Aggregator

A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function getOneFileDirectory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument directoryId leads to sql injection. This vulnerability was named CVE-2024-10502. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function findById of the file /com/esafenet/servlet/document/ExamCDGDocService.java. The manipulation of the argument id leads to sql injection. This vulnerability is uniquely identified as CVE-2024-10501. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/policy/HookWhiteListService.java. The manipulation of the argument policyId leads to sql injection. This vulnerability is handled as CVE-2024-10500. The attack may be launched remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A Threat Actor is Allegedly Selling Anti Money Laundering Compliance Checker Documents

A vulnerability classified as problematic was found in Pricing Tables Plugin up to 3.2.5 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-8871. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in DarkMySite Plugin up to 1.2.8 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-50466. It is possible to launch the attack remotely. There is no exploit available.

Submit #427399 / VDB-282442

Submit #427398 / VDB-282441

Submit #427397 / VDB-282440

A vulnerability was found in HM Plugin Stripe Donation and Payment Plugin up to 3.2.3 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-50459. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Sun MySQL 4.1/5.0. This affects an unknown part of the file sql_parse.cpp. The manipulation leads to security check for standard. This vulnerability is uniquely identified as CVE-2004-0627. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

走过路过不要错过，云原生开源靶场Metarget 1.0亮点功能提前曝光啦！！！

ThreatFabric researchers have discovered significant updates to the LightSpy spyware, featuring plugins designed to interfere with device functionality

A vulnerability was found in Xerox AltaLink B8045, AltaLink B8055, AltaLink B8065, AltaLink B8075, AltaLink B8090, AltaLink C8030, AltaLink C8035, AltaLink C8045, AltaLink C8055, AltaLink C807, AltaLink EC8036, AltaLink EC8056, AltaLink EC8056 Common Criteria June 2022, AltaLink EC8056 Common Criteria June 2024, AltaLink C8130, AltaLink C8135, AltaLink C8145, AltaLink C8155, AltaLink C8170 |AltaLink B8145, AltaLink B8155, AltaLink B8170 Common Criteria Aug 2024, AltaLink C8130, AltaLink B8170 Common Criteria Certified Aug 2023, VersaLink B625, VersaLink C625, VersaLink B425, VersaLink C425 Common Criteria Certified 2024, WorkCentre 3655, WorkCentre 3655i, WorkCentre 5945, WorkCentre 55i, WorkCentre 6655, WorkCentre 6655i, WorkCentre 7220, WorkCentre 7225i, WorkCentre 7830, WorkCentre 7835i, WorkCentre 7845, WorkCentre 7855i, WorkCentre 7855 IBG, WorkCentre 7970, WorkCentre 7970i, WorkCentre EC7836 and WorkCentre EC7856. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2024-6333. The attack may be launched remotely. Furthermore, there is an exploit available.

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

A vulnerability was found in HTTP Fetcher 1.0.0/1.0.1. It has been rated as critical. Affected by this issue is the function http_fetch of the component URL Handler. The manipulation of the argument host/referer/userAgent leads to memory corruption. This vulnerability is handled as CVE-2003-1262. The attack may be launched remotely. There is no exploit available.

via the inimitable Daniel Stori at Turnoff.US!

Permalink

The post Daniel Stori’s Turnoff.US: ‘Security Engineer Interview’ appeared first on Security Boulevard.

In the wake of Cisco’s recent data breach involving exposed API tokens - amongst other sensitive information -  the cybersecurity community is reminded once again of the significant risks associated with unsecured APIs. Though Cisco has asserted that the damage was limited to a public-facing environment, such breaches demand a more cautious evaluation. Exposing sensitive information like API tokens, credentials, and even source code can have broader security implications than initially apparent. These compromises, even in ostensibly low-risk environments, can act as gateways for attackers to launch more sophisticated intrusions.

Similarly, Deloitte experienced a breach perpetrated by the same actor, issuing reassuring statements about the extent of the impact. However, both cases illustrate a critical truth: even if the compromised systems are "public-facing," the exposure of sensitive materials creates dangerous opportunities for attackers.

Why Even Minor Breaches Are Major Threats

At first glance, it may seem that breaches involving public-facing environments aren’t as severe as those involving highly sensitive internal systems. However, the real danger lies in what attackers can do with the seemingly minor details uncovered in these intrusions. In the case of the Cisco breach, the exposed API tokens offer more than just access to the breached system itself—they can serve as stepping stones to deeper, more sensitive areas of a network.

