CyberSecurity news
FlagThis - #cisa
|
Divya@gbhackers.com - 84d
The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent warnings about multiple actively exploited vulnerabilities affecting popular software and hardware. These flaws impact Zyxel firewalls, CyberPanel, North Grid, and ProjectSend, allowing attackers unauthorized system access and control. Specifically, CyberPanel's CVE-2024-51378, with a critical CVSS score of 10.0, allows authentication bypass and arbitrary command execution, facilitating ransomware deployment. Other vulnerabilities include improper authentication in ProjectSend (CVE-2024-11680), improper XML External Entity restriction in North Grid Proself (CVE-2023-45727), and path traversal in Zyxel firewalls (CVE-2024-11667). These vulnerabilities have been linked to various ransomware campaigns, including PSAUX and Helldown.
Organizations utilizing these products are strongly advised to immediately implement the necessary security updates and mitigations provided by the vendors. The high severity of these vulnerabilities, particularly the perfect score given to CVE-2024-51378, underscores the urgent need for action to prevent exploitation. CISA has added these flaws to its Known Exploited Vulnerabilities catalog and urges federal agencies to remediate them by December 25, 2024. Failure to act promptly leaves organizations vulnerable to significant security breaches and data loss. Recommended read:
References :
PJCoyle (noreply@blogger.com)@chemical-facility-security-news.blogspot.com - 84d
The Cybersecurity and Infrastructure Security Agency (CISA) has added multiple actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These include flaws affecting Zyxel firewalls, Cisco's Adaptive Security Appliance (ASA), CyberPanel, North Grid, and ProjectSend. The addition of these vulnerabilities highlights the ongoing threat landscape and the urgent need for organizations to implement timely patching and robust vulnerability management practices. A particularly concerning vulnerability is CVE-2024-51378, a critical flaw in CyberPanel with a CVSS score of 10.0, allowing attackers to bypass authentication and execute arbitrary commands, leading to ransomware deployment and data theft. Other vulnerabilities, such as the decade-old Cisco ASA flaw (CVE-2014-2120), despite its lower severity score, are also being actively exploited, emphasizing the importance of addressing even older vulnerabilities.
CISA's urgent warning focuses on the immediate need for remediation. Federal agencies face a December 25th, 2024 deadline to patch affected systems, underlining the severity of the threat. The vulnerabilities affect various systems, ranging from firewalls to open-source software, indicating a broad attack surface. The agency strongly advises organizations to implement mitigations, including patching, access restriction, and vigilant monitoring for suspicious activity. Failure to address these vulnerabilities leaves organizations vulnerable to unauthorized access, data breaches, ransomware attacks, and significant operational disruptions. Recommended read:
References :
@feeds.feedburner.com - 71d
The Cybersecurity and Infrastructure Security Agency (CISA) is recommending that senior government and political officials use end-to-end encrypted messaging applications, such as Signal. This recommendation follows a series of telecom breaches impacting numerous countries, including eight carriers within the United States. The agency's move aims to ensure more secure communications and to prevent potential leaks of sensitive government and political conversations that could arise from these security incidents.
These breaches, some of which were confirmed by CISA and the FBI in late October, have highlighted vulnerabilities in the telecom sector. Reports indicate a Chinese-backed threat group, Salt Typhoon, is responsible for the attacks which impacted multiple US telecommunications companies including T-Mobile, AT&T, Verizon, and Lumen Technologies. While the exact timing of the breaches remains unclear, the agency's push for encrypted messaging is a step towards safeguarding sensitive information. Recommended read:
References :
Juan Perez@Tenable Blog - 5d
The Ghost (Cring) ransomware group, known for exploiting vulnerabilities in software and firmware, remains a significant threat as of January 2025. A joint cybersecurity alert from the FBI, CISA, and other partners warns the global cyber defender community of increasing attacks from this financially motivated group. CISA issued a joint advisory on February 19, 2025, emphasizing the group's ongoing activity.
The Ghost (Cring) ransomware first appeared in early 2021 and has impacted organizations across more than 70 countries by compromising vulnerable, internet-facing services. Security measures such as patching known vulnerabilities and implementing basic infosec actions are crucial in defending against these attacks. The SOC Prime Platform has curated Sigma rules to help detect Ghost (Cring) ransomware activity. Recommended read:
References :
@github.com - 66d
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical vulnerability in the Acclaim Systems USAHERDS web application. This flaw, identified as CVE-2021-44207, has been actively exploited and carries a high severity score of 8.1. The vulnerability stems from the use of static ValidationKey and DecryptionKey values which are used to secure the ViewState feature, allowing malicious actors to craft malicious payloads that can bypass integrity checks. Exploiting this flaw allows attackers to execute arbitrary code on the affected server, potentially compromising the entire system and its network.
The vulnerability impacts Acclaim USAHERDS versions 7.4.0.1 and earlier, released prior to November 2021. CISA has added this flaw to its Known Exploited Vulnerabilities catalog, further underscoring the urgency of this security risk. Federal agencies are urged to apply the necessary patches and remediation by January 13, 2025. It has also been noted that APT41, a Chinese state-sponsored espionage group, has been linked to exploiting this vulnerability to compromise U.S. state government networks. Recommended read:
References :
Jessica Lyons@The Register - Software - 14d
The FBI and CISA have jointly issued an advisory urging software developers to eliminate buffer overflow vulnerabilities, labeling them "unforgivable defects." These agencies highlighted the continued presence of such vulnerabilities in products from major vendors like Microsoft and VMware. The advisory emphasizes the need for developers to adopt secure-by-design practices and memory-safe programming languages to prevent these flaws.
