🚨 Cybersecurity Weekly Insights 🚨

✅Weekly general new public vulnerabilities report! 🔥

Feb 26, 2024

Welcome to this week's edition of Cybersecurity Weekly Insights! 💻🔒 We're diving deep into the dynamic and ever-evolving world of cybersecurity vulnerabilities, bringing you the latest trends, critical updates, and insightful analysis. Whether you're a tech enthusiast, a business owner, or just keen on keeping your digital world secure, we've got something for everyone. Let's unravel the complexities of cybersecurity together, making it accessible and understandable for all. Buckle up for an informative journey through the latest in vulnerability disclosures, comparisons, classifications, and much more!

All the information provided in this post has been extracted from the National Vulnerability Database (NVD) from National Institute of Standards and Technologies (NIST) from the government of US.

A digital fortress standing on a cloud, surrounded by various cybersecurity symbols like locks, shields, and binary code, illustrating the concept of strong cybersecurity measures protecting digital assets in a cloud computing environment. The scene is set against a backdrop of a cybernetic sky filled with data streams, emphasizing the importance of cybersecurity in the digital age. The image should convey a sense of robust security and the ongoing battle against cyber threats, symbolizing the vigilance required to safeguard information in the cloud.

1. Weekly Vulnerability Overview

This week has been bustling with cybersecurity activity, with a total of 540 vulnerabilities reported, categorized as follows

296 OTHERS
13 LOW
117 MEDIUM
75 HIGH
39 CRITICAL

Conclusion: The prevalence of "OTHERS" and "MEDIUM" vulnerabilities suggests a varied threat landscape. It's crucial for organizations and individuals to stay vigilant and promptly address the vulnerabilities, especially the 39 CRITICAL ones, to mitigate potential risks.

2. Vulnerability Comparison: This Week vs. Last Week

Comparing the data from the current week to the previous one, we observe a significant shift in the cybersecurity landscape:

OTHERS: Increased from 199 to 296
LOW: Decreased from 22 to 13
MEDIUM: Decreased from 219 to 117
HIGH: Decreased from 177 to 75
CRITICAL: Decreased slightly from 42 to 39

Conclusion: There's a notable increase in "OTHERS" category vulnerabilities, while "MEDIUM", "HIGH", and "CRITICAL" vulnerabilities have decreased. This trend might indicate a diversification in the types of vulnerabilities being discovered.

3. Classification of Vulnerabilities per Status

The vulnerabilities are currently classified as follows per their status:

Received: 20
Awaiting Analysis: 457
Undergoing Analysis: 0
Analyzed: 4
Modified: 0
Deferred: 0
Rejected: 59

Conclusion: The high number of vulnerabilities "Awaiting Analysis" underscores the constant influx of new threats and the importance of timely vulnerability management and analysis.

4. Top 10 Companies Reporting Vulnerabilities

The leaderboard for vulnerability reports is as follows:

Mitre: 104
Intel: 54
GitHub: 44
VulDB: 34
Liferay: 27
Apple: 26
Autodesk: 19
Wordfence: 18
Mozilla: 17
Patchstack: 12

Conclusion: Mitre tops the chart, highlighting its significant role in vulnerability disclosure. Tech giants like Intel, Apple, and newer entries reflect the diverse sources of vulnerability reports.

5. Vulnerabilities per Category

The breakdown of vulnerabilities by category is as follows:

RCE (Remote Code Execution): 15
SQL Injection: 23
XSS (Cross-Site Scripting): 57
Insecure Deserialization: 1
Misconfiguration: 0

Conclusion: XSS vulnerabilities lead the pack, emphasizing the ongoing challenges in web application security and the importance of secure coding practices.

6. Vulnerabilities in Famous Companies

Microsoft: 4
Apple: 1
Google: 10
Amazon, Oracle, Adobe, SAP: 0
Cisco: 1
IBM: 5
Meta: 1
Intel: 2

Conclusion: Even the most prominent tech companies are not immune to vulnerabilities, with Google and IBM experiencing multiple issues this week.

7. Top 10 Critical Vulnerabilities

Let's dive into the top 10 critical vulnerabilities of this period with energy, enthusiasm, and, most importantly, solutions to keep you secure! 🌟🛡️

1. CVE-2024-1597: CRITICAL: 10.0

Issue: SQL Injection in pgjdbc. Solution: Users should upgrade to versions 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, or 42.2.8 to mitigate this vulnerability. Stay safe by keeping your software up-to-date!

2. CVE-2024-1297: CRITICAL: 10.0

Issue: OS Command Injection in Loomio 2.22.0.

Solution: It's crucial to monitor Loomio's updates for a security patch addressing this issue. In the meantime, restrict access to trusted users only.

