Overview

This week’s vulnerability report sheds light on a broad range of critical vulnerabilities identified from December 25 to December 31, 2024. The report emphasizes several high-severity flaws that pose online threats to cybersecurity, including new additions to the CISA’s Known Exploited Vulnerability (KEV) catalog.

Among the most pressing vulnerabilities, one concerning Palo Alto Networks’ PAN-OS stands out. This vulnerability has been actively exploited by cybercriminals to compromise firewalls, forcing them to reboot and disrupting network security. The Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerability to their KEV catalog, signifying its exploitation in the wild.

Beyond this, CRIL also analyzed multiple high-profile vulnerabilities impacting D-Link products and Four-Faith routers, both of which are integral to various Internet of Things (IoT) applications.

CISA’s KEV Catalog Adds New Vulnerability

This week, CISA’s KEV catalog was updated to include a critical vulnerability in PAN-OS by Palo Alto Networks (CVE-2024-3393). The flaw lies in the handling of malformed DNS packets, which can be leveraged to exploit the firewall systems, ultimately causing service disruptions by forcing them to reboot. Given its active exploitation, CISA has strongly urged organizations using Palo Alto Networks firewalls to apply the necessary patches to safeguard their networks from potential breaches.

In addition, Four-Faith routers (CVE-2024-12856) have also been found vulnerable to OS command injection. These routers are extensively used in IoT environments, where remote attackers can exploit default credentials and send specially crafted HTTP requests. Once successful, attackers can remotely execute arbitrary OS commands, significantly compromising the integrity of the affected systems.

D-Link Vulnerabilities Pose Major Threats

D-Link, a global leader in networking hardware, continues to be the focus of vulnerability research. CRIL identified multiple flaws affecting various D-Link routers, including the DIR-806 (CVE-2019-10891), DIR-645 (CVE-2015-2051), and DIR-845L (CVE-2024-33112), among others. These command injection vulnerabilities allow attackers to execute arbitrary commands on vulnerable devices remotely, facilitating initial access for malware campaigns.

Furthermore, vulnerabilities in D-Link’s GO-RT-AC750 (CVE-2022-37056) and DIR-845L (CVE-2024-33112) routers were found to be exploited by the Ficora and Capsaicin botnets, targeting outdated routers or devices that are no longer supported. These findings emphasize the importance of updating D-Link devices and ensuring that default credentials are changed to prevent attackers from easily gaining access.

New Exploits in Apache Software and Google Products

The Apache Software Foundation has also become a focal point in the latest vulnerability findings. Two critical vulnerabilities were identified in Apache Traffic Control (CVE-2024-45387) and Apache HugeGraph-Server (CVE-2024-43441). The former, an SQL injection vulnerability, allows privileged users to execute arbitrary SQL queries against a backend database. The latter vulnerability, an authentication bypass flaw, affects Apache HugeGraph, an open-source graph database, and could be exploited by attackers to bypass authentication mechanisms.

In the realm of web security, Google Chrome (CVE-2024-9122) and the AngularJS web framework (CVE-2024-54152) also saw severe vulnerabilities this week. The Chrome vulnerability centers around a Type Confusion flaw in the V8 JavaScript engine, enabling attackers to access out-of-bounds memory locations through malicious HTML pages. Meanwhile, AngularJS users are at risk of a code injection flaw in earlier versions of Angular Expressions, which could allow arbitrary code execution on affected systems.

Vulnerability Exploits in Underground Forums

CRIL researchers also monitored underground forums and Telegram channels, where they observed multiple instances of Proof-of-Concept (PoC) exploits being shared. Among the vulnerabilities discussed were CVE-2023-21554, which affected Microsoft MSMQ, and CVE-2024-54152, which affected AngularJS. Threat actors in these forums discussed the active exploitation of these vulnerabilities and shared tools and methods for attacking vulnerable systems.

The Microsoft Message Queuing (MSMQ) service vulnerability (CVE-2023-21554), also known as QueueJumper, is particularly concerning. This remote code execution (RCE) vulnerability can allow attackers to execute arbitrary code on vulnerable servers. A notable trend in underground forums was the high demand for exploits targeting MSMQ servers, with actors willing to purchase exploits for up to USD 1,000.

Similarly, the CVE-2024-9122 vulnerability in Google Chrome was also discussed widely on dark web channels, where exploits for this high-severity flaw were being weaponized to target vulnerable versions of the browser.

