0-day And Hitlist Week -06-12-2024-

CVE-2024-20353 | CVSS: 9.6 (Critical) Cisco patched a high-severity vulnerability in the Secure Client software (formerly AnyConnect) on June 5th, making it a top priority for this week's Hitlist.

CVE-2024-21683 | CVSS: 9.8 (Critical) Atlassian released a patch for a Remote Code Execution (RCE) vulnerability in Confluence Data Center.

Date: June 12, 2024 Focus: Active Exploits, Zero-Day Vulnerabilities, and Critical Intelligence 0-day and Hitlist Week -06-12-2024-

As we pass the midpoint of June 2024, the cybersecurity landscape is witnessing a sharp uptick in activity. This week’s bulletin highlights critical zero-day vulnerabilities currently being exploited in the wild and updates the "Hitlist"—a roster of the most targeted vulnerabilities currently facing enterprise environments.

Security teams are advised to prioritize patching and mitigation for the following issues immediately. CVE-2024-20353 | CVSS: 9

Day 1: Identify and isolate systems matching affected software signatures; enable enhanced logging.
Day 2: Apply emergency mitigations/workarounds; enforce password resets for high-risk accounts.
Day 3: Block identified malicious infrastructure in firewalls and proxies; enable MFA enforcement.
Day 4: Scan for indicators across endpoints, servers, and CI systems; remove suspicious packages/commits.
Day 5: Validate and restore clean backups for critical systems; test recovery procedures.
Day 6: Conduct targeted threat hunts for lateral movement and data exfiltration signs.
Day 7: Review and patch with vendor fixes as released; conduct post-incident lessons learned.

CVE: CVE-2024-4577 Status: Wormable This vulnerability affects Windows-based PHP installations. Attackers are exploiting the cgi.force_redirect configuration bypass to execute arbitrary code. Date: June 12, 2024 Focus: Active Exploits, Zero-Day

Date: June 12, 2024 Severity: High