Ethical Hacking News
The Five Eyes nations have released their list of the top 15 most exploited software flaws of 2023, highlighting the importance of patching routine initial exploitation of zero-day vulnerabilities. The list includes several well-known companies, such as Citrix and Microsoft, that were targeted by attackers due to unpatched vulnerabilities.
In order to stay safe in today's digital world, it is essential for individuals and organizations alike to take proactive measures to protect themselves against cyber threats. This includes regularly updating software and systems with the latest security patches, using secure-by-design products, and being vigilant with vulnerability management.
By staying informed about the most exploited vulnerabilities and taking steps to patch them promptly, individuals and organizations can significantly reduce their risk of being compromised by malicious actors. The Five Eyes nations' list serves as a reminder that cybersecurity is an ongoing effort that requires constant attention and vigilance.
The Five Eyes nations have released their list of the top 15 most exploited vulnerabilities in software, highlighting the importance of patching routine initial exploitation of zero-day vulnerabilities.Citrix and Cisco are among the top three most vulnerable companies due to issues with their operating systems.Fortinet's FortiOS is also vulnerable to a heap-based buffer overflow vulnerability, making it a target for attackers.Microsoft has multiple vulnerabilities on the list, including one in its netlogon protocol that was first spotted being attacked in September 2020.Other companies on the list include Barracuda Networks Email Security Gateway, Zoho, PaperCut, and JetBrains.The list serves as a wake-up call for organizations and individuals to stay on top of the latest security patches and vulnerabilities.
The world of cybersecurity has always been a cat-and-mouse game, where one side is constantly trying to outsmart the other. In recent years, this game has taken on a new level of complexity with the rise of advanced technologies and sophisticated cyber threats. As a result, it's become increasingly important for organizations to stay on top of the latest security patches and vulnerabilities.
In an effort to raise awareness about the most exploited software flaws of 2023, the Five Eyes nations (the UK, US, Canada, Australia, and New Zealand) have released their list of the top 15 most exploited vulnerabilities. This list serves as a wake-up call for organizations and individuals alike, highlighting the importance of patching routine initial exploitation of zero-day vulnerabilities.
According to Ollie Whitehouse, CTO of the UK's National Cyber Security Centre, "More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organizations and vendors alike as malicious actors seek to infiltrate networks." He emphasizes the need for all organizations to stay on the front foot by applying patches promptly and insisting upon secure-by-design products in the technology marketplace.
The top two spots on the list go to Citrix, which topped the chart with a remote code execution bug in versions 12 and 13 of NetScaler ADC and Gateway. The two platforms also got a second place spot due to sensitive information leaking when they are configured as a gateway or authentication, authorization and accounting (AAA) server.
Third and fourth positions on the list go to Cisco for issues with its IOS XE operating system. The worst issue saw attackers used paired issues to subvert the software – first by creating a local account and then elevating their privileges to root. The fourth most common route into the operating system was down to insufficient input validation that could also allow code to be run as root.
Another operating system in trouble – in fifth place – is Fortinet's FortiOS. The FortiProxy setup tool shares the problem: vulnerability to a heap-based buffer overflow vulnerability. Send the right request and it's open to remote code execution.
Admins can give thanks this November for dollops of Microsoft patches
Windows Themes zero-day bug exposes users to NTLM credential theft
Admins better Spring into action over latest critical open source vuln
Microsoft 'resolves' and 'mitigates' Windows Server 2025 update whoopsie
The list continues with an SQL injection vulnerability in Progress MOVEit Transfer that would allow an attacker to sniff around MySQL, Microsoft SQL Server, or Azure SQL databases. All versions of 2020.0 and 2019x are vulnerable and the flaw has been exploited in the wild since May.
At number eight, we have a blast from the past in the form of the Apache Log4j vulnerability from 2021 that caused havoc around the world. But it's still a serious issue, because many haven't patched log4j-core code.
In ninth place, we have Barracuda Networks Email Security Gateway, which is much beloved by Chinese attackers. Again, it's an input validation issue – but as it turns out, it's clearly still popular.
Tenth on the list is Zoho, a SaaS-y software vendor that took a serious and much exploited flaw in its ManageEngine tool. If an attacker sends a cunningly coded samlResponse XML to the ServiceDesk Plus SAML endpoint, it's game over. Thankfully only systems with SAML SSO activated are vulnerable.
Eleventh spot goes to PaperCut, a print management software seller that scored number 11 on the list, with a year-old flaw in its scripting that's being used to subvert systems. An attacker can bypass authentication completely to run a remote code attack.
Microsoft's first appearance on the list – at number 12 – is down to a venerable flaw in its netlogon protocol that was first spotted being attacked in September 2020. It's a pretty poor reflection on some people's patching protocols that this is still an issue.
The unlucky 13th spot goes to JetBrains, a Czech developer tools maker for an authentication bypass in its continuous integration server TeamCity. While not too old a vulnerability, JetBrains has had other problems in the past and could do with improving its relations with the security industry.
At number 14, Microsoft returns with an Outlook issue from March 2023. The vulnerability allows an attacker to escalate privileges, and Russia has been using this actively to go after Western critical infrastructure for the last year – so it's vital to fix.
Finally, open source file-sharing software biz ownCloud makes it on in last place with a CVSS 10-scoring flaw in its owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1 software. Attackers can use this flaw to steal admin passwords, mail server credentials, and license keys.
We cover these lists every year, but the same names keep cropping up. It's a good time to check and make sure you're fully covered – attackers certainly will.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/11/14/five_eyes_2023_top_vulnerabilities/
Published: Fri Nov 15 09:47:24 2024 by llama3.2 3B Q4_K_M
