TheCyberThrone Security Week In Review – November 11, 2023

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, November 11, 2023.

SysAid Zeroday Vulnerability Exploit Released- CVE-2023-47246

Security researchers from Huntress published the technical details and will release an exploit targeting a vulnerability chain for gaining remote code execution on unpatched SysAid IT support software.

SysAid, a beacon of support for IT infrastructures, released an advisory that pierced the veil on a previously hidden vulnerability. This disclosure came on the heels of an alert from Microsoft, which revealed that the notorious TA505, also dubbed “Lace Tempest” and linked to the cl0p ransomware syndicate, was exploiting this weakness in the wild.

The vulnerability, catalogued as CVE-2023-47246, is a path traversal flaw that can be exploited to execute code within on-premises installations of SysAid’s software – a flaw that has since been sealed off in version 23.3.36 of the platform.

SysAid Vulnerability exploited by Lace Tempest- CVE-2023-47246

A critical zero-day vulnerability was discovered in SysAid On-Prem software, a widely used IT service management (ITSM) solution. Now, researchers come up with a warning that threat actors have started exploiting the vulnerability.

The vulnerability tracked as CVE-2023-47246 could allow attackers to gain unauthorized access to affected systems and execute arbitrary code. The vulnerability was exploited by a group known as DEV-0950 (Lace Tempest).

The vulnerability is a path traversal vulnerability that allows attackers to upload malicious files to the SysAid Tomcat web service. Once uploaded, these files can be executed, giving the attacker complete control over the affected system. The attacker used two PowerShell scripts to carry out the attack: one to launch the malware loader and the other to erase evidence of the intrusion

CVE-2023-42659: Critical WS_FTP Server Vulnerability

Progress Software has urged its customers to immediately patch a critical vulnerability in its WS_FTP Server software. This vulnerability, identified as CVE-2023-42659 and carrying a CVSS score of 9.1, allows authenticated Ad Hoc Transfer users to upload files to arbitrary locations on the underlying operating system hosting the WS_FTP Server application. This potentially devastating vulnerability could grant attackers unrestricted access to sensitive data and compromise entire systems.

WS_FTP Server is a widely used enterprise-grade file transfer software, employed by thousands of IT teams worldwide. The CVE-2023-42659 vulnerability affects versions before 8.7.6 and 8.8.4, leaving a significant number of installations exposed to potential exploitation.

WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user can craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Palo Alto Unveils New Feature sets to its products

Palo Alto has announced many new features, including an AI-powered zero-trust management solution, several advanced security capabilities, and next-generation firewalls, to address the use cases of modern enterprises.

First feature is the launch of Strata Cloud Manager designed to address the issue of inadequate predictive and actionable insights and a lack of seamless integration across security tools that result in security gaps and inconsistent policies that compromise protection and operational experience.

Enhanced network security in the service uses AI-powered analysis of policies and real-time compliance checks to fortify network security. The service can also oversee configuration and security policies across all form factors, including secure access service edge and hardware and software firewalls, to ensure consistent protection while minimizing operational overhead.

The new Next Gen firewalls are intended to address future 5G connectivity requirements and to withstand the demanding conditions of operational technology environments

Microsoft Access Vulnerability Exploited for NTLM Token Theft

Researchers from Check Point has discovered a vulnerability in Microsoft Access that allows cybercriminals to exploit the “linking to remote SQL Server tables” feature to automatically leak Windows user NTLM tokens to the attacker’s server through any TCP port, including port 80.

NTLM more than two decades old and has long been recognized as outdated due to its vulnerabilities. There are various known attacks on NTLM, including brute-force attacks, Pass-the-Hash, and NTLM Relay attacks. It is important to note that the effectiveness of these attacks can be significantly reduced by blocking outgoing traffic through ports 139 and 445, which NTLM uses.

Atlassian Confluence Vulnerability Exploited to deploy Cerber ransomware

Threat actors have started exploiting a recently disclosed critical flaw CVE-2023-22518 in Confluence Data Center and Confluence Server.

Atlassian, earlier warned of the CVE-2023-22518 the issue is an improper authorization issue that can lead to significant data loss if exploited by an unauthenticated attacker.

Atlassian was not aware of attacks in the wild, exploiting this vulnerability. But, the company urged customers to immediately take action to protect their installs.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram