Skip navigation

Category Archives: Vulnerability Management

SQL Injection vulnerability in Ivanti endpoint Manager is patched

https://www.bankinfosecurity.com/ivanti-patches-critical-endpoint-security-vulnerability-a-24046

Report: Comcast waits on critical Citrix zero-day vulnerability and loses data for 36 million customers. Change passwords now.

https://arstechnica.com/security/2023/12/hack-of-unpatched-comcast-servers-results-in-stolen-personal-data-including-passwords/

Customer data including PII and security questions have been taken.

RCE Vulnerability in Apache Struts2

There is a new vulnerability in Apache Struts2.

If you don’t know, previous vulnerabilities were devastating to infrastructures; to the extent that we still see the attack vector being attempted. Affected versions are:

  • Apache Struts 2.0.0 through 2.5.32
  • Apache Struts 6.0.0 through 6.3.0.1
Apache Struts2 Remote Code Execution Vulnerability (CVE-2023-50164)

https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj

Ivanti Connect Secure/Pulse Secure

If you are not caught up on patches, get so quickly. In addition to password spraying, we are seeing a large pickup in exploit attempts. The most recent version is Release 9.1R18.2 PRs. You can find the notes here: https://help.ivanti.com/ps/help/en_US/ICS/9.1RX/rn-9.1R18.2/fixed-issues.htm. It was only May, 2021 when actors were exploiting zero-days. The impact of that vulnerability caused Pulse Secure to release an Integrity Tool to check if files had been modified on the appliances.

Now might be a good time to refamiliarize yourself with the tool if you are not familiar https://forums.ivanti.com/s/article/KB44755?language=en_US

Ivanti Best Practices Guide https://forums.ivanti.com/s/article/KB29805?language=en_US&kA1j0000000Fil5=

Over 20k Microsoft Exchange servers risked in exploitable vulnerabilities

https://www.bleepingcomputer.com/news/security/over-20-000-vulnerable-microsoft-exchange-servers-exposed-to-attacks/

Some of these CVEs go back years, including the days of ProxyLogon shell attacks. All these have patches available. There are some 30.5k unsupported versions of Exchange as of November, 2023. Read more here.

60 Credit Unions affected by ransomware in likely supply chain attack

https://www.theregister.com/2023/12/02/ransomware_infection_credit_unions/

Related Articles

https://www.cnn.com/2023/12/01/politics/ransomware-attack-credit-unions/index.html

https://abc7.com/ransomware-attack-in-us-credit-union-outages-trellance-cyberattack-ncua/14133374/

https://www.msn.com/en-us/money/other/60-us-credit-unions-offline-after-ransomware-infects-backend-cloud-outfit/ar-AA1kRVhA

Zero-Day in Progress MOVEit file transfer software allows SQL Injection attack to gain access, create files, and data exfiltration

There are ~2,500 MOVEit servers available on the internet as of 6/1/2023. This is still developing. There are plenty of sources out there and it looks like these attacks started as resent as 5/27/2023.

https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response

https://www.bleepingcomputer.com/news/security/new-moveit-transfer-zero-day-mass-exploited-in-data-theft-attacks/

https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/