Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label CVEs. Show all posts

Critical Vulnerabilities in CleanTalk WordPress Plugin Put 200,000 Websites at Risk

 

Defiant has raised alarms about two significant vulnerabilities affecting CleanTalk’s anti-spam WordPress plugin, which could enable attackers to execute arbitrary code remotely without requiring authentication. These vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, are classified with a high severity score of 9.8 on the CVSS scale. They impact the “Spam protection, Anti-Spam, FireWall by CleanTalk” plugin, which boasts over 200,000 active installations on WordPress sites globally. 

The flaws pose a significant risk by allowing remote attackers to install and activate arbitrary plugins, including potentially vulnerable ones that can then be exploited for remote code execution (RCE). According to Defiant, the first vulnerability, CVE-2024-10542, involves an authorization bypass issue. This weakness exists in a function responsible for handling remote calls and plugin installations, where token-based authorization is used to secure these actions. 

However, two related functions intended to verify the originating IP address and domain name are vulnerable to exploitation. Attackers can manipulate these checks through IP and DNS spoofing, enabling them to specify an IP address or subdomain under their control. This bypasses the plugin’s authorization process, allowing the attacker to carry out actions such as installing, activating, deactivating, or uninstalling plugins without proper permissions. The vulnerability was discovered in late October and was addressed with the release of version 6.44 of the plugin on November 1. 

However, this update inadvertently introduced another vulnerability, CVE-2024-10781, which provided attackers with an alternative method of bypassing token authorization. CVE-2024-10781 arises from a flaw in how the plugin processes tokens for authorization. Specifically, if a website has not configured an API key in the plugin, attackers can use a token that matches an empty hash value to authenticate themselves. This effectively nullifies the intended security measures and allows attackers to install and activate arbitrary plugins, which can then be exploited for malicious purposes, such as executing remote code. 

The CleanTalk development team addressed this second vulnerability with the release of version 6.45 on November 14, which contains fixes for both CVE-2024-10542 and CVE-2024-10781. Despite the availability of this updated version, data from WordPress indicates that as of November 26, approximately half of the plugin’s active installations are still running outdated and vulnerable versions. This exposes a significant number of websites to potential exploitation. The risks associated with these vulnerabilities are considerable, as attackers could gain complete control over affected websites by leveraging these flaws. This includes the ability to install additional plugins, some of which may themselves contain vulnerabilities that could be exploited for further malicious activities. 

Website administrators using the CleanTalk anti-spam plugin are strongly urged to update to version 6.45 or later as soon as possible. Keeping plugins up to date is a critical step in maintaining the security of WordPress websites. By applying the latest updates, administrators can protect their sites against known vulnerabilities and reduce the risk of being targeted by cyberattacks. In addition to updating plugins, security experts recommend implementing additional security measures, such as monitoring for unauthorized changes, using a robust firewall, and conducting regular security audits. 

These practices can help ensure that websites remain secure against evolving threats. By addressing these vulnerabilities and staying proactive about updates, WordPress site owners can safeguard their online presence and protect the sensitive data entrusted to their platforms.

D-Link Urges Replacement of End-of-Life VPN Routers Amid Critical Security Vulnerability

 

D-Link has issued a strong warning to its customers, advising them to replace certain end-of-life (EoL) VPN router models immediately. This follows the discovery of a critical unauthenticated remote code execution (RCE) vulnerability that will not be addressed with security patches for the affected devices. The vulnerability was reported to D-Link by security researcher “delsploit,” although technical details have been withheld to prevent widespread exploitation. The flaw impacts all hardware and firmware versions of the DSR-150, DSR-150N, DSR-250, and DSR-250N models, particularly firmware versions 3.13 to 3.17B901C. 

These routers, which have been popular among home offices and small businesses worldwide, officially reached their end-of-service (EoS) status on May 1, 2024. D-Link’s advisory makes it clear that no further security updates will be issued for these devices. Customers are strongly encouraged to replace the affected models to avoid potential risks. For users who continue using these devices despite the warnings, D-Link suggests downloading the latest available firmware from their legacy website. 

