Last week cyber news
Mother of all breaches reveals 26 billion records:
The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over 26 billion records. The leak, which contains LinkedIn, Twitter, Weibo, Tencent, and other platforms’ user data, is almost certainly the largest ever discovered.
Critical Jenkins Vulnerability Exposes Servers to RCE Attacks – Patch ASAP!
The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE).
The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the built-in command line interface (CLI)
A threat actor could exploit this quirk to read arbitrary files on the Jenkins controller file system using the default character encoding of the Jenkins controller process.
The shortcoming could open the door to various attacks such as:
- Remote code execution via Resource Root URLs, or via “Remember me” cookie, or via stored cross-site scripting (XSS) attacks through build logs, or via CSRF protection bypass
- Decrypt secrets stored in Jenkins.
- Delete any item in Jenkins
- Download a Java heap dump.
As a short-term workaround until the patch can be applied, it’s recommended to turn off access to the CLI.
Cinema screens hack in Israel
Hackers broke into the screens of a chain of cinemas in Israel and showed images from October 7. We will not give you peace, not even in the movie theaters, until the massacres are over,” it was written on screens in all branches of the Lev cinema chain. The Turkish hacker group projected images from Black Sabbath alongside the threatening messages “Lev” reported that the screens were turned off immediately and the incident was dealt with.
Cisco security update
Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could let an unauthenticated, remote attacker execute arbitrary code on an affected device.
Tracked as CVE-2024-20253 (CVSS score: 9.9), the issue stems from improper processing of user-provided data that a threat actor could abuse to send a specially crafted message to a listening port of a susceptible appliance.
“A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user, “Cisco said in an advisory. “With access to the underlying operating system, the attacker could also establish root access on the affected device.”
While there are no workarounds that address the shortcoming, the networking equipment maker is urging users to set up access control lists to limit access where applying the updates is not immediately possible.
“Establish access control lists (ACLs) on intermediary devices that separate the Cisco Unified Communications or Cisco Contact Center Solutions cluster from users and the rest of the network to allow access only to the ports of deployed services,” the company said, on the underlying system.
The National Cyber Directorate: Com35840 | Urgent Alert: Critical Vulnerabilities in Ivanti Products
- Ivanti recently published information about critical vulnerabilities in its products.
- The vulnerabilities in Ivanti Connect/Policy Secure VPN products can be chained, in a way that allows remote takeover of the equipment without the need for identification. These vulnerabilities are zero day and are actually exploited by attackers in the world in a very extensive wave of attacks. Lists of many addresses have been published that scan the Internet in an attempt to identify vulnerable equipment.
- It is highly recommended to test and install the temporary bypass published by the company as soon as possible.
- After installing the bypass, do not update the configuration of the equipment, since this may damage the efficiency of the protection bypass operation.
- In addition to installing the temporary bypass, the manufacturer’s external test tool (ICT – Integrity Check Tool) must be run, in order to try and check whether the equipment was attacked before installing the protection bypass.