Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 27, 2024
Jenkins fixes critical RCE Vulnerability – CVE-2024-23897
Jenkins has released the patch for a critical vulnerability that could result in remote code execution. The vulnerability tracked as CVE-2024-23897, with a CVSS score of 9.8, resides within Jenkins’ built-in command line interface (CLI), has sent ripples of concern across the IT landscape. This vulnerability, with a CVSS score of 9.8, opens the door to arbitrary file reads the CLI, potentially culminating in remote code execution.
CISA adds VMware bug CVE-2023-34048 to its catalog
The U.S. CISA has added a VMware vCenter Server Out-of-Bounds Write bug, tracked as CVE-2023-34048, to its Known Exploited Vulnerabilities (KEV) catalog. In October 2023, VMware addressed the flaw CVE-2023-34048 with a CVSS score 9.8. On January 18, 2024, revealing that it is aware of exploitation “in the wild.”
Splunk Patches CVE-2024-23678 Deserialization bug
Splunk has addressed multiple vulnerabilities in Splunk Enterprise that includes a high-severity deserialization flaw. The vulnerability tracked as CVE-2024-23678 with CVSS score 7.5, impacting the Windows version.
The advisory stats that Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3 do not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Apple fixes a critical Zeroday – CVE-2024-23222
Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. This is the first actively exploited zero-day vulnerability fixed by the company this year. Vulnerability is a type of confusion issue that resides in WebKit. An attacker can exploit this issue by tricking the victims into visiting maliciously crafted web content to achieve arbitrary code execution.
Lockbit adds Subway to its victims list
Subway IP is an American multinational fast-food restaurant franchise that specializes in submarine sandwiches, wraps, salads, and drinks. The Lockbit ransomware group added Subway to the list of victims on its Tor data leak site and threatened to leak the stolen data on February 02, 2024, at 21:44:16 UTC.
The group claims to have stolen hundreds of gigabytes of sensitive data. The gang said that stolen data includes employee salaries, franchise royalty payments, master franchise commission payments, restaurant turnovers
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
