June 3, 2024 at 08:12AM
Cybersecurity software vendor Check Point detected a zero-day vulnerability being actively exploited. The vulnerability, assigned CVE-2024-24919, affects several Check Point products and can result in unauthorized access to sensitive information. Check Point advised users to update their software and harden their VPN posture. Additionally, various other critical vulnerabilities in different products and a scam centered on a “free piano” were reported. Also, Cooler Master suffered a data breach, with potentially sensitive customer information being accessed and plans to sell the data on a hacking forum.
Based on the meeting notes, the key takeaways are as follows:
1. Check Point has detected a zero-day vulnerability (CVE-2024-24919, CVSS 8.6) in several of its products, which allows attackers to access sensitive information on security gateways. Customers using affected products should immediately update their software to install available patches. Additionally, users with Remote Access VPN enabled are vulnerable and should consider implementing multiple authentication factors to enhance their VPN posture.
2. CISA has added CVE-2024-1086, a Linux kernel vulnerability affecting versions between 5.14 and 6.6.14, to its list of known exploited vulnerabilities. Organizations using Linux distributions within this version range should check and update their kernel version promptly.
3. Several critical vulnerabilities are affecting products from different vendors, including hard-coded credentials, plain text stored credentials, and default cryptography keys. Users of these products should take necessary measures to secure their devices and systems.
4. Security outfit Proofpoint has identified an advanced fee fraud scam involving offers for a “free piano,” targeting university students and faculty in North America. Individuals should exercise caution when approached with such offers to avoid falling victim to scams.
5. Cooler Master has experienced a data breach, with a hacker claiming to have accessed 103 GB of data, including sensitive customer information such as names, phone numbers, physical addresses, and credit card details. Customers are advised to take appropriate measures to protect their identities if they have interacted with Cooler Master.