Overview 

The Cybersecurity and Infrastructure Security Agency (CISA) has once again emphasized the critical importance of addressing IT vulnerabilities. This week, Cyble has reported multiple vulnerabilities across IT devices based on the findings published in the Known Exploited Vulnerabilities (KEVs) catalog.  

Among the most concerning vulnerabilities in the list are CVE-2024-11680, CVE-2024-23113, and CVE-2024-47575, as well as others like CVE-2024-10924, CVE-2023-50094, and CVE-2024-38077. The vulnerabilities included in this updated list, classified as Known Exploited Vulnerabilities (KEVs), pose online threats to both government and private sector organizations.  

These flaws are not just theoretical or potential risks; they have been actively exploited by threat actors, making it essential for organizations to take immediate action to patch or mitigate these weaknesses in their systems. The CISA’s KEV catalog highlights which vulnerabilities need to be addressed immediately to prevent cybercriminals from taking advantage of them. 

Major IT Vulnerabilities Listed in the Known Exploited Vulnerabilities Catalog 

Among the most urgent vulnerabilities is CVE-2024-11680, which affects the popular network management software used by many large organizations. This vulnerability, if left unaddressed, can allow attackers to remotely execute arbitrary code, enabling them to gain unauthorized access to sensitive data or disrupt business operations.  

• CVE-2024-23113 is another severe IT vulnerability listed by CISA. This flaw is tied to a specific version of a widely deployed application, leaving it susceptible to exploitation through specially crafted requests that could allow an attacker to gain control over an affected system. The widespread use of this application in various industries—from finance to healthcare—means that the ramifications of an exploit could be catastrophic if left unpatched. 

• CVE-2024-47575, a vulnerability in yet another popular software package, has been flagged as critical by both CISA and security experts. Attackers can exploit this flaw to escalate their privileges, potentially taking control of a system and bypassing normal security mechanisms. Such an escalation could result in the compromise of sensitive data or the deployment of ransomware, making this a particularly malicious vulnerability. 

Other Vulnerabilities on the Radar 

In addition to the three high-priority vulnerabilities, CISA’s latest KEV catalog also includes other notable IT vulnerabilities, such as CVE-2024-10924, CVE-2023-50094, and CVE-2024-38077. While these flaws may not be as widely exploited as the previous ones, they still pose serious risks and require immediate attention. 

• CVE-2024-10924, for example, is a vulnerability in a widely used version of open-source software that could allow remote code execution. If exploited, attackers could bypass security controls and access systems that are critical to both business and governmental functions. 

• CVE-2023-50094 is related to a flaw in a popular content management system, which could allow attackers to execute arbitrary code remotely. As businesses and organizations increasingly rely on digital platforms to manage content, vulnerabilities like this one could open the door to a range of cyberattacks, from data breaches to full system takeovers. 

• CVE-2024-38077 impacts a specific configuration of a widely used database management system. Though not as severe as some of the other vulnerabilities, it can still lead to data corruption or unauthorized access if exploited. 

Mitigations and Recommendations 

Organizations can protect themselves from these vulnerabilities by implementing a range of security measures. Some of these measures include:  

• Regularly update software and hardware with the latest patches from official vendors and apply critical patches immediately. 
• Develop a patch management strategy, including inventory management, testing, deployment, and automation for efficiency. 
• Segment the network to isolate critical assets, using firewalls, VLANs, and access controls to reduce exposure. 
• Create and maintain an incident response plan, regularly testing and updating it to address current threats. 
• Implement monitoring and logging systems, such as SIEM, for real-time threat detection and analysis. 
• Subscribe to security alerts from official sources and conduct regular VAPT exercises to identify and fix vulnerabilities. 

Conclusion 

The publication of new Known Exploited Vulnerabilities (KEVs) by CISA serves as a vital resource in the fight against cybercrime. The vulnerabilities highlighted in the latest list, including CVE-2024-11680, CVE-2024-23113, and CVE-2024-47575, require immediate attention. The inclusion of these flaws highlights the importance of being proactive in identifying and addressing IT vulnerabilities before they can be exploited by attackers. 

The post CISA Releases New List of Known Exploited Vulnerabilities, Urges Immediate Actions  appeared first on Cyble.

Blog – Cyble – ​Read More

Overview 

The Madani Government has taken a significant step toward ensuring online safety by tabling two crucial bills in the Dewan Rakyat on Monday. This development marks a pivotal moment in Malaysia’s efforts to combat cybercrime and modernize outdated cyber laws that were enacted nearly three decades ago. 

