A new ChromeLoader campaign is underway, infecting visitors of warez and pirated movie sites with a new variant of the search hijacker and adware browser extension named Shampoo. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
A new ChromeLoader campaign is underway, infecting visitors of warez and pirated movie sites with a new variant of the search hijacker and adware browser extension named Shampoo. […] Read More
BleepingComputer
133,000+ Vulnerable FortiOS/FortiProxy Instances : Exploitation Started
[[{“value”:”
A critical security vulnerability has been identified in Fortinet’s FortiOS and FortiProxy, potentially affecting over 133,000 devices worldwide.
The flaw, tracked as CVE-2024-21762, is an out-of-bounds write vulnerability that could allow a remote, unauthenticated attacker to execute arbitrary code or commands through specially crafted HTTP requests.
The vulnerability has been assigned a Common Vulnerability Scoring System (CVSS) score of 9.6, indicating its critical severity.
Fortinet has acknowledged that CVE-2024-21762 is “potentially being exploited in the wild,” urging users to apply the necessary updates to mitigate the risk.
Document
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
Fortiguard has identified an out-of-bounds write vulnerability [CWE-787] in FortiOS and FortiProxy.
A remote attacker can exploit this vulnerability without authentication, using specially crafted HTTP requests.
As a result, the attacker can execute arbitrary code or commands on the vulnerable device.
According to a recent tweet from ShadowServer, Fortinet is still vulnerable to attacks, with over 133,000 instances at risk.
This means that bad actors could exploit a potentially large attack surface.
Fortinet advisory: https://t.co/KIdrmN73EK
We still see over 133 000 vulnerable instances, so a potentially large attack surface https://t.co/u9jJqovlKY
— Shadowserver (@Shadowserver) March 18, 2024
The affected versions of FortiOS and FortiProxy, along with the recommended solutions, are as follows:
FortiOS 7.4: Versions 7.4.0 through 7.4.2 should be upgraded to 7.4.3 or above.
FortiOS 7.2: Versions 7.2.0 through 7.2.6 should be upgraded to 7.2.7 or above.
FortiOS 7.0: Versions 7.0.0 through 7.0.13 should be upgraded to 7.0.14 or above.
FortiOS 6.4: Versions 6.4.0 through 6.4.14 should be upgraded to 6.4.15 or above.
FortiOS 6.2: Versions 6.2.0 through 6.2.15 should be upgraded to 6.2.16 or above.
FortiOS 6.0: Versions 6.0.0 through 6.0.17 should be upgraded to 6.0.18 or above.
FortiProxy 7.4: Versions 7.4.0 through 7.4.2 should be upgraded to 7.4.3 or above.
FortiProxy 7.2: Versions 7.2.0 through 7.2.8 should be upgraded to 7.2.9 or above.
FortiProxy 7.0: Versions 7.0.0 through 7.0.14 should be upgraded to 7.0.15 or above.
FortiProxy 2.0: Versions 2.0.0 through 2.0.13 should be upgraded to 2.0.14 or above.
FortiProxy 1.2, 1.1, and 1.0: All versions should migrate to a fixed release.
Users can follow the recommended upgrade path using Fortinet’s upgrade tool.
As a temporary measure, Fortinet advises disabling the SSL VPN feature, noting that simply disabling web mode is not a valid workaround.
In another tweet, ShadowServer published a detailed analysis of a vulnerability/exploit related to Fortinet CVE-2024-21762.
They have observed exploitation attempts executing callbacks since March 17th UTC.
The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that CVE-2024-21762 has been exploited by adding it to its Known Exploited Vulnerabilities Catalog.
The vulnerability has been exploited by attackers actively seeking to compromise devices that have not yet been patched.
Most potential targets are in the United States, India, Brazil, and Canada.
The urgency to patch the vulnerability is underscored by the high CVSS score and the ease of exploitation, which could grant attackers access to sensitive information.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post 133,000+ Vulnerable FortiOS/FortiProxy Instances : Exploitation Started appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
The Journey of ‘Cyber for Builders’ with Ross Haleliuk.
The author of the viral cyber bestseller Cyber for Builders joins us today! If you ever wanted to write a book, but couldn’t overcome time constraints, procrastination, or even resources, then this episode is tailor-made just for you. Meet Ross Haleliuk, Best Selling Author of Cyber for Builders, Head of Product at LimaCharlie, and Angel/Syndicate Co-Lead plus Blogger at Venture in Security. Ross started to write Cyber for Builders during the weekend and in his free time, inspired by a big gap he noticed in cybersecurity business advice. His story on today’s episode and the book itself aren’t just a reflection of the challenges of starting a cybersecurity business, but also how writing can fill gaps and share crucial insights with others. Read More
The CyberWire
3 New Apple Zero-day Vulnerabilities Patched in Emergency Update
Three new vulnerabilities have been discovered in multiple Apple products, including iPhone (iOS), iPadOS, watchOS, Safari, macOS and multiple versions of these products. These vulnerabilities have been confirmed as a Zero-Day by Apple.
In response to these findings, Apple has released multiple security advisories addressing these vulnerabilities. CVE IDs have been assigned for these vulnerabilities, which are CVE-2023-41991, CVE-2023-41992, and CVE-2023-4199.
The first Zero day was given the CVE ID CVE-2023-41991 associated with a Signature Validation Bypass. A threat actor can exploit this particular vulnerability by using a malicious app, which could result in bypassing the certificate validation.
The second Zero Day was given the CVE ID CVE-2023-41992, which points to a Privilege Escalation Vulnerability that a threat actor can exploit to gain escalated privileges on affected Apple products.
The third Zero Day was given the CVE ID CVE-2023-41992, which is related to an arbitrary code execution vulnerability that threat actors can exploit for executing arbitrary code on affected Apple products.
The National Vulnerability Database (NVD) has yet to categorize the severity of these vulnerabilities. Apple stated that they are aware of the report that threat actors may have actively exploited these vulnerabilities.
As part of fixing these vulnerabilities, Apple has released multiple security advisories for iOS 16.7 & iPadOS 16.7, iOS 17.0.1 & iPadOS 17.0.1, macOS Monterey 12.7, macOS Ventura 13.6, watchOS 9.6.3, watchOS 10.0.1 and Safari 16.6.1. These advisories have been released as an emergency update by Apple to prevent these vulnerabilities from being exploited.
As per the security advisories, the affected products have been fixed in the following versions: iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, macOS Monterey 12.7, macOS Ventura 13.6, watchOS 9.6.3, watchOS 10.0.1 & Safari 16.6.1.
Users of these Apple products have been advised to upgrade to the latest versions to prevent these vulnerabilities from getting exploited.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
The post 3 New Apple Zero-day Vulnerabilities Patched in Emergency Update appeared first on Cyber Security News.
Cyber Security News