Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems
Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device.
Tracked as CVE-2024-20253 (CVSS score: 9.9), the issue stems from improper processing of user-provided data that a threat actor could abuse to send a specially crafted message to a listening port of a susceptible appliance.
“A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user,” Cisco said in an advisory. “With access to the underlying operating system, the attacker could also establish root access on the affected device.”
Source: The hacker news / Bleeping computer / Dark reading / Securityweek
Link: https://thehackernews.com/2024/01/critical-cisco-flaw-lets-hackers.html
Critical Jenkins Vulnerability Exposes Servers to RCE Attacks – Patch ASAP!
The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE).
The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the built-in command line interface (CLI)
“Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands,” the maintainers said in a Wednesday advisory.
“This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it.”
Source: The hacker news / Securityweek
Link: https://thehackernews.com/2024/01/critical-jenkins-vulnerability-exposes.html
Link: https://www.securityweek.com/critical-jenkins-vulnerability-leads-to-remote-code-execution/
~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation
Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure.
Tracked as CVE-2023-22527 (CVSS score: 10.0), the vulnerability impacts out-of-date versions of the software, allowing unauthenticated attackers to achieve remote code execution on susceptible installations.
The shortcoming affects Confluence Data Center and Server 8 versions released before December 5, 2023, as well as 8.4.5. But merely days after the flaw became public knowledge, nearly 40,000 exploitation attempts targeting CVE-2023-22527 have been recorded in the wild as early as January 19 from more than 600 unique IP addresses, according to both the Shadowserver Foundation and the DFIR Report.
The activity is currently limited “testing callback attempts and ‘whoami’ execution,” suggesting that threat actors are opportunistically scanning for vulnerable servers for follow-on exploitation.
A majority of the attacker IP addresses are from Russia (22,674), followed by Singapore, Hong Kong, the U.S., China, India, Brazil, Taiwan, Japan, and Ecuador.
Source: The hacker news / Bleeping computer / SANS internet storm center
Link: https://thehackernews.com/2024/01/40000-attacks-in-3-days-critical.html
Link: https://isc.sans.edu/diary/Update%20on%20Atlassian%20Exploit%20Activity%20/30582
Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now
Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild.
The issue, tracked as CVE-2024-23222, is a type confusion bug in the WebKit browser engine that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The tech giant said the problem was fixed with improved checks.
Type confusion vulnerabilities, in general, could be weaponized to perform out-of-bounds memory access, or lead to a crash and arbitrary code execution.
In a terse advisory, Apple acknowledged it’s “aware of a report that this issue may have been exploited,” but did not share any other specifics about the nature of attacks or the threat actors leveraging the shortcoming.
Source: The hacker news / Bleeping computer / SANS internet storm center
Link: https://thehackernews.com/2024/01/apple-issues-patch-for-critical-zero.html
Link: https://isc.sans.edu/diary/Apple%20Updates%20Everything%20-%20New%200%20Day%20in%20WebKit/30578
Talos incident response report
Ransomware, including pre-ransomware activity, was the top observed threat in the fourth quarter of 2023, accounting for 28 percent of engagements, according to Cisco Talos Incident Response (Talos IR), notably a 17 percent increase from the previous quarter.
Talos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter.
Source: CISCO Talos intelligence group
Link: https://blog.talosintelligence.com/talos-ir-quarterly-report-q4-2023/
DORA and your quantum-safe cryptography migration
Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.
The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a “high level of operational resilience” in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology (ICT) service providers, etc. — are expected to comply by January 17, 2025.
DORA lays out a set of requirements across ICT risk management, incident reporting, operational resilience testing, cyber threat and vulnerability information sharing, and third-party risk management. As part of those requirements and in the context of data protection and cryptography, it lays out in Article 9 (“Protection and prevention”) that financial entities “shall use ICT solutions and processes” that “(a) ensure the security of the means of transfer of data” or “(c) prevent […] the impairment of the authenticity and integrity, the breaches of confidentiality and the loss of data.”
Source: IBM security intelligence
Link: https://securityintelligence.com/posts/dora-quantum-safe-cryptography-migration/