Recommendation and Mitigation Strategies

As always, CRIL stresses the importance of prompt patching and network defenses to protect against these cyber threats. Key recommendations include:

1. Ensure that all systems are up to date with the latest patches from official vendors. Timely patching is critical to prevent attackers from exploiting known vulnerabilities.
2. Develop a comprehensive patch management strategy that includes asset tracking, patch assessment, and deployment. Automate the process where feasible to improve efficiency.
3. Implement network segmentation to minimize the exposure of critical systems. Use firewalls, VLANs, and access controls to restrict access to sensitive assets.
4. Enforce strong password policies and implement multi-factor authentication (MFA) to prevent unauthorized access.
5. Use Security Information and Event Management (SIEM) tools to detect suspicious activities in real time and generate alerts for potential exploits.
6. Maintain an updated incident response and recovery plan to ensure quick action in the event of a security breach.
7. Regularly perform vulnerability assessments and penetration tests to identify and mitigate security gaps.
8. Stay updated with the latest vulnerability disclosures and security advisories from trusted sources such as CISA and official vendors.

Conclusion

The latest Weekly Vulnerability Report from Cyble highlights critical security flaws across prominent platforms, such as D-Link, Apache, and Palo Alto. These vulnerabilities present significant risks to organizations worldwide. By leveraging Cyble’s advanced threat intelligence solutions, including proactive AI-powered platforms like Cyble Vision, businesses can better protect themselves from emerging threats, ensuring rapid response and reduced exposure to cyber risks. Stay ahead of cybercriminals with Cyble’s cutting-edge cybersecurity tools and expert guidance.

The post Weekly Vulnerability Insights Report: Critical Vulnerabilities Highlighted from December 25-31, 2024 appeared first on Cyble.

Blog – Cyble – ​Read More

Every year, Kaspersky experts briefly turn into soothsayers. No, our colleagues don’t reach for crystal balls, tarot cards or horoscopes to see into the cybersecurity future; their predictions are based on an analysis of the global trends and threats we encounter in our daily work.

And they’re often spot-on: for 2024, we predicted a rise in scams tied to play-to-earn (P2E) games, the proliferation of voice deepfakes, and other trends.

Now, let’s look at which cyberthreats and trends we believe will dominate in 2025:

• AI will become an everyday work tool.
• Scammers scamming in relation to new games and movies.
• Subscription scams will flourish.
• Social networks could be banned.
• User rights over personal data will expand.

AI will become an everyday work tool

In 2025, we expect artificial intelligence to solidify its role in our everyday lives. Major platforms like Google and Bing have integrated AI into search results over the past year, and users worldwide are hooked on ChatGPT and its many counterparts. Predicting how exactly AI will develop is tricky, but one thing is certain: what’s popular with regular users is inevitably twice as popular with scammers. Therefore, we urge you to exercise caution when using AI tools — and remind you that throughout 2024, we repeatedly reported on the associated threats.

How hackers can read your chats with ChatGPT or Microsoft Copilot

How to use ChatGPT, Gemini, and other AI securely

Trojans in AI models

With the popularization of artificial intelligence in 2025, the associated risks will be seen more clearly and frequently. Malicious actors are already adept at exploiting AI, so we should expect even more problems, such as those linked to deepfakes.

Scammers look forward to new games and movies

Fraudsters never miss major releases in the entertainment industry, and 2025 will be no exception. While gamers eagerly anticipate long-awaited titles like Mafia: Old Country, Civilization VII, and Death Stranding 2, attackers are already devising new schemes involving fake preorders and digital keys. We won’t even mention the dangers of downloading games from torrent sites — the risks are abundantly clear.

Movie enthusiasts won’t be overlooked either, as scammers join the rest of us in anticipating sequels and remakes like Superman, Jurassic World Rebirth, Captain America: Brave New World, Return to Silent Hill, and Tron: Ares. Be especially cautious — fraudsters may offer tickets to early screenings, sell fake merchandise, and exploit the love of cinema in every possible way. So get some reliable protection to be entertained securely.

Subscription scams will flourish

In recent years, the world has shifted significantly toward subscription-based models for goods and services, and scammers have capitalized on the trend — just think of the fake Telegram Premium subscription scam we’ve detailed on our blog.

