CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25 - Related to four, apache, actively, adds, simplehelp
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
The [website] Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The list of vulnerabilities is as follows -.
CVE-2024-45195 (CVSS score: [website] - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized access and execute arbitrary code on the server (Fixed in September 2024).
(CVSS score: [website] - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized access and execute arbitrary code on the server (Fixed in September 2024) CVE-2024-29059 (CVSS score: [website] - An information disclosure vulnerability in Microsoft .NET Framework that could expose the ObjRef URI and lead to remote code execution (Fixed in March 2024).
(CVSS score: [website] - An information disclosure vulnerability in Microsoft .NET Framework that could expose the ObjRef URI and lead to remote code execution (Fixed in March 2024) CVE-2018-9276 (CVSS score: [website] - An operating system command injection vulnerability in Paessler PRTG Network Monitor that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console (Fixed in April 2018).
(CVSS score: [website] - An operating system command injection vulnerability in Paessler PRTG Network Monitor that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console (Fixed in April 2018) CVE-2018-19410 (CVSS score: [website] - A local file inclusion vulnerability in Paessler PRTG Network Monitor that allows a remote, unauthenticated attacker to create consumers with read-write privileges (Fixed in April 2018).
Although these shortcomings have since been addressed by the respective vendors, there are currently no public reports about how they may have been exploited in real-world attacks.
Federal Civilian Executive Branch (FCEB) agencies have been urged to apply the necessary fixes by February 25, 2025, to safeguard against active threats.
President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation’s cybers......
Ransomware attacks netted cybercrime groups a total of $[website] million in 2024, a decline from $[website] billion in 2023.
Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this ......
CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks
The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies and large organizations to apply the available security updates as soon as possible.
Among them are flaws impacting Microsoft .NET Framework and Apache OFBiz (Open For Business), two widely used software applications.
Though the agency has marked those flaws as actively exploited in attacks, it has not provided specific details about the malicious activity, who is conducting it, and against whom.
The first flaw, tracked under CVE-2024-29059, is a high severity (CVSS v3 score: [website] information disclosure bug in the .NET Framework discovered by CODE WHITE and disclosed to Microsoft in November 2023.
Microsoft closed the disclosure research in December 2023, stating, "after careful investigation, we determined this case does not meet our bar for immediate servicing."
However, Microsoft ultimately fixed the flaw in the January 2024 security updates but mistakenly did not issue a CVE or acknowledge the researchers.
In February, CODE WHITE released technical details and a proof of concept exploit for leaking internal object URIs, which can be used to perform .NET Remoting attacks,.
Microsoft finally released an advisory for this flaw under CVE-2024-29059 in March 2024 and attributed the discovery to the researchers.
The Apache OFBiz flaw is CVE-2024-45195, a critical severity (CVSS v3 score: [website] remote code execution vulnerability impacting OFBiz before [website].
The flaw is caused by a forced browsing weakness that exposes restricted paths to unauthenticated direct request attacks.
individuals are recommended to upgrade to Apache OFBiz version [website] or later, which addresses the particular risk.
Now, CISA urges potentially impacted agencies and organizations to apply the available patches and mitigations by February 25, 2025, or stop using the products.
The other two flaws added to KEV this time are CVE-2018-9276 and CVE-2018-19410, both impacting the Paessler PRTG network monitoring software. The issues were fixed in version [website], released in June 2018.
The first flaw is an OS command injection problem, and the second is a local file inclusion vulnerability. The patching deadline for those, too, was set to February 25, 2025.
Unfortunately, there is no information on how any of these flaws are being exploited in attacks.
Payments to ransomware actors decreased 35% year-over-year in 2024, totaling $[website] million, down from $[website] billion recorded in 2023.
An ongoing distributed denial of service (DDoS) attack targets Bohemia Interactive's infrastructure, preventing players of DayZ and Arma Reforger from......
AMD has released mitigation and firmware updates to address a high-severity vulnerability that can be exploited to load malicious CPU microcode on un......
Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware
Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks.
The flaws are tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 and were reported as potentially actively exploited by Arctic Wolf last week. However, the cybersecurity firm could not confirm for sure if the flaws were used.
Cybersecurity firm Field Effect has confirmed to BleepingComputer that the flaws are being exploited in recent attacks and released a analysis that sheds light on the post-exploitation activity.
Additionally, the cybersecurity researchers mention that the observed activity has signs of Akira ransomware attacks, though they do not hold enough evidence to make a high-confidence attribution.
