Threat Alert: Multiple Vulnerabilities Being Actively Exploited in the Wild
Editors Note: Our Threat Alert email incorrectly stated the CVE number. This has been corrected below.
INFORMATIONAL ONLY
It’s been a busy week for threat actors, with three new alerts rising to the level of requiring action. If you utilize any of the software below, it is important to take immediate steps to mitigate any potential impact. An overview of these threats are below:
Microsoft CLFS Zero-Day Vulnerability (CVE-2024-49138)
Microsoft has released an urgent patch for a critical zero-day vulnerability in the Common Log File System (CLFS). This flaw has been actively exploited in the wild, allowing attackers to execute arbitrary code.
Recommendations:
- Apply Microsoft’s latest security updates immediately to all Windows systems.
- Ensure robust endpoint detection is in place to monitor for unusual activity.
Visual Studio Code Supply Chain Attack
Hackers are weaponizing malicious Visual Studio Code extensions to compromise development environments. These extensions can execute code or exfiltrate sensitive data, potentially spreading further through supply chains.
Recommendations:
- Verify the integrity of all extensions before installation.
- Monitor development environments for suspicious activity.
- Encourage teams to follow secure coding and software supply chain best practices.
CLEO File Transfer Software Exploit
The widely used CLEO software has been exploited in live attacks, targeting its vulnerabilities to access sensitive enterprise data. This exploitation primarily affects organizations using unpatched versions.
Recommendations:
- Update to the latest patched version of CLEO software immediately.
- Review access control policies to limit exposure.
- Deploy network monitoring tools to detect unauthorized data transfers.
WHAT QUADRANT IS DOING FOR OUR CLIENTS:
Our team of Threat Analysts and Detection Engineers have updated our detections and will continue monitoring for these threat signatures.