As the number of subscription services continues to grow, some users might be tempted to “buy a subscription at a discount” or even “download the program for free”, playing right into the hands of scammers. Remember: if it sounds too good to be true, it probably is. Download programs and apps only from official sources, and ensure your devices have reliable protection, as malware can even be found in legitimate app stores.

Social networks may be banned

In Australia, access to popular social-media platforms has already been banned for all children under 16 without exception. Ten years ago, such an initiative would have been laughed off: “Just set your age to over 16 and carry on as usual”. But advancements in AI have changed everything. Reliable age verification systems are now being implemented, making it much harder to bypass such restrictions. The future of children’s access to social media, not only in Australia but worldwide, depends largely on the effectiveness of these systems.

If successful, this practice could easily be adopted by other countries, starting with Australia’s closest economic partners. While a complete ban on social media in 2025 seems unlikely, it’s highly probable that similar practices will be introduced elsewhere, leading to restrictions for certain user groups.

User rights over personal data will expand

Good news for anyone concerned about their personal data privacy: in 2025, users will gain greater control over their information! This is thanks to the gradual expansion of rights related to data portability, which may simplify the transfer of data between the platforms processing it.

Privacy policies such as the GDPR (EU) and CRPA (California, USA) are inspiring similar reforms across other U.S. states and in Asia. And let’s not forget the 2024 case where the European Center for Digital Human Rights upheld user rights against Meta, preventing the tech giant from using private personal data to train its AI models. So, we could see a shift in 2025 in the digital world’s balance of power — tilting it more in favor of individual users.

Kaspersky official blog – ​Read More

Overview 

The Indian Computer Emergency Response Team (CERT-In) has issued an alert regarding a critical security vulnerability in the WPForms plugin for WordPress. The flaw, identified as CVE-2024-11205, could allow attackers to bypass authorization controls and perform payment refunds and subscription cancellations on Stripe-powered websites.  

This WPForms plugin vulnerability, affecting WPForms versions 1.8.4 through 1.9.2.1, leaves WordPress sites vulnerable to exploitation by authenticated users with lower-level permissions. The vulnerability was disclosed publicly on December 9, 2024, by Wordfence researchers, and a patch was made available in WPForms version 1.9.2.2. 

The flaw stems from the absence of a capability check in the wpforms_is_admin_page function. This function is responsible for determining whether a user is accessing the admin interface via an AJAX request. Without proper authorization checks, attackers with Subscriber-level access or higher could bypass the restrictions and execute critical actions such as refunds and subscription cancellations on Stripe-powered sites. 

This vulnerability has been documented in the CIVN-2025-0001 Vulnerability Note, issued by CERT-In on January 1, 2025, indicating a High severity rating. Websites that rely on WPForms for financial transactions are particularly at risk of unauthorized modifications to their data, potentially causing significant financial losses and disruption of services.

Technical Details of the WPForms Plugin Vulnerability (CVE-2024-11205) 

The vulnerability exists in versions 1.8.4 through 1.9.2.1 of the WPForms plugin, where the wpforms_is_admin_ajax function lacks proper checks to ensure that the user requesting sensitive actions is authorized to do so. This function is intended to confirm whether a request originates from an admin interface, but because it does not perform capability checks, attackers can exploit the flaw to trigger ajax_single_payment_refund and ajax_single_payment_cancel functions.

These functions are used to process Stripe payments, but in the vulnerable versions of WPForms, they can be exploited by authenticated users with as little as Subscriber-level access. While nonce protection exists to prevent attacks such as Cross-Site Request Forgery (CSRF), authenticated attackers can bypass this protection by obtaining the nonce. This means that an attacker could potentially: 

• Initiate unauthorized refunds for legitimate payments, resulting in financial harm to businesses. 
• Cancel active subscriptions, disrupting services and harming customer relationships. 

These unauthorized actions could lead to a loss of revenue, significant operational costs, and reputational damage, particularly for businesses that rely on WPForms for managing payments and subscriptions. 

Exploitation Scenario 

The vulnerability allows attackers with Subscriber-level access or higher to exploit the ajax_single_payment_refund and ajax_single_payment_cancel functions. Normally, these actions are restricted to administrators, but the missing capability checks allow lower-level users to initiate them. 

