CCTR
CCTR
  • Brewing Cyber Coffee
  • CCTR.23.MAY.24
  • CCTR.22.MAY.24
  • CCTR.21.MAY.24
  • CCTR.20.MAY.24
  • CCTR.19.May.24
  • CCTR.18.April.24
  • CCTR.17.April.24
  • CCTR.16.April.24
  • CCTR.15.April.24
  • CCTR.14.April.24
  • CCTR.13.March.24
  • CCTR.12.March.24
  • CCTR.11.March.24
  • CCTR.10.FEB.24
  • CCTR.9.FEB.24
  • CCTR.8.FEB.24
  • CCTR.7.FEB.24
  • CCTR.6.FEB.24
  • CCTR.5.JAN.24
  • CCTR.4.JAN.24
  • CCTR.3.JAN.24
  • CCTR.2.JAN.24
  • CCTR.1.JAN.24
Powered by GitBook
On this page

CCTR.18.April.24

Pwning Cisco ASA, FTP bugs and exploiting Virtualbox oh and more Citrix bugs

PreviousCCTR.19.May.24NextCCTR.17.April.24

Last updated 11 months ago

Cybersecurity and Infrastructure Security Agency (CISA) has urgently demanded patching for two security vulnerabilities (CVE-2024-20353 and CVE-2024-20359) in Cisco ASA products as these weaknesses have already been exploited by state-sponsored threat actors. The agency has set a rapid deadline of May 1 for federal agencies to address these issues. Similarly, ACSC has noted that threat actors have compromised some devices in Australia using these vulnerabilities. Ref CISA also added a high risk vulnerability (CVE-2024-4040) in CrushFTP a widely used file transfer service, to its list of actively exploited vulnerabilities. This vulnerability allows threat actors to access sensitive data managed through the FTP client and potentially take over the entire system. CrowdStrike has observed the active use of a specific exploit in targeted attacks against U.S. organisations, driven by intelligence gathering and possibly political motives. This has raised concerns about a repeat of events from 2023, when the Cl0p ransomware gang exploited similar vulnerabilities in GoAnyWhere and MoveIt file transfer tools to steal data from thousands of organisations globally. Ref Oracle Virtualbox was impacted by a high-risk security vulnerability tracked as CVE-2024-21111 (CVSS 7.8), which could allow attackers to gain higher privileged access on affected systems. Oracle quickly addressed this issue in impacted versions. Despite the quick response, a detailed guide (PoC) on how to exploit this flaw has been made publicly available, explaining how someone could exploit it. Ref A high-risk security vulnerability, tracked as CVE-2024-3902 (CVSS 7.3), has been discovered in Citrix monitoring tool, uberAgent. This could potentially allow attackers to elevate their access levels within an affected system, posing a significant threat to organisations using vulnerable versions of the software. Ref Okta has observed a rise in both the frequency and scale of credential stuffing attacks on online services. These attacks have been made easier by the widespread availability of residential proxy services, lists of previously stolen credentials, and scripting tools. In these attacks, adversaries use large sets of usernames and passwords, gathered from past data breaches of different organisations or through phishing and malware campaigns, to try and log into various online services. Read on

https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/exploitation-vulnerabilities-affecting-cisco-firewall-platforms
https://therecord.media/crushftp-file-transfer-vulnerability-patch-asap
https://gbhackers.com/oracle-virtualbox-vulnerability-poc-exploit/
https://gbhackers.com/citrix-uberagent-flaw/
https://sec.okta.com/blockanonymizers