Security News

Organizations continue to run insecure protocols across their wide access networks, making it easier for cybercriminals to move across networks, according to a Cato Networks survey. The Cato CTRL SASE Threat Report Q1 2024 provides insight into the security threats and their identifying network characteristics for all aggregate traffic-regardless of whether they emanate from or are destined for the internet or the WAN-and for all endpoints across sites, remote users, and cloud resources.

Google has fixed a Chrome zero-day vulnerability, an exploit for which exists in the wild."Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," CIS explains.

Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities affecting F5's BIG-IP Next Central Manager. BIG-IP Next Central Manager allows users to centrally control their BIG-IP Next instances and services.

The US Cybersecurity and Infrastructure Agency has announced the creation of "Vulnrichment," a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database's recent slowdown. Since 1999, NVD analysts have been adding CVE-numbered vulnerabilities to the database, after analyzing public data about them to "Enrich" each entry with impact metrics, vulnerability types, applicability statements, links to security advisories, and more.

Researchers have brought to light a new attack method - dubbed TunnelVision and uniquely identified as CVE-2024-3661 - that can be used to intercept and snoop on VPN users' traffic by attackers who are on the same local network. "Luckily, most users who use commercial VPNs are sending web traffic which is mostly HTTPS. HTTPS traffic looks like gibberish to attackers using TunnelVision, but they know who you are sending that gibberish to which can be an issue," the researchers noted.

Veeam has patched a high-severity vulnerability in Veeam Service Provider Console and is urging customers to implement the patch. Veeam Service Provider Console is a cloud platform used by managed services providers and enterprises to manage and monitor data backup operations.

Patch network security isn't applicable in the same way for cloud environments, and few cloud providers assign Common Vulnerabilities and Exposures identifiers to vulnerabilities. For vulnerability management teams who talk exclusively in this CVE-based construct, the lack of CVEs in cloud services is a significant challenge.

There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has confirmed on Monday, but they are "Not aware at this time of any malicious attempts to use these persistence techniques in active exploitation of the vulnerability." On April 12, Palo Alto Networks warned about limited attacks against internet-exposed firewalls, likely by a state-backed threat actor, who managed to install backdoors, grab sensitive data, and move laterally through target organizations' networks.

A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances used on government networks across the globe and use two zero-day vulnerabilities to install backdoors on them, Cisco Talos researchers have shared on Wednesday."On a compromised ASA, the attackers submit shellcode via the host-scan-reply field, which is then parsed by the Line Dancer implant. The host-scan-reply field, typically used in later parts of the SSL VPN session establishment process, is processed by ASA devices configured for SSL VPN, IPsec IKEv2 VPN with 'client-services' or HTTPS management access," the researchers explained.

More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability in Flowmon, Progress Software's network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month.