Check Point releases emergency fix for VPN zero-day exploited in attacks
Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks.
On Monday, the company first warned about a spike in attacks targeting VPN devices, sharing recommendations on how admins can protect their devices. Later, it discovered the source of the problem, a zero-day flaw that hackers exploited against its customers.
Tracked as CVE-2024-24919, the high-severity information disclosure vulnerability enables attackers to read certain information on internet-exposed Check Point Security Gateways with remote Access VPN or Mobile Access Software Blades enabled.
Source: Bleeping computer / The hacker news / Dark reading / Securityweek / watchTowr Labs blog
Link: https://thehackernews.com/2024/05/check-point-warns-of-zero-day-attacks.html
Link: https://www.securityweek.com/exploitation-of-recent-check-point-vpn-zero-day-soars/
Link: https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
SolarWinds Patches High-Severity Vulnerability Reported by NATO Pentester
SolarWinds this week announced patches for multiple high-severity vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a penetration tester working with NATO.
Rolling out as version 2024.2, the latest SolarWinds Platform iteration includes patches for three new security defects, as well as fixes for multiple bugs in third-party components. The first issue, tracked as CVE-2024-28996, and reported by NATO Communications and Information Agency pentester Nils Putnins, is described as an SWQL injection flaw. A proprietary, read-only subset of SQL, SWQL allows users to query the SolarWinds database for network information.
SolarWinds also announced patches for two security defects impacting the web console of its platform, namely CVE-2024-28999, a race condition vulnerability, and CVE-2024-29004, a stored cross-site scripting (XSS) flaw that requires high privileges and user interaction for successful exploitation.
According to the vendor, the vulnerabilities impact SolarWinds Platform 2024.1 SR 1 and previous versions. Users are advised to update to version 2024.2 of the platform as soon as possible.
Source: Securityweek / Dark reading / Helpnet security
Link: https://www.darkreading.com/vulnerabilities-threats/solarwinds-flaw-flagged-by-nato-pen-tester
Link: https://www.helpnetsecurity.com/2024/06/07/cve-2024-28995/
Oracle WebLogic Server OS Command Injection Flaw Under Active Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an operating system (OS) command injection vulnerability that could be exploited to obtain unauthorized access to susceptible servers and take complete control.
“Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document,” CISA said.
While the agency did not disclose the nature of attacks exploiting the vulnerability, the China-based cryptojacking group known as the 8220 Gang (aka Water Sigbin) has a history of leveraging it since early last year to co-opt unpatched devices into a crypto-mining botnet.
According to a recent report published by Trend Micro, the 8220 Gang has been observed weaponizing flaws in the Oracle WebLogic server (CVE-2017-3506 and CVE-2023-21839) to launch a cryptocurrency miner filelessly in memory by means of a shell or PowerShell script depending on the operating system targeted.
Source: The hacker news
Link: https://thehackernews.com/2024/06/oracle-weblogic-server-os-command.html
Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models
Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached end-of-life (EoL) status.
Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating system (OS) commands and arbitrary code on affected installations.
Impacted models include NAS326 running versions V5.21(AAZF.16)C0 and earlier, and NAS542 running versions V5.21(ABAG.13)C0 and earlier. The shortcomings have been resolved in versions V5.21(AAZF.17)C0 and V5.21(ABAG.14)C0, respectively.
Source: The hacker news / Bleeping computer / Helpnet Security / Outpost24 blog
Link: https://thehackernews.com/2024/06/zyxel-releases-patches-for-firmware.html
Link: https://www.helpnetsecurity.com/2024/06/06/cve-2024-29972-cve-2024-29973-cve-2024-29974/
Link: https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
Kali Linux 2024.2 released with 18 new tools, Y2038 changes
Kali Linux has released version 2024.2, the first version of 2024, with eighteen new tools and fixes for the Y2038 bug.
Kali Linux is a distribution created for cybersecurity professionals and ethical hackers to perform penetration testing, security audits, and research against networks.
As is typical for the year’s first version, the Kali Team has released new visual elements, including wallpapers and updates to the boot menu and login display.
Source: Bleeping computer