Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, December 23, 2023.
PoC Exploit for SharePoint RCE – CVE-2023-29357 & CVE-2023-24955
Jang a security researcher has unveiled an exploit chain linking two distinct vulnerabilities in Microsoft SharePoint Server: CVE-2023-29357 and CVE-2023-24955 during Pwn2Own Vancouver March 2023 edition. This chain was not just a theoretical exercise; it enabled remote code execution (RCE) against the server, a feat that captured the attention of cybersecurity enthusiasts and professionals alike.
Later during the month of September 2023, Jang detailed out this exploit chain, followed by the release of a proof-of-concept (PoC) on GitHub for CVE-2023-29357. The authors of the PoC took an ethical stance, ensuring that RCE wasn’t achievable with the current PoC.
Terrapin Attack in OpenSSH
Security researchers have identified a new threat targeting the integrity of Secure Shell (SSH) communications called as the Terrapin Attack.
The Terrapin Attack is a prefix truncation assault against the SSH protocol, disrupting the security of the SSH channel. By adjusting sequence numbers during the handshake process, attackers can covertly remove crucial messages from either the client or server, undetected. This vulnerability not only jeopardizes the channel’s integrity but also downgrades connection security, potentially leading to the use of less secure client authentication algorithms and disabling vital countermeasures against keystroke timing attacks.
- General Protocol Flaw
- Rogue Extension Negotiation Attack in AsyncSSH
- Rogue Session Attack in AsyncSSH
Delta Dental suffers a Data Breach
Delta Dental of California has disclosed a data breach following security incidents linked to the vulnerability in MOVEit file transfer software by Progress Software. According to a breach notification filed with the Maine Attorney General on December 14, unauthorized actors accessed protected health information.
The exposed data includes individuals’ names coupled with a mix of addresses, Social Security numbers, driver’s license numbers, state identification numbers, passport details, financial account information, tax identification numbers, individual health insurance policy numbers and/or health-related information.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Texas ESO Solutions is affected by data breach
ESO Solutions, a texas based medical software solution company, has suffered a ransomware attack that has exposed personal details and healthcare information belonging to 2.7 million U.S. patients.
ESO Solutions has informed the state regulators that it “detected and stopped a sophisticated ransomware incident” on Sept. 28, but not before the attackers were able to encrypt some of the company’s systems. FBI investigation determined, on Oct. 23, that personal data on one of its affected systems had been exfiltrated during the breach.
Google fixes eighth zeroday in Chrome -CVE-2023-7024
Google has released updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome.
As per the advisory, CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19.Google is aware that an exploit for CVE-2023-7024 exists in the wild.
Nissan Australia suffers a cyber attack, Akira claims responsibility
The Akira ransomware group has claimed to have breached Nissan Australia and to have stolen around 100GB of files. Nissan Oceania refers to the regional operations of the Nissan Motor Company in the Oceania region, which includes Australia and New Zealand.
Earlier this month, Nissan Oceania, the regional division of the multinational carmaker, announced it had suffered a cyber attack and launched an investigation into the incident. Nissan already notified the Australian Cyber Security Center and the New Zealand National Cyber Security Center.
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
