TheCyberThrone Security Week In Review – March 9, 2024
Posted inSecurity NewsLetter

TheCyberThrone Security Week In Review – March 9, 2024

No Comments

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, March 9th, 2024

Silver SAML Attack Dissection

Golden SAML attack, if you remember SolarWinds attack that affected organizations around the world that deployed malicious code into Orion IT management and monitoring software. To mitigate or overcome this, CISA recommended hybrid environment organizations to move to a cloud identity system such as Entra ID.

Golden SAML authentication is well-known for its extraction of signing certificates from Active Directory Federation Services and using them to forge SAML authentication responses. The Silver SAML attack does not use the ADFS in Microsoft Entra ID.

Advertisements

Cisco fixes Secure Client Vulnerabilities

Cisco released patches for two high severity vulnerabilities in Secure Client, the enterprise VPN application that also incorporates security and monitoring capabilities.

The first issue, tracked as CVE-2024-20337, impacts the Linux, macOS, and Windows versions of Secure Client and could be exploited remotely, without authentication, in carriage return line feed (CRLF) injection attacks that insufficiently validates user supplied inputs.

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Apple addressed iOS Zeroday Vulnerabilities

Apple has released emergency updates to fix two iOS zero-day vulnerabilities that were exploited in attacks against iPhone devices.

The first vulnerability tracked as CVE-2024-23225 is a Kernel memory corruption flaw and was addressed it with improved validation. The second vulnerability tracked as CVE-2024-23296 is an RTKit memory corruption flaw. The company addressed it with improved validation.

Advertisements

Critical TeamCity Vulnerabilities Patched – CVE-2024-27198 & CVE-2024-27199

The vulnerabilities, identified as CVE-2024-27198 and CVE-2024-27199, that could be exploited to perform unauthorized administrative actions. CVE-2024-27198, with a CVSS score of 9.8, enables an authentication bypass that could allow attackers to perform admin actions, posing a critical threat. Meanwhile, CVE-2024-27199, scored at 7.3, involves a path traversal flaw that could enable attackers to perform limited admin actions. This means they could:

Two critical security vulnerabilities have been surfaced in TeamCity On-Premises CI/CD pipeline that could allow attackers to essentially hijack your TeamCity server without even needing a password.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Tags:

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.