However, it is important to note that even the most up-to-date firmware will not protect the routers from the RCE vulnerability. The company also cautions against using third-party open-firmware solutions, as these are unsupported and will void any product warranties. D-Link’s policy not to provide security fixes for EoL devices reflects a broader strategy within the networking hardware industry. The company cites factors such as evolving technologies, market demands, and product lifecycle maturity as reasons for discontinuing support for older models. The issue with D-Link routers is not an isolated case. 

Earlier this month, researcher “Netsecfish” revealed CVE-2024-10914, a command injection flaw affecting thousands of EoL D-Link NAS devices. Similarly, three critical vulnerabilities were recently disclosed in the D-Link DSL6740C modem. In both instances, the company chose not to release updates despite evidence of active exploitation attempts. The growing trend of security risks in EoL networking hardware highlights the importance of timely device replacement. 

As D-Link warns, continued use of unsupported routers not only puts connected devices at risk but may also leave sensitive data vulnerable to exploitation. By replacing outdated equipment with modern, supported alternatives, users can ensure stronger protection against emerging cybersecurity threats.

Cisco Fixes Critical CVE-2024-20418 Vulnerability in Industrial Wireless Access Points

 

Cisco recently disclosed a critical security vulnerability, tracked as CVE-2024-20418, that affects specific Ultra-Reliable Wireless Backhaul (URWB) access points used in industrial settings. These URWB access points are essential for maintaining robust wireless networks in environments like manufacturing plants, transportation systems, and other infrastructure-intensive industries. The vulnerability allows remote, unauthenticated attackers to perform command injection attacks with root privileges by exploiting the device’s web-based management interface. 

This vulnerability results from inadequate validation of input data within Cisco’s Unified Industrial Wireless Software, specifically affecting the web management interface of URWB access points. By sending specially crafted HTTP requests, attackers could exploit this flaw to execute arbitrary commands with root-level access, potentially leading to unauthorized control over the device. This level of access could compromise critical network infrastructure, posing serious risks to businesses relying on URWB technology for uninterrupted connectivity. The vulnerability specifically impacts Cisco Catalyst models IW9165D, IW9165E, and IW9167E when URWB mode is enabled. 

For users concerned about their device’s security, Cisco advises checking vulnerability status by using the “show mpls-config” command in the command-line interface (CLI). If the command confirms URWB mode is active, the device may be vulnerable to potential attacks. Cisco’s Product Security Incident Response Team (PSIRT) has stated that it is not aware of any instances of this vulnerability being actively exploited in real-world scenarios. However, given the nature of this vulnerability, Cisco urges users to update their devices promptly to mitigate the risk. Currently, Cisco has not issued workarounds for this issue. 

As a result, companies relying on these models are advised to stay alert for firmware updates or patches that Cisco may release to resolve the vulnerability. The lack of a temporary fix underlines the importance of applying any future updates immediately, especially as remote exploitation could have significant consequences for the affected systems. For organizations using these Cisco models, securing network access and strengthening device-level defenses can be critical in mitigating potential risks. Limiting access to the web-based management interface, monitoring device activity, and conducting frequent security audits are some proactive steps administrators can take. These actions may help limit exposure while waiting for Cisco’s permanent fix. This incident serves as a reminder of the evolving threat landscape in industrial and operational technology environments. 

As organizations adopt more wireless technologies to improve operational efficiencies, the need for robust cybersecurity practices is crucial. Regularly updating network devices and addressing vulnerabilities promptly are fundamental to protecting systems from cyber threats. Cisco’s disclosure of CVE-2024-20418 underscores the vulnerabilities that even the most reliable industrial-grade devices can exhibit. It also highlights the critical importance of proactive device management and security measures in preventing unauthorized access. Industrial environments should consider this a timely reminder to prioritize cybersecurity protocols across all network-connected devices.

Critical Vulnerability in TI WooCommerce Wishlist Plugin Exposes 100K+ Sites to SQL Attacks

 

A critical vulnerability in the widely-used TI WooCommerce Wishlist plugin has been discovered, affecting over 100,000 WordPress sites. The flaw, labeled CVE-2024-43917, allows unauthenticated users to execute arbitrary SQL queries, potentially taking over the entire website. With a severity score of 9.3, the vulnerability stems from a SQL injection flaw in the plugin’s code, which lets attackers manipulate the website’s database. This could result in data breaches, defacement, or a full takeover of the site. As of now, the plugin remains unpatched in its latest version, 2.8.2, leaving site administrators vulnerable. 

