Is a CPO Still a CPO? The Evolving Role of Privacy Leadership
Has the role of chief privacy officer become something more than it was? And is it still a role that just one person can handle?
darkreading – Read More
SolarWinds Releases Patches for High-Severity Vulnerabilities
Overview
SolarWinds has issued an important security update advisory outlining the latest vulnerability patches released for its products. This advisory provides insights into recently disclosed vulnerabilities affecting the SolarWinds range and emphasizes the need for organizations to take immediate action to protect their IT infrastructure.
The advisory details various vulnerabilities and their associated risk scores, categorized by severity levels. High vulnerabilities, classified with a CVSS base score of 7.0 to 10.0, include three identified issues, specifically CVE-2024-45714, CVE-2024-45711, CVE-2024-45710, and CVE-2024-45715. These vulnerabilities carry a high-risk score and are marked with a Green TLP rating.
In addition, there is one medium vulnerability, which falls within a CVSS score range of 4.0 to 6.9 and is also rated Green. Furthermore, no vulnerabilities have been classified as low, with a score range of 0.0 to 3.9, reflecting a low-risk status.
Several products and versions have been identified as vulnerable, with patches readily available. Specifically, CVE-2024-45714 affects Serv-U version 15.4.2.3 and earlier, while CVE-2024-45711 impacts Serv-U version 15.4.2 and earlier versions. Additionally, CVE-2024-45710 and CVE-2024-45715 affect SolarWinds Platform version 2024.2.1 and all previous versions.
Detailed Vulnerability Analysis
The Cross-Site Scripting vulnerability (CVE-2024-45714) is classified with a CVSS score of 4.8, indicating a medium severity level. This vulnerability affects Serv-U version 15.4.2.3 and earlier. It allows an authenticated attacker to exploit a flaw in the system, enabling them to modify a variable using a malicious payload.
Another vulnerability is Directory Traversal (CVE-2024-45711), which carries a CVSS score of 7.5, categorizing it as high severity. This issue affects Serv-U version 15.4.2 and earlier versions. The vulnerability may allow for remote code execution, contingent upon the privileges assigned to the authenticated user. To successfully exploit this vulnerability, the attacker must have already gained authentication.
The Uncontrolled Search Path Element vulnerability, identified as CVE-2024-45710, has a CVSS score of 7.8, also indicating high severity. This vulnerability affects the SolarWinds Platform version 2024.2.1 and earlier. It can be exploited to escalate privileges locally by a low-privilege user who has access to the affected machine.
Lastly, Cross-Site Scripting (CVE-2024-45715) has a CVSS score of 7.1, placing it in the high severity category. This vulnerability impacts SolarWinds Platform version 2024.2.1 and previous versions. Affected versions are susceptible to XSS when users perform edit functions on existing elements, potentially compromising system security.
Recommendations
To mitigate the risks associated with these vulnerabilities, organizations should implement the following strategies:
Organizations must promptly apply the latest patches released by SolarWinds to all affected products.
Develop a comprehensive patch management strategy that includes inventory management, assessment, testing, deployment, and verification of patches.
Organizations should segment their networks to safeguard critical assets. This can be achieved through firewalls, VLANs, and access controls, effectively reducing the attack surface.
An incident response plan should be created and regularly tested to ensure it remains effective against evolving threats. This plan should outline procedures for detection, response, and recovery from security incidents.
Organizations are encouraged to implement comprehensive monitoring solutions to detect suspicious activities.
Proactively identify and assess the criticality of any End-of-Life (EOL) products, ensuring timely upgrades or replacements to maintain security integrity.
Conclusion
The SolarWinds platform and its Serv-U product are integral to many organizations for IT management and network monitoring. Given the history of attacks exploiting vulnerabilities in SolarWinds products, organizations need to address any newly disclosed high-severity vulnerabilities promptly. Failure to patch these vulnerabilities could expose organizations to operational and security risks.
The post SolarWinds Releases Patches for High-Severity Vulnerabilities appeared first on Cyble.
Blog – Cyble – Read More
F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability
F5 has released patches for a high-severity elevation of privilege vulnerability in BIG-IP and a medium-severity bug in BIG-IQ.
The post F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters
Cisco has released patches for multiple vulnerabilities in ATA 190 series firmware, including two high-severity flaws.
The post Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters appeared first on SecurityWeek.
