Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several vulnerabilities to its Known Exploited Vulnerabilities catalog, highlighting the growing concern for cybersecurity. These additions include CVE-2024-20481, a Denial-of-Service vulnerability in Cisco ASA and FTD products, as well as CVE-2024-37383, a Cross-Site Scripting vulnerability in RoundCube Webmail. Organizations must take proactive steps to protect themselves against these emerging threats and prioritize their cybersecurity capabilities.
CISA has added several vulnerabilities to its Known Exploited Vulnerabilities catalog, including CVE-2024-20481 and CVE-2024-37383. These vulnerabilities can be exploited by attackers to cause Denial-of-Service (DoS) or Cross-Site Scripting (XSS) attacks. Malicious actors such as APT28, LilacSquid APT, ShinyHunters, and Blackbasta group are targeting organizations with sophisticated threats. The growing concern for cybersecurity is underscored by the need for organizations to prioritize their cybersecurity capabilities and take proactive steps to protect themselves against emerging threats.
The world of cybersecurity is an ever-evolving and rapidly changing landscape, where threats are constantly emerging and evolving at an alarming rate. In order to stay ahead of these threats, organizations must be vigilant in their monitoring and detection capabilities. This is why the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added several vulnerabilities to its Known Exploited Vulnerabilities catalog. The latest additions include CVE-2024-20481, a Denial-of-Service vulnerability in Cisco ASA and FTD products, as well as CVE-2024-37383, a Cross-Site Scripting vulnerability in RoundCube Webmail.
The first vulnerability, CVE-2024-20481, is a serious flaw that can be exploited by an unauthenticated, remote attacker to cause a Denial-of-Service (DoS) of the Remote Access VPN (RAVPN) service. This means that an attacker could potentially exhaust resources on an affected device, resulting in a DoS and requiring a reload of the device to restore normal functionality. The Cisco Product Security Incident Response Team has confirmed that malicious use of this vulnerability is currently being observed in the wild.
The second vulnerability, CVE-2024-37383, is another serious flaw that can be exploited by an attacker to execute Cross-Site Scripting (XSS) attacks on RoundCube Webmail users. This means that an attacker could potentially steal sensitive information from affected users, including login credentials and other sensitive data. Researchers have discovered that this vulnerability was actively being targeted in a phishing campaign aimed at stealing user credentials.
In addition to these vulnerabilities, the CISA has also added several other flaws to its catalog, including a flaw in Apache Flink, a critical SQL Injection vulnerability in Ivanti Endpoint Manager (EPM), and a Denial-of-Service vulnerability in Cisco Firepower Management Center. These additions highlight the ever-evolving threat landscape and the need for organizations to stay vigilant in their cybersecurity capabilities.
The growing concern for cybersecurity is underscored by the recent activity of several malicious actors, including APT28, which has been targeting key networks in Europe with the HeadLace malware, and LilacSquid APT, which has been targeting organizations in the US, Europe, and Asia since at least 2021. These groups highlight the ongoing threat posed by sophisticated and well-funded adversaries.
Furthermore, the recent activity of malicious actors such as ShinyHunters, who have stolen data from over 30 million Santander customers, and Blackbasta group, which has claimed to have hacked Atlas, one of the largest US oil distributors, underscores the growing concern for cybersecurity. These incidents highlight the need for organizations to prioritize their cybersecurity capabilities and to take proactive steps to protect themselves against emerging threats.
In conclusion, the recent additions to CISA's Known Exploited Vulnerabilities catalog underscore the ever-evolving threat landscape and the need for organizations to stay vigilant in their cybersecurity capabilities. The growing concern for cybersecurity is underscored by the recent activity of several malicious actors, including APT28, LilacSquid APT, ShinyHunters, and Blackbasta group.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several vulnerabilities to its Known Exploited Vulnerabilities catalog, highlighting the growing concern for cybersecurity. These additions include CVE-2024-20481, a Denial-of-Service vulnerability in Cisco ASA and FTD products, as well as CVE-2024-37383, a Cross-Site Scripting vulnerability in RoundCube Webmail. Organizations must take proactive steps to protect themselves against these emerging threats and prioritize their cybersecurity capabilities.
Related Information:
https://securityaffairs.com/170231/security/u-s-cisa-adds-cisco-asa-and-ftd-and-roundcube-webmail-bugs-to-its-known-exploited-vulnerabilities-catalog.html
https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-adds-two-known-exploited-vulnerabilities-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2024-20481
https://www.cvedetails.com/cve/CVE-2024-20481/
https://nvd.nist.gov/vuln/detail/CVE-2024-37383
https://www.cvedetails.com/cve/CVE-2024-37383/
https://www.crowdstrike.com/en-us/blog/who-is-fancy-bear/
https://attack.mitre.org/groups/G0007/
https://www.cisa.gov/news-events/alerts/2024/05/10/cisa-and-partners-release-advisory-black-basta-ransomware
https://community.fortinet.com/t5/FortiRecon/Outbreak-Alert-Black-Basta-Ransomware/ta-p/314872
Published: Sat Oct 26 15:33:56 2024 by llama3.2 3B Q4_K_M
