Exposures, Exposed! Weekly Round-up October 28 – November 3

?? Welcome to XM Cyber’s “Exposures, Exposed” post-Halloween special! This week's roundup creeps through the latest cyber breaches, vulnerabilities, and spine-chilling exposures. Our researchers delve into the digital underworld, where sinister cyber threats lurk in the shadows. These threats don’t rest — and neither do we. Get ready for a haunting look at this week's top picks! ??

CISA Issues Advisories for Critical ICS Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued four advisories regarding vulnerabilities in industrial control systems (ICS) hardware used in critical infrastructure sectors. CISA disclosed security flaws in equipment from VIMESA, iniNet Solutions, Deep Sea Electronics, and OMNTEC and urged administrators to review mitigation steps.

A key advisory highlighted an “improper access control” vulnerability in VIMESA’s VHF/FM Transmitter Blue Plus, which attackers could exploit to initiate a Denial-of-Service (DoS) attack. Another advisory detailed a “path traversal” vulnerability in iniNet Solutions’ SpiderControl SCADA software, which could allow remote control access via malicious file uploads.?

Additional vulnerabilities were identified in Deep Sea Electronics’ DSE855 ethernet device and OMNTEC’s Proteus Tank Monitoring hardware, both with critical security risks.

The Takeaway: CISA recommends minimizing network exposure, isolating systems, and updating vulnerable software as essential security practices.

Operators should review CISA’s ICS advisories and apply recommended mitigations. Learn more here .

AI and ML Models Face Major Security Vulnerabilities

Over 36 security flaws were disclosed in various open-source AI and machine learning (ML) models, some of which could lead to information theft and unauthorized access. Identified in tools such as ChuanhuChatGPT, Lunary, and LocalAI, these vulnerabilities were reported by Protect AI through its Huntr bug bounty platform. The most serious flaws, affecting Lunary, include CVE-2024-7474 that could enable unauthorized data access, and CVE-2024-7475 that allows attackers to modify SAML configurations. Additional weaknesses were also found in LocalAI, ChuanhuChatGPT, and Deep Java Library (DJL).

The Takeaway: Users should update affected AI/ML models to prevent potential cyberattacks. Learn more here .

Apple Releases Security Updates for iOS and macOS Devices

On Monday, Apple released new security updates for iOS and macOS, addressing over 70 vulnerabilities across both platforms. The iOS 18.1 and iPadOS 18.1 updates, now available for mobile users, resolve 28 flaws that could result in information leaks, denial-of-service, and unauthorized file access. Key issues were resolved through improvements to memory management, authentication, and data handling.

Additionally, Apple rolled out the macOS Sequoia 15.1 update, which addresses 59 vulnerabilities, including 15 issues shared with iOS. The updates impact several components, such as App Support, CoreText, Safari, and WebKit. Updates were also issued for older devices with iOS 17.7.1 and iPadOS 17.7.1, as well as macOS versions Sonoma and Ventura.

The Takeaway: Apple did not report any active exploitation of these vulnerabilities but advises users to update devices promptly. Users should install Apple’s latest security updates for enhanced protection. Learn more here .

Google Releases Critical Chrome Update to Address Vulnerabilities

Google has issued an important security update for its Chrome browser, fixing significant vulnerabilities that attackers could exploit. The update brings the Stable channel to version 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux.?

The update patches two key security vulnerabilities. The first, CVE-2024-10487, involves an out-of-bounds write in Chrome's Dawn graphics system, which could enable attackers to execute code remotely or cause system crashes. Apple Security Engineering and Architecture reported this issue in October 2024. The second, CVE-2024-10488, is a "use after free" vulnerability within Chrome's WebRTC component, reported by researcher Cassidy Kim. This flaw could allow attackers to manipulate browser memory, posing risks of data breaches and crashes.

The Takeaway: Users should check for and install the latest Chrome update to protect against potential security threats. Learn more here .

Over 22,000 CyberPanel Servers Vulnerable to PSAUX Ransomware?

A new ransomware threat actor has been exploiting three critical Remote Code Execution (RCE) vulnerabilities in CyberPanel web hosting control panel software, targeting versions 2.3.6 and 2.3.7. Identified as CVE-2024-51567, CVE-2024-51568, and CVE-2024-51378, these vulnerabilities allow attackers to gain unauthorized root access and deploy PSAUX ransomware, which encrypts files and places a ransom note on affected servers.?

Cybersecurity researchers discovered these flaws, each carrying a maximum CVSS score of 10. The PSAUX ransomware campaign, active since June 2024, has primarily impacted over 22,000 exposed CyberPanel servers globally, with the U.S. showing the highest concentration of vulnerable instances. CyberPanel released a security patch soon after discovering the issue, urging users to update immediately.?

The Takeaway: CyberPanel users should patch systems immediately to prevent exploitation. Learn more here .

Critical Security Flaw Found in LiteSpeed WordPress Plugin

A high-severity vulnerability (CVE-2024-50550, CVSS score: 8.1) has been identified in the LiteSpeed Cache plugin for WordPress, potentially allowing unauthenticated attackers to gain administrator privileges. The vulnerability, now resolved in version 6.5.2, allows attackers to upload and install malicious plugins. Security researcher Rafie Muhammad highlighted that the issue stems from an insecure role simulation function that enables privilege escalation by brute-forcing a weak security hash.

The flaw is the third security issue disclosed in LiteSpeed Cache in the past two months. Patchstack, which reported this vulnerability, warns users to keep LiteSpeed Cache updated to prevent exploitation. Users should also monitor plugin updates and remain vigilant about potential vulnerabilities.

The Takeaway: Update to LiteSpeed Cache version 6.5.2 to safeguard against privilege escalation risks. Learn more here .

New Research Finds Major Vulnerabilities in Medical Devices

A recent report by Forescout Technologies has identified 162 vulnerabilities in connected medical devices, potentially compromising patient safety and healthcare operations. The devices most at risk include DICOM workstations, PACS, pump controllers, and medical information systems. According to Forescout, these vulnerabilities enable unauthorized access to patient data, denial of service attacks, and remote code execution.

The Forescout study, based on data from 19 million devices, shows the U.S. leads in the number of affected systems, followed by India and Germany. CEO Barry Mainz stressed that older devices, often unpatchable, remain top targets for cybercriminals. The report urges healthcare organizations to classify and segment medical assets, limit exposure, and monitor network activity to mitigate risks.

The Takeaway: Healthcare organizations should identify, segment, and monitor devices to reduce cybersecurity risks. Learn more here .

That’s all for this week – have any exposures to add to our list? Let us know!

Read our latest blog - "How to Secure CFO Buy-In for CTEM Projects: 9 Tips":