Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, July 06, 2024.
RegreSSHion Vulnerability -CVE-2024-6387
Qualys has revealed details about a security vulnerability they have discovered within the OpenSSH server that could lead to remote, unauthenticated code execution. They have dubbed the vulnerability as “RegreSSHion” as a play on “SSH” and “regression”.
The vulnerability tracked as CVE-2024-6387 is related to OpenSSH servers running with the GNU C Library (glibc) in Linux environments…..
Cisco NX-OS Zeroday Vulnerability -CVE-2024-20399
A zero-day vulnerability has been discovered in Cisco NX-OS Software, that could allow an attacker with administrative credentials to execute commands with the highest privileges on the underlying operating system, potentially leading to a complete takeover of the affected device.
The vulnerability tracked as CVE-2024-20399, stems from insufficient validation of arguments passed to specific configuration commands in the NX-OS command-line interface. An attacker with administrative access could exploit this by crafting malicious input into these commands. Upon successful exploitation, the attacker gains the ability to execute arbitrary commands on the underlying operating system with root privileges……
SnailLoad Vulnerability -CVE-2024-39920
Security researchers have revealed a novel threat dubbed “SnailLoad” that is been tracked as CVE-2024-39920. This side-channel attack exploits a vulnerability in the TCP, potentially allowing attackers to remotely monitor a user’s web activity, including visited websites and streamed videos.
The vulnerability exploits a timing side channel within the TCP protocol, as specified in RFC 9293. This timing side channel enables remote attackers to deduce the content of a TCP connection from a client system to any server when that client system is simultaneously receiving TCP data at a slow rate from an attacker-controlled server. The attack operates by measuring round-trip times (RTTs) through TCP segments that provide an acknowledgment control bit and an acknowledgment number……
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Apache releases new HTTP Server version fixes CVE-2024-39884
Apache Software Foundation has released Apache HTTP Server version 2.4.61, a crucial update that addresses a severe source code disclosure vulnerability that could expose sensitive server-side information to malicious actors.
The vulnerability tracked as CVE-2024-39884 resides from a regression in the handling of legacy content-type based configurations. Specifically, the “AddType” directive and similar settings, when used under specific circumstances, could inadvertently reveal the source code of files intended to be processed. This could include server-side scripts, configuration files, or other sensitive data……
Microsoft uncovers Rockwell Automation’s vulnerabilities
Microsoft’s has revealed the details of vulnerabilities in Rockwell Automation’s PanelView Plus, widely used in industrial settings.
These vulnerabilities, tracked as CVE-2023-2071 and CVE-2023-29464, can be exploited remotely by unauthenticated attackers to perform remote code execution (RCE) and denial-of-service (DoS) respectively……
This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
