‘Titanic Mindset’: Just 54% of UK IT Pros Confident in Data Recovery
IT pros at U.K. companies are not regularly testing their data recovery processes, largely due to a lack of support from higher-ups.
Security | TechRepublic – Read More
Digital Asset Trading Platform UEEx Strengthens Digital Asset Security with New Protection Policy
UEEx enhances user security with new compensation policies addressing abnormal market volatility and asset protection. Users can now…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Google’s Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52%
Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years.
The tech giant said focusing on Safe Coding for new features not only reduces the overall security risk of a codebase, but also makes the switch
The Hacker News – Read More
Cybercriminals target transportation companies in North America with info-stealing malware
Hackers used compromised legitimate email accounts belonging to transportation and shipping companies to gain access to victims, sending malicious links and attachments within existing email conversations.
The Record from Recorded Future News – Read More
Urgent Security Advisory: CVE-2024-7593 Exposes Ivanti VTM to Attacks
Overview
The Cybersecurity Infrastructure and Security Agency (CISA) and Ivanti have shared an update advisory highlighting a critical authentication bypass vulnerability, CVE-2024-7593, in Ivanti’s Virtual Traffic Manager (VTM). This vulnerability has garnered attention due to its inclusion in the CISA’s Known Exploited Vulnerabilities (KEV) catalog, indicating that it is currently being targeted by threat actors.
Ivanti’s Virtual Traffic Manager serves as a software-based application delivery controller designed to optimize and manage network traffic across web and application servers. By efficiently distributing traffic, inspecting requests, and managing workloads, VTM enhances application performance, security, and scalability. However, the identified vulnerability poses significant risks that organizations must address promptly.
Ivanti’s Virtual Traffic Manager (VTM) Vulnerability
The vulnerability classification for CVE-2024-7593, which pertains to an authentication bypass, falls under a critical rating with a CVSS score of 9.8. It affects several versions of Ivanti Virtual Traffic Manager, specifically versions 22.2, 22.3, 22.3R2, 22.5R1, 22.6R1, and 22.7R1.
This flaw allows remote attackers to create administrator accounts, granting them unauthorized access to critical administrative functions within the VTM. At the time of the advisory’s release, Cyble’s ODIN scanner detected 67 internet-facing instances of Ivanti VTM, predominantly located in Japan and the United States. Given this context, organizations are strongly advised to review their audit logs to identify any potential unauthorized access attempts.
Given that the vulnerability can be exploited through the management interface, Ivanti recommends limiting administrative access to the management interface exclusively within internal networks. By restricting access to private or corporate networks, organizations can significantly reduce their exposure to potential threats.
Conclusion
The Ivanti Virtual Traffic Manager plays a pivotal role in ensuring efficient network operations and application performance. However, the recent identification of CVE-2024-7593 highlights the importance of vigilant security practices. With this vulnerability being actively exploited by threat actors, it is important for organizations relying on Ivanti VTM to take immediate action.
Recommended Actions
Implement the most recent patches released by Ivanti. Regular software updates are essential to close security gaps and protect against exploits. Establish a routine for patch applications, ensuring that critical updates are prioritized.
Establish a robust patch management strategy that includes inventory management, assessment, testing, deployment, and verification of patches. Automating parts of this process can enhance efficiency and ensure consistent application.
To minimize the exposure of critical assets, organizations should segment their networks. This involves creating distinct zones for sensitive information and utilizing firewalls, VLANs, and access controls to regulate access.
Organizations must develop and maintain an incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents. Regular testing and updates are essential to adapt to new threats.
Comprehensive monitoring and logging systems are vital for detecting malicious activities. Implementing Security Information and Event Management (SIEM) solutions can help organizations aggregate and analyze logs for real-time threat detection.
The post Urgent Security Advisory: CVE-2024-7593 Exposes Ivanti VTM to Attacks appeared first on Cyble.
Blog – Cyble – Read More
Sophisticated RAT Hides Behind P. Diddy Scandal Lures
The advanced Python-based PysSilon malware can steal data, record keystrokes, and execute remote commands. The attackers behind it are promising to leak details of deleted X posts related to accused rapper and music producer Sean Combs.
darkreading – Read More
How Russia, China & Iran Are Targeting US Elections
While these threats remain a valid concern, US government agencies have doubled down on their assurances to the American public that election infrastructure is secure.
darkreading – Read More
Apex Softcell Flaws Could Lead to Unauthorized Transactions, CERT-In Warns
Overview
The Indian Computer Emergency Response Team (CERT-In) has warned users about five high-severity vulnerabilities in Apex Softcell’s mobile stock trading and back-office platforms.