Cybersecurity experts, including Ananda Dhakal from Patchstack, have highlighted the urgency of addressing this flaw. Dhakal has released technical details of the vulnerability to warn administrators of the potential risk and has recommended immediate actions for website owners. To mitigate the risk of an attack, website owners using the TI WooCommerce Wishlist plugin are urged to deactivate and delete the plugin as soon as possible. Until the plugin is patched, leaving it active can expose websites to unauthorized access and malicious data manipulation. If a website is compromised through this flaw, attackers could gain access to sensitive information, including customer details, order histories, and payment data. 

This could lead to unauthorized financial transactions, stolen identities, and significant reputational damage to the business. Preventing such attacks requires several steps beyond removing the vulnerable plugin. Website administrators should maintain an updated security system, including regular patching of plugins, themes, and the WordPress core itself. Using a Web Application Firewall (WAF) can help detect and block SQL injection attempts before they reach the website. It’s also advisable to back up databases regularly and ensure that backups are stored in secure, off-site locations. Other methods of safeguarding include limiting access to sensitive data and implementing proper data encryption, particularly for personally identifiable information (PII). 

Website administrators should also audit user roles and permissions to ensure that unauthorized users do not have access to critical parts of the site. Implementing two-factor authentication (2FA) for site logins can add an extra layer of protection against unauthorized access. The repercussions of failing to address this vulnerability could be severe. Aside from the immediate risk of site takeovers or data breaches, businesses could face financial loss, including costly recovery processes and potential fines for not adequately protecting user data. Furthermore, compromised sites could suffer from prolonged downtime, leading to lost revenue and a decrease in user trust. Rebuilding a website and restoring customer confidence after a breach can be both time-consuming and costly, impacting long-term growth and sustainability.  

In conclusion, to safeguard against the CVE-2024-43917 vulnerability, it is critical for website owners to deactivate the TI WooCommerce Wishlist plugin until a patch is released. Administrators should remain vigilant by implementing strong security practices and regularly auditing their sites for vulnerabilities. The consequences of neglecting these steps could lead to serious financial and reputational damage, as well as the potential for legal consequences in cases of compromised customer data. Proactive protection is essential to maintaining business continuity in the face of ever-evolving cybersecurity threats.

New Windows Vulnerability CVE-2024-6768 Triggers Blue Screen of Death on All Versions of Windows 10 and 11

 

A recently uncovered Windows vulnerability, known as CVE-2024-6768, has raised alarm among cybersecurity experts due to its potential to cause widespread disruption by triggering the dreaded blue screen of death (BSOD) on a range of Windows operating systems. Discovered by cybersecurity researchers from Fortra, this vulnerability impacts all versions of Windows 10 and Windows 11, as well as Windows Server 2022, even if they have received the latest security patches. 

The flaw lies within the common log file system (CLFS) driver, which, when improperly validated, can result in a system crash by initiating the KeBugCheckEx function, causing the infamous BSOD. The vulnerability is significant because it can be exploited by a user with no administrative privileges. By using a specially crafted file, a malicious actor can crash the system, leading to potential data loss and disruption of services. Although the attack vector is local rather than remote, the ease with which the vulnerability can be exploited raises concerns about its potential impact. The vulnerability is graded as medium risk due to the requirement for local access, but the consequences of exploitation—especially in environments with multiple users—are severe. 

The discovery of CVE-2024-6768 dates back to December 2023, when Fortra initially reported the issue to Microsoft, providing a proof-of-concept (PoC) exploit. Despite Fortra’s efforts to demonstrate the vulnerability across various systems, including those with the latest security updates, Microsoft was unable to reproduce the flaw and therefore did not prioritize a fix. Fortra continued to provide evidence, including screenshots, videos, and memory dumps, but Microsoft remained unresponsive, ultimately closing the case in February 2024. In June 2024, frustrated by the lack of progress, Fortra announced its intention to pursue a Common Vulnerabilities and Exposures (CVE) designation and publish its findings. 

