Apple has released security updates for iOS, iPadOS, macOS, visionOS and the Safari web browser that address two Zero-Day vulnerabilities that are being actively exploited.

  • CVE-2024-44308 (CVSS score: 8.8) – Vulnerability in JavaScriptCore that could lead to arbitrary execution of code placed on a web page.
  • CVE-2024-44309 (CVSS score: 6.1) – A cookie management vulnerability in WebKit that could lead to a cross-site scripting (XSS) attack

Apple urges users not to delay updating their systems. Specifically, this is an update to iOS and iPadOS 18.1.1, macOS Sequoia 15.1.1.

More than 2,000 Palo Alto Networks devices have been hacked

More than 2,000 Palo Alto Networks devices are estimated to have been compromised in a campaign exploiting newly discovered security vulnerabilities.

CVE-2024-0012 (CVSS score: 9.3) and CVE-2024-9474 (CVSS score: 6.9), represent a combination of authentication bypass and privilege escalation. This combination of vulnerabilities could allow an attacker to perform configuration modifications and execute arbitrary code.

Cloud security company Wiz revealed that the number of exploit attempts increased dramatically after the PoC was released on November 19, 2024. Wiz also noted that attackers are exploiting these vulnerabilities to deploy web shells, C2 agents Sliver and crypto miners.

Critical RCE vulnerability in VMware vCenter Server is now being actively exploited

Broadcom has warned that attackers are exploiting two vulnerabilities in VMware vCenter Server, one of which allows attackers to execute code.

TZL security researchers reported an RCE vulnerability tracked as CVE-2024-38812 during the Chinese Matrix Cup 2024 hacking competition. The vulnerability is due to a weakness in the vCenter DCE/RPC protocol implementation.

The second vulnerability in vCenter Server, tracked as CVE-2024-38813, allows attackers to escalate privileges to root using a specially crafted network packet.

Broadcom recommends that customers apply the latest updates immediately.

Russian hackers deploy HATVIBE and CHERRYSPY malware in Europe and Asia

According to Recorded Future, a Russia-linked hacking group is conducting a cyber espionage campaign in Europe and Asia.

The company said in its Nov. 21 report that the group, which it tracks as TAG-110, uses its own malware to compromise government entities, human rights groups and educational institutions.

The researchers identified 62 unique victims that the TAG-110 group targeted.

The campaign, which reportedly began in July 2024, coincides with a CERT-UA report linking TAG-110 to the Russian-backed BlueDelta group (APT28).