Threat advisories

Top Middle East Cyber Threats – February 06, 2024

Feb-2024 3 min to read

At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats.

In this blogpost, we share the top cybersecurity threats our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead.

Cisco Fixes Critical Remote Code Execution Vulnerability

Cisco has issued critical software updates for its Unified Communications and Contact Center Solutions products. These security updates address a vulnerability, identified as CVE-2024-20253, which could allow an unauthenticated, remote attacker to execute arbitrary code on the affected devices. The Common Vulnerability Scoring System (CVSS) has rated this vulnerability with a severity score of 9.9, classifying it as critical.

The vulnerability results from the improper processing of user-supplied data read into memory. It can be exploited by sending a specially crafted message to a listening port on an affected device. Successful attacks can lead to the execution of arbitrary commands and achieving root access on the device.

RECOMMENDATIONS

Ensure all systems are patched and updated.

Ivanti Warns of a New Actively Exploited Zero-Day

Ivanti has issued warnings about two new high-severity vulnerabilities found in its Connect Secure and Policy Secure solutions, which are respectively tracked as CVE-2024-21888 (with a CVSS score of 8.8) and CVE-2024-21893 (with a CVSS score of 8.2). The company has also reported that one of these vulnerabilities is currently being exploited actively.

CVE-2024-21888 represents a privilege escalation issue located within the web component of Ivanti Connect Secure (versions 9.x and 22.x) and Policy Secure (versions 9.x and 22.x). This vulnerability allows an attacker to gain administrative privileges.

The second vulnerability, CVE-2024-21893, is identified as a server-side request forgery (SSRF) vulnerability in the SAML component of Connect Secure (versions 9.x and 22.x), Policy Secure (versions 9.x and 22.x), and Neurons for Zero Trust Access (ZTA). This flaw enables an authenticated attacker to access specific restricted resources.

Ivanti also cautions that the situation is dynamic, with the potential for multiple threat actors to quickly adjust their tactics, techniques, and procedures (TTPs) to exploit these vulnerabilities in their malicious campaigns.

RECOMMENDATIONS

Enable software restriction policies and application whitelisting.
Enforce the Restricted PowerShell script execution policy for end users.
Monitor your network for abnormal behaviours.
Ensure frequent backups are in place.

Google Chrome Update Fixes High Severity Vulnerabilities

Google has released a security update to address three high-severity vulnerabilities in the Chrome browser. These issues have been successfully resolved in the latest version of Chrome, 121.0.6167.139, for Mac and Linux, and versions 121.0.6167.139/140 for Windows. The patches will be gradually deployed over the coming days and weeks.

Notably, all three of the externally contributed fixes are classified as high-severity vulnerabilities.

RECOMMENDATIONS

Ensure all systems are patched and updated.

Fortra Update Addresses Authentication Bypass Vulnerability

Fortra has issued a security update to address a newly discovered authentication bypass vulnerability, identified as CVE-2024-0204, with a CVSS score of 9.8. This vulnerability affects the GoAnywhere MFT (Managed File Transfer) product.

The GoAnywhere Managed File Transfer from Fortra is a comprehensive solution designed for secure file transfer, data encryption, and compliance management. It offers a centralized platform that facilitates the management and automation of file transfers across different systems and applications, ensuring secure and regulated data exchange within an organization’s network.

The flaw, CVE-2024-0204, allows unauthorized users to exploit the vulnerability and create admin users through the administration portal of the appliance. This vulnerability affects versions of Fortra GoAnywhere MFT 6.x starting from 6.0.1 up to and including Fortra GoAnywhere MFT 7.4.0. Fortra has resolved this issue with the release of GoAnywhere MFT 7.4.1.

RECOMMENDATIONS