MOVEit Transfer: Auth bypass and a look at exposure
Progress Software disclosed two critical authentication bypass CVEs affecting MOVEit Transfer and Gateway products on June 25, 2024. CVE-2024-5806 was upgraded from High to Critical. Censys reported 2,700 instances concentrated in the US, emphasizing ongoing vigilance.
Read original articleProgress Software disclosed two authentication bypass CVEs affecting the SFTP module in MOVEit Transfer and Gateway products on June 25, 2024. The vulnerabilities, CVE-2024-5806 and CVE-2024-5805, have been assigned CVSS scores of 9.1 (Critical) and 7.4 (High) respectively. Progress Software updated the severity of CVE-2024-5806 from High to Critical, urging customers to take specific actions to mitigate risks. Censys reported 2,700 online instances of MOVEit Transfer, similar to numbers observed in 2023, with a concentration in the US. The exposure pattern across geographies and networks remains consistent, with most instances observed in Microsoft or Amazon ASes. Researchers highlighted the complexity of the authentication bypass vulnerability in MOVEit Transfer, emphasizing the interplay between MOVEit, the IPWorks SSH library, and error handling issues. Censys offers a dashboard to monitor MOVEit Transfer exposures over time, emphasizing the importance of ongoing vigilance in the face of cybersecurity threats.
Related
A buffer overflow in the XNU kernel
CVE-2024-27815 is a buffer overflow bug in XNU kernel affecting macOS, iOS, and visionOS. Apple swiftly released xnu-10063.121.3 to fix the issue, impacting kernels with CONFIG_MBUF_MCACHE. The bug allows attackers to trigger a crash by copying data beyond allocated space.
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
XZ backdoor: Hook analysis
Kaspersky experts analyzed the XZ backdoor in OpenSSH 9.7p1, revealing hidden connections, SSH authentication bypass, and remote code execution capabilities. The backdoor manipulates RSA keys, uses steganography, and executes commands.
The Dirty Pipe Vulnerability
The Dirty Pipe Vulnerability (CVE-2022-0847) in Linux kernel versions since 5.8 allowed unauthorized data overwriting in read-only files, fixed in versions 5.16.11, 5.15.25, and 5.10.102. Discovered through CRC errors in log files, it revealed systematic corruption linked to ZIP file headers due to a kernel bug in Linux 5.10. The bug's origin was pinpointed by replicating data transfer issues between processes using C programs, exposing the faulty commit. Changes in the pipe buffer code impacted data transfer efficiency, emphasizing the intricate nature of kernel development and software component interactions.
TeamViewer Security Breach
TeamViewer detected an internal IT irregularity, investigating with cyber experts. No impact on product environment or customer data. Emphasis on security, transparency, and proactive measures to maintain trust and safety.
Related
A buffer overflow in the XNU kernel
CVE-2024-27815 is a buffer overflow bug in XNU kernel affecting macOS, iOS, and visionOS. Apple swiftly released xnu-10063.121.3 to fix the issue, impacting kernels with CONFIG_MBUF_MCACHE. The bug allows attackers to trigger a crash by copying data beyond allocated space.
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
XZ backdoor: Hook analysis
Kaspersky experts analyzed the XZ backdoor in OpenSSH 9.7p1, revealing hidden connections, SSH authentication bypass, and remote code execution capabilities. The backdoor manipulates RSA keys, uses steganography, and executes commands.
The Dirty Pipe Vulnerability
The Dirty Pipe Vulnerability (CVE-2022-0847) in Linux kernel versions since 5.8 allowed unauthorized data overwriting in read-only files, fixed in versions 5.16.11, 5.15.25, and 5.10.102. Discovered through CRC errors in log files, it revealed systematic corruption linked to ZIP file headers due to a kernel bug in Linux 5.10. The bug's origin was pinpointed by replicating data transfer issues between processes using C programs, exposing the faulty commit. Changes in the pipe buffer code impacted data transfer efficiency, emphasizing the intricate nature of kernel development and software component interactions.
TeamViewer Security Breach
TeamViewer detected an internal IT irregularity, investigating with cyber experts. No impact on product environment or customer data. Emphasis on security, transparency, and proactive measures to maintain trust and safety.