Exciting news for Python enthusiasts! Check out "python strikes again" by Low Level! In this video, they dive into CVE-2024-48990 and explore how the needsrestart program can automatically restart outdated packages. Don't miss it! Watch here: https://youtu.be/CDtIS8XaJDY or Invidious: https://invidious.reallyaweso.me/watch?v=CDtIS8XaJDY #Python #CVE2024 #LowLevel #Programming #CyberSecurity

" #CiscoVuln Alert CVE-2024-20338 Strikes Cisco Secure Client for Linux "

A newly disclosed vulnerability, CVE-2024-20338, with a CVSS score of 7.3, targets the Cisco Secure Client for Linux, specifically the ISE Posture Module. This critical flaw allows local attackers to potentially execute arbitrary code with root privileges due to an uncontrolled search path element. Cisco has promptly issued an update to patch this security loophole. Kudos to Ivan Agarkov of Wargaming for the find! Stay vigilant and update ASAP!

Tags: #Cybersecurity #Cisco #LinuxSecurity #Vulnerability #CVE2024 #UpdateNow

Source

" Urgent TeamCity Vulnerabilities Alert! Patch Now! "

JetBrains has just patched critical vulnerabilities in TeamCity On-Premises software, tagged CVE-2024-27198 and CVE-2024-27199, with alarming CVSS scores of 9.8 and 7.3. These flaws allow unauthorized access to potentially gain full control over the TeamCity servers. Versions up to 2023.11.3 are affected, urging an immediate update to v2023.11.4. Kudos to Rapid7 for the timely discovery on Feb 20, 2024. Given past abuses by notorious APT groups, securing your systems against such authentication bypasses is crucial to thwart potential supply chain assaults.

Source: BleepingComputer

Tags: #JetBrains #TeamCity #CyberSecurity #VulnerabilityAlert #CVE2024-27198 #CVE2024-27199 #Rapid7 #PatchNow #SupplyChainSecurity #AuthenticationBypass #InfoSec

" Critical Security Alert: HikCentral Professional Vulnerabilities Exposed "

Hikvision's latest advisory reveals severe vulnerabilities in HikCentral Professional, identified by Michael Dubell and Abdulazeez Omar. CVE-2024-25063 and CVE-2024-25064, with CVSS scores of 7.5 and 4.3 respectively, highlight risks of unauthorized access due to insufficient server-side validation. Users are urged to upgrade to versions above V2.5.1 for enhanced security. Stay vigilant and prioritize updating to safeguard your systems!

CVE Summaries:

• CVE-2024-25063: Attackers could exploit server validation flaws to access restricted URLs, compromising confidentiality.
• CVE-2024-25064: Authenticated users could manipulate parameters to access unauthorized resources, posing a lower risk.

Source: Hikvision Security Advisory

Tags: #CyberSecurity #Hikvision #Vulnerability #CVE2024-25063 #CVE2024-25064 #ServerSecurity #InfoSec #PatchManagement

" Cutting Edge Cyber Espionage: Ivanti Zero-Days Under Siege by UNC5325 "

#Mandiant & #Ivanti's latest investigation unveils a sophisticated cyber-espionage campaign targeting Ivanti Connect Secure VPN appliances. #UNC5325, a China-nexus group, exploited a series of zero-day vulnerabilities, including CVE-2024-21893, to deploy novel malware and evade detection. Despite efforts, their persistence mechanisms faltered due to encryption key mismatches.

A new Integrity Checking Tool (ICT) is available for Ivanti customers, emphasizing the urgency of updating and patching network appliances. The exploitation showcases advanced techniques, including LotL and custom malware like LITTLELAMB.WOOLTEA, highlighting the importance of robust cyber defenses.

Ivanti disclosed five critical vulnerabilities, with #CVE-2024-21893 and #CVE-2024-22024 posing significant risks. The SSRF and XXE vulnerabilities enable attackers to bypass security measures and access restricted resources, underscoring the need for immediate remediation.

Attribution to #UNC5325 ties this campaign to China, with tactics, techniques, and malware indicating a high level of sophistication. This operation's breadth and depth signal a continued threat from state-sponsored actors against critical network infrastructure.

Let's ensure our defenses are updated and vigilant against these evolving threats. #CyberSecurity #Ivanti #ZeroDay #APT #UNC5325 #CVE2024 Mitre - UNC5325 #UNC3886

Source: Mandiant Team - Investigating Ivanti Exploitation & Persistence

" Critical Vulnerability Alert: ConnectWise ScreenConnect Under Attack! "

Sophos researchers have unveiled a situation for users of ConnectWise ScreenConnect, detailing how CVE-2024-1709 and CVE-2024-1708 vulnerabilities are being exploited to deliver malware, including the notorious LockBit ransomware. These vulnerabilities open the door for attackers to execute arbitrary code and take control of unpatched systems.

ConnectWise ScreenConnect, a remote access software, has vulnerabilities being exploited by hackers to deliver malware, including ransomware, to businesses. Critical vulnerabilities allow unauthorized access and command execution. It's essential to update ScreenConnect to version 23.9.8 or later to mitigate these risks. Cloud-hosted ScreenConnect users are safe, but on-premise versions need manual updates.

