The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included six new security vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, citing clear indications of ongoing exploitation. This move emphasizes the necessity for organizations to remain vigilant and proactive in their cybersecurity measures.
Among the newly flagged vulnerabilities is CVE-2023-27524, which carries a critical CVSS score of 8.9. This high-severity flaw affects the Apache Superset, an open-source data visualization software. If exploited, it could allow attackers to run arbitrary code remotely, posing significant risks to data integrity and system security. This vulnerability was addressed in version 2.1 of the software.
The vulnerability first surfaced in April 2023, with security researcher Naveen Sunkavally from Horizon3.ai highlighting the extremely risky default configuration within Apache Superset. This configuration could enable unauthorized access, allowing attackers to execute remote code, collect credentials, and potentially compromise sensitive data.
At this point, it remains unclear how the vulnerability is being exploited in real-world scenarios. CISA has also identified five additional vulnerabilities that organizations should assess: CVE-2023-38203 and CVE-2023-29300, both related to Adobe ColdFusion and possessing CVSS scores of 9.8; CVE-2023-41990, a significant vulnerability in multiple Apple products with a score of 7.8; CVE-2016-20017, relating to command injection in D-Link DSL-2750B devices, rated at 9.8; and CVE-2023-23752, a Joomla! vulnerability with a lower severity score of 5.3.
Notably, CVE-2023-41990 was previously exploited in the sophisticated Operation Triangulation spyware attacks, targeting iOS devices through a meticulously crafted iMessage PDF attachment. It showcases how a single vulnerability can serve as a gateway for significant security breaches, invoking MITRE ATT&CK tactics such as initial access and execution to gain a foothold within targeted environments.
Given these emerging threats, CISA has recommended that Federal Civilian Executive Branch (FCEB) agencies implement patches for these vulnerabilities no later than January 29, 2024, aiming to fortify their defenses against ongoing cyber threats.
In an updated advisory released on January 16, Fortinet FortiGuard Labs reported a sustained critical level of attacks targeting Adobe ColdFusion, with intrusion prevention system (IPS) detections reaching over 50,000 unique instances, underlining the urgent need for organizations to review and enhance their cybersecurity postures.
For business owners, understanding these vulnerabilities and the potential tactics associated with them is essential. By leveraging frameworks like the MITRE ATT&CK matrix, organizations can better prepare against threats and refine their incident response strategies to mitigate risks effectively.