The agencies pointed out several recent buffer overflow vulnerabilities, including those found in Microsoft's Hyper-V, Ivanti's Connect Secure, and VMware's vCenter. These vulnerabilities, if exploited, could lead to privilege escalation, remote code execution, and full system access. The advisory stresses that buffer overflows are avoidable by using updated coding practices and safe languages. They also call on manufacturers to implement compile-time and runtime protections, conduct thorough testing, and analyze the root cause of past vulnerabilities to prevent future occurrences. Recommended read:
References :
Divya@gbhackers.com - 84d
The Cybersecurity and Infrastructure Security Agency (CISA) has warned of multiple critical vulnerabilities actively exploited in popular software and hardware. A flaw in CyberPanel (CVE-2024-51378), an open-source web hosting control panel, with a CVSS score of 10.0, allows authentication bypass and remote code execution, enabling attackers to deploy ransomware and compromise systems. This vulnerability has been linked to ransomware campaigns, highlighting the urgent need for immediate patching. Further, vulnerabilities affecting Zyxel firewalls (CVE-2024-11667), ProjectSend (CVE-2024-11680), and North Grid Proself (CVE-2023-45727) have also been added to CISA's Known Exploited Vulnerabilities catalog.
These flaws enable a range of attacks including authentication bypass, remote code execution, and data exfiltration. The CyberPanel vulnerability specifically allows attackers to execute arbitrary commands through shell metacharacters, while the Zyxel firewall vulnerability allows file uploads and downloads via crafted URLs. ProjectSend's vulnerability enables configuration modification through HTTP requests, potentially leading to account creation and malicious code injection. North Grid Proself's vulnerability allows XML External Entity (XXE) attacks. CISA urges organizations using these products to apply the necessary patches immediately or discontinue use if patches aren't available to mitigate the risk of exploitation. Recommended read:
References :
@thecyberexpress.com - 35d
US cybersecurity agencies, CISA and the FBI, have issued warnings regarding the active exploitation of four critical vulnerabilities within Ivanti Cloud Service Appliances (CSA). These flaws, designated as CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380, are being leveraged by Chinese state-sponsored actors to breach vulnerable networks. The agencies released detailed technical information, including indicators of compromise (IOCs), highlighting that attackers are using two primary exploit chains to gain unauthorized access, execute arbitrary code, and implant webshells on victim systems.
Specifically, one exploit chain combines CVE-2024-8963, CVE-2024-8190, and CVE-2024-9380, while the other uses CVE-2024-8963 along with CVE-2024-9379. These vulnerabilities affect Ivanti CSA versions 4.6x before 519, and versions 5.0.1 and below for CVE-2024-9379 and CVE-2024-9380. Notably, CSA version 4.6 is end-of-life and does not receive security patches, making it particularly susceptible. The agencies urge organizations to apply patches promptly and implement robust security measures to defend against these active threats, further highlighting the speed at which disclosed vulnerabilities are weaponized. Recommended read:
References :
Anna Ribeiro@Industrial Cyber - 70d
References:
Industrial Cyber
, CyberScoop
,
The Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the National Cyber Director (ONCD) have jointly released a new playbook aimed at strengthening cybersecurity within federally funded infrastructure projects. This guide provides a framework, recommended actions, and model language for grant-making agencies to integrate cybersecurity into their programs. The primary objective is to improve the cyber resilience of critical infrastructure by ensuring that projects funded by federal grants are designed with security in mind from the outset. It is also intended to be a minimal burden on the federal grant awarding process.
The playbook offers a range of tools and resources for grant program managers and recipients, such as model language for funding opportunity announcements and terms, and templates. The document is advisory and non-binding, but it emphasizes the need for agencies to incorporate cybersecurity considerations throughout the lifecycle of their grant programs. It advises setting criteria for applying the playbook to specific projects, while also providing a mechanism to support the inclusion of baseline cybersecurity best practices. The playbook also targets critical infrastructure stakeholders and organizations involved in sub-awarding grant funds, to ensure wide-spread adoption. Recommended read:
References :
Divya@gbhackers.com - 73d
References:
support.broadcom.com
, gbhackers.com
,
The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent warnings about critical vulnerabilities impacting multiple Industrial Control Systems (ICS) products. These vulnerabilities, if exploited, could allow remote code execution (RCE) and other serious security breaches. Specifically, AutomationDirect’s C-More EA9 Programming Software and Planet Technology’s WGS-804HPT industrial switch were identified as containing severe flaws. The C-More EA9 software suffers from stack-based buffer overflow vulnerabilities, with a CVSS v4 score of 8.4, potentially enabling remote code execution. The Planet Technology switch has three critical vulnerabilities, including stack-based buffer overflow, OS command injection, and integer underflow, with a CVSS v4 score up to 9.3.
These vulnerabilities pose a significant threat to critical infrastructure, as they could enable attackers to remotely compromise systems and disrupt operations. Organizations are strongly advised to update their ICS software and hardware to the latest patched versions as soon as possible. Failure to implement these mitigations could expose organizations to severe security risks and operational disruptions. The ongoing discovery of such vulnerabilities underscores the need for continuous vigilance and proactive security measures within the industrial control systems sector. Recommended read:
References :
Pierluigi Paganini@Security Affairs - 2d
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities affect Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM), posing significant risks to organizations. The advisory issued by CISA strongly urges immediate remediation to mitigate the threat of potential exploitation.
These vulnerabilities include CVE-2017-3066 in Adobe ColdFusion and CVE-2024-20953 in Oracle Agile PLM. The agency has set a deadline of March 17, 2025, for federal agencies to secure their networks against these flaws. Active exploitation attempts have been reported, highlighting the urgency of applying necessary updates. Recommended read:
References :
|