To protect your organization from specific security weaknesses in ScreenConnect software, follow these simplified steps:

1. Find all ScreenConnect software in your network, including those managed by others. It's essential to know where it's installed to understand your risk.
2. Isolate or remove the ScreenConnect Client from devices until the server is securely updated or thoroughly checked. If you don't control the server, removing the client might be the best quick fix.
3. Examine devices with ScreenConnect for signs of hacking, like new unknown user accounts, strange software behavior, and attempts to disable security features.
4. If you find anything suspicious, start your incident response plan to tackle the issue and prevent further damage. Specifically, look for indicators of two main vulnerabilities (CVE-2024-1709 & CVE-2024-1708) by examining server versions, IP connections, and unexpected file presence, which could show a breach.

Tags: #CyberSecurity #ConnectWiseScreenConnect #Vulnerability #Malware #Ransomware #LockBit #CVE2024-1709 #CVE2024-1708 #UpdateNow #StaySecure

Source: Sophos News

" Critical EoP Flaw in Microsoft Exchange Server "

A Critical Elevation of Privilege (EoP) vulnerability, CVE-2024-21410, in the Microsoft Exchange Server, demands immediate attention. Rated 9.8 on the CVSSv3 scale and tagged "Exploitation More Likely," this flaw could let attackers use NTLMv2 hashes for relay or pass-the-hash attacks. Exchange Server versions up to 2019 CU14 lack NTLM Relay Protection by default. Microsoft advises enabling this protection via a provided script that can be found in Microsoft’s advisory and urges installation of the latest update as a defense measure.

While CVE-2024-21410 remains unexploited for now AFAIK, its potential risk cannot be underestimated.

Tags: #CyberSecurity #MicrosoftExchange #EoPVulnerability #CVE2024-21410 #PatchManagement #NTLMRelay #ThreatPrevention

Source: Microsoft Advisory

" Windows SmartScreen Bypass Alert: CVE-2024-21351 Unveiled "

A new vulnerability, CVE-2024-21351, exposes a security feature bypass in Windows SmartScreen, enabling attackers to execute arbitrary code by tricking users into opening a malicious file. This flaw, with a CVSS score of 7.6, follows the previously patched CVE-2023-36025, indicating a method to circumvent Microsoft's efforts in securing its SmartScreen feature. Attackers exploit this vulnerability actively in the wild, despite Microsoft's release of an official fix.

Technical breakdown: CVE-2024-21351 allows code injection into SmartScreen, bypassing protections and potentially leading to data exposure or system unavailability. Cybersecurity professionals must understand the attack vector, which requires social engineering to convince a user to open a malicious file.

Tags: #CyberSecurity #WindowsSecurity #CVE2024-21351 #SmartScreenBypass #Vulnerability #PatchNow #InfoSecCommunity #ThreatIntelligence

Mitre CVE Summary: CVE-2024-21351

" Multiple issues in Jenkins, an open-source automation server that is widely used in software development "

Jenkins, a popular automation server, has a vulnerability in its command line interface (CLI). This issue stems from the args4j library's feature that replaces an "@" character followed by a file path with the contents of that file. This feature, enabled by default in Jenkins versions up to 2.441 and LTS 2.426.2, allows attackers to read files on the Jenkins controller's file system. Users with "Overall/Read" permission can read entire files, while those without this permission can read the first few lines, depending on the CLI commands available.

The vulnerability also extends to binary files, including cryptographic keys, albeit with some limitations. Various attack vectors have been identified, exploiting this flaw to achieve remote code execution or other malicious objectives. These include manipulating the "Resource Root URL" functionality, forging "Remember me" cookies, conducting stored cross-site scripting (XSS) attacks through build logs, bypassing CSRF protection, decrypting secrets stored in Jenkins, deleting items, and downloading Java heap dumps. These attacks rely on specific conditions, such as the ability to retrieve binary secrets, access to Jenkins's web session ID, and the attacker's knowledge or guesswork about user names with "Overall/Read" permission.

Key vulnerabilities include:

• CVE-2024-23897: Arbitrary file read vulnerability through the CLI can lead to RCE
• CVE-2024-23899: Git server Plugin allowing file content exposure that can lead to RCE.
• CVE-2024-23900: Matrix Project Plugin with user-defined axis names issues.
• CVE-2024-23901 & CVE-2024-23902: GitLab Branch Source Plugin with risks of crafted Pipeline builds and CSRF vulnerabilities.
• CVE-2024-23903: Potential for webhook token theft in GitLab Branch Source Plugin.
• CVE-2023-6147 & CVE-2023-6148: Qualys Policy Compliance Scanning Connector Plugin with XSS and XXE vulnerabilities.

Recommended actions:

• Update Git server Plugin to version 99.101.v720e86326c09 or later.
• Update GitLab Branch Source Plugin to version 688.v5fa_356ee8520 or later.
• Update Matrix Project Plugin to version 822.824.v14451b_c0fd42 or later.
• Update Qualys Policy Compliance Scanning Connector Plugin to version 1.0.6 or later.
• For detailed mitigation steps, see Jenkins' advisory: Jenkins Security Advisory.

Stay alert and ensure your Jenkins environment is up-to-date!

Sources: Jenkins Security Advisory and Tenable,

Tags: #Jenkins #Vulnerability #CVE2024 #CyberThreat #PluginSecurity #UpdateNow