Blog

The latest news and developments

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity Alert

Critical RCE Vulnerabilities in Veeam Backup and Replication and Veeam ONE Agent

Veeam has disclosed two critical vulnerabilities that pose significant risks to users of its Backup and Replication software and ONE Agent. These flaws, tracked as CVE-2024-40711 and CVE-2024-42024, could allow unauthenticated attackers to execute arbitrary code remotely, putting affected systems at risk. CVE-2024-40711 – Veeam Backup and Replication (CVSS: 9.8) This critical vulnerability, present in Veeam Backup and Replication versions 12.1.2.172 and earlier, allows remote code execution (RCE) via a deserialisation of untrusted data.

News

Critical Security Vulnerability in Google Chrome

Google Chrome users are being urged to update their browsers immediately due to a critical security vulnerability identified as CVE-2024-7971 . This vulnerability, known as a type confusion flaw, affects the V8 JavaScript and WebAssembly engine within Google Chromium versions prior to 128.0.6613.84. The flaw allows a remote attacker to exploit heap corruption through a specially crafted HTML page, making it a significant threat with a CVSS score of 8.8 (High).

News

Critical Vulnerability in Palo Alto Networks Cortex XSOAR CommonScripts

A critical command injection vulnerability (CVE-2024-5914) has been identified in Palo Alto Networks’ Cortex XSOAR CommonScripts Pack . The identified vulnerability affects all versions of Palo Alto Networks’ Cortex XSOAR CommonScripts Pack prior to version 1.12.33. It allows unauthenticated attackers to execute arbitrary commands within the context of an integration container—essentially providing the attacker with control over part of the system. This type of attack is classified as a command injection vulnerability, a serious threat that could lead to extensive damage if exploited.

Vulnerability

Zero Day Exploit: Critical Vulnerability in Apache OFBiz

A zero-day pre-authentication remote code execution vulnerability , identified as CVE-2024-38856, has been discovered in the Apache OFBiz open-source enterprise resource planning (ERP) system. This critical flaw could allow threat actors to execute remote code on affected instances, posing significant risks to businesses relying on this software. Vulnerability Overview Vulnerability Type: Zero-day pre-authentication remote code execution CVSS Score: 9.8/10 Affected Versions: Apache OFBiz versions prior to 18.12.15 The vulnerability stems from a flaw in the authentication mechanism of Apache OFBiz.

Vulnerability

Zero Day Exploit: VMWare ESXi Auth Bypass Exploited by Ransomware Attackers

Microsoft has warned that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in cyber attacks. The vulnerability, tracked as CVE-2024-37085 , is a medium severity flaw (CVSS Score 5.3-6.8) which enables a new user to join an ‘ESX Admins’ group. The user will automatically be assigned full privileges on the ESXi hypervisor. Vulnerability Overview Broadcom explains that a malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host configured to use AD for user management by re-creating the default AD group “ESX Admins” after it has been deleted.

Vulnerability

Jetbrains Teamcity Vulnerability Under Active Exploitation

Following the recent disclosure on 3rd March 2024, malicious actors wasted no time launching sophisticated attacks targeting two critical vulnerabilities within the popular CI/CD platform, Jetbrains TeamCity. The vulnerabilities relate to authentication bypass which can allow an unauthorised user to perform administrative actions, marking a significant threat to the platform widely utilised for automating software builds, testing, and deployment processes. Examination of the Vulnerability Analysis of the Vulnerabilities A closer examination of CVE-2024-27198, with a CVSS rating of 9.