CyberSecurityBoard
Sponsor Register Login

Weekly Vulnerability Recap 1/29/24: Apple, Apache, & VMware

In this week's urgent updates, Apple and VMware issued updates for zero-day flaws currently under attack, and researchers detected a rise in attacks on unpatched Apache and Atlassian Confluence servers.
The release of proof-of-concept code starts the countdown to attack on other critical vulnerabilities, including Cisco Enterprise Communication, Fortra GoAnywhere, and GitLab.
Patch management and vulnerability management remain critical, but they assume that other fundamental requirements, such as asset management, remain in place.
Continue reading below to learn more about this week's vulnerabilities, but don't forget to double-check IT asset inventories for accuracy.
Type of vulnerability: Remote code execution vulnerability.
Type of vulnerability: A type confusion issue enables arbitrary code execution attacks.
The problem: Apple addressed multiple vulnerabilities, but zero-day vulnerability CVE-2024-23222 leads the list.
Although added to the known exploited vulnerability catalog, experts believe attackers used the WebKit vulnerability primarily on specific targets.
The problem: Atlassian disclosed the critical-severity RCE vulnerability, CVE-2023-22527, in Confluence Server and Data Center on January 16, 2024 and noted that only outdated versions would be affected.
Type of vulnerability: Authentication bypass vulnerability can create new admin users on exposed admin portals.
The problem: Fortra disclosed CVE-2024-0204, a critical vulnerability with a CVSS score rated 9.8/10, to the public on January 23rd after issuing patches and notifying customers on December 7, 2023.
Type of vulnerability: Account takeover from password-reset emails sent to unverified email addresses.
The fix: GitLab recommends immediate patching that will also fix three other vulnerabilities.
Sonar also discovered a similar high severity cross-site WebSocket hijacking vulnerability that also uses the command line to execute ACE attacks if a victim clicks a link.
Type of vulnerability: RCE attacks that possibly establish root access.
Type of vulnerability: Sophos researchers discovered three vulnerabilities: pool memory corruption, out-of-bounds-read, and arbitrary read. The problem: WatchGuard confirmed these three vulnerabilities in WatchGuard Endpoint Protection, Detection, and Response, Panda Dome, and Panda Adaptive Defense 360.
The pool memory corruption vulnerability, CVE-2023-6330, does not authenticate registry information, which could lead to kernel memory pool overflow, denial of service conditions, and possibly ACE with system-level privileges.
Out-of-bounds vulnerability CVE-2023-6331 can create a denial of service condition and allow ACE with system-level privileges.
The lower risk arbitrary read vulnerability CVE-2023-6332 could allow users with admin privileges to leak data from kernel memory,.
WatchGuard recommends updating to the most recent versions of the products to eliminate the vulnerabilities.


This Cyber News was published on www.esecurityplanet.com. Publication date: Mon, 29 Jan 2024 23:13:03 +0000


Cyber News related to Weekly Vulnerability Recap 1/29/24: Apple, Apache, & VMware

