TheCyberThrone Security Week In Review – January 20, 2024

---

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 20, 2024

Atlassian fixes RCE in Confluence Data Center – CVE-2023-22527

Atlassian has addressed a critical vulnerability that resides in  Confluence Data Center and Confluence Server, that could lead to a remote code execution. The vulnerability tracked as  CVE-2023-22527 with a CVSS score of 10, a Remote Code Execution vulnerability, that allows an attacker to run arbitrary code on a victim’s system remotely.

A template injection vulnerability on out-of-date versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected version. CVE-2023-22527 affects certain versions of Confluence Data Center and Server. Specifically, versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0-8.5.3, released before December 5, 2023, are at risk.

Microsoft Outlook Exploit leads to NTLM V2 Password Breach -CVE-2023-35636

Security researchers have unveiled three methods of exploitation to access NTLM v2 hashed passwords. Among these vulnerabilities, one stands out as particularly critical: CVE-2023-35636, an Outlook exploit that exposes sensitive information.

CVE-2023-35636 is a security vulnerability found in Microsoft Outlook, specifically in the calendar sharing function. This exploit enables attackers to intercept NTLM v2 hashes, which are used for authentication in Microsoft Windows systems. NTLM v2, although more secure than its predecessor, is still susceptible to offline brute-force and authentication relay attacks.

VMware VCenter Vulnerability CVE-2023-34048 Exploited in wild

During the month of October 2023 VMware has issued critical security updates to address a severe vulnerability in its vCenter Server, which had the potential to enable remote code execution attacks on susceptible servers.

The vulnerability, identified as CVE-2023-34048 with a CVSS score of 9.8,  resides from an out-of-bounds write weakness in the implementation of the Distributed Computing Environment / Remote Procedure Call (DCE/RPC) protocol by vCenter.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Google Chrome fixes a 1st Zeroday of 2024

Google Chrome has released its stable channel update version to fix several vulnerabilities, including a Zeroday. According to the Google security updates report, the vulnerabilities that Google Chrome patched were associated with high severity issues

• Out-of-bounds write (CVE-2024-0517)
• Type confusion (CVE-2024-0518)
• Out-of-bounds memory access (CVE-2024-0519), which existed in the V8 JavaScript engine. This has been considered as a Zeroday

Apache Hadoop and Flink Misconfigurations Exploited

Security researchers have uncovered a new attack targeting Apache Hadoop and Flink applications. The attacks exploit misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency cryptocurrency miners.

Attackers exploit a misconfiguration of the ResourceManager of the YARN in Hadoop to drop and execute the binary dca, which downloads two other binaries (rootkits) and writes to disk a Monero cryptominer.

Citrix NetScaler ADC Critical Vulnerabilities

Citrix has warned its customers regarding two critical zero-day vulnerabilities, CVE-2023-6548 and CVE-2023-6549. These vulnerabilities pose a significant threat to the NetScaler management interface in Citrix’s NetScaler ADC and Gateway appliances.

These security flaws, if unaddressed, open the door to remote code execution and denial-of-service (DoS) attacks. However, the exploitation of these vulnerabilities requires specific conditions: an attacker must have low-privilege account access and management interface access through NSIP, CLIP, or SNIP. Additionally, the appliances need to be configured as a gateway or an AAA virtual server to be susceptible to DoS attacks.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram