Skip to Main Content

TrustedSec Tech Brief - Week of September 16, 2024

Get the scoop on the latest security news with this week's Tech Brief! Director of Security Intelligence Carlos Perez covers the seizure of Chinese tech spying network Flax Typhoon, CISA adding Ivanti CSA vuln to KEV, and vulnerabilities.

September 23, 2024
Watch now
Tech Brief

Welcome to the TrustedSec Tech Brief where we go over the top news for the week of September 16.

News:

U.S. and Allies Seize Control of Massive Chinese Tech Spying Network

The U.S. and allied countries seized control of a massive Chinese tech spying network called Flax Typhoon. The network consisted of 260,000 internet-connected devices, including cameras and routers, used for espionage. The operation targeted a botnet allegedly run by a Chinese government contractor, Integrity Technology Group.

https://www.washingtonpost.com/technology/2024/09/18/china-tech-spy-network/

CISA Adds Ivanti CSA vuln to KEV

Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability: Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Vulnerabilities:

VMware

CVE: CVE-2024-38812

Affected Product: VMware vCenter Server (versions 8.0 and 7.0)

CVSS: 9.8

POC: No

Exploited: No

Description: A critical heap-overflow vulnerability in the DCE/RPC protocol of VMware vCenter Server that could allow a malicious actor with network access to trigger remote code execution by sending a specially crafted network packet.

Link: https://nvd.nist.gov/vuln/detail/CVE-2024-38812

CVE: CVE-2024-38813

Affected Product: VMware vCenter Server (versions 8.0 and 7.0)

CVSS: 7.5

POC: No

Exploited: No

Description: A privilege escalation vulnerability in vCenter Server that could allow a malicious actor with network access to escalate privileges to root by sending a specially crafted network packet.

Link: https://nvd.nist.gov/vuln/detail/CVE-2024-38813

SolarWinds

CVE: CVE-2024-28991

Affected Product: SolarWinds Access Rights Manager (ARM)

CVSS: 8.8 (CVSS v3 Base Score)

POC: No

Exploited: No

Description: A remote code execution vulnerability in SolarWinds Access Rights Manager (ARM) that allows an authenticated user to abuse the service, resulting in remote code execution.

Link: https://nvd.nist.gov/vuln/detail/CVE-2024-28991