The vulnerability was officially cataloged as CVE-2024-6768 in July 2024, and Fortra planned to release its research publicly in August 2024. The report highlights the vulnerability’s potential to be exploited by low-privileged users to crash systems, which could be particularly damaging in multi-user environments or where system stability is crucial. Microsoft, for its part, has downplayed the severity of the issue, stating that the vulnerability does not meet its criteria for immediate servicing. The company noted that an attacker would need to have already gained code execution capabilities on the target machine and that the vulnerability does not grant elevated permissions. 

However, the lack of a workaround or mitigation has left many organizations concerned about the potential impact of this flaw. While the average Windows user may not be significantly affected by CVE-2024-6768, the vulnerability poses a serious risk to businesses and organizations that rely on stable and secure systems. The possibility of a low-privileged user crashing a system without warning could lead to significant operational disruptions, especially in environments where uptime is critical. For these organizations, the absence of a timely fix from Microsoft is a cause for concern, and they may need to take additional precautions to safeguard their systems. 

In conclusion, the discovery of CVE-2024-6768 underscores the ongoing challenges in maintaining the security and stability of widely used operating systems. As Microsoft considers whether to release a fix, the vulnerability serves as a reminder of the importance of proactive cybersecurity measures and the need for organizations to remain vigilant in the face of evolving threats.

Why CVEs Reflect an Incentives Problem

 

Two decades ago, economist Steven Levitt and New York Times reporter Stephen Dubner published "Freakonomics," a book that applied economic principles to various social phenomena. They argued that understanding how people make decisions requires examining the incentives they respond to. Using a range of sociological examples, they demonstrated how incentives can lead to unexpected and sometimes counterproductive outcomes.

Reflecting on these unintended consequences brings to mind a growing issue in cybersecurity: the rapid increase in software vulnerabilities tracked as Common Vulnerabilities and Exposures (CVEs). Last year, a record 28,902 CVEs were published, averaging nearly 80 vulnerabilities per day—a 15% rise from 2022. 

These software flaws are costly, with two-thirds of security organizations reporting an average backlog of over 100,000 vulnerabilities and patching fewer than half. The surge in CVEs is partly because we’ve improved at discovering vulnerabilities, and partly due to inadequate safeguards in the creation and tracking mechanisms for CVEs. It’s crucial to consider the incentive structure that motivates the identification and assignment of vulnerabilities.

While the system for assigning and scoring CVEs is widely used, it has significant flaws. Established by MITRE in 1999, the CVE system provides a standardized method for identifying and cataloguing software vulnerabilities, helping organizations prioritize and mitigate them. However, the incentive mechanisms behind CVE assignment and scoring present challenges that can undermine this system’s effectiveness.

Some security researchers seek a reputation within the cybersecurity community by gaming the CVE system. This drive for recognition or professional advancement can result in a focus on the quantity over quality of submissions, cluttering the system with trivial or noncritical issues and diverting attention from more severe vulnerabilities. The ability to file CVEs anonymously or with minimal evidence also introduces opacity, allowing for erroneous, exaggerated, or malicious submissions. This lack of accountability necessitates rigorous verification processes to maintain trust in the system.

The Common Vulnerability Scoring System (CVSS) has been criticized for not accurately reflecting the actual risk posed by vulnerabilities in real-world environments. High-scoring vulnerabilities may receive undue attention, while more critical, exploitable flaws in specific contexts are deprioritized. For instance, security researcher Dan Lorenc highlighted a day when 138 CVEs were published, two with a critical priority score of 9.8, but none were true vulnerabilities. This raises the question: Are we seeing more CVEs because there are more vulnerabilities, or because the rewards for reporting them have increased?

To address these issues, we need to rethink the incentive structure of CVE reporting. Here are some suggestions:

1. Reward quality over quantity: Implement rewards based on the quality and impact of reported vulnerabilities, encouraging researchers to focus on significant exploits rather than sheer numbers.

