PatchWork APT Threat Actor Group – Active IOCs

June 7, 2024

Multiple Trend Micro Apex Vulnerabilities

June 7, 2024

ICS: Johnson Controls iSTAR Pro and ICU Vulnerability

June 7, 2024

Severity

High

Analysis Summary

CVE-2024-32752

Johnson Controls iSTAR Pro and ICU is vulnerable to a man-in-the-middle attack, caused by missing authentication for critical function. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to cause impact to door control and configuration.

Impact

Gain Access

Indicators of Compromise

CVE

CVE-2024-32752

Affected Vendors

Johnson Controls

Affected Products

Johnson Controls ICU
Johnson Controls iSTAR Pro

Remediation

Refer to Johnson Controls Product Security Advisory for patch, upgrade or suggested workaround information.

Johnson Controls Product Security Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Local Privilege Escalation to Root via Sudo chroot in Linux

CoinMiner Malware – Active IOCs

Google Warns of Active Exploits Targeting Chrome V8 Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

PatchWork APT Threat Actor Group – Active IOCs

Multiple Trend Micro Apex Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation