Today’s Cybersecurity Threats and Trends - 08/14/2024

Cybersec and the Multitude of Maladies.

Author

J.W. Croley
August 14, 2024

1. SAP Flaw Allows Remote Attackers Authentication

Primary Threat: A newly discovered critical vulnerability in SAP’s NetWeaver AS for Java, tracked as CVE-2024-41730, allows remote attackers to bypass authentication mechanisms, giving them unauthorized access to sensitive systems. This flaw, as well as several others, poses a severe risk as it could lead to the full compromise of affected SAP systems, which are widely used across various industries for enterprise resource planning (ERP). SAP has released a patch, and organizations are strongly urged to apply it immediately to prevent potential exploitation.

  • MITRE Tactics: Initial Access, Privilege Escalation

  • Risk: High – Unauthorized access to critical enterprise systems and data.

2. Ivanti’s Vexing vTM Vulnerability

Primary Threat: Ivanti has issued a warning about a critical authentication bypass vulnerability in its MobileIron Core, Sentry, and Cloud products, tracked as CVE-2024-7593. This vulnerability allows attackers to bypass authentication and gain administrative control over the affected systems. The exploit code for this vulnerability has been made public, increasing the likelihood of it being actively exploited in the wild. Ivanti has provided updates to address this issue, and organizations using these products are strongly encouraged to apply them immediately.

  • MITRE Tactics: Privilege Escalation, Initial Access

  • Risk: High – Potential for full system compromise and unauthorized access to sensitive data.

3. Microsoft Mitigates Multiple Maladies

Primary Threat: Microsoft’s August 2024 Patch Tuesday includes fixes for 90 vulnerabilities, including two zero-day vulnerabilities that are actively being exploited. Notably, these patches address a wide range of security flaws across multiple products, including Windows, Microsoft Office, and Edge. Some of the critical CVEs patched include:

- CVE-2024-38189: A critical remote code execution vulnerability in Windows.

- CVE-2024-38178: A zero-day vulnerability in Microsoft Outlook that allows attackers to execute arbitrary code.

- CVE-2024-38193: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.

- CVE-2024-38106: Windows Kernel Elevation of Privilege Vulnerability.

- CVE-2024-38107 - Windows Power Dependency Coordinator Elevation of Privilege Vulnerability.

As well as others we have already covered here and here.

  • MITRE Tactics: Execution, Privilege Escalation, Defense Evasion

  • Risk: High – Risk of system compromise and unauthorized access due to unpatched vulnerabilities.

4. DNC’s Dark Web Credential Compromise

Primary Threat: Credentials belonging to the Democratic National Committee (DNC) have been compromised and are being sold through the IntelFetch Telegram bot. This bot, which operates on the dark web, provides access to stolen credentials from various organizations. The compromised DNC credentials could potentially be used to launch further attacks or gain unauthorized access to sensitive political information. This incident underscores the ongoing threat posed by dark web marketplaces and the need for stringent credential management and monitoring.

  • MITRE Tactics: Credential Access, Initial Access

  • Risk: Medium – Potential for unauthorized access to sensitive political data and further exploitation.

5. Vulnerable Virtual Helper

Primary Threat: Multiple critical vulnerabilities were discovered in Microsoft Azure’s AI Health Bot service, which is used by healthcare organizations to provide automated health services. These vulnerabilities, once exploited, allowed attackers to manipulate the AI bot’s responses or gain unauthorized access to sensitive patient data with SSRF (Server Side Request Forgery). Given the increasing reliance on AI in healthcare, these flaws pose a significant risk to both patient privacy and the integrity of healthcare services.

  • MITRE Tactics: Initial Access, Execution, Collection

  • Risk: High – Potential for data breaches and compromised healthcare services.

IN SUMMARY:

Today's cybersecurity newsletter is one that seems like a song stuck on repeat… It keeps playing the same tune of “staying vigilant, patching promptly, and ensuring that even trusted services are regularly scrutinized.” (Which is quite a bop, I must say.)

With SAP’s latest flaw potentially handing over the keys to your ERP systems, to the ongoing risks posed by dark web bots hawking stolen credentials, and Microsoft putting out a patch day mega compendium of ‘Greatest Hits’, the threats are diverse and daunting.

The lesson here?

Remember: The attackers wont ever stop and neither should you… And it’s always better to be paranoid than pwned.

J.W.