Once an attacker gains access to these functions, they can initiate unauthorized refunds for Stripe payments and cancel active subscriptions. This could result in: 

• Unauthorized refunds can cause significant revenue loss for businesses. 
• Attacks that cancel subscriptions can interfere with customer services, leading to customer dissatisfaction and churn. 
• Unauthorized transactions can lead to a loss of trust among customers and potential harm to the business’s reputation. 

Given WPForms’ widespread use, this flaw affects millions of WordPress websites, with businesses of all sizes being vulnerable to exploitation. 

Remediation and Patch Details 

WPForms quickly addressed the issue by releasing a patched version of the plugin, version 1.9.2.2, on November 18, 2024. Users who are running versions 1.8.4 through 1.9.2.1 are strongly advised to update to the latest version immediately to protect their websites from exploitation. 

In addition to the patch, Wordfence, a leading security service for WordPress, took swift action to protect its users. On November 15, 2024, Wordfence Premium, Care, and Response users received a firewall rule to protect against potential exploits targeting this vulnerability. Protection for users of the free version of Wordfence was rolled out on December 15, 2024. 

The impact of this CVE-2024-11205 vulnerability is severe for businesses that rely on WPForms to manage payments and subscriptions via Stripe. If exploited, the vulnerability could result in: 

• Financial damage from unauthorized refunds and subscription cancellations. 
• Disruption of business operations, particularly for e-commerce sites that rely on WPForms for processing payments. 
• Loss of customer trust, as attackers could interfere with services and create doubts about the site’s security. 

Conclusion 

The CVE-2024-11205 vulnerability poses a risk to WPForms users, allowing attackers with Subscriber-level access or higher to initiate unauthorized payment refunds and cancel subscriptions. To mitigate this threat, it is crucial for users to update to the latest patched version, 1.9.2.2, which addresses the issue. The vulnerability’s potential impact on financial transactions and business operations makes it imperative for WordPress site administrators to prioritize this update, particularly those using WPForms for payment and subscription management. 

References:  

• https://www.cert-in.org.in/ 

• https://www.wordfence.com/blog/2024/12/6000000-wordpress-sites-protected-against-payment-refund-and-subscription-cancellation-vulnerability-in-wpforms-wordpress-plugin/ 

• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpforms-lite/wpforms-184-1921-missing-authorization-to-authenticated-subscriber-payment-refund-and-subscription-cancellation 

The post CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services appeared first on Cyble.

Blog – Cyble – ​Read More

Overview 

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-3393, a Palo Alto Networks PAN-OS Malformed DNS Packet vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability impacts the DNS Security feature of PAN-OS, which powers firewalls and security solutions. The vulnerability allows attackers to exploit the system through specially crafted DNS packets, leading to a denial-of-service (DoS) condition, affecting the availability of essential firewall services. 

On December 27, 2024, Palo Alto Networks reported a Denial of Service (DoS) vulnerability in the DNS Security feature of PAN-OS, specifically linked to the malformed DNS packet handling process. This issue, now documented as CVE-2024-3393, has been added to the CISA’s Known Exploited Vulnerabilities Catalog.  

The threat presented by CVE-2024-3393 PAN-OS is particularly alarming for organizations relying on DNS Security for protection, as attackers can exploit this flaw to send malicious DNS packets that cause the affected firewall to reboot. Repeated attempts can cause the firewall to enter maintenance mode, severely disrupting services. With the increasing reliance on firewalls to secure critical infrastructure, this vulnerability poses an urgent risk to many organizations globally. 

Technical Analysis of CVE-2024-3393 PAN-OS 

CVE-2024-3393 affects PAN-OS versions on PA-Series, VM-Series, CN-Series firewalls, and Prisma Access deployments. The vulnerability arises when DNS Security logging is enabled with a valid DNS Security or Advanced DNS Security license. When exploited, this vulnerability could allow unauthenticated attackers to send a specially crafted DNS packet through the firewall’s data plane, causing a reboot. Continuous exploitation could force the firewall into maintenance mode, leading to prolonged service disruption. 

The CVSS score for this vulnerability is 8.7, indicating a high-severity risk. The exploit maturity is classified as attacked, meaning that attackers are actively exploiting the vulnerability. It is worth noting that CVE-2024-3393 PAN-OS does not affect all PAN-OS versions. Specific versions are vulnerable, including PAN-OS 11.1, 10.2, and 10.1, depending on the release, while PAN-OS 9.1 and PAN-OS 11.0 have reached their end of life (EOL) and are no longer receiving patches. 

