Mozilla’s 0Din uncovers critical flaws in ChatGPT’s sandbox, allowing Python code execution and access to internal configurations. OpenAI…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Proton VPN is our pick for the best free VPN. Here’s why, based on our testing.
Latest stories for ZDNET in Security – Read More
The Indian Computer Emergency Response Team (CERT-In) has recently added two Cisco vulnerabilities to its catalog. Both vulnerabilities target Cisco products, with high severity ratings and potential for impacts on the confidentiality, integrity, and availability of affected systems.
The first vulnerability, CVE-2024-20536, affects Cisco’s Nexus Dashboard Fabric Controller (NDFC), specifically versions 12.1.2 and 12.1.3. The flaw is found in the REST API endpoint and web-based management interface, and it could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device.
The vulnerability arises due to insufficient input validation. An attacker with read-only privileges could exploit this flaw by sending specially crafted requests to the affected device’s REST API or management interface, bypassing input validation and potentially modifying or deleting data in the internal database. Exploiting this vulnerability could lead to denial of service (DoS) conditions and a significant disruption of operations.
The severity of the vulnerability is classified as high. It affects Cisco NDFC versions 12.1.2 and 12.1.3, making these systems particularly vulnerable to exploitation. The potential impact includes data manipulation, which could allow attackers to alter sensitive information and service disruption, potentially leading to system downtime. Furthermore, there is a risk of data leakage, where unauthorized individuals may access and expose confidential data stored within the affected systems.
This vulnerability does not affect Cisco NDFC when it is configured as a Storage Area Network (SAN) controller. However, for organizations using the affected versions of Cisco NDFC, the potential risks are significant, especially in terms of data integrity and availability.
The second vulnerability, CVE-2024-20484, affects Cisco Enterprise Chat and Email (ECE) versions 12.6 and earlier, running the External Agent Assignment Service (EAAS). This vulnerability could allow unauthenticated, remote attackers to trigger a Denial of Service (DoS) condition, disrupting the availability of the ECE system.
The vulnerability lies in the way Cisco ECE handles Media Routing Peripheral Interface Manager (MR PIM) traffic. An attacker could exploit this flaw by sending specially crafted MR PIM traffic, causing a failure in the MR PIM connection between Cisco ECE and Cisco Unified Contact Centre Enterprise (CCE). This failure leads to a denial-of-service condition, rendering the ECE system inoperable.
This issue primarily affects organizations using Cisco ECE for enterprise communication. A successful attack could lead to widespread disruptions, affecting internal communications and customer service operations.
While CVE-2024-20484 and CVE-2024-20536 are the latest additions to the catalog of known vulnerabilities, Cisco has had a series of high-severity vulnerabilities throughout the year. In addition to these new vulnerabilities, Cyble recently reported on a critical flaw in the Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul (URWB), tracked as CVE-2024-20418. This vulnerability, with a CVSS score of 10.0 (the highest possible severity), allows attackers to gain root-level access to vulnerable Cisco devices.
Exploiting this flaw can enable unauthorized command execution on affected systems, making it one of the most dangerous vulnerabilities in Cisco’s product lineup this year. The CVE-2024-20418 vulnerability affects Cisco Catalyst Access Points operating in URWB mode, such as the Catalyst IW9165D, IW9165E, and IW9167E models. Attackers can exploit this flaw by sending specially crafted HTTP requests to the affected device, injecting commands with root privileges, and gaining control over the device. Exploiting this vulnerability could lead to compromises in industrial and high-stakes environments.
Moreover, Cyble sensors have previously detected cyberattacks targeting the “/+CSCOE+/logon.html” URL, which is linked to Cisco ASA’s WebVPN Login Page. Vulnerabilities like XSS, path traversal, and HTTP response splitting could allow attackers to execute code, steal data, or disrupt services.
The disclosure of these Cisco vulnerabilities, like CVE-2024-20484 and CVE-2024-20536, stresses the growing risk of exploitation in critical infrastructure, particularly in widely used systems like Cisco products. As Cyble and other threat intelligence firms have noted, cybercriminals are increasingly targeting known vulnerabilities, employing tactics such as brute-force attacks and leveraging the dark web to spread exploits.
With vulnerabilities continuing to be discovered and actively targeted, organizations must prioritize patch management, implement strong security measures, and conduct regular vulnerability assessments. By staying on guard and proactive in updating systems, segmenting networks, and monitoring suspicious activity, businesses can better defend against online threats.
