On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog by adding three security flaws, highlighting the urgent need for businesses to address vulnerabilities currently being exploited in the wild.

The newly identified vulnerabilities include CVE-2023-28432, a significant information disclosure issue affecting MinIO, which has a CVSS score of 7.5; CVE-2023-27350, a critical improper access control vulnerability in PaperCut MF/NG, with a CVSS score of 9.8; and CVE-2023-2136, a yet-to-be-scored integer overflow vulnerability in Google Chrome’s Skia graphics library.

MinIO maintainers have raised alarms over CVE-2023-28432, noting that in cluster deployments, the software may inadvertently expose sensitive environment variables, including the MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD. Recent data from GreyNoise indicates that approximately 18 unique malicious IP addresses across the U.S., Netherlands, France, Japan, and Finland have sought to exploit this vulnerability over the past month.

The implications are concerning. As noted in a recent alert by GreyNoise, an implementation example provided by OpenAI for developers using ChatGPT was found to depend on an older version of MinIO that is vulnerable to CVE-2023-28432. GreyNoise’s cybersecurity expert Matthew Remacle emphasized the importance of robust security practices as developers adopt new integrations that may inadvertently introduce risks.

Additionally, the PaperCut vulnerability has drawn attention due to its potential for remote code execution, allowing unauthorized actors to bypass authentication measures and execute arbitrary code. PaperCut’s developers addressed this critical flaw on March 8, 2023, in their updates to the software, yet the threat remains prevalent as unpatched servers continue to be exploited.

Recent analyses from Arctic Wolf revealed active intrusion activities connected to the unpatched PaperCut servers, showcasing how attackers leverage vulnerabilities to gain a foothold within targeted systems. The exploitation of such vulnerabilities illustrates not only the risks posed by unpatched software but also highlights tactics utilized by adversaries, such as initial access and privilege escalation, as defined in the MITRE ATT&CK framework.

Lastly, the ongoing exploitation of the Google Chrome vulnerability linked to Skia demonstrates that even widely-used applications are not immune to threats. This particular flaw allows for sandbox escapes via specially crafted HTML files, broadening the attack surface for potential intrusions.

In light of these developments, federal agencies within the U.S. have been advised to remediate the identified vulnerabilities by May 12, 2023, to safeguard their networks against these ongoing threats. Business owners and IT security professionals are urged to prioritize patching and preventive measures to fortify their defenses against the modern cyber threat landscape.