Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks
Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild.
The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was “incidentally addressed” by the company as part of CSA 4.6 Patch 519 and CSA 5.0.
“Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality,” the company said in a Thursday bulletin.
It also noted that the flaw could be chained with CVE-2024-8190 (CVSS score: 7.2), permitting an attacker to bypass admin authentication and execute arbitrary commands on the appliance.
Source: The hacker news / Bleeping computer / Dark reading / Securityweek / Ivanti security advisory
Link: https://thehackernews.com/2024/09/critical-ivanti-cloud-appliance.html
Link: https://www.darkreading.com/threat-intelligence/ivanti-cloud-bug-exploit-alarms-raised
Link: https://www.securityweek.com/ivanti-csa-vulnerability-exploited-in-attacks-days-after-disclosure/
GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions
GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass.
The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week.
The problem as a result of the library not properly verifying the signature of the SAML Response. SAML, short for Security Assertion Markup Language, is a protocol that enables single sign-on (SSO) and exchange of authentication and authorization data across multiple apps and websites.
“An unauthenticated attacker with access to any signed SAML document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents, according to a security advisory. “This would allow the attacker to log in as arbitrary user within the vulnerable system.”
It’s worth noting the flaw also impacts omniauth-saml, which shipped an update of its own (version 2.2.1) to upgrade ruby-saml to version 1.17.
Source: The hacker news / Bleeping computer / Dark reading / Securityweek / GitLab releases
Link: https://thehackernews.com/2024/09/gitlab-patches-critical-saml.html
Link: https://www.darkreading.com/application-security/gitlab-warns-max-severity-authentication-bypass-bug
Link: https://www.securityweek.com/gitlab-patches-critical-authentication-bypass-vulnerability/
Link: https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/
Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution
Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution.
The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol.
“A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution,” the virtualization services provider said in a bulletin.
The shortcoming is similar to two other remote code execution flaws, CVE-2024-37079 and CVE-2024-37080 (CVSS scores: 9.8), that VMware resolved in vCenter Server in June 2024.
Source: The hacker news / Bleeping computer / Securityweek / Helpnet security
Link: https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html
Link: https://www.helpnetsecurity.com/2024/09/18/cve-2024-38812-cve-2024-38813/
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks
SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution.
The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data.
“SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability,” the company said in an advisory. “If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.”
Security researcher Piotr Bazydlo of the Trend Micro Zero Day Initiative (ZDI) has been credited with discovering and reporting the flaw on May 24, 2024.
Source: The hacker news / Securityweek
Link: https://thehackernews.com/2024/09/solarwinds-issues-patch-for-critical.html
Link: https://www.securityweek.com/solarwinds-patches-critical-vulnerability-in-access-rights-manager/
Cybersecurity risks in healthcare are an ongoing crisis
While healthcare providers have been implementing technical, administrative and physical safeguards related to patient information, they have not been as diligent in securing their medical devices. These devices are critical to patient care and can leave hospitals at risk for cyberattacks, causing major disruptions to patient care.
In fact, 88 million individuals were affected by large breaches, compromising vast amounts of electronic protected health information (ePHI) last year according to the U.S. Department of Health & Human Services. This year, several large healthcare providers have again been impacted by cyberattacks, including Change Healthcare, Kaiser Permanente and Ascension. “Synnovis, a key provider of laboratory and diagnostic services in London, fell victim to a ransomware attack causing widespread disruptions,” reported Halcyon. The attack affected several hospitals including Guy’s, St Thomas’ and King’s College, Evelina Children’s Hospital, Royal Brompton, the Harefield specialist heart and lung hospitals and the Princess Royal Hospital in Orpington, reported The Guardian.
Source: IBM security intelligence
Link: https://securityintelligence.com/posts/cybersecurity-in-healthcare-onging-crisis/