FlagThis

Several security flaws have been discovered and patched in various products, including a critical authentication bypass in Juniper Networks Session Smart Routers. Also, Atlassian patched several critical and high-severity flaws in Bamboo, Bitbucket, Confluence, Crowd, and Jira.

Multiple reports detail a wave of cyber incidents, showcasing the diverse range of attacks. A vulnerability in SimpleHelp RMM tools may have led to healthcare data breaches. A widespread campaign uses the TorNet backdoor deployed by PureCrypter malware. There is also a rise in OAuth redirect flaws in airline travel integration systems. Additionally, many Wordpress websites were found to be delivering both MacOS and Microsoft malware. These incidents highlight the growing sophistication and reach of cyber threats across various platforms and industries.

Multiple vulnerabilities have been discovered in VMware Aria Operations and Aria Operations for Logs. These include information disclosure flaws allowing credential exposure, stored cross-site scripting, and privilege escalation issues. An attacker could use these vulnerabilities to gain unauthorized access to sensitive data and escalate privileges, potentially compromising the entire system. Patches are available and should be applied immediately.

Oracle released its January 2025 Critical Patch Update (CPU), addressing 318 newly discovered security vulnerabilities across its extensive product portfolio. The patches span a wide range of Oracle products, including Oracle Database Server, Communications Applications, Financial Services Applications, Construction and Engineering appliances, middleware and servers, and products and services part of the Oracle E-Business Suite.

Apache has released security updates to address multiple critical vulnerabilities, including a SQL Injection flaw, affecting MINA, HugeGraph-Server, and Traffic Control products. These vulnerabilities, if exploited, could allow attackers to compromise systems, highlighting the importance of immediate patching. Organizations using these Apache products should prioritize updating them to the latest versions to mitigate the risk of exploitation.

Multiple critical vulnerabilities have been discovered in Apache software products, including Apache HugeGraph-Server (CVE-2024-43441), Apache Traffic Control (CVE-2024-45387), and Apache MINA (CVE-2024-52046). CVE-2024-43441 allows authentication bypass in HugeGraph-Server, potentially leading to unauthorized access. CVE-2024-45387 in Traffic Control enables SQL injection attacks. CVE-2024-52046 in MINA allows remote code execution via deserialization flaws. Users are urged to apply security patches immediately, with MINA requiring additional configuration to restrict class deserialization.

Several industrial control system (ICS) vulnerabilities have been disclosed. These include 29 vulnerabilities in Hitachi Disk Array Systems, an improper check vulnerability in Palo Alto Networks products, and an unrestricted file upload issue in Philips products using Apache Struts. Additionally, ABB Cylon Aspect and HMS Ewon Flexy 205 products have been found vulnerable to code injection and remote code execution, respectively. These vulnerabilities, some with publicly available exploits, pose a risk to industrial and infrastructure environments, requiring prompt patching and mitigation.