For this issue to be successfully exploited, two primary conditions must be met: 

1. A DNS Security License (either standard or advanced) must be applied. 
2. DNS Security logging must be enabled on the system. 

This configuration creates an avenue for attackers to initiate the DoS attack by sending malicious DNS packets that the firewall fails to handle appropriately. 

Global Exposure and Implications 

Cyble Research & Intelligence Labs reported a number of exposed PAN-OS instances, many of which belong to critical infrastructure sectors. As of recent scans, over 3,300 instances were detected with vulnerable PAN-OS versions. Many of these exposed assets belong to organizations in vital sectors such as healthcare, energy, and telecommunications, industries that play an essential role in national security, public health, and economic stability. 

The vulnerability presents a dual threat: first, the direct impact of the DoS attack on network availability, and second, the potential for reflected amplification-based denial-of-service (RDoS) attacks, where attackers can obfuscate their identities by exploiting these vulnerable systems. The risk is not just to individual organizations but to entire regions and industries that depend on uninterrupted access to critical services. 

Mitigation and Countermeasures: Securing PAN-OS Deployments 

To address the growing risk posed by CVE-2024-3393, here are some of the recommended several actions to mitigate the impact of this vulnerability: 

1. Organizations should ensure they are running the latest version of PAN-OS, as security updates have been released for PAN-OS 10.1.15, PAN-OS 10.2.14, and PAN-OS 11.1.5. These versions fix the DNS packet vulnerability. 
2. For organizations unable to immediately upgrade their systems, workarounds are available. These include disabling DNS Security logging or adjusting the logging severity to reduce the risk of exploitation. 
3. Implementing proper network segmentation to limit the exposure of critical assets to the public internet is crucial in minimizing attack vectors. 
4. Limiting access to remote services through VPNs and ensuring strict access policies can help mitigate the potential for external attackers to exploit the vulnerability. 
5. Review and configure DNS Security settings to ensure logging is not excessively detailed, reducing the chance of triggering the DoS condition. 

Conclusion  

While DNS Security is designed to protect against DNS infrastructure threats, this vulnerability exposes systems to DoS attacks, which can result in prolonged outages and potential data breaches.Organizations must prioritize strengthening their DNS Security practices, actively monitor DNS traffic, and keep configurations up-to-date to mitigate the risk posed by such vulnerabilities.  

With the increasing sophistication of cyberattacks targeting systems like PAN-OS, timely patching, effective workarounds, and limiting external exposure are essential to securing firewalls and critical infrastructure. A proactive, comprehensive approach to cybersecurity—coupled with industry collaboration—will be key to preventing exploitation and maintaining a secure digital ecosystem. 

References 

• https://www.cisa.gov/news-events/alerts/2024/12/30/cisa-adds-one-known-exploited-vulnerability-catalog 

• https://www.cve.org/CVERecord?id=CVE-2024-3393 

• https://security.paloaltonetworks.com/CVE-2024-3393 

The post CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls  appeared first on Cyble.

Blog – Cyble – ​Read More

Overview 

The Cyber Security Agency of Singapore (CSA) has alerted users of multiple vulnerabilities in Apache software. According to the alert, three Apache vulnerabilities have been reported, including CVE-2024-43441, CVE-2024-45387, and CVE-2024-52046. In late 2024, the Apache Software Foundation released security updates for several of its widely used products to address critical vulnerabilities.  

These vulnerabilities, identified as CVE-2024-43441, CVE-2024-45387, and CVE-2024-52046, affect Apache HugeGraph, Apache Traffic Control, and Apache MINA. Exploitation of these vulnerabilities could lead to severe security risks, including remote code execution (RCE), authentication bypasses, and SQL injection attacks. 

Details of the Apache Vulnerabilities 

Here are the vulnerabilities identified in the Apache software:  

CVE-2024-43441: Authentication Bypass in Apache HugeGraph 

The first critical vulnerability, CVE-2024-43441, impacts Apache HugeGraph-Server, a graph database server. This flaw allows an attacker to bypass existing authentication mechanisms in versions prior to 1.5.0. Apache HugeGraph, which is used for managing and querying large-scale graph data, could become an easy target for attackers if this vulnerability is exploited. 

