Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.
Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.
Microsoft Exchange Server vulnerable to information disclosure bug
A now-patched flaw in Microsoft Exchange Server could be exploited by unauthenticated users to perform configuration actions on targeted mailboxes and leak personal data.
The vulnerability, tracked as CVE-2021-33766 and dubbed ProxyToken, lies in the platform's Delegated Authentication feature. This is a mechanism in which the front-end site passes authentication requests to the back-end system when it detects a SecurityToken cookie.
Because Microsoft Exchange must be configured to use this feature, the module that handles this often isn’t loaded, and attackers might take advantage of an effective bypass of the authentication check. This can be abused to disclose personal information, with an attacker, for example, able to copy all email addresses on a targeted account and forward these to an account they control.
Hackers exploit WebSVN flaw to launch malware
Cyber criminals are abusing a flaw in the open source web application for browsing source code, WebSVN, to deploy variants of the Mirai malware.
The critical command injection flaw tracked as CVE-2021-32305, discovered and patched earlier this year, is still being abused in unpatched versions of the application, according to researchers with Palo Alto Networks.
A proof-of-concept for exploitation was released in June, and a week later, cyber criminals seized on the vulnerability to deploy variants of the infamous Mirai distributed denial of service (DDoS) malware.
Hackers have abused this command injection flaw to download a shell script that infects a targeted system with the malware strain. From this point, they’ve used the initial attack as a platform from which to launch DDoS attacks.
AMD chips vulnerable to Meltdown-style attacks
All CPUs developed by AMD are susceptible to attacks that mirror the infamous Meltdown vulnerability identified a number of years ago that affected Intel CPUs.
RELATED RESOURCE
The essential cyber security toolkit for SMBs
Practical tips for cyber security training
Researchers at TU Dresden in Germany discovered a flaw tracked as CVE-2020-1296, which is described as “transient execution of non-canonical accesses”. When combined with specific software sequences, AMD CPUs "may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage”, according to the comapny.
The scientists who discovered the flaw also described the exploit mechanism as “very similar to Meltdown-type behaviour”.
This data leakage flaw can be exploited to access secrets stored on a computer, with all AMD CPUs affected.
‘Worst possible cloud flaw’ hits Microsoft Azure Cosmos DB
Microsoft has warned thousands of its Azure customers that hackers might have compromised their databases.
The vulnerability lies in Microsoft’s Azure Cosmos DB and allows intruders to read, alter, and delete information, according to the security researchers with Wiz.
Companies use Cosmos DB to manage massive amounts of data in real-time. The exploit, dubbed ChaosDB, was described as “the world cloud vulnerability you can imagine” with the researchers able to gain access to any customer database they wanted.
The ChaosDB exploit relies on the Jupyter Notebook feature that allows customers to visualise their data and create customised views, which was introduced to all Cosmos DBs in February. A series of misconfigurations means this feature opened up an attack vector that the researchers were able to exploit. Microsoft has turned off the feature for all accounts, and it’s now subject to a security redesign.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
A critical Ivanti flaw is being exploited in the wild – here’s what you need to knowNews Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances
-
Researchers claim an AMD security flaw could let hackers access encrypted dataNews Using only a $10 test rig, researchers were able to pull off the badRAM attack
-
A journey to cyber resiliencewhitepaper DORA: Ushering in a new era of cyber security
