Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities.jpg)
Cyber Security Briefing, 8-14 July
Three new vulnerabilities in MOVEit Transfer fixed
Progress Software has released security updates for three vulnerabilities affecting the MOVEit Transfer software.
- The first one, identified as CVE-2023-36934 and of critical severity, could allow unauthenticated attackers to gain unauthorised access to the MOVEit database and from there execute malware, manipulate files or extract information.
- Another vulnerability fixed was considered to be of high severity. Identified as CVE-2023-36932 it consists of a SQL injection flaw that can be exploited by logged-in threat actors to gain unauthorised access to the software database.
These two SQL injection security issues affect versions 12.1.11, 13.0.9, 13.1.7, 14.0.7, 14.1.8, 15.0.4 and earlier. The third security flaw fixed is CVE-2023-36933, which is a vulnerability that allows threat actors to unexpectedly close the MOVEit Transfer program. It affects versions 13.0.9, 13.1.7, 14.0.7, 14.1.8, and 15.0.4.
Progress Software has made the necessary updates available for all versions and strongly recommends users to upgrade to the latest version to reduce the risks posed by these vulnerabilities. In addition, due to recent events, the company announced that it plans to release MOVEit product updates every two months.
Apple 0-day vulnerability patched
Apple has released a new round of Rapid Security Response (RSR) updates to address a new 0-day vulnerability exploited in attacks affecting iPhones, Macs and iPads. The vulnerability has been classified as CVE-2023-37450 and was reported by an anonymous researcher.
Apple reports that it is aware that the 0-day vulnerability may have been actively exploited. The vulnerability has been found in the Apple-developed WebKit browser engine, and allows attackers to obtain arbitrary code execution on targeted devices by tricking users into opening web pages with maliciously crafted content.
The company has addressed this vulnerability with enhanced checks to mitigate exploitation attempts. Since the beginning of 2023, Apple has patched ten 0-day vulnerabilities affecting iPhones, Macs or iPads.
Microsoft fixes 132 vulnerabilities, including six 0-day flaws
Microsoft released its monthly security update to address a total of 130 vulnerabilities, including six 0-day flaws that have been actively exploited. Of the 130 vulnerabilities, nine were classified as critical and 121 as important.
Some of the actively exploited security holes include privilege elevation vulnerabilities in the Windows MSHTML platform (CVE-2023-32046), bypassing the Windows SmartScreen and Microsoft Outlook security feature (CVE-2023-32049 and CVE-2023-35311), privilege escalation of the Windows error reporting service (CVE-2023-36874), and remote execution of Office and Windows HTML code (CVE-2023-36884).
Other critical vulnerabilities were also published, including some that allow remote code execution. Microsoft urges its users to apply updates as quickly as possible to mitigate potential threats.
Critical vulnerability in Citrix Secure Access fixed
Citrix has issued a security advisory addressing a critical vulnerability that could allow threat actors to escalate their privileges if they have access to an endpoint with a standard user account.
The vulnerability, identified as CVE-2023-24492, has a CVSS of 9.8 and affects Citrix Secure Client for Ubuntu in versions prior to 23.5.2. Attackers can exploit this vulnerability to remotely execute malicious code on a user's device. This can be achieved by persuading the user to click on a malicious link and accept subsequent prompts.
Citrix also fixed another vulnerability recognised as CVE-2023-24491 (CVSS 7.8) that affects Citrix Desktop for Windows in versions prior to 23.5.1.3. This security flaw allows an authenticated attacker with access to a standard endpoint to elevate privileges to NT AUTHORITY SYSTEM. Both vulnerabilities were discovered by Rilke Petrosky of F2TC Cyber Security. Citrix recommends that users of these products upgrade to the latest versions to prevent exploitation.
Analysis of PyLoose, Python-based fileless malware
Researchers at Wiz.io have published an analysis of PyLoose, an innovative fileless malware that acts on cloud workloads. According to the researchers, this type of attack would have been used for cryptomining in up to 200 cases.
- Firstly, the attacker gains initial access via an exposed Jupyter Notebook service.
- Secondly, instead of writing payloads to disk, they exploit operating system features by decrypting and decompressing XMRig, loading it into memory via memfd, the Linux RAM-based file system.
- They finally run XMRig in memory, connected to a remote IP associated with the MoneroOcean mining cluster.
It is worth noting the complexity of detection by conventional security measures that this type of attack presents.
Image: rawpixel.com at Freepik.
