#cve2024 — Public Fediverse posts

🚨 The Great CVE-2024-Yikes "Oopsie" Saga 🚨: Another day, another "critical" incident resolved by sheer accident 🙄. Apparently, a chain reaction of security fails involving #JavaScript, #Rust, and #Python ended up being "somehow fine" in 73 hours. But don't worry, they totally take security seriously—just like their 14 previous incidents! 😂🔒
https://nesbitt.io/2026/02/03/incident-report-cve-2024-yikes.html #CVE2024 #Yikes #SecurityFails #14Incidents #HackerNews #ngated

Incident CVE-2024-Yikes

https://nesbitt.io/2026/02/03/incident-report-cve-2024-yikes.html

#HackerNews #CVE2024 #Yikes #IncidentReport #Cybersecurity #Vulnerability #TechNews

High-Impact Security Vulnerabilities in Firefox 128

Date: July 9, 2024
CVE: CVE-2024-6605 CVE-2024-6606 CVE-2024-6607 CVE-2024-6608 CVE-2024-6609 CVE-2024-6610 CVE-2024-6600 CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6611 CVE-2024-6612 CVE-2024-6613 CVE-2024-6614 CVE-2024-6604 CVE-2024-6615
Vulnerability Type: Tapjacking
CWE: [[CWE-451]], [[CWE-922]]
Sources: Mozilla Security Advisory

Synopsis

Multiple security vulnerabilities were addressed in the latest Firefox 128 release, impacting both the desktop and Android versions. These vulnerabilities, if exploited, could lead to severe security breaches including tapjacking, out-of-bounds read, and memory corruption.

A list of all the CVEs mentioned in the Mozilla Foundation Security Advisory 2024-29:

1. CVE-2024-6605: Firefox Android missed activation delay to prevent tapjacking (High)
2. CVE-2024-6606: Out-of-bounds read in clipboard component (High)
3. CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented (Moderate)
4. CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock (Moderate)
5. CVE-2024-6609: Memory corruption in NSS (Moderate)
6. CVE-2024-6610: Form validation popups could block exiting full-screen mode (Moderate)
7. CVE-2024-6600: Memory corruption in WebGL API (Moderate)
8. CVE-2024-6601: Race condition in permission assignment (Moderate)
9. CVE-2024-6602: Memory corruption in NSS (Moderate)
10. CVE-2024-6603: Memory corruption in thread creation (Moderate)
11. CVE-2024-6611: Incorrect handling of SameSite cookies (Low)
12. CVE-2024-6612: CSP violation leakage when using devtools (Low)
13. CVE-2024-6613: Incorrect listing of stack frames (Low)
14. CVE-2024-6614: Incorrect listing of stack frames (Low)
15. CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (High)
16. CVE-2024-6615: Memory safety bugs fixed in Firefox 128 (High)

Issue Summary

Mozilla announced fixes for several high-impact vulnerabilities in Firefox 128. Notably, CVE-2024-6606 which involves out-of-bounds read issues in the clipboard component, and CVE-2024-6609 related to memory corruption in the NSS library.

Technical Key Findings

CVE-2024-6605 allows attackers to overlay malicious prompts over legitimate permission dialogs, potentially tricking users into granting unwanted permissions. This vulnerability exploits the lack of a delay in activating permission prompts on Firefox Android, enabling immediate interactions which can be hijacked by malicious actors.

Vulnerable Products

• Firefox versions prior to 128
• Firefox ESR versions prior to 115.13
• Firefox Android versions prior to 128

Impact Assessment

If these vulnerabilities are exploited, attackers can perform actions such as reading out-of-bounds data, preventing users from exiting fullscreen mode, or executing arbitrary code. These can lead to unauthorized access to sensitive data, manipulation of browser behavior, and potential system compromises.

Patches or Workaround

Mozilla has released patches in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 to address these vulnerabilities. Users are advised to update to the latest versions to mitigate the risks associated with these security flaws.