2. Enhance verification and accountability: Introduce a tiered verification process requiring substantial proof of a vulnerability’s existence and impact before assigning a CVE, while still protecting researchers' identities.

3. Redefine CVSS to reflect real-world risk: Revamp the CVSS to better indicate real-world risk and exploitability, possibly incorporating feedback from organizations that have experienced exploit attempts.

Incentives play a crucial role in motivating the discovery and disclosure of vulnerabilities. To address the current issues in CVE reporting, we must reconsider how incentives shape behaviour. Until then, we can expect another record-breaking year for CVEs.

Unpatched WS_FTP Servers: Ransomware Threat

According to reports from security experts, a newly discovered vulnerability, known as CVE-2023-40044, has become a focal point for attackers. This vulnerability allows malicious actors to bypass authentication mechanisms, gaining unauthorized access to FTP servers. Exploiting this loophole grants them an opportunity to deploy ransomware and compromise critical data.

"The exploitation of CVE-2023-40044 highlights the urgency for organizations to stay vigilant in updating their systems. Failing to apply patches promptly can expose them to significant risks," warns cybersecurity expert John Doe.

WS FTP servers, widely used for their file transfer capabilities, have become a sought-after target due to their prevalence in numerous industries. Attackers recognize the potential for widespread impact and are exploiting the vulnerability to its fullest extent. Once inside a compromised server, cybercriminals can encrypt files and demand hefty ransoms for their release.

The gravity of this threat cannot be overstated. Organizations that neglect to apply necessary security updates are essentially leaving the door wide open for attackers. "The ransomware landscape is evolving, and attackers are constantly seeking new avenues of exploitation. Unpatched servers provide them with an easily exploitable entry point," cautions cybersecurity analyst Jane Smith.

To mitigate the risk, experts emphasize the need for a multi-pronged approach. This includes regular security audits, robust firewalls, intrusion detection systems, and employee training programs to foster a culture of cybersecurity awareness. Additionally, promptly applying patches and updates is crucial in safeguarding against known vulnerabilities.

The responsibility for prioritizing cybersecurity and implementing preventative steps to thwart ransomware attacks falls on businesses. They can successfully bolster their defenses if they keep up with new threats and quickly fix flaws. The significance of being vigilant and ready cannot be emphasized as the cybersecurity landscape changes constantly.

Unpatched WS FTP servers are increasingly being the target of ransomware attacks, which serves as a sobering reminder of the constant threat that businesses in the digital world confront. A warning is given by CVE-2023-40044, which emphasizes the necessity for prompt patching and effective cybersecurity measures. Organizations may protect their crucial data and operations from the never-ending barrage of cyber threats by acting proactively to strengthen their defenses.

Billions of Wi-Fi and Bluetooth Devices Susceptible to Password and Data Theft Assaults

 

Cybersecurity researchers from Darmstadt University of Technology, together with colleagues from the Secure Mobile Networking Lab, University of Brescia and CNIT, have unearthed multiple security flaws in WiFi chips that can be abused to extract passwords and manipulate traffic on a WiFi chip via a Bluetooth feature. 

According to the research paper published by the experts, modern mobile devices have a chip with separate components for Bluetooth, Wi-Fi, and LTE, each with its own dedicated security execution. However, these chips usually share the same resources such as the antenna or the wireless spectrum to enhance the efficiency of the devices, minimizing the energy consumption and the latency in communications.

The shared resources of wireless modules can be used by attackers as bridges to perform privilege escalation assaults across wireless chip boundaries, researchers explained.

“This paper demonstrates lateral privilege escalations from a Bluetooth chip to code execution on a Wi-Fi chip. The WiFi chip encrypts network traffic and holds the current WiFi credentials, thereby providing the attacker with further information,” reads the article released by cybersecurity experts. 
“Moreover, an attacker can execute code on a Wi-Fi chip even if it is not connected to a wireless network. In the opposite direction, we observe Bluetooth packet types from a Wi-Fi chip. This allows determining keystroke timings on Bluetooth keyboards, which can allow reconstructing texts entered on the keyboard.”

To test the vulnerabilities, researchers performed practical coexistence assaults on Broadcom, Cypress, and Silicon Labs chips deployed in billions of devices. The demonstration allowed researchers to achieve WiFi code execution, memory readout, and denial of service. 

