TheCyberThrone CyberSecurity Newsletter Top 5 Articles – February, 2024
Share this:
Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending February, 2024
Subscribers favorite #1
Bricks Builder WordPress Plug-in Vulnerability CVE-2024-25600
WordPress Bricks Builder, a popular WordPress site builder, is being actively targeted by hackers due to a critical vulnerability that allows unauthenticated attackers to perform remote code execution. The Bricks plugin was estimated to have about 25,000 active installations when the vulnerability was disclosed
The vulnerability, tracked as CVE-2024-25600 with a CVSS score of 9.8, “anybody can run arbitrary commands and take over the site/server,” according to WordPress development and security company Snicco, which discovered the bug.
Subscribers favorite #2
PoC for Oracle WebLogic RCE Flaw -CVE-2024-20931
PoC exploit has been published for Oracle WebLogic Server vulnerability, CVE-2024-20931 with a CVSS of 7.5, leading to arbitrary code execution and affects the Oracle WebLogic Server, particularly its T3/IIOP protocol. This revelation comes as part of Oracle’s January 2024 patch update, aiming to fortify its defenses against a new class of cyber threats.
The vulnerability was first reported to Oracle in October 2023, manifesting as a bypass for a previously identified vulnerability (CVE-2023-21839). This previous vulnerability, also within the Oracle WebLogic Server, laid the groundwork for the discovery of CVE-2024-20931.
Subscribers favorite #3
Microsoft Exchange Server Vulnerability Actively Exploited – CVE-2024-21410
Microsoft has raised the alarm on a critical security vulnerability within the Exchange Server that is tracked as CVE-2024-21410, CVSS 9.8 that has already been exploited in the wild before this month’s Patch Tuesday fixes. This flaw offers remote, unauthenticated threat actors a pathway to privilege escalation through NTLM relay attacks.
This vulnerability targets weaknesses in the NTLM protocol. Attackers can leverage NTLM credential leaks on clients and relay these credentials against vulnerable Exchange Servers, effectively impersonating the targeted user. Successful exploitation grants attackers elevated privileges, paving the way for further malicious activity.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Subscribers favorite #4
Atlassian Confluence fixes High Severity XSS Flaw – CVE-2024-21678
Atlassian has released a security update addressing CVE-2024-21678 with a CVSS score of 8.5, a high-severity stored cross-site scripting vulnerability impacting multiple Confluence Server and Data Center versions.
This flaw “allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, low impact to integrity, no impact to availability, and requires no user interaction.”
Subscribers favorite #5
Akira ransomware exploiting CVE-2020-3259 Cisco FTD Bug
This week, the U.S. CISA has added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 to its Known Exploited Vulnerabilities catalog. The vulnerability CVE-2020-3259 is an information disclosure issue that resides in the web services interface of ASA and FTD. Cisco addressed the flaw in May 2020.
The issue was listed by CISA as known to be used in ransomware campaigns, but the agency did not reveal which ransomware groups are actively exploiting the issue.
This brings end of this month in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
