// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of June 10, 2024
Signal Brief · Archived

Week of June 10, 2024

2024-06-10 — 2024-06-16 · 7 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of June 10, 2024, ColdRecon logged 7 public endpoint-security events from open-source reporting — 4 vuln disclosures, 1 vendor announcement, 1 research poc, 1 incident. Vendors in the record this week: Trend Micro, Trellix, Palo Alto Networks.

The Week's Public Record

Events

2024-06-14
vuln disclosure
CVE-2024-5671: Trellix IPS Manager Insecure Deserialization RCECVE-2024-5671
CVE-2024-5671 is a critical remote code execution vulnerability in Trellix IPS Manager caused by insecure deserialization. Unauthenticated attackers can exploit this flaw to execute arbitrary code on affected systems. Immediate patching is required to prevent potential compromise of security infrastructure.
2024-06-12
vuln disclosure
Two Vulnerabilities in Palo Alto Cortex XDR Agent Allow Local Privilege Escalation and Agent DisableCVE-2024-5907, CVE-2024-9469
Researchers disclosed two vulnerabilities in the Palo Alto Networks Cortex XDR agent on Windows. CVE-2024-5907 is a local privilege escalation via a race condition in support file generation that allows arbitrary folder deletion, potentially leading to SYSTEM privileges. CVE-2024-9469 allows a low-privileged user to disable the agent by manipulating CPU usage checks in the Adaptive Policy module.
2024-06-12
vendor announcement
Fortinet Patches Multiple Vulnerabilities Including Code Execution in FortiOSCVE-2024-23110
Fortinet released patches for multiple vulnerabilities in FortiOS and other products, including a high-severity stack-based buffer overflow (CVE-2024-23110) that could allow authenticated attackers to execute unauthorized code via crafted CLI arguments. Additional medium-severity flaws could lead to remote code execution, JavaScript injection, or backup decryption. No active exploitation was reported, but Fortinet products have been targeted in the past.
2024-06-11
research poc
Proof-of-Concept Malware Demonstrates EDR Evasion Using API Unhooking and Direct System CallsEDR Evasion via Unhooking and Direct Syscalls
A security researcher developed a custom malware artifact that successfully evaded detection by a major EDR vendor. The technique involves unhooking Windows API functions and using direct system calls to bypass user-mode hooks. This demonstrates that EDRs alone cannot stop determined attackers without active human analysis.
major EDR vendor (unnamed) ↗ medium.com (2024-06-11)
2024-06-10
vuln disclosure
Trend Micro Apex One Security Agent TOCTOU Race Condition Privilege EscalationCVE-2024-36304
A time-of-check time-of-use (TOCTOU) race condition in the Trend Micro Apex One Security Agent's NT RealTime Scan service allows local low-privileged attackers to escalate privileges to SYSTEM. The vulnerability arises from improper locking during object operations. Trend Micro has released a patch to address the issue.
2024-06-10
vuln disclosure
Trend Micro Apex One Security Agent Information Disclosure VulnerabilityCVE-2024-36307
A vulnerability in Trend Micro Apex One Security Agent allows local attackers to disclose sensitive information. The flaw exists in the VsApiNT module and can be triggered by creating a mount point, leading to file content disclosure in the context of SYSTEM. Trend Micro has released a patch to address this issue.
2024-06-10
incident
Cylance Confirms Data Breach from Third-Party PlatformCylance Third-Party Data Breach
Cylance confirmed a data breach involving old marketing data from a third-party platform, with a threat actor selling 34 million customer and employee emails. The company states no current customers or sensitive data are impacted, and the data predates BlackBerry's acquisition. The incident is linked to broader Snowflake credential attacks.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →