Microsoft has released software updates as part of its February 2024 Patch Tuesday. The updates fix a total of 73 vulnerabilities, including five critical ones and two zero-days. Administrators are advised to test and patch ASAP.
New Fortinet zero-day:
CVE-2024-21762 (9.6 critical) FortiOS - Out-of-bound Write in sslvpnd: A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
Note: This is potentially being exploited in the wild.
Citrix Hypervisor Security Bulletin for CVE-2023-46838. "An issue has been discovered that affects Citrix Hypervisor 8.2 CU1 LTSR and may allow malicious privileged code in a guest VM to cause the host to crash or become unresponsive." We have released a hotfix (NOTE: NOT A PROPER PATCH) to address this issue.
🔗 https://support.citrix.com/article/CTX587605/citrix-hypervisor-security-bulletin-for-cve202346838
Atlassian security advisory: 28 high-severity vulnerabilities which have been fixed. I want to call attention to CVE-2023-22527, which has a maximum CVSSv3 score of 10.0 RCE (Remote Code Execution) Vulnerability in Out-of-Date Versions of Confluence Data Center and Server.
🔗 https://confluence.atlassian.com/security/security-bulletin-january-16-2024-1333335615.html
Citrix security advisory contains two zero-days: Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway):
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #02/2024 is out! It includes the following and much more:
➝ 🔓 🎽 Halara probes breach after hacker leaks data for 950,000 people
➝ 🔓 💥 #Mandiant's X Account Was Hacked Using Brute-Force Attack
➝ 🔓 🇵🇾 #Paraguay warns of Black Hunt #ransomware attacks after Tigo Business #breach
➝ 🇺🇸 💸 US SEC’s X account hacked to announce fake #Bitcoin ETF approval
➝ 🔓 🇨🇦 Toronto Zoo: Ransomware attack had no impact on animal #wellbeing
➝ 🔓 Mortgage firm loanDepot #cyberattack impacts IT systems, payment portal
➝ 🇫🇮 💸 #Finland warns of Akira ransomware wiping NAS and tape #backup devices
➝ 🇩🇰 🇷🇺 #Sandworm probably wasn’t behind Danish critical infrastructure cyberattack, report says
➝ 🇺🇦 🇷🇺 Pro-Ukraine hackers breach Russian ISP in revenge for #KyivStar attack
➝ 🇫🇷 🇺🇸 French Computer Hacker Jailed in US
➝ 🇳🇬 ⚖️ Nigerian gets 10 years for laundering millions stolen from elderly
➝ 🇹🇷 Turkish Hackers Exploiting Poorly Secured #MSSQL Servers Across the Globe
➝ 🇹🇷 🇳🇱 Turkish #Cyberspies Targeting Netherlands
➝ ☁️ 🇪🇺 #Microsoft Lets Cloud Users Keep Personal Data Within #Europe to Ease #Privacy Fears
➝ 🇺🇸 🇨🇳 #AI is helping US spies catch stealthy Chinese hacking ops, #NSA official says
➝ 🇱🇧 ✈️ Beirut Airport Screens Hacked with Anti-Hezbollah Message
➝ 🇸🇦 Saudi Ministry exposed sensitive data for 15 months
➝ 🇬🇷 #Greece to Establish New Authority to Counter Cyber-Attacks
➝ 🩹 #Siemens, #SchneiderElectric Release First #ICS Patch Tuesday Advisories of 2024
➝ 🐍 ☁️ New #Python-based FBot Hacking Toolkit Aims at #Cloud and #SaaS Platforms
➝ 🦠 📺 #YouTube Videos Promoting Cracked Software Distribute Lumma Stealer
➝ 🦠 🐧 #Linux devices are under attack by a never-before-seen worm
➝ 🦠 🇳🇱 Dutch Engineer Used Water Pump to Get Billion-Dollar #Stuxnet#Malware Into Iranian Nuclear Facility
➝ 🐡 🔐 DSA removal from #OpenSSH
➝ 🩹 #PatchTuesday
➝ 🐛 🔓 Actively exploited 0-days in #Ivanti VPN are letting hackers #backdoor networks
➝ 🔓 🔧 Hackers can infect network-connected wrenches to install ransomware
➝ 🇨🇳 🔓 #AirDrop cracked by #China, revealing phone number and email address of sender
➝ 🩹 #QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products
➝ 🐛 🔓 KyberSlash attacks put #quantum#encryption projects at risk
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
Juniper security advisory: 9 vulnerabilities have been resolved in Juniper Secure Analytics in 7.5.0 UP7 IF02. Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities. Highest severity vulnerability is local privilege escalation (LPE) CVE-2023-35788 (7.8 high) and CVE-2023-3899 (7.8 high) but don't just rely on the scores. Chinese state-sponsored actors target Juniper vulnerabilities. Link:https://supportportal.juniper.net/s/article/2023-11-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved?language=en_US
Luckily for all 5 security advisoriies: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."