The Horizon Review - April 7 2024

The Horizon Review - April 7 2024

This week’s top vulnerabilities, exploits, and breaches: Palo Alto zero-day, Patch Tuesday, Sisense breach, EPA hack, and more.

Each week we take a look at the biggest news stories relating to data breaches, vulnerabilities, malware, and exploits. Here we examine these stories and emerging threats on the horizion.


Palo Alto Critical RCE Zero-day

On Friday, April 12 2024, Palo Alto announced a bombshell critical zero-day vulnerability affecting its GlobalProtect gateways: CVE-2024-3400 - OS Command Injection Vulnerability in GlobalProtect Gateway This critical command injection vulnerability is rated with the highest CVSS score of 10.0. The vulnerability affects PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1. As we covered when the news broke of this zero-day currently being exploited in the wild, no patch is currently available and mitigation requires a subscription.

Rust Critical “Badbatbut” Vulnerability

On Tuesday, April 9 2024, the Rust Security Response WG announced that they were made aware of a critical vulnerability in the Rust standard library:

CVE-2024-24576 - CVSS Score of 10.0

This maximum severity vulnerability could an attacker with access to modify bat file arguments to execute arbitrary shell commands. The vulnerability is fixed in Rust 1.77.2.

Microsoft Patch Tuesday - 150 CVE’s, 2 zero-day’s

Also on Tuesday, April 9 2024, Microsoft released it’s April 2024 Security Updates. These updates included several fixes for vulnerabilities in various Microsoft products, including Microsoft Windows and Windows Server, as well as 40 SQL Server vulnerabilities.

2 zero-day’s were fixed in this release:

CVE-2024-26234 - Proxy Driver Spoofing Vulnerability
CVE-2024-29988 - SmartScreen Prompt Security Feature Bypass Vulnerability Check out our Patch Tuesday post for all the details.

Threat Actors

Roku Discloses 576,000 Accounts hacked

On Friday, April 12 2024, the streaming platform and device maker Roku announced that 576,000 accounts were compromised in a credential stuffing attack. The attackers used credentials stolen from other platforms in to compromise Roku accounts.

Targus Cyber Attack Affects Business Operations

On Tuesday, April 9 2024, Bitdefender reported that Targus, known for making laptop bags, cases, and other items, suffered a cyber attack that has impacted their business operations. Targus has not stated whether the attack was ransomware or whether any data may have been exfiltrated.

Data Breaches

CISA Warns of Sisense Data Breach

On Wednesday, April 11 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory warning of a data breach and compromise of customer data at Sisense. CISA urged Sisense customers to reset any credentials and secrets used to access Sisense services, and to be on the alert for any suspicious activity using compromised credentials.

EPA Data Breach exposes information on 8.5 million users

On Monday, April 8 2024, CSO Online reported that a hacker calling themselves “USDoD” claims to have breached the US Environmental Protection Agency’s systems and has leaked a database onto the dark web. The database records contain the personal information for 8.5 million users, including name, email, phone numbers, and address.

The weekend is underway, and next week will surely expose further threats on the horizon.

About Timothy Wilson

Tim is an avid homelabber with a passion for information security, threat hunting, and vulnerability research.