Here’s why this is so concerning:

• Exposed Source Code: When source code is exposed, attackers can scrutinize it for security vulnerabilities. These vulnerabilities can then be leveraged in more targeted attacks on other systems, applications, or even other organizations using similar codebases.
• Hardcoded Credentials and API Tokens: These are especially dangerous as they provide attackers direct access to sensitive resources and data. With valid tokens, hackers can bypass traditional security barriers and authenticate as legitimate users, allowing them to navigate undetected in systems they weren’t meant to access.
• Seemingly Harmless Data: Information like Jira tickets or internal documents may appear insignificant, but they can offer valuable intelligence. Attackers can use this information to build more effective phishing campaigns or gain insights into how an organization operates, helping them tailor attacks for higher success rates.

Pivotal Points for Attackers

One of the main problems with breaches like Cisco’s is that they create openings for attackers to escalate their attacks. What starts as a minor exposure can quickly lead to a full-scale data breach if attackers use the information they’ve accessed to exploit vulnerabilities elsewhere.

This is why the Cisco incident—and others like it—underscore the urgent need for strong API security measures, even in environments considered to be less critical or public-facing. Attackers thrive on exploiting seemingly minor oversights, and by the time an organization realizes the full impact of the breach, the damage can be severe.

Why Exposed API Tokens Are So Dangerous

In the case of API tokens, the security implications are especially grave. API tokens grant authorized access to systems and services, but when exposed, they provide attackers with the same level of access. Whether the system is public-facing or not, these tokens can allow unauthorized users to retrieve sensitive data, execute unauthorized transactions, or even manipulate systems. Attackers can pivot from these compromised environments to more sensitive ones, potentially gaining access to mission-critical assets.

Common Ways Sensitive Data Gets Exposed

One of the critical questions raised by incidents like the Cisco breach is: How do sensitive pieces of information like source code, credentials, and API tokens end up on public-facing sites? Some common factors include:

• Misconfigurations: Inadequate access control settings during deployment or changes in system architecture can lead to the exposure of sensitive information that should be kept private.
• Human Error: Simple mistakes, like hardcoding credentials in code or accidentally uploading sensitive files to public repositories, can leave data exposed.
• Inadequate Security Testing: Without thorough testing before deploying systems, organizations may fail to catch vulnerabilities or misconfigurations that leave data exposed.
• Third-party Services: Integrations with third-party platforms or services can sometimes unintentionally expose data if those services are compromised or not properly secured.

Mitigating API Security Risks Requires a Multi-Layered Approach

The key lesson from breaches like these is that securing APIs must be a top priority for all organizations. Here are some ways to reduce the risk:

• Enforce Strict Access Controls: Ensure that APIs are only accessible to authenticated and authorized users. Use robust authentication mechanisms like OAuth or API gateways with strict access policies.
• Promote Secure Coding Practices: Secure coding practices can prevent developers from hardcoding credentials or leaving other vulnerabilities in the codebase.
• Security Testing and Posture Governance: Conduct thorough security testing of your APIs before deployment, and establish posture governance standards to monitor and enforce security controls.
• Secrets Management: Implement secure secrets management solutions that allow API keys, tokens, and credentials to be stored and accessed securely, reducing the likelihood of exposure.
• Continuous Monitoring: Use continuous monitoring and threat detection tools to identify any unauthorized access or suspicious behavior in real-time. This ensures that threats can be addressed before they escalate into full-blown breaches.
• Regular Security Assessments: Organizations should routinely assess their security posture through audits, vulnerability scans, and penetration tests to identify and address potential gaps.

Proactive API Security

The Cisco breach is a stark reminder that even seemingly insignificant vulnerabilities can be leveraged for much larger attacks. Public-facing systems must be treated with the same level of security as internal environments, especially when they house sensitive information like API tokens or credentials. Organizations need to take a proactive approach to API security, ensuring that all APIs, regardless of their exposure level, are adequately protected.

By implementing strong authentication, maintaining a comprehensive API inventory, securing secrets, and continuously monitoring for threats, organizations can safeguard their systems against breaches like the one experienced by Cisco. Ultimately, taking a holistic and forward-looking approach to API security is critical to protecting an organization's most valuable assets.

Salt Security delivers comprehensive API protection, helping businesses identify vulnerabilities, prevent attacks, and secure sensitive data. Salt’s platform uses AI-infused behavioral analysis to automatically detect and block API threats in real time - safeguarding against data leakage, fraud and abuse.

Salt Security empowers organizations to confidently secure their APIs, reduce their attack surface, ensure proper API posture governance and mitigate risks -  even in complex, modern environments. Learn how today.

The post Lessons from the Cisco Data Breach—The Importance of Comprehensive API Security appeared first on Security Boulevard.

FreeBuf官方特别声明，freebie.net域名与本站（freebuf.com)无关，请广大用户留意网址拼写和后缀，谨防钓鱼。