The post CERT-In Flags Two High-Risk Cisco Vulnerabilities Targeting Key Infrastructure appeared first on Cyble.
Blog – Cyble – Read More
IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here’s the thing: hackers don’t wait around for compliance schedules.
Most companies approach network penetration testing on a set schedule, with the most common frequency being twice a year (29%), followed by three to four times per year (23%) and once per year (20%),
The Hacker News – Read More
A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season.
“The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts. The threat actor used fake discounted products
The Hacker News – Read More
T-Mobile has also been targeted by the Chinese group Salt Typhoon in a major espionage campaign targeting US telecom companies.
The post T-Mobile Also Targeted in Chinese Telecom Hacking Campaign appeared first on SecurityWeek.
SecurityWeek – Read More
A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site.
The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The
The Hacker News – Read More
Legal documents released as part of an ongoing legal tussle between Meta’s WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so.
They also show that NSO Group repeatedly found ways to install the invasive surveillance tool on the target’s devices as
The Hacker News – Read More
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added two high-severity vulnerabilities affecting Palo Alto Networks Expedition to its Known Exploited Vulnerability (KEV) Catalog.
The two Palo Alto Networks vulnerabilities, which are actively being targeted by cybercriminals, are identified as CVE-2024-9463 and CVE-2024-9465; both have critical severity ratings and are known to be actively exploited in real-world attacks. Organizations using affected versions of Palo Alto Networks Expedition are urged to take immediate action to mitigate the risks.
The vulnerabilities in question—CVE-2024-9463 (OS Command Injection) and CVE-2024-9465 (SQL Injection)—impact Palo Alto Networks’ Expedition software, a tool for migrating and optimizing PAN-OS configurations. Both flaws have been assigned CVSSv4 scores of 9.9 and 9.2, respectively, signifying their high criticality.
These vulnerabilities could allow attackers to gain unauthorized access to sensitive data or execute arbitrary commands on affected systems, posing online risks to organizations’ security.
The first vulnerability, CVE-2024-9463, is a critical OS command injection flaw that affects Palo Alto Networks Expedition. Assigned a CVSSv4 score of 9.9, this vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on the affected system.
If successfully exploited, this can compromise the integrity of the system, giving attackers the ability to disclose sensitive information. This includes usernames, cleartext passwords, device configurations, and API keys associated with PAN-OS firewalls, which are critical for securing network traffic.
Attackers exploiting this flaw can gain root access to these systems, making this vulnerability a prime target for those seeking to compromise firewall configurations and sensitive network data.
Another critical flaw, CVE-2024-9465, is a SQL injection vulnerability found in Expedition. This flaw, with a CVSSv4 score of 9.2, allows attackers to interact with and manipulate the system’s database, exposing sensitive information such as password hashes, usernames, and device configurations. Exploiting this vulnerability could give attackers the ability to create and read arbitrary files on the system, which increases the risk of a full system compromise.
Similar to CVE-2024-9463, the vulnerable version for CVE-2024-9465 is Expedition < 1.2.96. Additionally, proof-of-concept (PoC) exploits for this vulnerability have already been released to the public, escalating the risk of widespread attacks. As the PoC code is now accessible, it allows potential attackers to easily replicate the exploit and target vulnerable systems more efficiently.
Both CVE-2024-9463 and CVE-2024-9465 are critical vulnerabilities in the Expedition software suite. Organizations that are running versions of Expedition older than 1.2.96 are strongly advised to immediately update to the latest patched version. Given the severity and the ongoing active exploitation of these vulnerabilities, patching is crucial to protect sensitive information and maintain system security.
Cyble researchers have observed active exploitation of these flaws, with CVE-2024-9463 being particularly concerning due to its ability to grant attackers root-level access. This could result in a wide range of malicious activities, including data breaches, ransomware deployment, and unauthorized system modifications. Organizations should be particularly vigilant in monitoring their systems for signs of exploitation.
Palo Alto Networks has already released patches to address both vulnerabilities and organizations are urged to upgrade to Expedition version 1.2.96 or later. However, simply applying the patch may not be enough. The following mitigation strategies are recommended:
The inclusion of CVE-2024-9463 and CVE-2024-9465 in CISA’s Known Exploited Vulnerabilities catalog highlights the urgent need for organizations to address these critical vulnerabilities in the Palo Alto Networks Expedition.
With active exploitation ongoing, it is important for organizations using vulnerable versions to prioritize patching and apply recommended security measures. Delaying action could lead to severe data breaches and system compromises.
The post CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog appeared first on Cyble.
Blog – Cyble – Read More
