CyberSecurity updates
Updated: 2024-10-30 03:10:08 Pacfic


darkreading.com
Critical Vulnerability in Apache Kafka Enables Remote Code Execution - 26d

A critical vulnerability discovered in Apache Kafka, a widely used open-source streaming platform, allows attackers to execute arbitrary code remotely. This vulnerability, tracked as CVE-2024-2016, affects all versions of Apache Kafka prior to 3.4.0. Attackers could exploit this flaw by sending specially crafted messages to Kafka brokers, potentially gaining complete control over the compromised server. The severity of this vulnerability is considered high, as it could allow attackers to compromise sensitive data, disrupt operations, or launch further attacks. Organizations using Apache Kafka should prioritize patching their systems to mitigate this risk.

horizon3.ai
Ivanti CSA Vulnerability Actively Exploited: OS Command Injection Vulnerability Requires Urgent Action - 16d

A critical vulnerability (CVE-2024-8190) in Ivanti’s Cloud Services Appliance (CSA) has been actively exploited by malicious actors. This vulnerability allows attackers to gain unauthorized access and control of affected systems via OS command injection. The flaw specifically impacts older versions of CSA, including 4.6 (all versions before patch 519). The use of older versions of products can cause a lot of problems, as attackers can utilize old exploits against vulnerable products and systems. The urgency of this situation highlights the need for organizations to update their CSA software to the latest patched version or, if they have versions older than CSA 5.0, to consider adopting a newer product which has been properly secured. CISA advises that affected users immediately upgrade to CSA version 5.0, or a newer version.

ubuntu.com
Apache HTTP Server Vulnerabilities: Multiple Security Flaws in Apache HTTP Server Require Urgent Patching - 11d

Multiple vulnerabilities have been discovered in the Apache HTTP Server, including issues with the mod_rewrite module, response headers, and the mod_proxy module. These vulnerabilities could potentially enable attackers to execute scripts in unintended locations, steal sensitive information, or cause denial-of-service attacks. This update includes a fix for older versions of Ubuntu. These vulnerabilities impact the Apache HTTP Server’s core features and modules, including mod_rewrite, mod_proxy and response handling. This could lead to various attacks, including remote code execution, information disclosure and denial-of-service conditions. The vulnerabilities have been patched in recent releases, and users are advised to upgrade their Apache installations to the latest version to ensure their systems are protected.

informationsecuritybuzz.com
Vulnerability Exploitation Surge: CISA Catalog Updates Reflect Increased Attacks Targeting Critical Systems - 8d

The Cybersecurity and Infrastructure Security Agency (CISA) has added multiple vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, reflecting a surge in attacks targeting critical systems. These include vulnerabilities in Apache HugeGraph-Server (CVE-2024-27348) and Ivanti Cloud Service Appliance (CVE-2024-8963). Organizations are urged to prioritize patching these vulnerabilities to mitigate the risk of exploitation. The growing number of vulnerabilities being actively exploited underscores the importance of maintaining up-to-date security measures to protect systems from attackers who are actively scanning the internet for vulnerable systems.

thecyberexpress.com
Apache OFBiz Bypass Vulnerability Patched - 23d

Apache has released patches for a vulnerability in its OFBiz software. This vulnerability could potentially allow an unauthenticated attacker to bypass security controls and potentially access or modify sensitive data. The security flaw could potentially be used to create a botnet. Organizations utilizing Apache OFBiz are advised to promptly apply the patches to protect their systems against potential exploitation.

arstechnica.com
Perfectl: Stealthy Linux Cryptocurrency Miner - 15d

Perfctl is a malicious Linux malware that has been circulating since at least 2021, exploiting common misconfigurations and vulnerabilities to secretly mine cryptocurrency. This malware utilizes process and file names that mimic legitimate Linux tools to evade detection. Notably, it exploits CVE-2023-33246, a critical vulnerability in Apache RocketMQ, posing a significant threat to Linux systems.


This site is an experimental news aggregator using feeds I personally follow. You can reach me using contacts documented at my website here (https://royans.net/) if you have feedback. You can also find FlagThis at Mastodon.