Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
Critical SQL Injection Exploit in Apache Traffic Control A critical SQL injection vulnerability, identified as CVE-2024-45387, has been discovered in Apache Traffic Control versions 8.0.0 through 8.0.1. This flaw allows privileged users with roles such as ‘admin,’ ‘federation,’ ‘operations,’ ‘portal,’ or ‘steering’ to execute arbitrary SQL commands against the database via specially crafted PUT requests. Exploiting this vulnerability could lead to unauthorized data access or manipulation, posing significant security risks. The Apache Software Foundation has addressed this issue in version 8.0.2, and it is strongly recommended that teams update their installations immediately.
This Week’s Roundup:
Adobe Warns of Critical ColdFusion Bug with PoC Available A critical vulnerability, CVE-2024-53961, has been discovered in Adobe ColdFusion, a popular platform for developing and deploying web applications. The flaw allows attackers to execute arbitrary code, and proof-of-concept (PoC) exploit code has already been made public, increasing the risk of exploitation. Affected versions include ColdFusion 2021 and ColdFusion 2018, with patches now available. Administrators are advised to apply these security updates as soon as possible.
Severe Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP Multiple vulnerabilities have been identified in WPLMS, a popular WordPress plugin used for e-learning platforms. These flaws, which include authentication bypass and SQL injection vulnerabilities, could allow attackers to gain unauthorized access and compromise sensitive user data. Exploitation of these vulnerabilities could disrupt platform operations or lead to data theft and should be patched immediately.
Sophos Patches Critical Firewall Exploits Sophos has patched two critical vulnerabilities in its firewall software, identified as CVE-2024-12727 and CVE-2024-12728. These flaws could allow remote attackers to execute arbitrary code or bypass authentication, posing a significant threat to network security. Exploitation of these vulnerabilities could lead to unauthorized access, data breaches, or compromise of network infrastructure, and administrators are urged to update their Sophos firewall systems.
Rockwell PowerMonitor Vulnerabilities Allow Remote Hacking of Industrial Systems Several vulnerabilities have been discovered in Rockwell Automation’s PowerMonitor products, widely used in industrial control systems. These flaws, including CVE-2024-12371, could allow remote attackers to execute arbitrary code, access sensitive data, or disrupt system operations. Exploiting these vulnerabilities poses a significant risk to critical infrastructure, potentially leading to operational downtime or safety hazards and patches should be applied to the appropriate firmware.
Ruijie Networks’ Cloud Platform Flaws Expose 50,000 Devices to Remote Attacks Critical vulnerabilities have been identified in Ruijie Networks’ cloud management platform, potentially allowing remote attackers to access sensitive information and compromise managed network devices. The flaws, including CVE-2024-47547 and CVE-2024-48874, could enable unauthorized system control and data breaches. These vulnerabilities pose significant risks to businesses relying on Ruijie Networks’ solutions for network management.
Google Chrome Uses AI to Analyze Pages in New Scam Detection Feature Google has introduced a new AI-powered scam detection feature in Chrome to enhance user security. This feature analyzes web pages in real-time, identifying potential scams such as phishing attempts and fake websites. By leveraging AI, Chrome aims to provide smarter and faster protection against online threats
