The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog, adding two significant security vulnerabilities linked to active exploitation. These vulnerabilities highlight persistent risks for organizations, particularly those within the federal sphere, and underscore the importance of timely mitigation strategies.
The first vulnerability, identified as CVE-2012-4792, pertains to a critical use-after-free flaw in Microsoft Internet Explorer, carrying a CVSS score of 9.3. This flaw, which has been around for a decade, could allow remote attackers to execute arbitrary code by directing users to maliciously crafted websites. Notably, this vulnerability was previously exploited in December 2012 during sophisticated watering hole attacks that targeted the Council on Foreign Relations (CFR) and Capstone Turbine Corporation. While it is unclear if there have been renewed attempts to exploit this flaw, its historical usage warrants attention from cybersecurity professionals.
The second vulnerability, CVE-2024-39891, has a CVSS score of 5.3 and relates to an information disclosure issue in Twilio’s Authy authentication service. This vulnerability exists in an unauthenticated endpoint capable of responding to requests associated with specific phone numbers, thereby revealing if they are registered with Authy. Earlier this month, Twilio acknowledged the issue after threat actors exploited it to expose sensitive information tied to Authy accounts. Responsive measures were implemented in versions 25.1.0 for Android and 26.1.0 for iOS.
CISA has emphasized that vulnerabilities of this nature frequently serve as entry points for malicious cyber actors, representing significant threats to federal agencies and their networks. In line with this advisory, all Federal Civilian Executive Branch (FCEB) organizations are mandated to remediate these vulnerabilities by August 13, 2024, to safeguard their systems against ongoing risks.
Business owners must be aware of the tactics that may have been employed in these attacks as identified by the MITRE ATT&CK framework. Potential tactics include initial access, where attackers exploit vulnerabilities to penetrate systems, as well as remote code execution techniques that enable them to execute malicious commands from afar. Additionally, the information disclosure aspect of the Twilio vulnerability could involve reconnaissance tactics, enabling adversaries to gather sensitive data for further exploitation.
The ongoing evolution of these vulnerabilities signals the critical need for organizations to stay informed about the potential cybersecurity threats they face. It is imperative to implement robust security protocols, timely patch management, and comprehensive training for employees to mitigate the risks posed by such vulnerabilities. By fostering a culture of cybersecurity awareness and proactive defense measures, businesses can better protect themselves against the ever-evolving landscape of cyber threats.
