CyberSecurity news

FlagThis - #vulnerabilities

info@thehackernews.com (The Hacker News)@The Hacker News - 64d

Apache Fixes Critical Vulnerabilities - Apache has addressed a critical SQL injection vulnerability in Traffic Control.
The Apache Software Foundation has issued critical security updates to address severe vulnerabilities affecting several of its products, including MINA, HugeGraph-Server, and Traffic Control. These updates are crucial as the identified flaws could potentially allow attackers to compromise systems. Specifically, a SQL Injection vulnerability was discovered in Apache Traffic Control.

Security teams are being urged to immediately patch the 9.9 severity vulnerability within the web content distribution platform. The identified issues highlight a serious risk of exploitation, and it is essential that organizations using these Apache products prioritize applying the latest security updates to protect their systems from potential cyber attacks. The release of these security fixes underscores the continuous need for vigilance in maintaining secure software infrastructures.

Recommended read:
References :
  • The Hacker News: Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
  • ciso2ciso.com: Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now – Source:thehackernews.com
  • Osint10x: Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
  • securityonline.info: CVE-2024-45387 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Apache Traffic Control
  • ciso2ciso.com: Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now – Source:thehackernews.com
  • osint10x.com: Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
  • securityonline.info: CVE-2024-45387 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Apache Traffic Control
  • Pyrzout :vm:: Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now – Source:thehackernews.com
  • ciso2ciso.com: Apache fixed a critical SQL Injection in Apache Traffic Control – Source: securityaffairs.com
  • securityaffairs.com: Apache fixed a critical SQL Injection in Apache Traffic Control
  • Pyrzout :vm:: Apache fixed a critical SQL Injection in Apache Traffic Control – Source: securityaffairs.com
  • malware.news: Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic Control.
  • www.scworld.com: Apache fixes Traffic Control bug that attackers could exploit
  • BleepingComputer: The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products.
  • Hacker News: Apache fixes Traffic Control bug that attackers could exploit
  • securityonline.info: CVE-2024-45387: PoC Published for Critical SQL Injection in Apache Traffic Control
  • securityonline.info: CVE-2024-45387: PoC Published for Critical SQL Injection in Apache Traffic Control
@ciso2ciso.com - 27d

Multiple Cyber Attacks and Vulnerabilities - Multiple cyber incidents include healthcare data breaches from SimpleHelp RMM, TorNet backdoor via PureCrypter, OAuth redirect flaws in airline systems and malware on WordPress sites disguised as fake Google browser updates.
A series of cyber incidents have been reported, highlighting the evolving nature of online threats. A concerning trend involves a sophisticated phishing campaign targeting users in Poland and Germany, using PureCrypter malware to deliver multiple payloads, including Agent Tesla and Snake Keylogger, as well as a novel backdoor called TorNet. This TorNet backdoor employs advanced detection evasion tactics, requiring immediate and proactive defense measures. The campaign, which has been active since at least mid-summer 2024, indicates financially motivated threat actors behind the attacks. Security tools are available with threat intelligence to assist in detecting and preventing such intrusions.

Multiple additional vulnerabilities have been discovered, including over 10,000 WordPress websites unknowingly delivering MacOS and Windows malware through fake Google browser update pages. This cross-platform malware attack is notable as it delivers AMOS for Apple users and SocGholish for Windows users, and is the first time these variants have been delivered through a client-side attack. Moreover, an OAuth redirect flaw in an airline travel integration system has exposed millions of users to account hijacking. By manipulating parameters within the login process, attackers can redirect authentication responses, gain unauthorized access to user accounts, and perform actions like booking hotels and car rentals. These incidents underscore the importance of constant vigilance and robust security measures across all platforms.

