Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
Security Flaw in WordPress Plugin Gives Admin Access A critical authentication bypass vulnerability, identified as CVE-2024-10924, has been discovered in the ‘Really Simple Security’ WordPress plugin, formerly known as ‘Really Simple SSL.’ This flaw affects both the free and Pro versions, which are installed on over four million websites. Exploitation of this flaw could enable remote attackers to gain full administrative access to affected sites, potentially leading to large-scale website takeover campaigns. The issue has been addressed in version 9.1.2 of the plugin, and teams are strongly advised to update immediately.
Apple Releases Urgent Updates to Patch Zero-Days Apple has released urgent security updates for iOS, iPadOS, macOS, visionOS, and Safari to address two zero-day vulnerabilities actively exploited in the wild. The first vulnerability, CVE-2024-44308, is a flaw in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content. The second, CVE-2024-44309, is a cookie management issue in WebKit that could result in cross-site scripting (XSS) attacks. Apple has addressed these issues with improved checks and state management, and organizations are advised to update as soon as possible.
This Week’s Roundup:
Critical Windows Kerberos Flaw Exposing Servers to Attack Microsoft has patched a critical vulnerability in the Windows Kerberos authentication protocol, identified as CVE-2024-43639, which could allow attackers to gain unauthorized access and execute remote code on affected systems. This flaw poses a significant risk to millions of servers, especially those configured with the Kerberos Key Distribution Center (KDC) proxy. Administrators are advised to apply the latest updates provided by Microsoft.
Recent VMWare vCenter Flaws Actively Exploited VMware has issued a warning about active exploitation of two critical vulnerabilities in vCenter Server, identified as CVE-2024-38812 and CVE-2024-38813. These flaws allow attackers to execute arbitrary code and gain unauthorized access to sensitive information. VMware urges teams to promptly patch the newest version to protect from exploitation.
Palo Alto Networks Patches Two Firewall Zero-Days Palo Alto Networks has released security updates to address two actively exploited zero-day vulnerabilities in its Next-Generation Firewalls (NGFW). The first vulnerability, CVE-2024-0012, is an authentication bypass in the PAN-OS management web interface, allowing remote attackers to gain administrator privileges without authentication. The second, CVE-2024-9474, is a privilege escalation flaw enabling malicious administrators to perform actions with root privileges. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities Catalog and has mandated that federal agencies patch their systems by December 9.
Decade-Old Local Privilege Escalation Bug Impacts Ubuntu Security researchers have identified multiple local privilege escalation vulnerabilities in Ubuntu’s ‘needrestart’ package, a tool that checks for services requiring a restart after system updates. These flaws, present for over a decade, allow local attackers to gain root privileges by exploiting improper input validation and insufficient permission checks. Canonical has released patches to address these issues, and teams are advised to update their systems.
D-Link Urging Users to Retire VPN Routers Impacted by RCE Flaw D-Link has issued a warning to customers regarding a critical remote code execution (RCE) vulnerability affecting certain end-of-life VPN router models, specifically the DSR-150, DSR-150N, DSR-250, and DSR-250N. Discovered by security researcher ‘delsploit,’ this flaw allows unauthenticated attackers to execute arbitrary code on the affected devices. Since these models reached their end of service on May 1, 2024, D-Link will not release security updates to address the issue and advises organizations to replace these routers as soon as possible.
T-Mobile Confirms Hack in Recent Wave of Telecom Breaches T-Mobile has confirmed that it was targeted in a recent wave of telecom breaches attributed to Chinese state-sponsored hackers, known as Salt Typhoon. These attackers aimed to access private communications, call records, and law enforcement information requests. T-Mobile stated that, due to their security measures and network structure, there have been no significant impacts on their systems or data, and they have no evidence of customer information being accessed or exfiltrated. The company continues to monitor the situation closely, collaborating with industry peers and relevant authorities to ensure the security of their network.
