Recorded Future discloses new high-risk vulnerabilities
Intelligence company Recorded Future has released its monthly CVE Monthly report, revealing 18 out of the approximately 2,400 newly disclosed vulnerabilities in August 2023 had high-risk scores, and two of which are confirmed zero-day vulnerabilities affecting Microsoft and Ivanti products.
In the Recorded Future CVE Monthly August 2023 report, threat researchers have also highlighted the increased use of exploit chains also known as vulnerability chains by cyber criminals to enable greater success or impact of attacks on systems or devices.
Exploitation chaining was identified in recently patched vulnerabilities across Juniper Networks J-Web, where threat actors exploited four vulnerabilities to target Juniper EX switches and SRX firewalls, and enable remote code execution (RCE).
Maggie Coleman, Intelligence Analyst at Recorded Future's Insikt Group comments, "Combining multiple vulnerabilities into a chain of attack is not a new tactic used by cyber criminals but is an evolving tactic that Singaporean organisations need to be aware of."
"Rather than focusing on basic cybersecurity hygiene and best practices, organisations should instead identify and implement the right cybersecurity playbooks, processes, and tools to proactively protect their businesses, customers, and people."
"This proactiveness can be done through the quick identification and remediation of high-impact vulnerabilities before they can be exploited by threat actors."
The Recorded Future CVE monthly reports primarily analyses the top vulnerabilities disclosed across eight major software vendors Microsoft, Adobe, Oracle, Google, Apple, Apache, Linux and Cisco.
It includes the total number of vulnerabilities disclosed within the reporting period, the number of critical and zero-day vulnerabilities disclosed, the number of vulnerabilities actively exploited at the time of writing, and additional major trends and noteworthy vulnerabilities.
Some of the other key findings from the August 2023 report include the following:
- Microsoft continued to be the software vendor most consistently affected by actively exploited zero-day vulnerabilities, month-to-month.
- Microsoft patched 1 new zero-day vulnerability and released a Defence in Depth Update to fix a patch-bypass flaw affecting a vulnerability that was patched in July 2023 and previously exploited by RomCom to target guests of the July 2023 NATO Summit.
- Ivanti warned customers about a new, critical, authentication-bypass zero-day vulnerability, tracked as CVE-2023-38035, affecting its Sentry (formerly known as MobileIron Sentry) security product.
- CVE-2023-38035 was chained together with two previously disclosed vulnerabilities affecting Ivanti's Endpoint Manager Mobile (EPMM), tracked as CVE-2023-35078 (an authentication bypass flaw) and CVE-2023-35081 (a vulnerability that enables arbitrary file-write). CVE-2023-35078 and CVE-2023-35081 were patched in July 2023.