3. CVE-2024-1651: CRITICAL: 10.0

Issue: Insecure deserialization in Torrentpier 2.4.1.

Solution: Limit the application's exposure to untrusted networks and watch out for an update or patch from Torrentpier that resolves this vulnerability.

4. CVE-2023-45318: CRITICAL: 10.0

Issue: Heap-based buffer overflow in Weston Embedded uC-HTTP.

Solution: Ensure your systems are behind a firewall and restrict access to necessary ports only. Contact Weston Embedded for a patch or workaround.

5. CVE-2024-1709: CRITICAL: 10.0

Issue: Authentication Bypass in ConnectWise ScreenConnect 23.9.7 and prior.

Solution: Update to the latest version of ScreenConnect as soon as the fix is released. Ensure your systems are accessible only to trusted networks in the meantime.

6. CVE-2024-1212: CRITICAL: 10.0

Issue: Arbitrary system command execution through LoadMaster management interface.

Solution: Disable remote management access if not needed and ensure your system's software is kept up-to-date with the latest security patches.

7. CVE-2024-1644: CRITICAL: 9.9

Issue: Local File Inclusion (LFI) in Suite CRM 7.14.2.

Solution: Restrict file permissions and access to the application, and stay tuned for an official update or patch from Suite CRM.

8. CVE-2024-21795: CRITICAL: 9.8

Issue: Heap-based buffer overflow in libbiosig 2.5.0.

Solution: Avoid opening files from untrusted sources and update libbiosig once a fix is made available.

9. CVE-2024-21812: CRITICAL: 9.8

Issue: Integer overflow in libbiosig 2.5.0.

Solution: Practice caution with file sources and update to a patched version of libbiosig as soon as it's released.

10. CVE-2024-22097: CRITICAL: 9.8

Issue: Double-free vulnerability in libbiosig.

Solution: Similar to the other libbiosig issues, refrain from processing untrusted files and apply updates promptly upon release.

8. Public Exploits for Top 10 Vulnerabilities

1. CVE-2024-1651: Torrentpier v2.4.1 Remote Code Execution (RCE)

Repository: CVE-2024-1651-PoC
URL: https://github.com/sharpicx/CVE-2024-1651-PoC
Description: This proof of concept (PoC) demonstrates how an attacker can exploit the insecure deserialization vulnerability in Torrentpier version 2.4.1 to execute arbitrary code on the server. By crafting a malicious serialized object, an attacker can remotely execute commands without authentication, potentially taking over the server.
Impact: This exploit highlights the severity of the vulnerability, allowing for complete control over the affected system.
Mitigation: It's critical to limit the application's exposure to the internet, apply strict access controls, and update the application as soon as a security patch is available.

2. CVE-2024-1709: ConnectWise ScreenConnect Authentication Bypass Leading to Remote Code Execution

Repository: ScreenConnect-AuthBypass-RCE
URL: https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE
Description: This repository contains a tool that exploits the authentication bypass vulnerability in ConnectWise ScreenConnect 23.9.7 and earlier. The exploit allows unauthorized attackers to bypass authentication mechanisms and execute code on the server, potentially leading to full system compromise.
Impact: The exploit demonstrates a critical security flaw in ScreenConnect that could lead to unauthorized access and control of the affected systems.
Mitigation: Immediate action is required to patch affected systems, restrict access to the management interface, and monitor for unusual activity.
Repository: CVE-2024-1709
URL: https://github.com/HussainFathy/CVE-2024-1709
Description: This repository provides a scanner for identifying vulnerable instances of ConnectWise SecureConnect. It aids in the identification of systems susceptible to the authentication bypass vulnerability, helping administrators to quickly locate and secure affected systems.
Impact: By facilitating the identification of vulnerable systems, this tool is crucial for remediation efforts, but it also highlights the potential for widespread exploitation if the vulnerability is not addressed promptly.
Mitigation: Utilize this scanning tool to identify and patch vulnerable instances, enforce strong access controls, and ensure that security best practices are followed.

Note: For vulnerabilities without identified public exploits, the necessary details have been omitted for brevity.

Conclusion: Pattern Analysis

This week's analysis reveals a significant diversification in the types of vulnerabilities, with a notable increase in "OTHERS" and a decrease in "MEDIUM", "HIGH", and "CRITICAL" categories. The data suggests a complex threat landscape, requiring continuous vigilance and proactive security measures. Organizations and individuals alike must prioritize the update and patch management process, especially for critical vulnerabilities, to protect against potential cyber threats. Stay informed, stay secure! 🛡️💡

Stay safe and secure, and see you in the next edition of Cybersecurity Weekly Insights!

Hardsoft Security Newsletter

Discussion about this post