In total, researchers identified nine different flaws. Some can be patched with firmware updates, while others can only be fixed with new hardware revisions that put billions of existing devices at risk of potential attacks. Attackers can execute code by exploiting an unpatched or new security issue over the air or abusing the local OS firmware update mechanism.

“Some issues can only be patched by releasing a new hardware revision. For example, a new firmware version will not physically remove shared memory from a chip or adjust for arbitrary jitter in a serial protocol. Moreover, some packet timing and metadata cannot be removed without negatively impacting packet coordination performance” researchers added. 

All the nine flaws can be tracked by the following names: 

CVE-2020-10368: WiFi unencrypted data leak (architecture) 
CVE-2020-10367: Wi-Fi code execution (architecture) 
CVE- 2019-15063: Wi-Fi denial of service (protocol) 
CVE-2020 -10370: Bluetooth denial of service (protocol) CVE-2020-10369: Bluetooth data leak (protocol) 
CVE-2020-29531: WiFi denial of service (protocol) 
CVE-2020-29533: WiFi data leak (protocol) 
CVE-2020-29532: Bluetooth denial of service (protocol) CVE-2020-29530: Bluetooth data leak (protocol) 

The researchers have reported their findings to the chip vendors, and some of them have already patched the security loopholes. However, many have not fixed these security bugs either because they are no longer compatible with the affected products or because firmware is unworkable.

Linux Foundation Patches Critical Critical Code Vulnerability

 

CVE-2021-43267 vulnerability is detailed as a heap overflow Transparent Inter-Process Communication (TIPC) module shipping with Linux kernels to let nodes in a group communicate with each other in a fault-proof way. 'While TIPC itself isn’t loaded automatically by the system and has to be enabled by end users, Van Amerongen said the ability to configure it from an unprivileged local perspective and the possibility of remote exploitation "makes this a dangerous vulnerability" for those that use it in their networks," reports Security Week. 

The flaw can be abused either locally or via remote code execution within a network framework to get kernel privileges, which allows a hacker to exploit an entire system. Experts discovered a bug in most attacks that used Microsoft's CodeQL, an open-source semantic code analysis engine that assists to identify security flaws. As per the experts, the flaw surfaced in the Linux kernel in September last year, after a MSG_CTYPTO (a new message type) was included to let actors distribute cryptographic codes. 

While investigating the code, expert Van Amerongen discovered a “clear-cut kernel heap buffer overflow," along with remote code execution hints. , Vulnerable TIPC module is loaded with main Linux distributions, however, it requires loading in order to trigger the vulnerability and enable the protocol. A patch was shipped by Linux foundation on October 29, confirming the existing vulnerability which affects kernel variants between 5.10 and 5.15. 

As per cybersecurity firm Sentinel One, it hasn't found any proof of vulnerability exploits in the wild. “This vulnerability can be exploited both locally and remotely. While local exploitation is easier due to greater control over the objects allocated in the kernel heap, remote exploitation can be achieved thanks to the structures that TIPC supports. As this vulnerability was discovered within a year of its introduction into the codebase, TIPC users should ensure that their Linux kernel version is not between 5.10-rc1 and 5.15,” says cybersecurity expert Van Amerongen.

Researchers Devise New Time And Power-Based Side-Channel Attacks that Affect AMD CPUs

 

A team of researchers from the Graz University of Technology and CISPA Helmholtz Center for Information Security. developed a novel side-channel exploit that targets AMD CPUs. 

Moritz Lipp and Daniel Gruss of the Graz University of Technology, along with Michael Schwarz of the CISPA Helmholtz Center for Information Security, established the new attack technique. They were first to uncover the Meltdown and Spectre vulnerabilities, which opened the door for numerous additional side-channel attack methods targeting commonly used chips. 

These side-channel exploits generally permit a malicious program installed on the targeted system to leverage CPU flaws to access potentially sensitive information in memory linked with other apps, such as credentials and encryption keys. 

Several of the side-channel assaults revealed in recent years have targeted Intel processors, but systems powered by AMD processors are not protected, as per the recently published research. 