Communications Minister Fahmi Fadzil tabled the Communications and Multimedia (Amendment) Bill 2024 and the Malaysian Communications and Multimedia Commission (Amendment) Bill 2024 for their first reading in Parliament.  

These legislative changes highlight the government’s determination to strengthen Malaysia’s legal framework against cybercrime while promoting a safer digital environment for its citizens. 

Why these new Bills are necessary 

The internet has evolved dramatically over the past 26 years, bringing both incredible opportunities and risks. As cyber threats become more advanced, outdated laws struggle to provide adequate protection for users, businesses, and institutions.  

From online scams and fraudulent activities to harassment and the misuse of personal data, the need for strong cyber laws has never been more pressing. The tabling of these two bills comes in response to rising online threats and the necessity to adapt Malaysia’s legal framework to the realities of today’s digital age.  

Minister Fahmi emphasized that these amendments aim to close gaps in existing legislation, ensuring that Malaysia stays ahead in its fight against cybercrime. 

Key Provisions in the Communications and Multimedia (Amendment) Bill 2024 

The Communications and Multimedia (Amendment) Bill 2024 focuses on updating Act 588 to address new challenges in the digital realm. Below are the significant proposed changes: 

1. Expanded Definition of Harassment and Fraud 

• Subsection 233(1) will now include the phrase “harass or commit an offense involving fraud or dishonesty against any person”, broadening the scope of punishable offenses under the act. 
• This change ensures that fraudulent online activities, in addition to harassment, are explicitly covered under the law. 

2. Prohibition of Unsolicited Commercial Messages 

• Clause 92 introduces a new Section 233a, which prohibits the sending of unsolicited commercial electronic messages. 
• This measure aims to combat spam and phishing schemes, which often serve as gateways for more serious cybercrimes. 

3. Disclosure of Communications Data 

• Clause 112 introduces Section 252b, empowering police or authorized officers to compel the disclosure of communications data from individuals in control of a communications system. 
• This change seeks to enhance law enforcement’s ability to investigate and respond to cybercrimes swiftly. 

Key Provisions in the Malaysian Communications and Multimedia Commission (Amendment) Bill 2024 

The Malaysian Communications and Multimedia Commission (MCMC) (Amendment) Bill 2024, meanwhile, focuses on strengthening the capabilities and functions of the MCMC under Act 589. Notable amendments include: 

1. Expansion of MCMC’s Functions 

• Clause 5 proposes an amendment to Section 16, enabling the MCMC to review and audit information provided by licensees. 
• This includes auditing the activities of licensees or service providers as determined by the commission, ensuring better oversight and accountability. 

2. New Definitions 

• Clause 2 amends Section 3 to introduce new definitions for “chief executive officer” and “communications system” while also refining the definition of “chairman.” 
• These updates provide clearer guidelines for roles and responsibilities within the MCMC. 

3. Increased Contract Value Limit 

• Clause 13 proposes an amendment to Section 45, raising the contract value limit the commission can enter without ministerial or financial concurrence from RM5 million to RM10 million. 
• This change is expected to streamline administrative processes and enhance the MCMC’s operational efficiency. 

Implications of these Bills 

The amendments to these two critical acts represent a comprehensive approach to tackling cybercrime. Key implications include: 

• Enhanced Legal Protections: The laws provide stronger safeguards for individuals and businesses by explicitly addressing harassment, fraud, and spam. 
• Modernized Oversight: Changes to the MCMC’s functions and financial thresholds will enable the commission to better regulate and oversee the telecommunications and multimedia sectors. 

However, some of these changes, particularly the expanded search powers, may raise concerns about privacy and potential misuse of authority. Balancing security and personal freedoms will be crucial as the bills are debated. 

A Critical Moment for Cybersecurity in Malaysia 

Minister Fahmi Fadzil expressed optimism that these amendments will be passed during the current parliamentary session, which concludes on December 12.  

While the journey toward a safer online environment is far from over, these bills lay a strong foundation for future advancements in Malaysia’s cybersecurity landscape. As debates ensue in Parliament, the hope is that these laws will strike a balance between strong enforcement and the protection of individual rights, paving the way for a secure and prosperous digital future. 

Source:

https://mcmc.gov.my/skmmgovmy/media/General/pdf2/NEAP-Amendment-Notice-No-1-of-2024.pdf 
https://theedgemalaysia.com/node/736203
https://theedgemalaysia.com/node/736160

The post Malaysia’s Fight Against Cybercrime: Two New Bills Tabled in Parliament  appeared first on Cyble.

Blog – Cyble – ​Read More