🚨 Cybersecurity Weekly Roundup 🚨

✅Weekly general new public vulnerabilities report! 🔥

In this week's edition of our cybersecurity newsletter, we're diving deep into the latest vulnerabilities that have emerged, comparing trends with the previous week, and shining a spotlight on how companies and various sectors are affected. 🌐💻 With cybersecurity threats constantly evolving, staying informed is more critical than ever. Whether you're a tech aficionado or just keen on keeping your digital life secure, our roundup is packed with insights and actionable advice to help you navigate the cyber landscape. Let's get into the nitty-gritty of what's been happening in the cyber world!

All the information provided in this post has been extracted from the National Vulnerability Database (NVD) from National Institute of Standards and Technologies (NIST) from the government of US.

---

1. Weekly Vulnerability Insights

This week's vulnerability landscape presents a diverse array of security challenges across various severity levels. Here's a detailed breakdown of the vulnerabilities reported:

• OTHERS: 527 vulnerabilities

• LOW: 33 vulnerabilities

• MEDIUM: 278 vulnerabilities

• HIGH: 87 vulnerabilities

• CRITICAL: 27 vulnerabilities

This assortment of vulnerabilities, ranging from low to critical severity, underscores the ever-present and evolving nature of cybersecurity threats that organizations and individuals face. With a significant number of vulnerabilities identified, it's crucial to stay vigilant and proactive in implementing security measures.

Conclusion: The diversity and quantity of this week's reported vulnerabilities serve as a stark reminder of the continuous need for up-to-date security practices and the importance of monitoring and responding to new threats promptly. Keeping software and systems updated, along with adhering to best security practices, can significantly mitigate the risks posed by these vulnerabilities.

---

---

2. Vulnerability Trends: This Week vs. Last Week

Comparing the current period with the last, there's been a noticeable increase in several categories:

• OTHER vulnerabilities rose from 296 to 527.

• LOW vulnerabilities went up from 13 to 33.

• MEDIUM vulnerabilities increased from 117 to 278.

• HIGH vulnerabilities saw a slight uptick from 75 to 87.

• CRITICAL vulnerabilities decreased from 39 to 27.

Conclusion: While the decrease in critical vulnerabilities is a positive sign, the overall increase in vulnerabilities across other categories highlights a growing need for vigilance and proactive security measures.

---

3. Classification of Vulnerabilities by Status

Vulnerabilities have been found across various statuses:

• 80 Received

• 857 Awaiting Analysis

• 0 Undergoing Analysis

• 0 Analyzed

• 0 Modified

• 0 Deferred

• 15 Rejected

Conclusion: The large number of vulnerabilities awaiting analysis suggests a backlog in addressing and mitigating these threats, emphasizing the need for efficient vulnerability management processes.

---

4. Top 10 Companies Reporting Vulnerabilities

The leading companies in reporting vulnerabilities are:

1. Company 416baaa9 (286 vulnerabilities)

2. Mitre (188)

3. Wordfence (144)

4. VulDB (51)

5. Patchstack (44)

6. GitHub (36)

7. US (21)

8. Apache (21)

9. Huntr (15)

10. HQ (12)

Conclusion: The active reporting by these companies showcases their commitment to cybersecurity and the importance of community involvement in identifying and addressing vulnerabilities.

---

5. Vulnerabilities by Category

• RCE: 10 vulnerabilities

• SQL Injection: 35

• XSS: 119

• Insecure Deserialization: 1

• Misconfiguration: 0

Conclusion: The high number of XSS vulnerabilities points to the ongoing challenge of securing web applications against cross-site scripting attacks.

---

6. Famous Companies' Vulnerability Count

• Microsoft: 1

• Apple: 0

• Google: 15

• Amazon: 2

• Oracle: 0

• Cisco: 5

• Adobe: 7

• IBM: 22

• SAP: 0

• Meta: 1

• Intel: 3

Conclusion: The spread of vulnerabilities across major tech giants underscores the universal nature of cybersecurity challenges, no matter the size or scope of the company.

---

---

7. Top 10 Critical Vulnerabilities

Cybersecurity warriors, take note! We've rounded up the Top 10 critical vulnerabilities that have been making waves in the cyber sphere. But fear not, for each threat, we've got a solution to help you fortify your digital defenses. Let's dive in! 🛡️💥

1. CVE-2024-25913: CRITICAL:10.0

   • Description: Unrestricted Upload of File with Dangerous Type in Skymoonlabs MoveTo.

   • Solution: Ensure MoveTo is updated beyond version 6.2. Contact Skymoonlabs for the latest security patches and updates.

2. CVE-2024-25925: CRITICAL:10.0

   • Description: Unrestricted Upload of File with Dangerous Type in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.

   • Solution: Update WooCommerce Easy Checkout Field Editor, Fees & Discounts to a version later than 3.5.12. Keep an eye on SYSBASICS advisories for updates.

3. CVE-2024-1403: CRITICAL:10.0

   • Description: Authentication bypass in OpenEdge Authentication Gateway and AdminServer.

   • Solution: Upgrade to OpenEdge versions 11.7.19, 12.2.14, or 12.8.1, as these versions contain the necessary fixes for the vulnerability.

4. CVE-2024-27298: CRITICAL:10.0

   • Description: SQL injection in parse-server when configured with PostgreSQL database.

   • Solution: Update parse-server to version 6.5.0 or 7.0.0-alpha.20 where this vulnerability has been addressed.

5. CVE-2024-0455: CRITICAL:9.9

   • Description: Web scraper in AnythingLLM allows unauthorized access to EC2 instance credentials.

   • Solution: Ensure EC2 instances are configured with proper iptable or firewall rules to prevent unauthorized access. Review and limit the authorization levels within AnythingLLM.

6. CVE-2024-25909: CRITICAL:9.9

   • Description: Unrestricted Upload of File with Dangerous Type in JoomUnited WP Media folder.

   • Solution: Update WP Media folder to a version higher than 5.7.2. Regularly check JoomUnited for security advisories.

7. CVE-2024-1698: CRITICAL:9.8

   • Description: SQL Injection in NotificationX WordPress plugin.

   • Solution: Update the NotificationX plugin to version 2.8.3 or above where this vulnerability has been patched.

8. CVE-2024-27099: CRITICAL:9.8

   • Description: Double free problem in uAMQP could lead to RCE.

   • Solution: Apply the update from the submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987 or later to address the vulnerability.

9. CVE-2024-1514: CRITICAL:9.8

   • Description: Time-based blind SQL Injection in WP eCommerce plugin for WordPress.

   • Solution: Upgrade WP eCommerce to version 3.15.2 or above, where this issue has been fixed.

10. CVE-2024-25910: CRITICAL:9.8

    • Description: SQL Injection vulnerability in Skymoonlabs MoveTo.

    • Solution: Ensure MoveTo is updated past version 6.2 and regularly consult Skymoonlabs for security updates.

Conclusion: These critical vulnerabilities highlight the need for rigorous security measures and the importance of timely updates to protect against potential exploits.

---

8. Public Exploits

Currently, we have not identified public exploits for the top 10 vulnerabilities. This status underscores the importance of proactive security measures before exploits become widely available.

---

Pattern Analysis and Conclusion

This week's analysis reveals an upward trend in vulnerabilities across the board, with a significant jump in the 'Others' and 'Medium' categories. Despite a slight decrease in critical vulnerabilities, the overall increase underscores a heightened threat landscape. Organizations and individuals alike must prioritize cybersecurity, employing robust security protocols and staying abreast of updates to mitigate risks effectively. Remember, in the digital age, staying informed is your first line of defense. Stay safe, stay secure! 🛡️🔒