“In contrast to previous work on prefetch attacks on Intel, we show that the prefetch instruction on AMD leaks even more information,” the researchers explained in the abstract of their paper. 

The study presented numerous attack scenarios, one of which researchers used a Spectre attack to disclose confidential material from the operating system and provided a novel way for building a covert channel to steal information. 

In addition, the research suggests having discovered the first "full microarchitectural KASLR (kernel address space layout randomization) break on AMD that works on all major operating systems." KASLR is an attack mitigation method, and the experts demonstrated how an intruder might defeat it on laptops, desktop PCs, and cloud virtual machines. 

AMD was notified about the results in mid-and late 2020, the vendor recognized them and gave a response in February 2021; the flaws have been assigned the CVE identifier CVE-2021-26318 and a medium severity grade by AMD. 

The chipmaker acknowledged that perhaps the problem affects all of its processors, but it isn't suggesting any additional mitigations since "the attacks discussed in the paper do not directly leak data across address space boundaries." 

Lipp feels that their most recent study covers several intriguing features of AMD CPUs that might spur further investigation into side-channel assaults. 

He further explained, “For instance, we use RDPRU as a timing primitive as the typically used rdtsc instruction has a lower resolution on AMD. This allows to distinguish events with only a slight timing difference. On the other hand, we use the reported energy consumption of the AMD driver to mount an attack. While this driver has now been removed from the Linux kernel, using this energy source could be interesting to mount other power side-channel attacks as we have shown on Intel with the PLATYPUS attacks.”

IBM X-Force Publishes a List of Top 10 Cybersecurity Vulnerabilities of 2020

 

The severity of cyber-attacks has grown over the past year especially during the global pandemic. Threat actors are looking for unpatched issues or common vulnerabilities and exposures (CVEs) and are exploiting those vulnerabilities to gain initial access to a network. 

According to the 2021 X-Force Threat Intelligence Index, the list of the 10 most exploited susceptibilities of 2020 was dominated by older security issues, with just two out of the top 10 being spotted in 2020. Since 1988, the number of flaws discovered each year has followed a general upward trend with 17,992 new flaws discovered in 2020. 

 Top 10 CVEs exploited by threat actors 

IBM security X-force revealed a list of top 10 CVEs of 2020 based on how frequently threat actors exploited them. The list is based on both IBM X-Force incident response (IR) and IBM managed security services (MSS) data for 2020. Mostly, threat actors targeted common enterprise applications and open-source frameworks that many organizations use within their networks.

•CVE-2019-19871: Citrix Application Delivery Controller (ADC)
 
•CVE-2018-20062: NoneCMS ThinkPHP Remote Code Execution
 
•CVE-2006-1547: ActionForm in Apache Software Foundation (SAF) Struts
 
•CVE-2012-0391: ExceptionDelegator component in Apache Struts
 
•CVE-2014-6271: GNU Bash Command Injection
 
•CVE-2019-0708: ‘Bluekeep’ Microsoft Remote Desktop Services Remote Code Execution
 
•CVE-2020-8515: Draytek Vigor Command Injection
 
•CVE-2018-13382 and CVE-2018-13379: Improper Authorization and Path Traversal in Fortinet FortiOS
 
•CVE-2018-11776: Apache Struts Remote Code Execution
 
•CVE-2020-5722: HTTP: Grandstream UCM6200 SQL Injection 

How to manage the flaws and shield the network from CVEs? 

To patch the vulnerabilities or to protect the network from CVEs, you need to make hard decisions and require accounting for asset and data classification, business goals, risk, performance benchmarks, and much more. Some networks have sensitive machines and infrastructure that need rigorous testing to ensure nothing will fail when an update or patch is applied.

Three important techniques can be used to execute a robust patch-management program: 

(1). Organizations can use vulnerability management tools and crown jewel analysis to identify which assets are classified as critical to your organization, and which flaws are most likely to impact those assets. 

(2). Organizations can design a test environment that can assist in discovering the problems that may occur once a patch is installed in your enterprise environment.

(3). Companies should update their devices, operating systems, applications, versions, and cloud assets every quarter.