Investigation of Possible Causes of ESXiArgs Ransomware Attacks Suggests VMware is Not at Fault - Edward Hawkins, the High-Profile Product Incident Response Manager at VMware, has denied allegations that two-year-old security flaws have been used in the current ESXiArgs ransomware attacks. Over the weekend, reports surfaced about cybercriminals ...
1 year ago Hackread.com
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks - VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. Cloud Director is a VMware platform that enables admins ...
7 months ago Bleepingcomputer.com
VMWare discloses critical VCD Appliance auth bypass with no patch - VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations' cloud services as part of Virtual Data Centers. The auth ...
7 months ago Bleepingcomputer.com
VMware fixes critical code execution flaw in vCenter Server - VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware's vSphere suite, and it helps ...
7 months ago Bleepingcomputer.com
Chinese threat group exploited VMware vulnerability in 2021 - A critical VMware vulnerability that was patched in October was exploited in the wild two years ago by a China-nexus threat actor, according to new research from Mandiant. On Oct. 25, VMware first disclosed an out-of-bounds write vulnerability ...
5 months ago Techtarget.com
VMware warns admins of public exploit for vRealize RCE flaw - VMware warned customers on Monday that proof-of-concept exploit code is now available for an authentication bypass flaw in vRealize Log Insight. "Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published," ...
7 months ago Bleepingcomputer.com
Russians break into Microsoft as Chinese hit VMware users The Register - A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news. On Friday VMware confirmed CVE-2023-34048, a critical out-of-bounds write ...
5 months ago Go.theregister.com
VMware urges admins to remove deprecated, vulnerable auth plug-in - VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. The vulnerable VMware Enhanced ...
4 months ago Bleepingcomputer.com
Chinese Spies Exploited Critical VMware Bug for Nearly 2 Years - One of the most serious VMware vulnerabilities in recent memory was secretly being exploited by a Chinese advanced persistent threat for years before a patch became available. In a sign of just how severe this particular issue was, VMware went so far ...
5 months ago Darkreading.com
Weekly Vulnerability Recap 1/29/24: Apple, Apache, & VMware - In this week's urgent updates, Apple and VMware issued updates for zero-day flaws currently under attack, and researchers detected a rise in attacks on unpatched Apache and Atlassian Confluence servers. The release of proof-of-concept code starts the ...
5 months ago Esecurityplanet.com
Apple To Drop Sensor From Some Watch Models - Redesign plan to remove blood-oxygen sensor on certain Apple Watch models is dependent on an appeal court decision. Apple is reportedly prepared to remove the blood-oxygen sensor from certain Apple Watch models, depending on a court decision. The ...
5 months ago Silicon.co.uk
Big Tech to EU: "Drop Dead" - There's just one wrinkle: the Big Tech companies don't want that future, and they're trying their damndest to strangle it in its cradle. Right from the start, it was obvious that the tech giants were going to war against the DMA, and the freedom it ...
1 month ago Eff.org
Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
6 months ago Silicon.co.uk
Without Interoperability, Apple Customers Will Never Be Secure - Every internet user should have the ability to privately communicate with the people that matter to them, in a secure fashion, using the tools and protocols of their choosing. Apple's iMessage offers end-to-end encrypted messaging for its customers, ...
6 months ago Eff.org
Chinese Espionage Group Has Exploited VMware Flaw Since 2021 - A Chinese espionage group spotted last year by Mandiant researchers abusing a flaw that affected VMware virtualization tools has been exploiting another zero-day vulnerability in VMware's vCenter Server since at least late 2021, according to the ...
5 months ago Securityboulevard.com
Linux version of Qilin ransomware focuses on VMware ESXi - A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date. Due to this adoption, almost all ransomware gangs have created dedicated VMware ESXi ...
7 months ago Bleepingcomputer.com
CVE-2010-1142 - VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; ...
11 years ago
VMware Fixes Critical Security Bugs in vRealize Log Analysis Tool - Organizations using the VMware vRealize Log Analysis tool are being urged to update it in order to patch several recently discovered security bugs. According to a security advisory issued by VMware yesterday, the company has identified a critical ...
1 year ago Bleepingcomputer.com
VMware makes Workstation Pro and Fusion Pro free for personal use - VMWare has made Workstation Pro and Fusion Pro free for personal use, allowing home users and students to set up their own virtualized test labs and play with another operating system at little to no cost. Things have been a little shaky since ...
1 month ago Bleepingcomputer.com
Weekly Blog Wrap-Up - Welcome to the TuxCare Weekly Blog Wrap-Up - your go-to resource for the latest insights on cybersecurity strategy, Linux security, and how to simplify the way your organization protects its data and customers. At TuxCare, we understand the ...
5 months ago Securityboulevard.com
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
5 months ago Blog.checkpoint.com
Weekly Blog Wrap-Up - Welcome to the TuxCare Weekly Blog Wrap-Up - your go-to resource for the latest insights on cybersecurity strategy, Linux security, and how to simplify the way your organization protects its data and customers. At TuxCare, we understand the ...
6 months ago Securityboulevard.com
Exploit Released for Critical VMware vRealize Log Insight RCE Vulnerability - Horizon3 security researchers have released proof-of-concept code for a VMware vRealize Log Insight vulnerability chain that allows attackers to gain remote code execution on unpatched appliances. VMware patched four security vulnerabilities in its ...
1 year ago Bleepingcomputer.com
Apple 'Find My' network can be abused to steal keylogged passwords - Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced ...
7 months ago Bleepingcomputer.com
VMware Patches Vulnerabilities Exploited at Pwn2Own 2024 - Broadcom-owned VMware on Tuesday published a security advisory to inform Workstation and Fusion customers that patches are available for vulnerabilities exploited earlier this year at the Pwn2Own hacking competition. It's worth noting that VMware ...
1 month ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)