The attack started with the threat actors exploiting the vulnerabilities in the SimpleHelp RMM client to establish an unauthorized connection to a target endpoint.
The attackers connected from the IP [website][.]171, an Estonian-based server running a SimpleHelp instance on port 80.
Once connected via RMM, the attackers quickly executed a series of discovery commands to learn more about the target environment, including system and network details, consumers and privileges, scheduled tasks and services, and domain controller information.
Field Effect also observed a command that searched for the CrowdStrike Falcon security suite, likely a bypass attempt bypass.
Leveraging their access and knowledge, the attackers then proceeded to create a new administrator account named "sqladmin" to maintain access to the environment, followed by the installation of the Sliver post-exploitation framework ([website].
Sliver is a post-exploitation framework developed by BishopFox that has seen increased usage over the past couple of years as an alternative to Cobalt Strike, which is increasingly detected by endpoint protection.
When deployed, Sliver will connect back to a command and control server (C2) to open a reverse shell or wait for commands to execute on the infected host.
The Sliver beacon observed in the attack was configured to connect to a C2 in the Netherlands. Field Effect also identified a backup IP with Remote Desktop Protocol (RDP) enabled.
With persistence established, the attackers moved deeper into the network by compromising the Domain Controller (DC) using the same SimpleHelp RMM client and creating another admin account ("fpmhlttech").
Instead of the backdoor, the attackers installed a Cloudflare Tunnel disguised as Windows [website] to maintain stealthy access and bypass security controls and firewalls.
SimpleHelp people are advised to apply the available security updates that address CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 as soon as possible. For more info, check the vendor's bulletin.
Additionally, look for administrator accounts named 'sqladmin' and 'fpmhlttech,' or any others you don't recognize, and look for connections to the IPs listed in Field Effect's analysis.
Ultimately, individuals should restrict SimpleHelp access to trusted IP ranges to prevent unauthorized access.
The [website] Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) cat......
The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging fed......
As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (M......
Market Impact Analysis
Market Growth Trend
| 2018 | 2019 | 2020 | 2021 | 2022 | 2023 | 2024 |
|---|---|---|---|---|---|---|
| 8.7% | 10.5% | 11.0% | 12.2% | 12.9% | 13.3% | 13.4% |
Quarterly Growth Rate
| Q1 2024 | Q2 2024 | Q3 2024 | Q4 2024 |
|---|---|---|---|
| 12.5% | 12.9% | 13.2% | 13.4% |
Market Segments and Growth Drivers
| Segment | Market Share | Growth Rate |
|---|---|---|
| Network Security | 26% | 10.8% |
| Cloud Security | 23% | 17.6% |
| Identity Management | 19% | 15.3% |
| Endpoint Security | 17% | 13.9% |
| Other Security Solutions | 15% | 12.4% |
Technology Maturity Curve
Different technologies within the ecosystem are at varying stages of maturity:
Competitive Landscape Analysis
| Company | Market Share |
|---|---|
| Palo Alto Networks | 14.2% |
| Cisco Security | 12.8% |
| Crowdstrike | 9.3% |
| Fortinet | 7.6% |
| Microsoft Security | 7.1% |
Future Outlook and Predictions
The Cisa Exploited Adds landscape is evolving rapidly, driven by technological advancements, changing threat vectors, and shifting business requirements. Based on current trends and expert analyses, we can anticipate several significant developments across different time horizons:
Year-by-Year Technology Evolution
Based on current trajectory and expert analyses, we can project the following development timeline:
Technology Maturity Curve
Different technologies within the ecosystem are at varying stages of maturity, influencing adoption timelines and investment priorities:
Innovation Trigger
- Generative AI for specialized domains
- Blockchain for supply chain verification
Peak of Inflated Expectations
- Digital twins for business processes
- Quantum-resistant cryptography
Trough of Disillusionment
- Consumer AR/VR applications
- General-purpose blockchain
Slope of Enlightenment
- AI-driven analytics
- Edge computing
Plateau of Productivity
- Cloud infrastructure
- Mobile applications
Technology Evolution Timeline
- Technology adoption accelerating across industries
- digital transformation initiatives becoming mainstream
- Significant transformation of business processes through advanced technologies
- new digital business models emerging
- Fundamental shifts in how technology integrates with business and society
- emergence of new technology paradigms
Expert Perspectives
Leading experts in the cyber security sector provide diverse perspectives on how the landscape will evolve over the coming years:
"Technology transformation will continue to accelerate, creating both challenges and opportunities."
