More CyberWatch

February 8, 2024

Critical Vulnerabilities Patched for Cisco Expressway Series Devices

Cisco released an advisory on February 7th detailing three cross-site-request forgery (CSRF) vulnerabilities with CVSS 3.1 scores ranging from 8.2-9.6. The Critical vulnerabilities are CVE-2024-20252 and CVE-2024-20254, they allow for an unauthenticated, remote attacker to conduct CSRF attacks on an affected system. This is done through persuading a user of the API to follow a crafted link which would allow the attacker to perform arbitrary actions with the user’s privilege level. If this user is an administrator, they could modify system configuration and create new privileged accounts. The other vulnerability CVE-2024-20255, has a similar method of attack, but only allows an attacker, if they have obtained an administrator level account, to overwrite system configuration settings which could result in a denial-of-service condition.

Read more
February 7, 2024

Remote Code Execution Vulnerability Found in Shim

A vulnerability has been discovered in Shim, an open-source bootloader on UEFI systems for Linux distributions. The vulnerability, identified as CVE-2023-40547, is a remote code execution vulnerability found by Bill Demirkapi from the Microsoft Security Response Center. The vulnerability allows Shim to trust attacker-controlled values when parsing an HTTP response resulting in a man-in-the-middle attack early in the boot phase. The attacker can craft a malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromised as reported by Red Hat.

Read more
February 5, 2024

Mastodon Attackers Can Perform Remote Account Impersonation

There is a vulnerability present in Mastodon, an open-source network server. It is identified as CVE-2024-23832 with a CVSS score of 9.4 according to CNA GitHub. This vulnerability is a result of insufficient origin validation allowing attackers to impersonate and take over any remote account.

Read more
February 5, 2024

Breaking Down the AnyDesk Cyber Attack

In a significant cybersecurity event that has drawn widespread attention, AnyDesk, a German-based leading provider of remote desktop software, disclosed a breach within its production systems. This cyber attack, identified through a meticulous security audit, diverged from the increasingly common ransomware attacks, presenting unique challenges and responses. AnyDesk promptly acted post-discovery. To safeguard its user base against potential secondary attacks stemming from the breach, AnyDesk recommended immediate password updates and the installation of the software's latest version, which incorporates enhanced security measures.

Read more
February 1, 2024

Zero-Day Vulnerability Exploited in Ivanti Software

There is a vulnerability affecting Ivanti Connect Secure and Ivanti Policy Secure. It is categorized as CVE-2024-21893 with a CVSS score of 8.2. According to Ivanti, there is a server-side request forgery vulnerability present in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, as well as Ivanti Neurons for ZTA. This can allow an attacker to obtain access to restricted resources without authentication. Active exploitation is occurring with an increase in exploitation expected by Ivanti starting on February 1, 2024.

Read more
February 1, 2024

Apple Vulnerability Added to the Known Exploited Vulnerabilities Catalog

There is a vulnerability affecting several apple devices with iOS released before iOS 16.2. It is categorized as CVE-2022-48618 with a CVSS score of 7.8. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Active exploits are occurring, and federal agencies are ordered to patch by February 21, 2024, as it was added to the Known Exploited Vulnerabilities Catalog by CISA. CISA is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security. Their goal is to understand, manage and reduce risk to cyber and physical infrastructure. Their Known Exploited Vulnerabilities Catalog lists vulnerabilities that have a CVE ID, active exploitation occurring, and clear remediation guidance.

Read more
January 30, 2024

Gitlab Critical Vulnerability Can Allow Account Takeover

A vulnerability is present in GitLab Enterprise and Community, a popular DevSecOps platform, which is identified as CVE-2023-7028. This vulnerability has a CVSS score of 10.0 Critical according to GitLab Inc. and allows for an account-take-over of a GitLab administrator account without user interaction. This can be done by a remote attacker by sending two emails for a password reset query which will send a password reset request to both emails.

Read more
January 26, 2024

TeamViewer Used as Entry Point to Target

In this recent cybersecurity incident, malevolent actors have once again exploited the widespread usage of TeamViewer, a legitimate remote access tool, to infiltrate corporate devices, setting the stage for a potentially devastating ransomware deployment. The attack, meticulously outlined by DDOS ress.com, unfurled through the execution of a nefarious payload embedded in the "PP.bat" batch file. The implications for the affected organizations are profound, necessitating immediate and comprehensive action.

Read more
January 26, 2024

Cisco Warns of Critical RCE Flaw in Communications Software

Cisco has identified a remote code execution vulnerability (CVE-2024-20253) within several of its Communication Manager and Contact Center solutions products. Cisco has rated this as a Critical Vulnerability with a CVSS base score of 9.9/10. Due to the improper processing of user provided data into memory, an attacker can exploit this vulnerability by sending a specifically crafted message to a listening port on the affected device. This can lead to Remote Code Execution and could result in the attacker gaining root access.

Read more