Tags

#Firefox #CVE2024-6605 #Tapjacking #SecurityUpdate #Mozilla #Vulnerability #MemoryCorruption #OutOfBoundsRead

"🚨 Urgent TeamCity Vulnerabilities Alert! Patch Now! 🚨"

JetBrains has just patched critical vulnerabilities in TeamCity On-Premises software, tagged CVE-2024-27198 and CVE-2024-27199, with alarming CVSS scores of 9.8 and 7.3. These flaws allow unauthorized access to potentially gain full control over the TeamCity servers. Versions up to 2023.11.3 are affected, urging an immediate update to v2023.11.4. Kudos to Rapid7 for the timely discovery on Feb 20, 2024. Given past abuses by notorious APT groups, securing your systems against such authentication bypasses is crucial to thwart potential supply chain assaults. 🛡️💻

🔗 Source: BleepingComputer

Tags: #JetBrains #TeamCity #CyberSecurity #VulnerabilityAlert #CVE2024-27198 #CVE2024-27199 #Rapid7 #PatchNow #SupplyChainSecurity #AuthenticationBypass #InfoSec

🌍🔐👥

"🚨 Critical Security Alert: HikCentral Professional Vulnerabilities Exposed 🚨"

Hikvision's latest advisory reveals severe vulnerabilities in HikCentral Professional, identified by Michael Dubell and Abdulazeez Omar. CVE-2024-25063 and CVE-2024-25064, with CVSS scores of 7.5 and 4.3 respectively, highlight risks of unauthorized access due to insufficient server-side validation. Users are urged to upgrade to versions above V2.5.1 for enhanced security. Stay vigilant and prioritize updating to safeguard your systems! 🛡️💻🔐

CVE Summaries:

• CVE-2024-25063: Attackers could exploit server validation flaws to access restricted URLs, compromising confidentiality.
• CVE-2024-25064: Authenticated users could manipulate parameters to access unauthorized resources, posing a lower risk.

Source: Hikvision Security Advisory

Tags: #CyberSecurity #Hikvision #Vulnerability #CVE2024-25063 #CVE2024-25064 #ServerSecurity #InfoSec #PatchManagement 🌍🔒💡

"⚔️ Cutting Edge Cyber Espionage: Ivanti Zero-Days Under Siege by UNC5325 ⚔️"

#Mandiant & #Ivanti's latest investigation unveils a sophisticated cyber-espionage campaign targeting Ivanti Connect Secure VPN appliances. #UNC5325, a China-nexus group, exploited a series of zero-day vulnerabilities, including CVE-2024-21893, to deploy novel malware and evade detection. Despite efforts, their persistence mechanisms faltered due to encryption key mismatches. 🛡️🔐

A new Integrity Checking Tool (ICT) is available for Ivanti customers, emphasizing the urgency of updating and patching network appliances. The exploitation showcases advanced techniques, including LotL and custom malware like LITTLELAMB.WOOLTEA, highlighting the importance of robust cyber defenses.

Ivanti disclosed five critical vulnerabilities, with #CVE-2024-21893 and #CVE-2024-22024 posing significant risks. The SSRF and XXE vulnerabilities enable attackers to bypass security measures and access restricted resources, underscoring the need for immediate remediation.

Attribution to #UNC5325 ties this campaign to China, with tactics, techniques, and malware indicating a high level of sophistication. This operation's breadth and depth signal a continued threat from state-sponsored actors against critical network infrastructure.

Let's ensure our defenses are updated and vigilant against these evolving threats. #CyberSecurity #Ivanti #ZeroDay #APT #UNC5325 #CVE2024 Mitre - UNC5325 #UNC3886

Source: Mandiant Team - Investigating Ivanti Exploitation & Persistence

"🚨 Critical Vulnerability Alert: ConnectWise ScreenConnect Under Attack! 🚨"

Sophos researchers have unveiled a situation for users of ConnectWise ScreenConnect, detailing how CVE-2024-1709 and CVE-2024-1708 vulnerabilities are being exploited to deliver malware, including the notorious LockBit ransomware. These vulnerabilities open the door for attackers to execute arbitrary code and take control of unpatched systems.