The 32-year-old private company focuses on products and solutions for capital markets and the financial industry, making any vulnerability potentially critical.
According to the CERT-In advisory published last week, the vulnerabilities affect Apex Softcell LD Geo versions prior to 4.0.0.7 and LD DP Back Office versions prior to 24.8.21.1 and could allow a remote attacker to perform user enumeration, bypass OTP verification, manipulate unauthorized transactions, or gain unauthorized access to sensitive information of other user accounts.
Affected Products and Vulnerabilities
The affected products include Apex Softcell LD Geo versions prior to 4.0.0.7 and Apex Softcell LD DP Back Office versions prior to 24.8.21.1. Several vulnerabilities have been identified but not yet announced, including CVE-2024-47085, CVE-2024-47086, CVE-2024-47087, CVE-2024-47088, and CVE-2024-47089.
CVE-2024-47085: Parameter Manipulation Vulnerability
This vulnerability exists in the LD DP Back Office because of improper validation of the parameters “cCdslClicentcode” and “cLdClientCode” in the API endpoint. Authenticated remote attackers could exploit this vulnerability via the manipulation of parameters in the API request body, leading to the exposure of sensitive information belonging to other users.
CVE-2024-47086: OTP Bypass Vulnerability
Another LD DP Back Office vulnerability, this one caused by improper implementation of an OTP validation mechanism in certain API endpoints, could be exploited by an authenticated remote attacker who provides arbitrary OTP values for authentication, subsequently changing the API response, and bypassing OTP verification for other user accounts.
CVE-2024-47087: Information Disclosure Vulnerability
This vulnerability in LD Geo is due to improper validation of certain parameters (Client ID, DPID, or BOID) in the API endpoint. Authenticated remote attackers could exploit this vulnerability by manipulating parameters in the API request body, leading to sensitive information exposure.
CVE-2024-47088: User Enumeration Vulnerability
This vulnerability in LD Geo is created by missing restrictions for excessive failed authentication attempts on its API-based login. Remote attacks could exploit this by conducting a brute force attack on login OTP, which could lead to unauthorized access to other user accounts.
CVE-2024-47089: Unauthorized Transaction Manipulation Vulnerability
This LD Geo vulnerability is caused by improper validation of the transaction token ID in the API endpoint. Authenticated remote attackers could exploit this by manipulating the transaction token ID in the API request, leading to unauthorized access and modification of transactions belonging to other users.
Users should upgrade Apex Softcell LD Geo to version 4.0.0.7 and Apex Softcell LD DP Back Office to version 24.8.21.1.
Conclusion
Remote attackers could manipulate transactions, bypass authentication, and access sensitive user information, and the implications of these vulnerabilities could be severe. To mitigate these risks, all users of Apex Softcell LD Geo and LD DP Back Office must immediately upgrade to the latest versions—4.0.0.7 and 24.8.21.1, respectively. Proactive measures and timely updates are essential to monitor and secure sensitive financial data as well as maintain the integrity of trading operations.
Mitigation and Recommendations
Users must upgrade to Apex Softcell LD Geo version 4.0.0.7 and LD DP Back Office version 24.8.21.1 to close the identified vulnerabilities.
Ensure that all API endpoints validate input parameters rigorously to prevent parameter manipulation and unauthorized access.
Employ anomaly detection systems to identify unusual patterns, such as excessive failed login attempts, which may indicate brute-force attacks.
Perform periodic security assessments and penetration testing on the trading platforms to identify and address vulnerabilities proactively.
Train users to recognize potential phishing attempts and unauthorized access attempts, reinforcing the importance of strong, unique passwords.
Enforce the principle of least privilege, granting users only the access necessary for their roles, thereby reducing the impact of a compromised account.
Subscribe to security advisories and maintain awareness of newly discovered vulnerabilities related to the software in use to ensure timely responses.
The post Apex Softcell Flaws Could Lead to Unauthorized Transactions, CERT-In Warns appeared first on Cyble.
Blog – Cyble – Read More
Modified LockBit and Conti ransomware shows up in DragonForce gang’s attacks
The manufacturing, real estate and transportation industries are recent targets of the cybercrime operation known as DragonForce. Researchers say it’s serving up versions of LockBit and Conti to affiliates.
The Record from Recorded Future News – Read More
Cyber Founder Recipe for Success: Clear Vision and Trusted Experts
A clear, consistent vision, along with reliable experts, are the two essential ingredients for startup founders to achieve success—both in cyber and beyond.
The post Cyber Founder Recipe for Success: Clear Vision and Trusted Experts appeared first on SecurityWeek.
SecurityWeek – Read More