CCTR.4.JAN.24
Citrix, Atlassian, Chrom Bugs
Last updated
Citrix, Atlassian, Chrom Bugs
Last updated
Monday morning Cyber coffee read CCTR.4.JAN.24.
Volt Typhoon, a Chinese state-sponsored threat actor, is actively targeting end-of-life Cisco routers and network devices in the U.S., U.K., and Australia. Their focus is on compromised Cisco RV320/325 devices, discontinued in 2019, exploiting them since 2019. This implies that Cisco has not released and will not release software updates to address the vulnerabilities impacting them. The campaign reveals an active presence with the discovery of web shells on compromised devices. Additionally, there are indications of possible targeting of government assets in the U.S., U.K., and Australia.
Ref https://securityscorecard.com/blog/threat-intelligence-research-volt-typhoon/
Citrix is a gift that keeps on giving. Two vulnerabilities, CVE-2023-6548 with a CVSS score of 5.5 and CVE-2023-6549 with a CVSS score of 8.2, have been identified in NetScaler ADC (previously known as Citrix ADC) and NetScaler Gateway (formerly referred to as Citrix Gateway). CVE-2023-6548 may lead to remote code execution when exploited by an authenticated threat actor with access to the management interface. Meanwhile, CVE-2023-6549 can result in a denial of service, particularly if the device is configured as a gateway or AAA virtual server. Now repeat after me: "I will not publish my management interfaces to the open internet."
Ref https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549
Yet another vulnerability, a template injection CVE-2023-22527, with a CVSS score of 10, has been discovered in outdated versions of Atlassian Confluence Data Center and Server. This vulnerability allows an unauthenticated threat actor to execute Remote Code Execution (RCE) on the affected system. The Server 8 versions released before December 5, 2023, are susceptible. Notably, Atlassian Cloud sites remain unaffected by this vulnerability.
Ref https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html
Google has patched a high-risk vulnerability (along with three others), CVE-2024-0519, in the Chrome Web browser, which is currently being actively exploited by threat actors to gain remote execution on target systems. Google is aware that an exploit for this vulnerability exists in the wild. Patch your chrome.
Ref https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
