One Article Review
| Source |  Cyble |
|---|---|
| Identifiant | 8643359 |
| Date de publication | 2025-01-27 15:02:33 (vue: 2025-01-27 15:08:13) |
| Titre | IT Vulnerability Report: 7-Zip, Windows and Fortinet Fixes Urged by Cyble |
| Texte | >
Overview
Cyble\'s vulnerability intelligence report to clients last week examined high-risk flaws in 7-Zip, Microsoft Windows, and Fortinet, among other products. It also examined dark web claims of a zero-day vulnerability in Apple iOS.
In all, the report from Cyble Research and Intelligence Labs (CRIL) looked at 14 vulnerabilities and dark web exploits, including one vulnerability with a maximum CVSS severity score of 10.0 and another with more than 276,000 web exposures.
Here are some of the vulnerabilities highlighted by Cyble\'s vulnerability intelligence unit as meriting high-priority attention by security teams.
The Top IT Vulnerabilities
CVE-2024-50603 is a 10.0-severity OS Command Injection vulnerability in the Aviatrix Controller that could allow an unauthenticated user to execute arbitrary commands against the cloud networking platform controller, due to improper neutralization of special elements used in an OS command. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
CVE-2025-0411 is a critical vulnerability in the 7-Zip file archiving software that allows attackers to bypass the Mark-of-the-Web (MOTW) protection mechanism, which is intended to warn users about potentially dangerous files downloaded from the internet. An attacker could use the vulnerability to craft an archive file so that the files do not inherit the MOTW mark when they are extracted by 7-Zip. The vulnerability was just announced, but a patch has been available since November 30. As 7-Zip lacks an auto-update function, users must download the update directly.
CVE-2024-12084 is a 9.8-severity Heap-Based Buffer Overflow vulnerability in the Rsync file synchronization tool. The vulnerability arises from improper handling of checksum lengths that exceed the fixed limit of 16 bytes (SUM_LENGTH) during the processing of user-controlled data. An attacker could manipulate checksum lengths, leading to out-of-bounds memory writes in the sum2 buffer. This could enable remote code execution (RCE) on systems running the Rsync server. Cyble detected more than 276,000 vulnerable web-facing Rsync exposures (image below).
Dark Web Exploits and Zero Days
The |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | the 000 0411 is 12084 2023 2024 2025 276 34990 49138 50603 55591 about access actions active actively activities actors added advisories affected affecting against agency aggregate alerts alignment all allegedly allow allowing allows also among analyze suspicious announced another an incident apple applications appropriate arbitrary archive archiving are areas arises assess assessment assets attacker attackers attacks attention audits authentication authoritative auto automate available aviatrix a comprehensive backups based becoming been being below best bounds buffer but bypass bytes can catalog certs checksum cisa claims clfs click here clients cloud code command commands common complement compliance comprehensive conclusion conduct consider consistency controlled controller controls correlate could craft create cril critical criticality current cve cvss cybercrime cybersecurity cyble dangerous dark data day days deployment detect detected detecting detection develop devices directly discussed discussion distinct divide download downloaded driver due during effectiveness efficiency efforts elements elevation enable ensure environment essential event events evidence examined exceed execute execution exercises exploit exploitation exploited exploits exposures extracted facing file files firewalls fixed fixes flaws following fortinet fortios fortiproxy fortiwlm forums from full function handling hardware has heap here high highlighted identified identify image impact implement implementing improper incidents includes including increasing indicators information infrastructure inherit injection integrity intelligence intended internet inventory ios isolate its just kev known labs lacks lan last latest leading leaks length lengths less limit log logging logs looked maintain maintaining management manipulate mark maximum mechanism memory meriting microsoft monitor monitoring more motw must network networking neutralization not november offering official one organizations other out outlines overflow overview patch patches patching path penetration periodic plan platform policies possible potentially potential threats practices practices: present prevent prioritize priority privilege proactive procedures process processing products protect protecting protection quickly ransomware rce real recommendations recommended recovering reduce regular regularly relative remediate remote report report: reports research resistant respond responding response response plan resulting review risk rsync running sale score secure security segments sensitive sensitivity server severity should siem since software solution solutions solution like some sources special specific standards stay strategy strong subscribe such suggesting sum sum2 surface exposed synchronization system systems take teams test testing than them these the attack those threat threats time tool top traversal unauthenticated under unit update urged use used user users vapt vendors verification vigilant vlans vulnerabilities vulnerability vulnerable warn weaponizes web week were: when where which wider windows wireless writes your zero zip cyble |
| Tags | Tool Vulnerability Threat Patching Cloud |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.