Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
SonicWall Warns of Critical Access Control Flaw in SonicOS SonicWall has issued a warning about a critical vulnerability in its SonicOS software, which powers its next-generation firewalls. The flaw, tracked as CVE-2024-40766, is an access control vulnerability that could allow unauthenticated attackers to gain administrative access to devices running affected versions of SonicOS. This could enable attackers to execute arbitrary commands, potentially compromising the security of the entire network.
SonicWall strongly advises teams to apply the available patches immediately to mitigate the risk. The flaw is rated 9.3 on the CVSS scale, indicating a high severity, and affects multiple versions of SonicOS, making it crucial for organizations using these firewalls to act swiftly.
Fortra Fixes SEever FileCatalyst Workflow Password Issue Fortra has patched a critical vulnerability, tracked as CVE-2024-6633 (CVSS v3.1: 9.8, “critical”), in its FileCatalyst Workflow software that involved the use of hardcoded passwords. This flaw could allow attackers to gain unauthorized access to systems, putting sensitive data at serious risk. The presence of hardcoded credentials is a significant security issue, and Fortra strongly urges anyone utilizing the product to update their systems immediately to prevent potential exploitation.
This Week’s Roundup:
Cisco Patches NX-OS Software Vulnerabilities Cisco has released patches for several vulnerabilities in its NX-OS software, which is used in its data center switches and routers. The vulnerabilities, some of which are rated as high severity, could allow attackers to execute arbitrary code, cause denial-of-service conditions, or gain unauthorized access to network devices. Cisco advises organizations to apply the patches promptly to protect their systems from potential exploitation.
Malicious Windows Downdate Tool Allows Hackers to “Unpatch” Windows Systems The “Windows Downdate” tool spoken about at Blackhat 2024 has been released, enabling attackers to reverse installed updates on Windows systems. By removing critical patches, this tool makes systems more vulnerable to exploitation by hackers as previously patched exploits then become accessible again. Microsoft has not offered a complete patch for this but is offering guidance around the exploit.
Apache OFBiz Vulnerability Exploited in Attacks A vulnerability in Apache OFBiz, tracked as CVE-2024-38856, has been exploited in attacks, raising significant security concerns for users of this enterprise resource planning (ERP) software. The flaw, which is critical, allows remote code execution, giving attackers the ability to take complete control of affected systems. A proof of concept for this vulnerability is already available, increasing the risk of widespread exploitation. Despite the availability of patches, many Apache OFBiz instances remain unpatched, leaving them vulnerable.
WPML CMS WordPress Plugin Critical Flaw – 1 Million Sites Impacted A critical vulnerability, tracked as CVE-2024-6386 (CVSS score of 9.9), has been discovered in the WPML WordPress plugin, which is used by over 1 million websites. This flaw allows remote code execution (RCE), enabling attackers to take control of affected websites. Given the widespread use of the plugin and the severity of the vulnerability, the risk of exploitation is extremely high and website administrators using WPML are strongly advised to update to the latest version immediately to protect their sites from potential attacks.
Google Warns of Chrome Security Flaw Under Active Exploitation Google has issued a warning about a critical vulnerability in Chrome, tracked as CVE-2024-7965, which has been actively exploited in the wild. This zero-day vulnerability affects the V8 JavaScript engine and could allow attackers to execute arbitrary code on vulnerable systems. Google urges all Chrome users to update their browsers immediately to the latest version.
Microsoft Resolves ASCII Smuggling Flaw In Copilot Allowing Data Theft Microsoft has fixed a critical vulnerability known as the “ASCII Smuggling” flaw, which could allow attackers to bypass security protections and deliver malicious payloads. This flaw exploits the way certain ASCII characters are processed, enabling attackers to evade detection by security tools. The vulnerability poses a significant risk, especially since a proof of concept is already available.