Tag Archive for: vulnerabilities

Multiple Security Vulnerabilities Patched in Latest Android Update


The Indian Computer Emergency Response Team (CERT-In) has published an advisory on multiple security holes in devices running recent versions of Android. As part of this month’s Android Security Bulletin, the cybersecurity agency cautioned consumers about vulnerabilities that Google and smartphone component vendors such as Qualcomm and MediaTek had just patched. Samsung has also released patches for nine Samsung Vulnerabilities and Exposures (SVE) that were privately disclosed and have moderate severity ratings as part of the most recent security update.

CERT-In released an advisory

CERT-In released an advisory on Tuesday highlighting many vulnerabilities discovered across various sections of the Android operating system, including the “Framework, System, AMLogic, Arm components, MediaTek components, Qualcomm components, and Qualcomm closed-source components.” The advisory has a “High” severity level and specifies that the issues affect Android 12 (and 12L), Android 13, and Android 14.

According to the cybersecurity agency, Google has fixed vulnerabilities in its Android operating system that might allow an attacker to get unauthorised access to sensitive data on an afflicted device. An attacker might exploit the vulnerabilities to gain privileged access to the device, run malicious code, or perform a denial of service (DoS) attack.

 

 

Google has released detailed information about specific components

Meanwhile, Google has released detailed information about specific components that have been patched with the latest Android Security Bulletin, such as fixes for bootloader vulnerabilities on devices with AMLogic components, flaws in Mali (Arm) components, and security issues affecting Wi-Fi and kernels on Qualcomm devices.

 

Samsung has said that the newest Security Maintenance Release (SMR) Mar-2024 Release 1 update will defend its devices from nine SVEs that affect Wi-Fi, AppLock, other operating system components, and the bootloader. The company also claims to have given remedies for other SVE items that are currently undisclosed.

Users should keep their cell phones up to date with the most recent monthly security…

Source…

Magnet Goblin Exploits 1-Day Ivanti Vulnerabilities


Security researchers have uncovered a trend involving the exploitation of 1-day vulnerabilities, including two in Ivanti Connect Secure VPN. 

The flaws, identified as CVE-2023-46805 and CVE-2023-21887, were quickly exploited by multiple threat actors, leading to various malicious activities. Tracking these exploits, the Check Point Research (CPR) team said it encountered a cluster of activities attributed to a threat actor dubbed Magnet Goblin.

The actor has been observed methodically leveraging 1-day vulnerabilities, particularly targeting edge devices like the Ivanti Connect Secure VPN. Magnet Goblin uses custom Linux malware to pursue financial gain. 

These exploits involve the deployment of malware via a range of methods, including the exploitation of vulnerabilities in Magento, Qlik Sense and potentially Apache ActiveMQ.

Detailed in an advisory published on Friday, the researchers’ investigation revealed a sophisticated infrastructure behind Magnet Goblin’s operations. They found evidence of the deployment of payloads such as WARPWIRE JavaScript credential stealers and Ligolo tunneling tools. 

Read more on similar attacks: Two Ivanti Zero-Days Actively Exploited in the Wild

Furthermore, the threat actor’s activities extended beyond Linux environments, with some instances targeting Windows systems using tools like ScreenConnect and AnyDesk, suggesting a wide-ranging and adaptable approach.

CPR said the analysis of NerbianRAT variants sheds light on the intricacies of the malware’s operation. From initialization to command-and-control, the malware exhibits a sophisticated design, allowing for flexibility in executing various actions on infected machines. Additionally, MiniNerbian, a simplified version of NerbianRAT, further showcases the threat actor’s adaptability and stealthy tactics.

“Magnet Goblin, whose campaigns appear to be financially motivated, has been quick to adopt 1-day vulnerabilities to deliver their custom Linux malware, NerbianRAT and MiniNerbian,” warned CPR.

“Those tools have operated under the radar as they mostly reside on edge devices. This is part of an ongoing trend for threat actors to target areas which until now have been…

Source…

CISA Systems Hacked: Ivanti Vulnerabilities Exploited, Urgent Security Measures Advised


Officials from the Cybersecurity and Infrastructure Security Agency (CISA) recently disclosed a successful hack of the agency’s systems in February that involved hackers taking advantage of flaws in Ivanti products.

The CISA spokesperson confirmed this security incident, revealing that the agency detected suspicious activities pointing to exploiting Ivanti product vulnerabilities approximately a month ago, as reported by Recorded Future News.

The impact of the CISA breach was contained in two specific systems and swiftly taken offline as part of immediate response measures. Emphasizing the ongoing efforts to modernize and upgrade systems, the spokesperson assured that there is currently no operational impact.

The Impact of the CISA Cyber Breach

According to a person with knowledge, the hacked systems were the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT). These two systems held important data about how U.S. infrastructure is interdependent and private sector chemical security plans. CISA has neither confirmed nor denied this information.

CSAT, recognized for storing susceptible industrial data, including tools for high-risk chemical facilities, site security plans, and security vulnerability assessments, was a focal point of the breach.

CISA Confirms Cyber Breach: Ivanti Product Flaws Exploited by Unknown Hackers

In this photo illustration a young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021 in Berlin, Germany. 2020 saw a sharp rise in global cybercrime that was in part driven by the jump in online retailing that ensued during national lockdowns as governments sought to rein in the coronavirus pandemic. (Photo : Sean Gallup/Getty Images)

In response to the incident, CISA advised enterprises to study a Feb.29 alert warning of actively exploiting Ivanti Connect Secure and Ivanti Policy Secure gateway vulnerabilities. The vulnerabilities are CVE-2023-46805, 2024-21887, and 2024-21893.

“This is a reminder that any organization can be affected by a cyber vulnerability, and having an incident response plan in place is a necessary component of resilience,” the CISA spokesperson noted.

The CISA is a…

Source…

CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG


CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Pierluigi Paganini
March 06, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel and Sunhillo SureLine vulnerabilities to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:

The Android Pixel vulnerability, tracked as CVE-2023-21237, resides in applyRemoteView of NotificationContentInflater.java. The exploitation of this vulnerability could lead to local information disclosure with no additional execution privileges needed. The exploitation doesn’t require user interaction.

Google addressed the issue in June 2023, the IT giant is aware of “limited, targeted exploitation.”

“There are indications that CVE-2023-21237 may be under limited, targeted exploitation.” reads the security bulletin published by the company.

The issue is likely chained with other flaws in an exploit used by a commercial spyware vendor or a nation-state actor.

The second issue added to the Catalog is an OS Command Injection vulnerability in Sunhillo SureLine. The exploitation of the flaw can allow to execute arbitrary commands with root privileges.

The exploitation can lead to complete system compromise.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by March 26, 2024.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – ransomware, CISA



Source…