Weekly Cyber News Roundup

April 1st to April 7th 2024

Content 

01. News Bites
  • Ivanti patch several more other security flaws, impacting Connect Secure and Policy Secure Gateways

  • Newly found XZ Utility backdoor vulnerability, what is it? And why has it been the most talked about vulnerability this week? 

  •  WordPress plugin affects close to 1 Million websites 

  • ATA Lawsuit over 73Million customer breach 

02. Conclusion

Quick News Bites

Ivanti patch several more other security flaws, impacting Connect Secure and Policy Secure Gateways

 

The recent disclosure of three vulnerabilities in Ivanti VPN gateway software highlights the significant threat to organisations relying on VPN solutions for secure remote access. The vulnerability, which could allow remote code execution (RCE) and denial of service (DoS) attacks, underlines the critical importance of securing VPN infrastructure.  

 

Tracked as CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow) and CVE-2024-22023 (XML entity expansion or XXE). Exploitation of these vulnerabilities could enable threat actors to execute arbitrary code remotely leading to unauthorised access, data breaches and compromise of sensitive information on compromised Ivanti VPN systems.  CVE-2024-22023 presents a distinct threat by enabling attackers to conduct a denial-of-service attacks, disrupting normal system operations and potentially causing significant downtime and service disruptions. 

 

Integrity360 are no strangers to unpatched vulnerabilities being the source of a compromise and initial access vector to threat actors. Organisations with Ivanti appliances should prioritise applying security updates provided by Ivanti as soon as possible. 

 

Newly found XZ Utility backdoor vulnerability, what is it? And why has it been the most talked about vulnerability this week? 

 

The biggest news talked about this week in the cyber world is the XZ Utility backdoor vulnerability. XZ Utility is a set of free/well-known and used Linux distributer has issued a warning which represents a critical threat to the security of Linux Systems worldwide. Red Hat posted a comments on Friday which read: “Please immediately stop usage of any fedora 41 or fedora rawhide instances for work or personal activity” If you are using versions 5.6.0 or 5.6.1, you are advised to immediately downgrade to older versions that do not contain the malicious code, as Debian’s security team and other distributers have also reverted back to 5.4.X version of XZ utility. 

 

At the moment there has been no reported signs of compromised through the XZ backdoor vulnerability. However, if you are using the vulnerable version of XZ Utility we advise that you downgrade immediately or revert to a previous installation of your Linux operating system, which contains the stable version.  

 

WordPress plugin affects close to 1 Million websites 

 

Popular WordPress plugin LayerSlider has been found to be vulnerable to unauthenticated SQL injection attack. LayerSlider is a popular versatile plugin used for creating responsive sliders, slideshows and animated content on websites, it is widely used to enhance the visual appeal of WordPress websites. The current vulnerability is tracked as CVE-2024-2879- vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query; giving a CVSS score of 9.8, making it an extremely critical vulnerability.

The widespread use of LayerSlider across numerous WordPress sites amplifies the impact of this vulnerability, making it an attractive target for threat actors seeking to exploit vulnerable systems at scale. Threat actors can possibility leverage the unauthenticated vulnerability in order to append additional SQL queries into already existing queries the can then be used to extract sensitive information from the database, which is the process of SQL injection attacks.

A patch for this vulnerability is available with version 7.10.1 , which addresses the critical vulnerability within the LayerSlider plugin. Integrity360 implementing robust security measures such as Web application firewalls (WAFs) can help detect attacks targeting vulnerable WordPress Plugins.

ATA Lawsuit over 73Million customer breach 

 

ATA are currently facing legal repercussions following a significant data breach which affected 73 Million current and former customers. Multiple lawsuits have been filed against the telecommunications giant in response to the breach, signalling the potential for substantial financial and reputational damage.   

 

The data breach has resulted in the exposure of sensitive customer information which includes: Names, addresses, phone numbers, dates of birth, email addresses and most importantly social security numbers, which has raised concerns about privacy violations, identity theft and other forms of fraud, which happens to be a massive problem in America and other parts of the world, when information is stolen. 

 

As the legal proceedings unfold, AT&T will face scrutiny over its data protection practices and may be required to implement additional security measures to prevent future breaches and restore customer trust. Integrity360 would like to remind organisations that this incident servers as a strict reminder of the importance of robust cybersecurity measures and regulatory compliance in safeguarding customer data and mitigating the risk of costly consequences, especially as here in the UK and Europe our laws and regulations align with GDPR, which can costs you millions out of pockets due to negligence of security.  

 

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.

Security-first-stacked-logo4-No-Padding

Cyber Security Conference

STOCKHOLM | 17 October 2023

Integrity360's flagship conference Security First comes to Stockholm in 2023!

Join leading cybersecurity experts from across the community as we explore the latest threats and industry trends, and learn practical strategies to safeguard your organisation.