Recommended read:
References :
  • BleepingComputer: Hackers are believed to be exploiting recently fixed SimpleHelp Remote Monitoring and Management (RMM) software vulnerabilities to gain initial access to target networks.
  • securityaffairs.com: Attackers exploit SimpleHelp RMM software flaws for initial access.
  • Help Net Security: Attackers are leveraging vulnerabilities in SimpleHelp.
  • www.bleepingcomputer.com: Hackers are exploiting flaws in SimpleHelp RMM to breach networks
  • ciso2ciso.com: TorNet Backdoor Detection: An Ongoing Phishing Email Campaign Uses PureCrypter Malware to Drop Other Payloads – Source: socprime.com
  • cside.dev: 10,000 WordPress Websites Found Delivering MacOS and Microsoft Malware
  • The Hacker News: OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking
Ashish Khaitan@The Cyber Express - 63d

Critical Apache Vulnerabilities Expose Systems to Attacks - Multiple critical vulnerabilities have been discovered in Apache software products, including Apache HugeGraph-Server, Apache Traffic Control, and Apache MINA, posing significant risks to users.
Multiple critical vulnerabilities have been identified in several Apache software products, posing significant risks to users. The Cyber Security Agency of Singapore has issued alerts regarding these flaws, urging immediate updates. CVE-2024-43441 affects Apache HugeGraph-Server, allowing for authentication bypass, potentially granting unauthorized access to systems. Another critical issue, CVE-2024-45387, has been discovered in Apache Traffic Control and is a SQL injection vulnerability that can be exploited by privileged users to execute arbitrary SQL commands, risking data manipulation or exfiltration.

Apache MINA is also affected by CVE-2024-52046 which allows remote code execution through deserialization flaws. It is crucial that users apply security patches promptly. For Apache MINA, additional configuration is required to restrict class deserialization further mitigating the risk. Furthermore, a high-risk vulnerability, CVE-2024-56512, has been found in Apache NiFi, a data processing and distribution system, which can expose sensitive information to unauthorized users, especially if using component-based authorization policies. A patch for NiFi has been issued in version 2.1.0, users should upgrade immediately.

Recommended read:
References :
  • BleepingComputer: The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products.
  • malware.news: Apache fixes Traffic Control bug that attackers could exploit
  • www.bleepingcomputer.com: Apache warns of critical flaws in MINA, HugeGraph, Traffic Control
  • www.scworld.com: Apache fixes Traffic Control bug that attackers could exploit
  • thecyberexpress.com: Critical Apache Vulnerabilities: Update Now to Avoid Major Risks
  • www.csa.gov.sg: CVE-2024-45387: PoC Published for Critical SQL Injection in Apache Traffic Control
  • securityonline.info: CVE-2024-45387: PoC Published for Critical SQL Injection in Apache Traffic Control
@www.bleepingcomputer.com - 6d

Critical Vulnerabilities Patched in Multiple Products - Security flaws patched in Juniper Networks Session Smart Routers and Atlassian products, including a critical authentication bypass in Juniper's routers and remote code execution vulnerability in Atlassian's Bamboo, Bitbucket, Confluence, Crowd, and Jira.
Critical security vulnerabilities have been patched in Juniper Networks Session Smart Routers and several Atlassian products. A critical authentication bypass vulnerability, identified as CVE-2025-21589, affects Juniper's Session Smart Router, Conductor, and WAN Assurance Managed Routers. Juniper Networks has released a patch to address this flaw, which could allow attackers to bypass authentication and gain control of affected Session Smart Router devices.

Australian software firm Atlassian has also released security patches to address 12 critical and high-severity vulnerabilities across its product suite, including Bamboo, Bitbucket, Confluence, Crowd, and Jira. Among the most severe vulnerabilities fixed is CVE-2024-50379, which has a CVSS score of 9.8 and could lead to remote code execution. Users of these products are strongly advised to apply the available patches as soon as possible to mitigate potential risks.

