Aggregator

A vulnerability classified as problematic has been found in Apache Answer up to 1.3.5. This affects an unknown part of the component Password Reset Handler. The manipulation leads to missing release of resource. This vulnerability is uniquely identified as CVE-2024-41890. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache Answer up to 1.3.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Password Reset Handler. The manipulation leads to missing release of resource. This vulnerability is handled as CVE-2024-41888. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zabbix up to 5.0.42/6.0.30/6.4.15/7.0.0rc2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component System Information Widget. The manipulation leads to preservation of permissions. This vulnerability is known as CVE-2024-22114. The attack can be launched remotely. There is no exploit available.

A new APT group, dubbed Actor240524, launched a spear-phishing campaign targeting Azerbaijani and Israeli diplomats on July 1, 2024, where the attackers employed a malicious Word document containing Azerbaijani-language content disguised as official documentation to lure victims.  The attack indicates a potential focus on disrupting the Azerbaijan-Israel relationship, as the group leverages new Trojan programs, […]

The post New APT Actor240524 Weaponizing Official Documents To Deliver Malware appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Zabbix up to 5.0.42/6.0.30/6.4.15/7.0.0rc2. It has been classified as problematic. Affected is an unknown function of the component Front-end Audit Log. The manipulation leads to unprotected storage of credentials. This vulnerability is traded as CVE-2024-36460. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Zabbix up to 6.0.30/6.4.15/7.0.0 and classified as critical. This issue affects some unknown processing of the component JavaScript Engine. The manipulation leads to untrusted pointer dereference. The identification of this vulnerability is CVE-2024-36461. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Zabbix up to 6.4.15/7.0.0rc2 and classified as critical. This vulnerability affects unknown code of the component Monitoring Hosts Section. The manipulation leads to code injection. This vulnerability was named CVE-2024-22116. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Zabbix up to 5.0.42/6.0.30/6.4.15/7.0.0rc2. This affects an unknown part of the component Setting SMS Media. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2024-22123. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Airveda Air Quality Monitor PM2.5 PM10. Affected by this issue is some unknown functionality. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is handled as CVE-2024-7408. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Zabbix up to 7.0.0rc2. Affected by this vulnerability is an unknown functionality. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2024-36462. The attack can be launched remotely. There is no exploit available.

Hello, My name is Chen, and I work as a threat intelligence analyst at Salt Security.

Every day, I dive into the complex world of cybersecurity, uncovering the hidden threats that hide in our digital lives. Today, I'd like to take you on a journey through the evolving landscape of API threats.

APIs are the quiet helpers of the digital world, allowing software applications to communicate easily with each other. They bring convenience and functionality to our digital interactions but also open doors to various vulnerabilities and risks.

Imagine APIs as bridges connecting islands of data and services. These bridges are essential for the smooth flow of information, but if not properly secured, they can allow unwanted people in or expose private information.

So now that we all agree that APIs, while super helpful, can also involve many risks, the question to be asked is, what are those risks, and how can we effectively map them?

Since API security is a relatively new domain, there is no standard methodology for achieving it. In this blog post, I want to share some standard techniques I use in my day-to-day job.

CVEs - Vulnerabilities By Type

Our first destination is the world of Common Vulnerabilities and Exposures (CVEs). Consider CVEs a lighthouse, highlighting hidden security flaws that we must recognize and understand to navigate the cybersecurity field safely.

One great resource for better understanding CVEs is CVEdetails. This site is a collection of detailed visualizations and valuable insights. It includes many interesting details, including this table:

The table summarizes all the CVEs found over the past decade, revealing the rise of various types of vulnerabilities. Web vulnerabilities like SQL injection and XSS truly stand out with their remarkable growth over the years.

In 2020, SQL injection-related CVEs were at 466. Fast forward to 2023, and this number has soared to 2,159—a staggering increase of 363.30% in just three years. Similarly, XSS has seen an impressive climb, with CVEs jumping from 2,203 in 2020 to 5,179 in 2023, marking a substantial 135.08% rise.

But our story doesn’t end there. As we delve deeper, we encounter CSRF, which saw its CVEs grow from 416 in 2020 to an astounding 1,398 in 2023, marking an increase of 236.05%. SSRF, too, has its tale of growth, with CVEs rising from 132 in 2020 to 248 in 2023, reflecting an 87.87% increase.

While this table provides great insights, as always in our domain, one source of information is rarely enough.

Take, for example, OAuth vulnerabilities. Salt-Labs' previous publications indicate that OAuth is a popular and rising attack vector. However, this table does not seem to reflect this.

When looking at the raw CVE data from this website, it seems this information is available. I gathered all the CVEs related to OAuth over the past few years and calculated their numbers for each year. Here are the results of my investigation:

I’ve observed a significant increase in OAuth vulnerabilities. In 2012, there was just one CVE, whereas in 2023, there were 42 CVEs. This significant rise had a notable impact on our product, influencing its detection. For further details about our OAuth Protection Package, you can find more information right here.

Bug Bounty Reports

The second destination for better understanding the threat landscape is Bug Bounty reports. The bug bounty community has grown substantially over the past few years, and looking into the public reports and available information from them can yield fascinating insights.

If you inspect all of the categories related to web vulnerabilities and count the number of reports from 2014 to 2022. It's important to note that I excluded 2023 from my analysis due to incomplete data.

You can quickly notice a clear rise in SSRF reports when delving into the data. In 2022, there was a significant increase, fitting well with the broader trends in the OWASP API 2023.