— Industry Expert
"Organizations must balance innovation with practical implementation to achieve meaningful results."
— Technology Analyst
"The most successful adopters will focus on business outcomes rather than technology for its own sake."
— Research Director
Areas of Expert Consensus
- Acceleration of Innovation: The pace of technological evolution will continue to increase
- Practical Integration: Focus will shift from proof-of-concept to operational deployment
- Human-Technology Partnership: Most effective implementations will optimize human-machine collaboration
- Regulatory Influence: Regulatory frameworks will increasingly shape technology development
Short-Term Outlook (1-2 Years)
In the immediate future, organizations will focus on implementing and optimizing currently available technologies to address pressing cyber security challenges:
- Technology adoption accelerating across industries
- digital transformation initiatives becoming mainstream
These developments will be characterized by incremental improvements to existing frameworks rather than revolutionary changes, with emphasis on practical deployment and measurable outcomes.
Mid-Term Outlook (3-5 Years)
As technologies mature and organizations adapt, more substantial transformations will emerge in how security is approached and implemented:
- Significant transformation of business processes through advanced technologies
- new digital business models emerging
This period will see significant changes in security architecture and operational models, with increasing automation and integration between previously siloed security functions. Organizations will shift from reactive to proactive security postures.
Long-Term Outlook (5+ Years)
Looking further ahead, more fundamental shifts will reshape how cybersecurity is conceptualized and implemented across digital ecosystems:
- Fundamental shifts in how technology integrates with business and society
- emergence of new technology paradigms
These long-term developments will likely require significant technical breakthroughs, new regulatory frameworks, and evolution in how organizations approach security as a fundamental business function rather than a technical discipline.
Key Risk Factors and Uncertainties
Several critical factors could significantly impact the trajectory of cyber security evolution:
Organizations should monitor these factors closely and develop contingency strategies to mitigate potential negative impacts on technology implementation timelines.
Alternative Future Scenarios
The evolution of technology can follow different paths depending on various factors including regulatory developments, investment trends, technological breakthroughs, and market adoption. We analyze three potential scenarios:
Optimistic Scenario
Rapid adoption of advanced technologies with significant business impact
Key Drivers: Supportive regulatory environment, significant research breakthroughs, strong market incentives, and rapid user adoption.
Probability: 25-30%
Base Case Scenario
Measured implementation with incremental improvements
Key Drivers: Balanced regulatory approach, steady technological progress, and selective implementation based on clear ROI.
Probability: 50-60%
Conservative Scenario
Technical and organizational barriers limiting effective adoption
Key Drivers: Restrictive regulations, technical limitations, implementation challenges, and risk-averse organizational cultures.
Probability: 15-20%
Scenario Comparison Matrix
| Factor | Optimistic | Base Case | Conservative |
|---|---|---|---|
| Implementation Timeline | Accelerated | Steady | Delayed |
| Market Adoption | Widespread | Selective | Limited |
| Technology Evolution | Rapid | Progressive | Incremental |
| Regulatory Environment | Supportive | Balanced | Restrictive |
| Business Impact | Transformative | Significant | Modest |
Transformational Impact
Technology becoming increasingly embedded in all aspects of business operations. This evolution will necessitate significant changes in organizational structures, talent development, and strategic planning processes.
The convergence of multiple technological trends—including artificial intelligence, quantum computing, and ubiquitous connectivity—will create both unprecedented security challenges and innovative defensive capabilities.
Implementation Challenges
Technical complexity and organizational readiness remain key challenges. Organizations will need to develop comprehensive change management strategies to successfully navigate these transitions.
Regulatory uncertainty, particularly around emerging technologies like AI in security applications, will require flexible security architectures that can adapt to evolving compliance requirements.
Key Innovations to Watch
Artificial intelligence, distributed systems, and automation technologies leading innovation. Organizations should monitor these developments closely to maintain competitive advantages and effective security postures.
Strategic investments in research partnerships, technology pilots, and talent development will position forward-thinking organizations to leverage these innovations early in their development cycle.
Technical Glossary
Key technical terms and definitions to help understand the technologies discussed in this article.
Understanding the following technical concepts is essential for grasping the full implications of the security threats and defensive measures discussed in this article. These definitions provide context for both technical and non-technical readers.
ransomware beginner
firewall intermediate
API beginner
How APIs enable communication between different software systemsmalware beginner
Common malware types and their characteristicsplatform intermediate
DDoS intermediate
Related Articles
