SolarWinds Serv-U Vulnerability Under Active Attack – Patch Immediately
A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild.
The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine.
Affecting all versions of the software prior to and including Serv-U 15.4.2 HF 1, it was addressed by the company in version Serv-U 15.4.2 HF 2 (15.4.2.157) released earlier this month.
The list of products susceptible to CVE-2024-28995 is below –
- Serv-U FTP Server 15.4
- Serv-U Gateway 15.4
- Serv-U MFT Server 15.4, and
- Serv-U File Server 15.4
Security researcher Hussein Daher of Web Immunify has been credited with discovering and reporting the flaw. Following the public disclosure, additional technical details and a proof-of-concept (PoC) exploit have since been made available.
Source: The hacker news / Bleeping computer / Securityweek
Link: https://thehackernews.com/2024/06/solarwinds-serv-u-vulnerability-under.html
Link: https://www.securityweek.com/recent-solarwinds-serv-u-vulnerability-exploited-in-the-wild/
VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi
VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution.
The list of vulnerabilities is as follows –
- CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8) – Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet
- CVE-2024-37081 (CVSS score: 7.8) – Multiple local privilege escalation vulnerabilities in VMware vCenter arising due to the misconfiguration of sudo that an authenticated local user with non-administrative privileges could exploit to obtain root permissions
This is not the first time VMware has addressed shortcomings in the implementation of the DCE/RPC protocol. In October 2023, the Broadcom-owned virtualization services provider patched another critical security hole (CVE-2023-34048, CVSS score: 9.8) that could also be abused to execute arbitrary code remotely.
Source: The hacker news / Bleeping computer / Dark reading / VM Ware security advisory
Link: https://thehackernews.com/2024/06/vmware-issues-patches-for-cloud.html
Link: https://www.darkreading.com/cloud-security/critical-vmware-bugs-open-swaths-of-vms-to-rce-data-theft
Atlassian Patches High-Severity Vulnerabilities in Confluence, Crucible, Jira
Atlassian this week announced the release of software updates that resolve multiple high-severity vulnerabilities in Confluence, Crucible, and Jira. The Confluence Data Center and Server update resolves a total of six security defects in various dependencies, all of which were disclosed this year.
Tracked as CVE-2024-22257, the most severe of these flaws is a broken access control issue in the Spring Framework that could allow unauthenticated attackers to expose assets they should not have access to.
Next in line are three server-side request forgery (SSRF) vulnerabilities in the URL parsing functionality of the Spring Framework, which are tracked as CVE-2024-22243, CVE-2024-22262, and CVE-2024-22259.
The three security holes are essentially the same bug, but each can be triggered with different output, a NIST advisory for CVE-2024-22262 reads.
Atlassian also updated Confluence Data Center and Server with patches for two out-of-bounds write bugs in Apache Commons Configuration, which could allow unauthenticated attackers to cause a denial-of-service (DoS) condition by submitting a crafted configuration file or input.
Patches for all vulnerabilities have been included in Confluence Data Center and Server versions 8.9.3, 8.5.11 (LTS), and 7.19.24 (LTS).
Source: Securityweek / Atlassian security advisory
Link: https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html
The Hacking of Culture and the Creation of Socio-Technical Debt
Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a proliferation of niche groups, who are defined by ideology or aesthetics instead of nationality or geography. This change reflects a material shift in the relationship between collective identity and power, and illustrates how states no longer have exclusive domain over either. Today, both power and culture are increasingly corporate.
Source: Bruce Schneier on security
Rhysida ransomware Malware Analysis – Part1 & 2
The article aims to serve not only as a tutorial but also as an analysis of the effects of the well-known ransomware named Rhysida. Its main objective is to examine the process of recovering files lost during an attack, providing an alternative that avoids succumbing to the threats of the attacker. To date, approximately a year after the initial appearance of the malware, a tool has finally emerged in recent months, enabling the automatic recovery of lost documents. This tutorial guides through the secure analysis of a virus, highlighting some reverse engineering techniques used during the dynamic analysis of the malware, and ultimately explaining how it was possible to identify the vulnerability that allowed researchers to develop a tool for restoring files damaged by the virus.
Source: Secjuice
Link: https://www.secjuice.com/rhysida-ransomware-malware-analysis-part-1-dynamic-analysis/
Link: https://www.secjuice.com/rhysida-ransomware-malware-analysis-part-2-how-to-decrypt/