According to cybersecurity researchers, a loophole in llama_cpp_python python package tagged CVE-2024-34359 with a CVSS score of 9.7 could result in exploitation by threat actors. One of the reports by the researchers indicated, “If exploited, it could allow attackers to execute arbitrary code on your system, compromising data and operations.” Further in-depth review of the vulnerability revealed that “The exploitation of this vulnerability can lead to unauthorized actions by attackers, including data theft, system compromise, and disruption of operations.”
Fluent Bit Vulnerability Raises Security Alarm of Possible Dos Attack
A vulnerability tagged “Linguistic Lumberjack (CVE-2024-4323)” by Tenable Research observed in Fluent Bit, a famous logging and metrics utility, could aid threat actors in achieving a denial-of-service (DoS), remote code execution and information disclosure attack. Details about this vulnerability revealed it impacts the application’s version from 2.0.7 to 3.0.3. The vulnerability also entails memory corruption in the built-in HTTP server, which can promote the DoS, data leakage, and remote execution. One of the researchers, Jimi Sebree, explained, “Regardless of whether or not any traces are configured, it is still possible for any user with access to this API endpoint to query it.” Users are advised to upgrade to version 3.0.4.
CISA Warns About NextGen Healthcare Mirth Connect Attack
According to The United States Cybersecurity and Infrastructure Security Agency (CISA), there is active exploitation of a vulnerability tagged CVE-2023-43208with an unknown CVSS score found in NextGen Healthcare Mirth Connect, which is now added to the agency’s Known Exploited Vulnerabilities (KEV) catalogue. The organization also provided evidence of the exploitation. More details about the vulnerability revealed that it was about unauthenticated remote code execution that sprung from an incomplete patch of a previously discovered critical flaw tagged CVE-2023-37679 with a CVSS score of 9.8. According to Sunkavally, the flaw CVE-2023-43208 is “ultimately related to insecure usage of the Java XStream library for unmarshalling XML payloads.” Before this discovery, Microsoft also indicated noticing nation-state and cybercrime actors exploit several flaws in Mirth Connect (CVE-2023-37679, CVE-2023-43208), ConnectWise ScreenConnect (CVE-2024-1709, CVE-2024-1708), JetBrains TeamCity (CVE-2024-27198, CVE-2024-27199), and Fortinet FortiClient EMS (CVE-2023-48788) for initial access in Q1 2024. It is worth noting that CVE-2024-4947, a vulnerability impacting the Google Chrome browser, is now added to the KEV catalogue.
Microsoft Announces Deprecating NTLM in Windows 11
A report from Microsoft on Monday, 21st May 2024, confirmed the deprecation of NT LAN Manager in Windows 11 as part of a means to harden the operating system’s security. Some of the missing features in NTLM that led to the new development by the tech giant include a lack of support for cryptographic methods such as AES or SHA-256 and susceptibility to relay attacks. The tech giant explained that “Deprecating NTLM has been a huge ask from our security community as it will strengthen user authentication, and deprecation is planned in the second half of 2024.” The tech giant also explained new changes, including enabling Local Security Authority (LSA) protection by default for new consumer devices and securing Windows Hello technology using virtualization-based security (VBS).
