TheCyberThrone Security Week In Review – March 30, 2024
Share this:
Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, March 30, 2024
TeamViewer Vulnerability Affecting macOS -CVE-2024-1933
A security vulnerability in TeamViewer has been uncovered, putting macOS users of older versions at significant risk. This symlink flaw could allow attackers to elevate their privileges on a target machine and potentially cause widespread damage.
Symlinks (symbolic links) are a type of file that act as shortcuts, pointing to another file or directory. If the software doesn’t handle symlinks carefully, attackers can manipulate them to overwrite critical system files or gain unauthorized access.
Gitlab addresses XSS and DoS vulnerabilities
GitLab has released critical security updates for versions 16.10.1, 16.9.3, and 16.8.5 of its popular Git management software. These patches address vulnerabilities that could expose users to attacks ranging from malicious code execution to system outages.
CVE-2023-6371 is a High Severity XSS vulnerability in Wiki Pages: This vulnerability could allow an attacker to inject malicious code into Wiki pages. When viewed by unsuspecting users, this code could execute, potentially stealing credentials, altering content, or taking other harmful actions.
CVE-2024-2818 is a Medium Severity DoS via Emojis: Attackers could carefully craft messages containing emojis in a way that overwhelms GitLab systems, causing a Denial-of-Service (DoS). This could disrupt collaboration or even take critical workflows offline.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Imperva SecureSphere Vulnerability -CVE-2023-50969
A newly discovered vulnerability in Imperva SecureSphere, a widely used on-premises Web Application Firewall (WAF), has the potential to expose organizations to devastating security breaches.
The vulnerability tracked as CVE-2023-50969 with a critical CVSS score of 9.8, could allow attackers to bypass security rules designed to prevent common web attacks like SQL injection and cross-site scripting.
Red Hat Warning on Fedora Linux – CVE-2024-3094
Red Hat’s Information Risk and Security and Product Security teams have identified a critical vulnerability in the latest versions of the ‘xz’ compression tools and libraries. The affected versions, 5.6.0 and 5.6.1, contain malicious code that could potentially allow unauthorized access to systems. Fedora Linux 40 users and those using Fedora Rawhide, the development distribution for future Fedora builds, are at risk.
The vulnerability tracked as CVE-2024-3094, impacts users who have updated the compromised versions of the xz libraries. Red Hat urges all Fedora Rawhide users to immediately cease using the distribution for both work and personal activities until the issue is resolved. Plans are underway to revert Fedora Rawhide to the safer xz-5.4.x version, after which it will be safe to redeploy Fedora Rawhide instances.
Mozilla Patches Zeroday Vulnerabilities identified during Pwn2Own
Mozilla has issued emergency security updates to fix two critical “zero-day” vulnerabilities in the Firefox web browser. These flaws were skilfully exploited during the recent Pwn2Own Vancouver 2024 hacking contest.
The vulnerabilities tracked as, CVE-2024-29944, and CVE-2024-29943, were expertly exploited by researcher Manfred Paul, who not only showcased the flaws but also earned a $100,000 award and 10 Master of Pwn points for his efforts. Security researcher Manfred Paul masterfully chained together two vulnerabilities in Firefox to achieve full-blown remote code execution.
CVE-2024-29944 (Out-of-Bounds Write): Paul used a flaw in JavaScript event handlers to manipulate Firefox’s memory, allowing him to write code beyond the intended boundaries. This is the cyber equivalent of scribbling outside the lines.
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