SecurityWeek – Read More
NIS 2 Compliance Deadline Arrives: What You Need to Know
The NIS 2 compliance deadline is Oct. 17. Discover essential insights on requirements, impacts, and what organisations must do now.
Security | TechRepublic – Read More
GitHub Releases Security Advisory on Critical Vulnerability in Self-Hosted Environments
Overview
GitHub has issued a security advisory regarding critical vulnerabilities that require immediate attention from users of the GitHub Enterprise Server (GHES). This advisory highlights a specific vulnerability that could severely compromise organizations’ security relying on this self-hosted version of GitHub, which is tailored for those needing to manage their infrastructure, security, and compliance.
GitHub Enterprise Server is a platform that enables organizations to host their repositories while maintaining control over security protocols. However, vulnerabilities identified under the Common Vulnerabilities and Exposures (CVE) system and classified by the Common Vulnerability Scoring System (CVSS) indicate potential risks that must be addressed promptly.
CVE-2024-9487 is a critical vulnerability that impacts specific versions of GitHub Enterprise Server (GHES). It falls under the category of critical security updates and has a risk score of critical.
The affected versions of GitHub Enterprise Server include up to 3.11.15, 3.12.9, 3.13.4, and 3.14.1. GitHub, the vendor responsible for the software, has confirmed that a patch is available to address this critical vulnerability. For organizations, accessing the patch link is essential to ensure the security of their systems.
Vulnerability Details
The identified vulnerability, CVE-2024-9487, has a CVSS score of 9.5, categorizing it as critical. This vulnerability stems from an improper verification of cryptographic signatures. It enables attackers to bypass SAML Single Sign-On (SSO) authentication, allowing unauthorized user provisioning and access to the GitHub instance.
To exploit this vulnerability, attackers need the encrypted assertions feature enabled, along with direct network access and a signed SAML response or metadata document. This combination presents a significant risk, emphasizing the urgency for organizations to implement the available patch.
The security of software development environments hinges on the timely patching critical vulnerabilities. The GitHub Enterprise Server is responsible for protecting sensitive source code, project data, and developer credentials. Unaddressed vulnerabilities can lead to severe repercussions, including data breaches, unauthorized access, and potential sabotage of the development pipeline.
Moreover, the implications extend beyond technical vulnerabilities. Failure to patch can expose organizations to regulatory penalties, particularly in environments where compliance with data protection and cybersecurity regulations is essential.
Recommendations for Organizations
To effectively mitigate risks associated with the vulnerabilities in GitHub Enterprise Server, organizations should consider the following recommendations:
Regularly update all software and hardware systems with the latest patches from official vendors. This is crucial for mitigating vulnerabilities and preventing exploits.
Organizations should establish a detailed patch management strategy that includes inventory management, patch assessment, testing, deployment, and verification.
To protect critical assets, organizations should segment their networks. This can be accomplished using firewalls, VLANs, and access controls to limit exposure and reduce the attack surface.
Creating and maintaining an incident response plan is essential. This plan should outline procedures for detecting, responding to, and recovering from security incidents.
Organizations should implement comprehensive monitoring and logging systems to detect and analyze suspicious activities. Utilizing Security Information and Event Management (SIEM) solutions can help aggregate and correlate logs for real-time threat detection.
Organizations should proactively identify and assess the criticality of End-of-Life (EOL) products within their infrastructure.
Conclusion
Addressing the recently disclosed critical vulnerabilities in GitHub Enterprise Server is important for organizations aiming to protect their development environments. By following the recommendations outlined above, businesses can upgrade their security posture and protect against potential threats, ensuring the integrity of their software development processes. Timely action is essential to mitigate risks and uphold compliance with necessary regulations.
The post GitHub Releases Security Advisory on Critical Vulnerability in Self-Hosted Environments appeared first on Cyble.
Blog – Cyble – Read More
5 Ways to Reduce SaaS Security Risks
As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised
The Hacker News – Read More
This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats
Security researchers created an algorithm that turns a malicious prompt into a set of hidden instructions that could send a user’s personal information to an attacker.
Security Latest – Read More
GPS Jamming Is Screwing With Norwegian Planes
So much jamming is taking place in northeastern Norway, regulators no longer want to know.
Security Latest – Read More
U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks
Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft’s services in June 2023.
The attacks, which were facilitated by Anonymous Sudan’s “powerful DDoS tool,” singled out critical infrastructure, corporate networks,
The Hacker News – Read More