Today’s Cybersecurity Threats and Trends - 08/09/2024

Cisco's conundrum, Zombie Chrome, and AWS attacks...

1. Cisco SSM exploit allows admin swaps

Primary Threat: An exploit has been released for a critical vulnerability in Cisco's Smart Software Manager (SSM), allowing attackers to change admin passwords without proper authorization. This exploit could enable attackers to take full control of the SSM, potentially leading to significant network compromises. The vulnerability is particularly concerning for organizations relying on SSM for license management and software distribution, as an attacker could manipulate these services to spread malicious software across a network.

  • MITRE Tactics: Privilege Escalation, Execution

  • Risk: High – Unauthorized admin access and network-wide compromise.

2. Cisco IP phones face crushing code execution

Primary Threat: Cisco has issued a warning regarding critical remote code execution (RCE) zero-day vulnerabilities affecting end-of-life IP phones. (CVE-2024-20450, CVE-2024-20452, and CVE-2024-20454.) These flaws allow attackers to execute arbitrary code remotely, potentially taking control of the affected devices. The vulnerability is especially dangerous as the devices are no longer supported by Cisco, meaning there are no available patches. Organizations still using these phones are at risk of having their communications intercepted or disrupted by attackers.

  • MITRE Tactics: Execution, Persistence

  • Risk: High – Potential for complete device takeover and communication disruptions.

3. Attackers Assault Apache OFBiz RCE Flaw

Primary Threat: CISA has issued an alert about an actively exploited remote code execution (RCE) vulnerability in Apache OFBiz, a popular open-source enterprise resource planning (ERP) system. The flaw, tracked as CVE-2024-32113, allows attackers to execute arbitrary code on servers running vulnerable versions of Apache OFBiz. This vulnerability could lead to complete system compromise, particularly for organizations relying on OFBiz for business-critical operations.

  • MITRE Tactics: Initial Access, Execution

  • Risk: High – Full system compromise and data loss in business environments.

4. Forgotten Firefox and Chrome Flaw Resurfaces

Primary Threat: An 18-year-old security flaw, recently discovered in Firefox and Chrome, has been exploited in targeted attacks. The flaw, which had remained undetected for nearly two decades, allows attackers to execute code remotely and bypass security mechanisms in these popular browsers. This vulnerability poses a significant risk to users, particularly those who have not updated their browsers to the latest versions. Attackers leveraging this flaw could potentially gain control over affected devices or steal sensitive information.

  • MITRE Tactics: Execution, Privilege Escalation

  • Risk: High – Long-standing vulnerability leading to potential device compromise.

5. AWS S3 Shaken by Critical Cloud Vulnerabilities

Primary Threat: Researchers have discovered critical vulnerabilities in Amazon Web Services (AWS) that could allow attackers to exploit S3 buckets, leading to unauthorized data access and potential data breaches. These flaws in the AWS infrastructure could be used to manipulate permissions or bypass security controls, giving attackers the ability to access, modify, or delete data stored in S3 buckets. The vulnerabilities are particularly concerning for organizations that rely heavily on AWS for data storage and management.

  • MITRE Tactics: Initial Access, Collection

  • Risk: High – Unauthorized access to sensitive data and potential large-scale breaches.

IN SUMMARY:

Today’s cyber headlines are a mix of old, new, and dangerously revived threats!

Cisco has claimed the top two spots on the podium as it’s admin password bug and IP phone RCE have stolen the show... Meanwhile, an 18-year-old zombie flaw in Firefox and Chrome arose from the grave to attack unsuspecting browsers.

Even AWS isn’t safe, with critical vulnerabilities exposing S3 buckets to potential breaches and last but not least, the Apache OFBiz flaw that’s actively being exploited in the wild.

Keep patching, secure EOL products, and remember: It’s better to be paranoid than pwned.

J.W.