By bypassing authentication, an attacker could gain unauthorized access to sensitive data or modify the server’s configuration, potentially disrupting the services relying on HugeGraph. Users and administrators are urged to update to version 1.5.0 or higher to mitigate the risk posed by this vulnerability. 

CVE-2024-45387: SQL Injection in Apache Traffic Control 

Another vulnerability, CVE-2024-45387, affects Apache Traffic Control, a tool used for managing content delivery networks (CDNs). This vulnerability exists in the Traffic Ops component of Apache Traffic Control, which is responsible for the management and optimization of traffic routing across CDN servers. The flaw allows attackers to perform SQL injection attacks in versions 8.0.0 to 8.0.1. 

SQL injection is one of the most well-known forms of attack, allowing attackers to manipulate database queries by inserting malicious SQL code. If successfully exploited, this vulnerability could allow an attacker to gain access to or manipulate the underlying database of an organization’s CDN, potentially compromising sensitive information or altering configurations. Users of affected versions are strongly advised to upgrade to later versions as soon as possible to patch this vulnerability. 

CVE-2024-52046: Remote Code Execution in Apache MINA 

Perhaps the most critical of the three vulnerabilities, CVE-2024-52046, affects Apache MINA, a network application framework used to build scalable and high-performance network applications. This vulnerability is particularly severe because it allows remote code execution (RCE) attacks due to improper handling of serialized data. 

Apache MINA uses Java’s native deserialization protocol to process incoming serialized data. However, due to a lack of necessary security checks, attackers can exploit this flaw by sending specially crafted malicious serialized data, leading to RCE. This flaw affects versions of MINA core prior to 2.0.27, 2.1.10, and 2.24. 

Remote code execution is one of the most dangerous types of vulnerabilities, as it allows attackers to execute arbitrary code on the affected system, potentially leading to full system compromise. For applications using Apache MINA, it is essential to upgrade to the latest versions (2.0.27, 2.1.10, or 2.24) and, in some cases, apply additional mitigation steps.  

Users must explicitly configure the system to reject all deserialization requests unless they come from a trusted source. This additional step is necessary because simply upgrading the software will not be sufficient to fully secure the system. 

Detailed Instructions for Mitigation of CVE-2024-52046 

The CVE-2024-52046 vulnerability requires users to not only upgrade to the latest version of Apache MINA but also manually configure the deserialization process to limit which classes are accepted. The update includes three methods for controlling which classes the ObjectSerializationDecoder will accept: 

1. ClassNameMatcher: Accept class names that match a specified pattern. 

2. Pattern: Accept class names that match a regular expression pattern. 

3. String Patterns: Accept class names that match a wildcard pattern. 

By default, the decoder will reject all classes unless explicitly allowed, making it critical to follow these instructions to properly secure systems that use Apache MINA. It is also important to note that certain sub-projects, such as FtpServer, SSHd, and Vysper, are not affected by this vulnerability. 

Emmanuel Lécharny, a user and contributor on the Apache MINA mailing list, noted the risk of RCE attacks associated with this issue. In his post dated December 25, 2024, he stressed the importance of upgrading to the latest versions of Apache MINA and applying the necessary security settings to protect against exploitation. 

Conclusion 

To protect their infrastructure, organizations relying on Apache products must take immediate action to address these vulnerabilities. For CVE-2024-43441, updating to Apache HugeGraph-Server version 1.5.0 or later is essential to resolve the authentication bypass issue.  

Organizations should also upgrade to a version of Apache Traffic Control newer than 8.0.1 to mitigate the SQL injection vulnerability in CVE-2024-45387. For CVE-2024-52046 in Apache MINA, upgrading to the latest versions (2.0.27, 2.1.10, or 2.24) and configuring the deserialization process to restrict accepted classes is critical.  

Keeping systems up-to-date with the latest security patches and updates from the Apache Software Foundation is key to defending against active exploitation of these vulnerabilities. Proactively applying these measures will significantly reduce the risk of attacks and ensure a more secure environment. 

References:  

• https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-146 

• https://lists.apache.org/thread/4wxktgjpggdbto15d515wdctohb0qmv8 

• https://www.cve.org/CVERecord?id=CVE-2024-52046 

• https://mina.apache.org/ 

• https://lists.apache.org/thread/4wxktgjpggdbto15d515wdctohb0qmv8 

The post Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024 appeared first on Cyble.

Blog – Cyble – ​Read More