Recommended read:
References :
  • Anonymous ???????? :af:: Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices.
  • securityaffairs.com: Australian software firm Atlassian patched 12 critical and high-severity flaws in Bamboo, Bitbucket, Confluence, Crowd, and Jira. Software firm Atlassian released security patches to address 12 critical- and high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd, and Jira products. The most severe vulnerabilities addressed by the company are: CVE-2024-50379 – (CVSS score of 9.8) – RCE
CISO2CISO Editor 2@ciso2ciso.com - 35d

Oracle Addresses 318 Vulnerabilities in January Patch Update - Oracle is addressing 320 new vulnerabilities in its January patch update, affecting over 90 products and services, highlighting the need for robust vulnerability management.
Oracle has released its January 2025 Critical Patch Update (CPU), addressing 318 new security vulnerabilities across over 90 products and services within 27 categories. The update includes patches for roughly 200 unique CVEs. The vulnerabilities affect a wide range of Oracle products, including its Communications applications, Construction and Engineering appliances, middleware and servers, and the E-Business Suite. This update is critical for organizations using Oracle products, highlighting the importance of robust vulnerability management and patching procedures.

The severity of the addressed vulnerabilities varies, with some having a CVSS score of 4 to 6 while others are considered critical. The most severe vulnerability, with a CVSS score of 9.9, affects the Oracle Agile Product Lifecycle Management (PLM) Framework, allowing a low-privileged attacker to compromise susceptible instances via HTTP. Oracle is urging customers to apply the Critical Patch Update as soon as possible, as some older Oracle flaws remain unpatched on some networks as evidenced by the US Cybersecurity and Infrastructure Security Agency (CISA) adding an older vulnerability in Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog.

Recommended read:
References :
  • ciso2ciso.com: Oracle To Address 320 Vulnerabilities in January Patch Update
  • ciso2ciso.com: Software giant Oracle is expected to release patches for 320 new security vulnerabilities affecting over 90 products and services across 27 categories.
  • The Hacker News: Oracle releases January 2025 patch to address 300+ vulnerabilities
  • ciso2ciso.com: Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products – Source:thehackernews.com
  • ciso2ciso.com: Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products
Pierluigi Paganini@Security Affairs - 2d

CISA Adds Critical Vulnerabilities to Known Exploited Catalog - CISA added vulnerabilities in Adobe ColdFusion and Oracle Agile PLM to its Known Exploited Vulnerabilities Catalog, urging immediate remediation due to active exploitation.
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities affect Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM), posing significant risks to organizations. The advisory issued by CISA strongly urges immediate remediation to mitigate the threat of potential exploitation.

These vulnerabilities include CVE-2017-3066 in Adobe ColdFusion and CVE-2024-20953 in Oracle Agile PLM. The agency has set a deadline of March 17, 2025, for federal agencies to secure their networks against these flaws. Active exploitation attempts have been reported, highlighting the urgency of applying necessary updates.

Recommended read:
References :
  • Talkback Resources: Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA [exp] [net]
  • thecyberexpress.com: CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities
  • cyble.com: Overview The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog.
  • Talkback Resources: Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA [exp] [net]
@www.zeroscience.mk - 60d

Critical ICS Vulnerabilities Disclosed Across Vendors - Multiple vulnerabilities have been discovered in industrial control system products from Hitachi, Palo Alto Networks, Philips, ABB, and HMS, with some having public exploits.
Multiple critical vulnerabilities have been disclosed this week affecting various industrial control systems (ICS) products. Hitachi has issued an advisory regarding 29 vulnerabilities discovered in their Disk Array Systems. Palo Alto Networks is addressing an improper check vulnerability in multiple of their products which could cause a denial of service. Philips has also announced a critical vulnerability concerning an Apache Struts unrestricted file upload issue which could potentially lead to remote code execution.

Additionally, independent security researchers have uncovered several flaws in products by ABB and HMS. Zero Science reported multiple vulnerabilities with publicly available exploits in the ABB Cylon Aspect building energy management product. CyberDanube disclosed a code injection vulnerability, again with a publicly available exploit, in the HMS Ewon Flexy 205. These disclosures highlight the ongoing security challenges in the ICS sector, with vulnerabilities being found across different vendors and product lines.

Recommended read:
References :

Blogs

Research Tools