On the other hand, there's been a sharp decline in reports of CSRF vulnerabilities. Once a significant concern, CSRF saw a substantial drop of 79.27% in reports from 2017 to 2022. This downward trend contrasts with the results from our CVE research. However, given that bug bounty data is typically more accurate, I suggest that CSRF might no longer be a focal point in the threat landscape in 2024.

Internal DB of Salt Security

So now that we have a better understanding of the API threat landscape from several different sources, we must ask ourselves how this correlates with the internal telemetry data we collect at Salt-Labs.

Focusing on categories such as 'SQL injection',  'Code Injection',  'XSS', and 'Path Traversal', based on 2023, we saw an increase in web vulnerabilities every month. At the beginning of 2024, the numbers within these key categories were 1.5 times higher than those recorded in 2023.

Our journey ends here, and what we've learned is alarming: web vulnerabilities are escalating and remain a significant threat in the security landscape. As we move into 2024, these issues will persist and potentially affect more companies.

How Salt Can Help

From day one, Salt Security could detect OAuth vulnerabilities and code injections. Recently, we extended these capabilities, launching a new, multi-layered OAuth protection package that can detect attempts to exploit OAuth and proactively fix vulnerabilities. We have enhanced our API protection platform with a comprehensive suite of new OAuth threat detections and posture rules to address the growing challenge of OAuth exploitation. The first API security vendor to launch deep OAuth threat detection capabilities. These innovations will empower organizations to identify and mitigate malicious attempts to exploit OAuth flows, ultimately safeguarding sensitive data and user accounts.

If you would like to learn more about Salt and how we can help you on your API Security journey through discovery, posture management, and run-time threat protection, please contact us, schedule a demo, or check out our website.

Action Items

• Keep Software Updated: Regularly update your operating system, browsers, and applications to protect against security vulnerabilities.
• Educate Yourself and Others: Stay informed about common cyber threats and educate friends and family about safe internet practices.
• Beware of Suspicious Links: Avoid clicking links or opening attachments from unknown sources, as these may lead to malicious sites that exploit these vulnerabilities.
• Boost Your Cybersecurity with Expert Partners: To enhance your protection against cyber threats, consider partnering with third-party companies specializing in cybersecurity. These experts can offer tailored solutions, continuous monitoring, and advanced threat detection, ensuring your systems stay secure and resilient.

The post Exploring the dynamic landscape of cybersecurity threats appeared first on Security Boulevard.

Critical vulnerability in Cisco Smart Software Manager On-Prem exposes systems to unauthorized password changes, exploit code now available.

Background

On July 17, 2024, Cisco published an advisory for a critical vulnerability in Cisco’s Smart Software Manager On-Prem (SSM On-Prem):

CVEDescriptionCVSSv3CVE-2024-20419Cisco Smart Software Manager On-Prem Password Change Vulnerability10Analysis

CVE-2024-20419 is an unverified password change weakness within the Cisco SSM On-Prem interface due to improper validation. Specifically, the flaw allows an unauthenticated, remote attacker to exploit an insufficient authentication mechanism, changing the password of any user by sending specially crafted HTTP requests without prior knowledge of the existing password. The vulnerability affects Cisco SSM On-Prem version 8-202206 and earlier, including releases prior to 7.0 where the product was named Cisco SSM Satellite.

Successful exploitation could result in access to the web interface or API of Cisco SSM On-Prem in the context of the compromised user account. The vulnerability is considered critical as the complexity of the attack is low and could lead to full administrative control over the SSM On-Prem instance. This control could be used to disrupt the organization's software management processes, gain unauthorized access to sensitive resources and potentially carry out further attacks within the network.

On August 7, 2024, Cisco updated their advisory to reflect that public proof-of-concept (PoC) exploit code was now available, heightening the urgency to patch.

Proof of concept

On July 20, 2024, Mohammed Adel, a penetration tester with a previous history of developing exploits, published a detailed writeup explaining the root cause of the vulnerability and his PoC exploit code. The writeup also visually demonstrates the PoC being leveraged against an administrative account to change the password highlighting the vulnerabilities ease of exploitation.

Credit: Mohammeds writeup

Solution

Cisco has issued patches for all affected versions of Cisco SSM On-Prem. At the time of this blog there is no indication of exploitation in-the-wild, but with exploit code publicly available, administrators are strongly advised to apply these patches without delay to mitigate the risk of exploitation. The following table reflects affected and patched versions:

Affected VersionsPatched Version8-202206 and earlier8-2022129Not Vulnerable

Cisco has highlighted that there are no workarounds for this vulnerability.

Identifying affected systems

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-20419 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

• Security Advisory: Cisco Smart Software Manager On-Prem Password Change Vulnerability
• Mohammed Adel Blog: Cisco SSM On-Prem; Account Takeover (CVE-2024-20419)

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The Dark Reading team spent two days on the Dark Reading News Desk interviewing the world's top cybersecurity experts.

关于亿赛通公司发布电子文档安全管理系统产品补丁更新的安全公告

2024年8月9日，国家信息安全漏洞共享平台（CNVD）收录了Windows远程桌面许可服务远程代码执行漏洞（CNVD-2024-34918，对应CVE-2024-38077）

При этом 60% уехавших за рубеж айтишников продолжают работать на компании, связанные с РФ.

Киберпреступники атакуют репутацию компании, играя благородных мстителей.

Опиоидная эпидемия продолжает набирать обороты несмотря на то, что выход очевиден.

基于悬镜敏捷安全工具链，中心贯彻落实“安全左移、敏捷右移”理念，为行业树立了DevSecOps研运安全典范标杆。