Exposures, Exposed! Weekly Round-up 
November 18 – November 24

Exposures, Exposed! Weekly Round-up November 18 – November 24

Welcome to XM Cyber’s “Exposures, Exposed!” highlighting the latest cyber breaches, vulnerabilities, and exposures that impact your digital world. This week, our experts have uncovered critical threats you can’t afford to miss. Read on to get the inside scoop on what’s putting your security at risk.


Google’s AI-Enhanced OSS-Fuzz Detects 26 New Vulnerabilities  

Google has reported that its OSS-Fuzz tool, now enhanced with artificial intelligence, uncovered 26 previously undiscovered vulnerabilities in open-source projects, including a two-decade-old flaw in the OpenSSL library. The improvements integrate large-language models (LLMs) to automate critical steps in fuzz target development and bug detection.  

Key upgrades include the ability to generate and fix fuzz targets, handle compilation issues, and triage crashes. These changes increased code coverage for 272 C/C++ projects, exposing vulnerabilities such as CVE-2024-9143, an out-of-bounds read/write flaw in OpenSSL that had gone unnoticed for 20 years.  

Google plans to further automate OSS-Fuzz, enabling it to independently report vulnerabilities and leverage additional debugging tools. The AI-powered framework has been open-sourced since January 2024, providing the public access to its usage guide and findings.  

The Takeaway: Developers should consider adopting AI-enhanced fuzzing tools to identify and mitigate software vulnerabilities. Learn more here.  


CISA Alerts Public to Critical ICS Vulnerabilities Nationwide  

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about critical vulnerabilities affecting industrial control systems (ICS) from major manufacturers, including Beckhoff Automation, Delta Electronics, and Bosch Rexroth. These flaws could enable cyberattacks on critical infrastructure sectors such as energy, manufacturing, and smart machine engineering.  

Beckhoff’s TwinCAT Package Manager was found to have an OS command injection flaw (CVE-2024-8934) allowing local attackers to execute malicious commands. Users are urged to update to version 1.0.613.0.  

Delta Electronics’ DIAScreen vulnerabilities (CVE-2024-47131, CVE-2024-39605, CVE-2024-39354) allow remote code execution via malicious files. The latest version 1.5.0 addresses these issues.  

Bosch Rexroth’s IndraDrive devices are vulnerable to denial-of-service (CVE-2024-48989) attacks through specially crafted UDP messages. While no patch exists, isolating devices is recommended.  

The Takeaway: Organizations must update affected ICS equipment and implement CISA’s security practices. Learn more here.  


CISA Warns of Exploited Palo Alto Vulnerabilities in Expedition  

The Cybersecurity and Infrastructure Security Agency (CISA) has added two actively exploited vulnerabilities in Palo Alto Networks Expedition software to its Known Exploited Vulnerabilities catalog. These flaws—CVE-2024-9463 (CVSS 9.9) and CVE-2024-9465 (CVSS 9.3)—allow unauthenticated attackers to execute OS commands or access sensitive database contents, potentially exposing usernames, passwords, and firewall configurations.  

Federal Civilian Executive Branch agencies must apply patches by December 5, 2024, as part of mitigation efforts. Palo Alto Networks addressed the vulnerabilities in an October 9, 2024 update and confirmed active exploitation reports.  

Additionally, the company disclosed another unauthenticated remote command execution vulnerability affecting firewall management interfaces exposed to the internet. Fixes and threat prevention signatures are being prepared.  

The Takeaway: Organizations using Expedition software should apply all available security updates and restrict internet-facing firewall interfaces. Learn more here.  


Apple Patches Two Zero-Day Vulnerabilities in macOS  

Apple has released patches for two zero-day vulnerabilities in macOS Sequoia (version 15.1.1), tracked as CVE-2024-44308 and CVE-2024-44309. Discovered by Google’s Threat Analysis Group (TAG), these flaws were reportedly exploited in the wild, specifically on Intel-based Mac systems.  

CVE-2024-44308, found in JavaScriptCore, allowed arbitrary code execution via malicious webpages. CVE-2024-44309, a WebKit cookie-related flaw, enabled cross-site scripting attacks. Apple addressed these vulnerabilities through improved checks and state management.  

While Apple provided limited details, researchers suspect these attacks were part of targeted campaigns. Experts also noted a broader rise in macOS attacks, with cybercriminals increasingly exploiting corporate reliance on macOS devices. Organizations are advised to remain vigilant, as macOS is no longer immune to malware.  

The Takeaway: Update all Apple devices immediately to mitigate these vulnerabilities. Learn more here.  


Multiple Vulnerabilities in Ubuntu Utility Allow Root Access  

Researchers from the Qualys Threat Research Unit have disclosed multiple security vulnerabilities in the needrestart package, a default component in Ubuntu Server since version 21.04. The flaws, which enable local attackers to gain root privileges, have existed since the introduction of interpreter support in needrestart 0.8, released in 2014.  

Five vulnerabilities (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003) were identified, allowing attackers to execute arbitrary code by exploiting Python and Ruby interpreter settings or manipulating a Perl module. Ubuntu has patched the issues in needrestart version 3.8.  

While downloading the latest updates is strongly recommended, users can temporarily disable interpreter scanners in the needrestart configuration file as a workaround until patches are applied.  

The Takeaway: Update needrestart to the latest version immediately to prevent privilege escalation attacks. Learn more here.  


Critical Vulnerabilities Found in Mongoose Web Server Library  

Nozomi Networks has identified 10 critical vulnerabilities in the Mongoose Web Server Library (version 7.14), specifically in its TLS implementation. These flaws, exploitable through malicious TLS packets, can lead to denial-of-service (DoS) attacks or device crashes, posing significant risks to embedded and IoT devices. Cesanta, the developer of Mongoose, has released version 7.15 to address these vulnerabilities.  

Mongoose, widely used in devices from organizations like Siemens and NASA, enables secure communication with minimal resource usage. However, Nozomi’s analysis revealed that its TLS functions were excluded from automated testing pipelines, leaving them vulnerable. Exploitation of flaws such as CVE-2024-42386 and CVE-2024-42384 could cause severe disruption in critical environments, including healthcare and industrial automation.  

The Takeaway: Nozomi recommends all users immediately update to version 7.15 to prevent potential attacks. Learn more here.  


D-Link Warns of Critical Vulnerability in Discontinued Routers  

D-Link has issued an alert about a remote code execution (RCE) vulnerability impacting six discontinued router models: DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, and DSR-1000N. The issue, caused by a buffer overflow, allows remote, unauthenticated attackers to execute arbitrary code.  

Since these routers have reached End of Life (EOL) status, D-Link will not release a patch. The company advises affected users to replace their devices with newer models. For US users, D-Link is offering a discounted upgrade option.  

D-Link credited security researcher “delsploit” for discovering the flaw but provided no technical details. The advisory comes after reports of similar vulnerabilities in discontinued D-Link products being exploited shortly after disclosure.  

The Takeaway: Replace unsupported D-Link routers immediately to mitigate security risks. Learn more here.  


That’s all for this week – have any exposures to add to our list? Let us know!




Read our latest blog "The 3 Key Ingredients to Getting CTEM Right:


To view or add a comment, sign in

More articles by XM Cyber

Explore topics