InfoSecBulletin Cybersecurity for mankind
VMware and Atlassian disclosed critical vulnerabilities today. Even though there have been no reports of misuse, administrators should update their systems as soon as possible to prevent any issues.
There are two problems reported by Atlassian. The most important one is CVE-2023-22527, which is a flaw in the template system that can be exploited for remote code execution attacks. It has a CVSS rating of 10 out of 10 and affects Confluence Data Center and Server 8 versions released before December 5, 2023. Another affected version is 8.4.5, which is no longer supported.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
The solution: “immediately” patch each affected installation by updating to the latest available version, according to the vendor.
Atlassian fixed a high-severity issue in the FasterXML Jackson Databind code used in some versions of Jira Software Data Center and Server. The bug, tracked as CVE-2020-25649, could allow XML external entity (XXE) attacks.
It’s a good idea to update both Confluence and Jira Software to the latest version, according to the collaboration business.
VMware bug CVE-2023-34063. It’s a problem with access control in Aria Automation versions prior to 8.16. VMware Cloud Foundation may be affected.
The bug has a high rating of 9.9 CVSS. VMware warns that if it is successfully exploited, it can allow unauthorized access to remote organizations and workflows. Luckily this one also has a fix, so upgrade to VMware Aria Automation 8.16, and then apply the patch.
As the virtualization giant notes: “The only supported upgrade path after applying the patch is to version 8.16. VMware strongly recommends this version. If you upgrade to an intermediate version, the vulnerability will be reintroduced, requiring an additional round of patching.”
VMware has no reports of exploitation so far. However, it is likely that potential attackers are already searching for vulnerable installations. Therefore, it is important to apply the fix promptly, before the software vendor is required to update its advisory.
