This week, Ivanti reports a critical vulnerability now actively exploited, Transport for London is resetting 30,000 employee passwords in person, the Port of Seattle was hit by Rhysida ransomware, and a Windows vulnerability is being exploited via invisible braille spaces.
Ivanti CSA Vulnerability
Link: Bleeping Computer
Ivanti has disclosed that a critical flaw in its Cloud Services Appliance (CSA) for Endpoint Manager Mobile (EPMM) is now being actively exploited. This vulnerability, tracked as CVE-2023-38035, enables attackers to bypass authentication and execute arbitrary commands, which could lead to full system compromise. Ivanti strongly recommends immediate patching, warning that threat actors have already begun leveraging this flaw in real-world attacks.
TfL Password Resets After Hack
Link: Bleeping Computer
Transport for London (TfL) is mandating in-person password resets for over 30,000 employees following a cyberattack. The precautionary move aims to safeguard employee accounts and prevent further exploitation after the organization was targeted by threat actors. Although the attack's impact on operational services remains unclear, TfL is implementing strict security measures, including password policies, to bolster defenses.
Port of Seattle Ransomware Attack
Link: Bleeping Computer
The Port of Seattle has confirmed that the Rhysida ransomware group was responsible for the August 2024 cyberattack, which disrupted operations at Seattle-Tacoma International Airport. The ransomware incident led to some service outages, but the Port has not paid the ransom. Recovery efforts are ongoing, with a focus on strengthening cybersecurity measures to prevent future attacks.
Windows Braille Spaces Vulnerability
Link: Bleeping Computer
A newly identified Windows vulnerability is being actively exploited in zero-day attacks through the use of invisible braille spaces. Attackers embed these characters in malicious files to bypass detection, enabling them to infiltrate systems without triggering standard security alerts.
