CyberSecurityBoard
Sponsor Register Login

Weekly Vulnerability Recap 2/5/24: Azure, Apple, Ivanti & Mastodon

A coding vulnerability in Microsoft's Azure Pipelines affected 70,000 open-source projects.
With the recent surge in critical vulnerabilities, organizations should regularly update and patch software, and perform routine vulnerability assessments and penetration testing.
Keep reading for further details on this week's vulnerabilities.
Type of vulnerability: Missing authentication flaw and cross-site scripting vulnerability.
The problem: Juniper Networks' SRX and EX Series include high-severity weaknesses, particularly CVE-2024-21619, a missing authentication vulnerability that exposes sensitive information, and CVE-2024-21620, a cross-site scripting bug that allows arbitrary command execution.
The Known Exploited Vulnerabilities list also added the previously disclosed issues CVE-2023-36846 and CVE-2023-36851, emphasizing the importance of immediate fix.
Type of vulnerability: Code vulnerability in Microsoft's Azure Pipelines.
The problem: Legit Security researchers discovered a vulnerability in Azure Pipelines that affects approximately 70,000 open-source projects.
The fix: Microsoft already issued a fix in October 2023 to address this vulnerability.
Apple Faces New Active Exploitation in Multiple OS. Type of vulnerability: Kernel flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS. The problem: CVE-2022-48618 allows attackers with arbitrary read and write privileges to potentially overcome Pointer Authentication, which affects several Apple operating systems.
Despite Apple's December 2022 patch, the flaw's public disclosure a year later exposes possible vulnerabilities in devices running versions prior to iOS 15.7.1, requiring immediate action.
Given the reported vulnerability, federal civilian executive branch agencies should implement solutions by February 21, 2024.
Type of vulnerability: Heap-based buffer overflow vulnerability in the GNU C library.
The problem: A recently discovered vulnerability in glibc's vsyslog internal() function poses a serious threat to Linux systems, allowing local attackers to gain complete root access.
Jenkins CLI Vulnerability Enables RCE. Type of vulnerability: Arbitrary file read vulnerability that can allow RCE. The problem: CVE-2024-23897 reveals a significant vulnerability in the Jenkins CLI, allowing attackers to access files on the controller file system.
With a CVSS score of 9.8, the vulnerability allows remote code execution and other attacks.
The fix: Following the vulnerability patches last week, there's a newly updated Proof-of-Concept exploit for CVE-2024-23897 published on GitHub.
Type of vulnerability: Privilege escalation and server-side request forgery.
CISA published an advisory outlining updated mitigations to prevent threat actors from exploiting vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways on Ivanti devices.
Type of vulnerability: Critical origin validation error.


This Cyber News was published on www.esecurityplanet.com. Publication date: Mon, 05 Feb 2024 21:13:04 +0000


Cyber News related to Weekly Vulnerability Recap 2/5/24: Azure, Apple, Ivanti & Mastodon

What is Azure Identity Protection and 7 Steps to a Seamless Setup - As a result, tools such as Microsoft's Azure Identity Protection have become a staple in protecting against compromised identities, account takeover, and misuse of privileges. Azure Identity Protection is a security service that provides a robust ...
1 month ago Securityboulevard.com
Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
5 months ago Unit42.paloaltonetworks.com
Mastodon vulnerability allows attackers to take over accounts - Mastodon, the free and open-source decentralized social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account. The platform became popular after Elon Musk acquired Twitter and ...
5 months ago Bleepingcomputer.com
What’s The Difference Between Twitter and Mastodon? - Twitter and Mastodon have been the two major players in the social media landscape for some time. Both platforms offer a way for people to share information and interact with others, and both have millions of users worldwide. Depending on your goals ...
1 year ago Welivesecurity.com
Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
5 months ago Techtarget.com
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
1 month ago Blog.checkpoint.com
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
3 months ago Techtarget.com
Weekly Vulnerability Recap 2/5/24: Azure, Apple, Ivanti & Mastodon - A coding vulnerability in Microsoft's Azure Pipelines affected 70,000 open-source projects. With the recent surge in critical vulnerabilities, organizations should regularly update and patch software, and perform routine vulnerability assessments and ...
5 months ago Esecurityplanet.com
Ivanti urges customers to patch yet another critical vulnerability - This vulnerability only affects a limited number of supported versions-Ivanti Connect Secure, Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. Please read between the lines that there could be unsupported versions which will never see ...
4 months ago Malwarebytes.com
CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products - In an unprecedented move, the US government's cybersecurity agency CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. Within 48 hours, the agency said federal ...
5 months ago Securityweek.com
Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
4 months ago Go.theregister.com
Ivanti confirms 2 zero-day vulnerabilities are under attack - CISA urged enterprises to address two Ivanti zero-day vulnerabilities that remain unpatched amid reports of active exploitation by a Chinese nation-state threat actor. Ivanti published a security advisory Wednesday for an authentication bypass ...
5 months ago Techtarget.com
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs - Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI. The vulnerability was reported by security researchers with Palo Alto's Prisma Cloud. ...
7 months ago Bleepingcomputer.com
Azure Service Tags tagged as security risk, Microsoft disagrees - Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers' private data. Service Tags are groups of IP addresses for a specific Azure service ...
1 week ago Bleepingcomputer.com
More mass exploits hit the same buggy Ivanti devices The Register - All manner of miscreants are piling onto the latest Ivanti flaw, a server-side request forgery vulnerability tracked as CVE-2024-21893, according to threat hunters tracking the string of CVEs that have been plaguing the software shop's gateways over ...
5 months ago Go.theregister.com
China-backed attackers blamed for Ivanti zero-day exploits The Register - Security experts believe Chinese nation-state attackers are actively exploiting two zero-day vulnerabilities in security products made by Ivanti. If you're an admin or a user of the two products affected, VPN service Ivanti Connect Secure and network ...
5 months ago Go.theregister.com
Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
4 months ago Bleepingcomputer.com
Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
5 months ago Bleepingcomputer.com
CISO Corner: CIO Convergence, 10 Critical Security Metrics, & Ivanti Fallout - Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. Boards of directors don't care about a security program's minute technical details. With the US Securities and ...
4 months ago Darkreading.com
Ivanti US Faces Security Crisis, Threatening Worldwide Systems - In a recent development, a critical server-side request forgery vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being ...
4 months ago Cysecurity.news
Azure Serial Console Attack and Defense - This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders' preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various ...
6 months ago Msrc.microsoft.com
Signing Executables With Azure DevOps - This signing tool is compatible with all major executable files and works impeccably with all OV and EV code signing certificates. It's mostly used with Azure DevOps due to the benefit of Azure Key Vault. Here, you will undergo the complete procedure ...
6 months ago Feeds.dzone.com
Azure MACC Credits Gathering Dust? Use Them to Get the Best Prevention-First Security - As we enter 2024, your organization may have unused MACC or Azure commit-to-consume credits as your annual renewal date draws near. Whether you have credits that will soon expire or are starting to plan your Azure spend for the next 12 months, Check ...
5 months ago Blog.checkpoint.com
Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware - Hackers exploit unpatched Ivanti vulnerabilities to deploy malware on Linux systems. Magnet Goblin targets businesses using outdated software. Patch immediately and implement strong security measures to protect against these attacks. Cybersecurity ...
3 months ago Hackread.com
Fortifying confidential computing in Microsoft Azure - I wrote about how Microsoft used Intel's secure extensions to its processor instruction sets to provide a foundation for confidential computing in Azure a few years ago. In the years since, the confidential computing market has taken a few steps ...
6 months ago Infoworld.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)