Ivanti patch several more other security flaws, impacting Connect Secure and Policy Secure Gateways
The recent disclosure of three vulnerabilities in Ivanti VPN gateway software highlights the significant threat to organisations relying on VPN solutions for secure remote access. The vulnerability, which could allow remote code execution (RCE) and denial of service (DoS) attacks, underlines the critical importance of securing VPN infrastructure.
Tracked as CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow) and CVE-2024-22023 (XML entity expansion or XXE). Exploitation of these vulnerabilities could enable threat actors to execute arbitrary code remotely leading to unauthorised access, data breaches and compromise of sensitive information on compromised Ivanti VPN systems. CVE-2024-22023 presents a distinct threat by enabling attackers to conduct a denial-of-service attacks, disrupting normal system operations and potentially causing significant downtime and service disruptions.
Integrity360 are no strangers to unpatched vulnerabilities being the source of a compromise and initial access vector to threat actors. Organisations with Ivanti appliances should prioritise applying security updates provided by Ivanti as soon as possible.
Newly found XZ Utility backdoor vulnerability, what is it? And why has it been the most talked about vulnerability this week?
The biggest news talked about this week in the cyber world is the XZ Utility backdoor vulnerability. XZ Utility is a set of free/well-known and used Linux distributer has issued a warning which represents a critical threat to the security of Linux Systems worldwide. Red Hat posted a comments on Friday which read: “Please immediately stop usage of any fedora 41 or fedora rawhide instances for work or personal activity” If you are using versions 5.6.0 or 5.6.1, you are advised to immediately downgrade to older versions that do not contain the malicious code, as Debian’s security team and other distributers have also reverted back to 5.4.X version of XZ utility.
At the moment there has been no reported signs of compromised through the XZ backdoor vulnerability. However, if you are using the vulnerable version of XZ Utility we advise that you downgrade immediately or revert to a previous installation of your Linux operating system, which contains the stable version.
WordPress plugin affects close to 1 Million websites
Popular WordPress plugin LayerSlider has been found to be vulnerable to unauthenticated SQL injection attack. LayerSlider is a popular versatile plugin used for creating responsive sliders, slideshows and animated content on websites, it is widely used to enhance the visual appeal of WordPress websites. The current vulnerability is tracked as CVE-2024-2879- vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query; giving a CVSS score of 9.8, making it an extremely critical vulnerability.
The widespread use of LayerSlider across numerous WordPress sites amplifies the impact of this vulnerability, making it an attractive target for threat actors seeking to exploit vulnerable systems at scale. Threat actors can possibility leverage the unauthenticated vulnerability in order to append additional SQL queries into already existing queries the can then be used to extract sensitive information from the database, which is the process of SQL injection attacks.
A patch for this vulnerability is available with version 7.10.1 , which addresses the critical vulnerability within the LayerSlider plugin. Integrity360 implementing robust security measures such as Web application firewalls (WAFs) can help detect attacks targeting vulnerable WordPress Plugins.
ATA Lawsuit over 73Million customer breach
ATA are currently facing legal repercussions following a significant data breach which affected 73 Million current and former customers. Multiple lawsuits have been filed against the telecommunications giant in response to the breach, signalling the potential for substantial financial and reputational damage.
The data breach has resulted in the exposure of sensitive customer information which includes: Names, addresses, phone numbers, dates of birth, email addresses and most importantly social security numbers, which has raised concerns about privacy violations, identity theft and other forms of fraud, which happens to be a massive problem in America and other parts of the world, when information is stolen.
As the legal proceedings unfold, AT&T will face scrutiny over its data protection practices and may be required to implement additional security measures to prevent future breaches and restore customer trust. Integrity360 would like to remind organisations that this incident servers as a strict reminder of the importance of robust cybersecurity measures and regulatory compliance in safeguarding customer data and mitigating the risk of costly consequences, especially as here in the UK and Europe our laws and regulations align with GDPR, which can costs you millions out of pockets due to negligence of security.
