January 6, 2025, to protect their networks against these threats.