IT Security Newsletter - 1/16/2024
Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins
Threat intelligence and incident response firm Volexity has started seeing widespread exploitation of the recently disclosed Ivanti Connect Secure VPN appliance vulnerabilities. Volexity warned on January 10 that it had seen threat actors - a group tracked as UTA0178 and likely linked to China - exploiting two Ivanti VPN zero-day vulnerabilities in an attempt to gain access to internal networks and steal information. READ MORE...
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks
Security researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks. These appliances are affected by two DoS security flaws tracked as CVE-2022-22274 and CVE-2023-0656, the former also allowing attackers to gain remote code execution. READ MORE...
VMware Urges Customers to Patch Critical Aria Automation Vulnerability
VMware is urging customers to patch a critical vulnerability discovered by external researchers in its Aria Automation multi-cloud infrastructure automation platform. The vulnerability, tracked as CVE-2023-34063 and assigned a CVSS score of 9.9, affects Aria Automation (formerly vRealize Automation) prior to version 8.16, as well as Cloud Foundation. READ MORE...
Atlassian warns of critical RCE flaw in older Confluence versions
Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. The flaw is tracked as CVE-2023-22527, rated critical (CVSS v3: 10.0), and is a template injection vulnerability allowing unauthenticated attackers to perform remote code execution on impacted Confluence endpoints. READ MORE...
Alleged FruitFly malware creator ruled incompetent to stand trial
On January 4, 2017, Case Western Reserve University (CWRU), located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. CWRU began working with the FBI, who determined that the systems had been infected for several years. READ MORE...
Critical flaw found in WordPress plugin used on over 300,000 websites
A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin. The first flaw made it possible for attackers to reset the plugin's authentication API key and view sensitive logs (including password reset emails) on the affected website. READ MORE...
Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers
GitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed. Tracked as CVE-2023-7028, the maximum-severity bug exploits a change introduced in version 16.1.0 back in May 2023 that allowed users to issue password resets through a secondary email address. Attackers targeting vulnerable self-managed GitLab instances could use a specially crafted HTTP request to send a password reset email to an unverified email address. READ MORE...
Thousands of Juniper Networks devices vulnerable to critical RCE bug
More than 11,500 Juniper Networks devices are exposed to a new remote code execution (RCE) vulnerability, and infosec researchers are pressing admins to urgently apply the patches. It's somewhat of a repeat scenario for Juniper Networks, which only recently got done patching the last round of critical RCE bugs in Junos OS, which runs on SRX firewalls and EX switches. The latest vulnerability impacts the software's J-Web configuration interface and carries a 9.8 CVSS severity score. READ MORE...
- ...in 1909, the Ernest Shackleton expedition locates the Earth's magnetic South Pole.
- ...in 1948, horror/sci-fi director and composer John Carpenter ("Halloween", "Escape From New York") is born in Carthage, NY.
- ...in 1969, the Soviet spacecraft Soyuz 4 and Soyuz 5 perform the first-ever docking maneuver in orbit.
- ...in 1980, actor, composer, and playwright Lin-Manuel Miranda ("Hamilton", "In The Heights") is born in New York City.