Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, December 2nd & 10th, 2023.
Apache Struts fixes Critical Vulnerability – CVE-2023-50164
Researchers have identified a critical vulnerability in Apache Struts that could lead to unauthorised path traversal. This means an attacker can exploit these parameters to navigate the server’s directory structure and upload a malicious file. Once deployed, can lead to Remote Code Execution remote code execution.
The security flaw, identified as CVE-2023-50164, poses a severe threat to systems running certain versions of Apache Struts. This vulnerability is rooted in the framework’s handling of file upload parameters, which, if manipulated, can lead to unauthorized path traversal.
LogoFAIL Firmware Attack
Researchers has identified numerous security vulnerabilities collectively known as LogoFAIL enable malicious actors to interfere with the booting process of computer devices and implant bootkits, owing to issues related to image analysis components used by motherboard manufacturers for displaying brand logos at computer startup. Devices with both x86 and ARM architectures are at risk.
The possibility of attacking a computer’s built-in boot interface in such a manner was demonstrated as far back as 2009, when researchers Rafal Wojtczuk and Alexander Tereshkin showed how a bug in the BMP image analyzer could be used to infect BIOS with malware.
The discovery of LogoFAIL vulnerabilities began as a small research project examining attack surfaces through image analysis components in the context of custom or legacy code for analysis in embedded UEFI software. Researchers discovered that an attacker could store a malicious image or logo in the EFI system partition or in unsigned firmware update partitions.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
POC released for Splunk Enterprise Vulnerability- CVE-2023-46214
Splunk Enterprise is a log management solution that ingests a variety of data generated by an organization’s business infrastructure and applications and used to generate helpful insights for improving the organization’s security and compliance, application delivery, IT operations.
The vulnerability tracked as CVE-2023-46214 resides while Splunk Enterprise’s failure to safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This enables attackers to upload malicious XSLT, which can result in remote code execution on the Splunk Enterprise instance.
Microsoft Echo’s on APT 28 exploiting CVE-2023-23397
Microsoft’s Threat Intelligence (MSIRT) comes up with a warning of Russia-linked cyber-espionage group APT28 (aka Fancybear) actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information.
Active since 2007, the APT28 group targeted governments, militaries, and security organizations worldwide. The group was also involved in the string of attacks that targeted 2016 presidential election. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.
The researchers note that the attackers also commonly employed multiple known vulnerabilities, including CVE-2023-38831 in WinRAR or CVE-2021-40444 in Windows MSHTML.
Atlassian fixes critical RCE vulnerabilities in its products
Atlassian has fixed four critical vulnerabilities in its software that could result in remote code execution.
- The first vulnerability is CVE-2022-1471 with a CVSS score 9.8, is a Deserialization vulnerability in the SnakeYAML library that can lead to remote code execution in multiple products
- The second vulnerability is CVE-2023-22522 with a CVSS score: 9.0 is a remote code execution vulnerability in Confluence Data Center and Confluence Server
- The third vulnerability is CVE-2023-22523 with a CVSS score: 9.8 and it is also a remote code execution vulnerability in Assets Discovery for Jira Service Management Cloud, Server, and Data Center
- The fourth and final vulnerability is CVE-2023-22524 with a CVSS score: 9.6 is a remote code execution vulnerability in the Atlassian Companion app for macOS
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
