CyberSecurity updates
2024-12-26 02:09:03 Pacfic

Adobe ColdFusion Path Traversal Vulnerability - 1d
Adobe ColdFusion Path Traversal Vulnerability

A critical path traversal vulnerability, identified as CVE-2024-53961, has been discovered in Adobe ColdFusion versions 2023 and 2021. This flaw allows attackers to read arbitrary files from the server. A proof-of-concept (PoC) exploit is already publicly available, significantly increasing the risk of exploitation. ColdFusion users must immediately apply the security updates to mitigate this vulnerability, as attackers are expected to weaponize this vulnerability very quickly. The vulnerability is due to an incomplete mitigation for CVE-2024-50379.

Critical Vulnerabilities in Zyxel, CyberPanel, North Grid, and ProjectSend - 20d
Critical Vulnerabilities in Zyxel, CyberPanel, North Grid, and ProjectSend

The Cybersecurity and Infrastructure Security Agency (CISA) issued alerts about multiple vulnerabilities being actively exploited in the wild, affecting popular software and hardware products such as Zyxel firewalls, CyberPanel, North Grid, and ProjectSend. These vulnerabilities pose significant security risks, allowing attackers to gain unauthorized access and control of affected systems. Organizations are strongly urged to apply the necessary security updates or mitigations immediately to prevent exploitation. The vulnerabilities include CVE-2024-51378 (CyberPanel), which has a CVSS score of 10.0. Specific details on each vulnerability and remediation steps can be found in the respective security advisories issued by CISA and the affected vendors.

Critical Windows Zero-Day Vulnerability: NTLM Hash Disclosure - 19d
Critical Windows Zero-Day Vulnerability: NTLM Hash Disclosure

A critical zero-day vulnerability impacting all supported Windows versions (7-11 and Server 2008 R2-2022) allows attackers to capture NTLM credentials by simply having a user view a malicious file in Windows Explorer. This vulnerability highlights the ongoing risk posed by zero-day exploits and the importance of robust security patches and awareness programs. The vulnerability’s simple exploit method underlines the necessity for strong security practices and endpoint protection.

Mitel MiCollab Zero-Day Vulnerability Allows Authentication Bypass and File Reading - 19d
Mitel MiCollab Zero-Day Vulnerability Allows Authentication Bypass and File Reading

A zero-day vulnerability in Mitel MiCollab allows attackers to bypass authentication and read arbitrary files. A proof-of-concept exploit has been released, highlighting the severity of this unpatched vulnerability. This affects the authentication mechanism and file access controls within the platform.

Critical Vulnerabilities in Mitel MiCollab Expose Systems to Unauthorized Access - 19d
Critical Vulnerabilities in Mitel MiCollab Expose Systems to Unauthorized Access

Security researchers discovered critical vulnerabilities in Mitel MiCollab, a unified communications platform. These flaws, including CVE-2024-35286 (SQL Injection) and CVE-2024-41713 (authentication bypass), as well as an unpatched arbitrary file read vulnerability, allow unauthorized access to sensitive files and system administration. Proof-of-concept exploits have been released, highlighting the severity of these security risks. The vulnerabilities affect the ‘ReconcileWizard’ servlet and allow attackers to access a server’s filesystem potentially compromising sensitive data and overall system security.

RomCom Zero-Day Exploits in Mozilla and Windows - 28d

The RomCom cyber threat group exploited zero-day vulnerabilities (CVE-2024-9680 and CVE-2024-49039) in Mozilla Firefox and Windows to deploy their backdoor. The vulnerabilities allowed zero-click exploitation, delivering payloads without user interaction. Fake websites were used to target victims worldwide, mainly in Europe and North America. The backdoor provided attackers with complete system control.

Massive Attack Targets Palo Alto Networks Devices - 1d
Massive Attack Targets Palo Alto Networks Devices

Over 2,000 Palo Alto Networks devices were compromised in a large-scale attack exploiting vulnerabilities CVE-2024-0012 and CVE-2024-9474. Attackers bypassed authentication, escalated privileges, and deployed malware. The US and India were particularly impacted.

Zero-Day Exploits in Palo Alto Networks Software Compromise Thousands of Organizations - 20h
Zero-Day Exploits in Palo Alto Networks Software Compromise Thousands of Organizations

Two zero-day vulnerabilities were exploited in Palo Alto Networks software, potentially compromising thousands of organizations. This highlights the critical need for vendors to prioritize security and for organizations to maintain up-to-date software and security patching practices. The widespread impact of this vulnerability underscores the cascading effect of software flaws, which can allow attackers to penetrate systems and cause significant harm. The incident serves as a reminder to organizations to proactively monitor their security posture, use robust threat intelligence feeds, and employ multi-layered security defenses.

Palo Alto Networks Warns of Critical Remote Command Execution Vulnerability - 9d
Palo Alto Networks Warns of Critical Remote Command Execution Vulnerability

Palo Alto Networks has issued a critical security warning regarding a vulnerability in the management interfaces of its firewall products. This vulnerability, categorized as a remote command execution (RCE) flaw, could allow unauthenticated attackers to remotely execute arbitrary commands on affected systems. While the number of observed exploitations is currently limited, it poses a serious threat to the security of Palo Alto firewalls. This vulnerability highlights the importance of keeping software up-to-date and implementing robust security measures to mitigate the risk of exploitation. Attackers could potentially leverage this vulnerability to gain unauthorized access to sensitive data, disrupt network operations, or launch further attacks. Organizations using Palo Alto firewalls are strongly advised to apply the necessary patches and security updates to mitigate this vulnerability and protect their systems.