ConnectWise ScreenConnect, a remote access software, has vulnerabilities being exploited by hackers to deliver malware, including ransomware, to businesses. Critical vulnerabilities allow unauthorized access and command execution. It's essential to update ScreenConnect to version 23.9.8 or later to mitigate these risks. Cloud-hosted ScreenConnect users are safe, but on-premise versions need manual updates.

To protect your organization from specific security weaknesses in ScreenConnect software, follow these simplified steps:

1. Find all ScreenConnect software in your network, including those managed by others. It's essential to know where it's installed to understand your risk.
2. Isolate or remove the ScreenConnect Client from devices until the server is securely updated or thoroughly checked. If you don't control the server, removing the client might be the best quick fix.
3. Examine devices with ScreenConnect for signs of hacking, like new unknown user accounts, strange software behavior, and attempts to disable security features.
4. If you find anything suspicious, start your incident response plan to tackle the issue and prevent further damage. Specifically, look for indicators of two main vulnerabilities (CVE-2024-1709 & CVE-2024-1708) by examining server versions, IP connections, and unexpected file presence, which could show a breach. 🛡️💻🔐

Tags: #CyberSecurity #ConnectWiseScreenConnect #Vulnerability #Malware #Ransomware #LockBit #CVE2024-1709 #CVE2024-1708 #UpdateNow #StaySecure

Source: Sophos News

"🚨 Multiple issues in Jenkins, an open-source automation server that is widely used in software development 🐛🔧"

Jenkins, a popular automation server, has a vulnerability in its command line interface (CLI). This issue stems from the args4j library's feature that replaces an "@" character followed by a file path with the contents of that file. This feature, enabled by default in Jenkins versions up to 2.441 and LTS 2.426.2, allows attackers to read files on the Jenkins controller's file system. Users with "Overall/Read" permission can read entire files, while those without this permission can read the first few lines, depending on the CLI commands available.

The vulnerability also extends to binary files, including cryptographic keys, albeit with some limitations. Various attack vectors have been identified, exploiting this flaw to achieve remote code execution or other malicious objectives. These include manipulating the "Resource Root URL" functionality, forging "Remember me" cookies, conducting stored cross-site scripting (XSS) attacks through build logs, bypassing CSRF protection, decrypting secrets stored in Jenkins, deleting items, and downloading Java heap dumps. These attacks rely on specific conditions, such as the ability to retrieve binary secrets, access to Jenkins's web session ID, and the attacker's knowledge or guesswork about user names with "Overall/Read" permission.

🚨💻

Key vulnerabilities include:

• CVE-2024-23897: Arbitrary file read vulnerability through the CLI can lead to RCE
• CVE-2024-23899: Git server Plugin allowing file content exposure that can lead to RCE.
• CVE-2024-23900: Matrix Project Plugin with user-defined axis names issues.
• CVE-2024-23901 & CVE-2024-23902: GitLab Branch Source Plugin with risks of crafted Pipeline builds and CSRF vulnerabilities.
• CVE-2024-23903: Potential for webhook token theft in GitLab Branch Source Plugin.
• CVE-2023-6147 & CVE-2023-6148: Qualys Policy Compliance Scanning Connector Plugin with XSS and XXE vulnerabilities.

🔐 Recommended actions:

• Update Git server Plugin to version 99.101.v720e86326c09 or later.
• Update GitLab Branch Source Plugin to version 688.v5fa_356ee8520 or later.
• Update Matrix Project Plugin to version 822.824.v14451b_c0fd42 or later.
• Update Qualys Policy Compliance Scanning Connector Plugin to version 1.0.6 or later.
• For detailed mitigation steps, see Jenkins' advisory: Jenkins Security Advisory.

Stay alert and ensure your Jenkins environment is up-to-date! 🛡️💡

Sources: Jenkins Security Advisory and Tenable,

Tags: #Jenkins #Vulnerability #CVE2024 #CyberThreat #PluginSecurity #UpdateNow 🚀👨‍💻🛠️