15 Nov 2024
Week in review
Greetings,
The countdown to AUSCERT2025 is on! The call for presentations opens this Tuesday, 19th November, so now’s the time to start planning. If you have a topic you’re passionate about, take this opportunity to organise your ideas and submit a proposal. Don’t miss your chance to contribute, share insights, and connect with the cyber security community!
The November 2024 Patch Tuesday from Microsoft addresses 89 vulnerabilities, including four critical zero-day flaws. Notable fixes include Microsoft Exchange and Windows, which hackers have actively exploited. Three of the zero-days are escalation of privilege vulnerabilities, allowing attackers to gain higher access rights, while the fourth is a security feature bypass. The update covers a range of products, underscoring the importance of timely patching to avoid potential exploitation. Full details and patch links are available on Microsoft’s security update page.
The Five Eyes alliance (US, UK, Australia, Canada, and New Zealand) has issued a warning on the increasing exploitation of zero-day vulnerabilities, marking a shift from previous years when older software flaws were more commonly targeted. Their advisory lists the top 15 most exploited vulnerabilities in 2023, led by CVE-2023-3519 in Citrix’s NetScaler, which has been linked to large-scale attacks by actors possibly associated with China. With most of 2023’s vulnerabilities initially exploited as zero-days—a trend continuing into 2024—the alliance agencies’ urge organisations and vendors to prioritise rapid patching and invest in secure-by-design practices to better mitigate these evolving threats.
Final reminder for our Brisbane-based members, next week’s festive Members’ Meet-Up is the perfect chance to connect with fellow cyber security professionals, exchange ideas, and start planning for the year ahead. Enjoy a festive drink, reconnect with old friends, and make new ones! If you haven’t already, be sure to register to secure your spot. This meet-up promises engaging discussions, valuable insights, and a wonderful opportunity to strengthen our local cyber security community. We’re excited to see you there!
Citrix ‘Recording Manager’ Zero-Day Bug Allows Unauthenticated RCE
Date: 2024-11-13
Author: Dark Reading
An unpatched zero-day vulnerability in Citrix’s Session Recording Manager allows unauthenticated remote code execution (RCE, paving the way for data theft, lateral movement, and desktop takeover.
According to watchTowr research out today, the issue (which does not yet have a CVE or CVSS score) resides in Citrix’s Session Recording Manager, which, as its name implies, records user activity, including keyboard and mouse inputs, websites visited, video streams of desktop activity, and more.
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
Date: 2024-11-12
Author: Bleeping Computer
The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year.
A joint advisory published on Tuesday calls for organizations worldwide to immediately patch these security flaws and deploy patch management systems to minimize their networks’ exposure to potential attacks.
“In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets,” the cybersecurity agencies warned.
Ivanti Connect Secure, Policy Secure and Secure Access Client Affected by Critical Vulnerabilities
Date: 2024-11-12
Author: Security Online
Ivanti has released urgent security updates to address a range of vulnerabilities, including critical remote code execution (RCE) flaws, in its Connect Secure, Policy Secure, and Secure Access Client products. These vulnerabilities pose significant risks to organizations, potentially allowing attackers to gain unauthorized access, escalate privileges, and execute malicious code.
Veeam Patches High-Severity Vulnerability as Exploitation of Previous Flaw Expands
Date: 2024-11-11
Author: Security Week
Tracked as CVE-2024-40715 (CVSS score of 7.7), the bug can be exploited by a remote attacker by performing a man-in-the-middle (MiTM) attack to bypass authentication.
To address this flaw, Veeam has released a hotfix for Backup Enterprise Manager 12.2.0.334 and included the hotfix in repackaged images for Veeam Backup & Replication and Veeam Data Platform that were released on November 6.
SAP Patches High-Severity Vulnerability in Web Dispatcher
Date: 2024-11-12
Author: Security Week
Enterprise software maker SAP on Tuesday announced the release of eight new and two updated security notes as part of its November 2024 security updates.
Marked as ‘high priority’, the second most severe rating in SAP’s playbook, the most important of these notes resolves a high-severity vulnerability in Web Dispatcher, the appliance that distributes incoming requests to the adequate SAP instances.
In its advisory, SAP describes the security defect, which is tracked as CVE-2024-47590 (CVSS score of 8.8), as a cross-site scripting (XSS) bug.
ASB-2024.0229 – Microsoft Windows: CVSS (Max): 9.8
Microsoft’s November patch update addresses 89 vulnerabilities, including four zero-day flaws, two of which are actively being exploited.
ESB-2024.7366 – Google Chrome: CVSS (Max): 8.8*
Google announced the release of Chrome 131 to the stable channel, including patches for 12 vulnerabilities. For more information, refer to their security page.
ESB-2024.7374 – Adobe Commerce: CVSS (Max): 7.7
Adobe released a critical security update for Adobe Commerce which addresses a server-side request forgery (SSRF) vulnerability that could enable arbitrary code execution.
ESB-2024.7375 – Zoom: CVSS (Max): 8.5
Zoom has issued fixes for six vulnerabilities, including two high-severity issues that could enable remote attackers to escalate privileges or access sensitive information.
ESB-2024.7451 – Intel Server Board S2600ST Family: CVSS (Max): 8.2
Intel has issued 44 new advisories addressing over 80 vulnerabilities, with more than 20 classified as high severity.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
