Beyond Information Security

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild.

Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn’t include the 25 additional flaws that the tech giant addressed in its Chromium-based Edge browser over the past month.

Five of the vulnerabilities are listed as publicly known at the time of release, with two of them coming under active exploitation as a zero-day –

  • CVE-2024-43572 (CVSS score: 7.8) – Microsoft Management Console Remote Code Execution Vulnerability (Exploitation detected)
  • CVE-2024-43573 (CVSS score: 6.5) – Windows MSHTML Platform Spoofing Vulnerability (Exploitation Detected)
  • CVE-2024-43583 (CVSS score: 7.8) – Winlogon Elevation of Privilege Vulnerability
  • CVE-2024-20659 (CVSS score: 7.1) – Windows Hyper-V Security Feature Bypass Vulnerability
  • CVE-2024-6197 (CVSS score: 8.8) – Open Source Curl Remote Code Execution Vulnerability (non-Microsoft CVE)

It’s worth noting that CVE-2024-43573 is similar to CVE-2024-38112 and CVE-2024-43461, two other MSHTML spoofing flaws that have been exploited prior to July 2024 by the Void Banshee threat actor to deliver the Atlantida Stealer malware.

Source: The hacker news / Bleeping computer / Krebs on security / Dark reading / Securityweek / CISCO Talos intelligence group / Infosecurity magazine / Helpnet security / SANS internet storm center

Link: https://thehackernews.com/2024/10/microsoft-issues-security-update-fixing.html

Link: https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2024-patch-tuesday-fixes-5-zero-days-118-flaws/

Link: https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-edition/

Link: https://www.darkreading.com/vulnerabilities-threats/5-cves-microsofts-october-2024-update-patch-now

Link: https://www.securityweek.com/patch-tuesday-microsoft-confirms-exploited-zero-day-in-windows-management-console/

Link: https://blog.talosintelligence.com/microsoft-patch-tuesday-october-2024/

Link: https://www.infosecurity-magazine.com/news/microsoft-five-zerodays-patch/

Link: https://www.helpnetsecurity.com/2024/10/08/cve-2024-43573-cve-2024-43572/

Link: https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20October%202024/31336


Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild.

The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said.

Successful exploitation of these vulnerabilities could allow an authenticated attacker with admin privileges to bypass restrictions, run arbitrary SQL statements, or obtain remote code execution.

„We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379, CVE-2024-9380, or CVE-2024-9381 are chained with CVE-2024-8963,“ the company said.

Source: The hacker news / Bleeping computer / Dark reading / Securityweek / Infosecurity magazine

Link: https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html

Link: https://www.bleepingcomputer.com/news/security/ivanti-warns-of-three-more-csa-zero-days-exploited-in-attacks/

Link: https://www.darkreading.com/cyberattacks-data-breaches/three-more-ivanti-cloud-vulns-exploited

Link: https://www.securityweek.com/ivanti-warns-customers-of-more-csa-zero-days-exploited-in-attacks/

Link: https://www.infosecurity-magazine.com/news/ivanti-three-csa-zerodays/


CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb.

„A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests,“ Fortinet noted in an advisory for the flaw back in February 2024. As is typically the case, the bulletin is sparse on details related to how the shortcoming is being exploited in the wild, or who is weaponizing it and against whom.

In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the vendor-provided mitigations by October 30, 2024, for optimum protection.

Source: The hacker news / Bleeping computer

Link: https://thehackernews.com/2024/10/cisa-warns-of-critical-fortinet-flaw-as.html

Link: https://www.bleepingcomputer.com/news/security/cisa-says-critical-fortinet-rce-flaw-now-exploited-in-attacks/


Firefox Zero-Day Under Attack: Update Your Browser Immediately

Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.

The vulnerability, tracked as CVE-2024-9680 (CVSS score: 9.8), has been described as a use-after-free bug in the Animation timeline component.

„An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines,“ Mozilla said in a Wednesday advisory.

„We have had reports of this vulnerability being exploited in the wild.“

Security researcher Damien Schaeffer from Slovakian company ESET has been credited with discovering and reporting the vulnerability.

The issue has been addressed in the following versions of the web browser –

  • Firefox 131.0.2
  • Firefox ESR 128.3.1, and
  • Firefox ESR 115.16.1.

There are currently no details on how the vulnerability is being exploited in real-world attacks and the identity of the threat actors behind them.

Source: The hacker news / Bleeping computer / Dark reading / Securityweek / Helpnet security / Mozilla security advisory

Link: https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html

Link: https://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-day-actively-exploited-in-attacks/

Link: https://www.darkreading.com/cyberattacks-data-breaches/critical-mozilla-firefox-zero-day-code-execution

Link: https://www.securityweek.com/firefox-131-update-patches-exploited-zero-day-vulnerability/

Link: https://www.helpnetsecurity.com/2024/10/10/cve-2024-9680/

Link: https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/


Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances.

The flaw, tracked as CVE-2024-47561 (CVSS score: 9.3), impacts all versions of the software prior to 1.11.4.

„Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code,“ the project maintainers said in an advisory released last week. „Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.“

Apache Avro, analogous to Google’s Protocol Buffers (protobuf), is an open-source project that provides a language-neutral data serialization framework for large-scale data processing.

The Avro team notes that the vulnerability affects any application if it allows users to provide their own Avro schemas for parsing. Kostya Kortchinsky from the Databricks security team has been credited with discovering and reporting the security shortcoming.

Source: The hacker news

Link: https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html


SANS Institute: Top 5 dangerous cyberattack techniques in 2024

The SANS Institute — a leading authority in cybersecurity research, education and certification — released its annual Top Attacks and Threats Report. This report provides insights into the evolving threat landscape, identifying the most prevalent and dangerous cyberattack techniques that organizations need to prepare for.

This year’s report also highlighted the main takeaways from the SANS keynote hosted at the annual conference. During the keynote presentation, five new cybersecurity attacks were identified and discussed by key SANS members along with suggested actions to address them.

Source: IBM security intelligence

Link: https://securityintelligence.com/articles/sans-institute-top-5-dangerous-cyberattack-techniques/