Security News Headlines #113

In today's cybersecurity news, we highlight the latest known exploited vulnerabilities added to CISA’s catalog, new patches from Ivanti, and a comprehensive analysis of FY23 risk assessments. We also explore cloud security breaches, critical vulnerabilities affecting popular platforms like GitLab, and emerging malware tactics. These stories emphasize the persistent threats organizations face and the need for continuous vigilance.

CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added a new vulnerability to its Known Exploited Vulnerabilities Catalog. Organizations are urged to prioritize patching this flaw to mitigate potential attacks, as it is actively being exploited in the wild.

Ivanti Releases Security Update for Cloud Services Appliance
Ivanti has issued an important security update for its Cloud Services Appliance, addressing vulnerabilities that could lead to unauthorized access or system compromise. Users are encouraged to apply the update as soon as possible.

CISA Releases Analysis of FY23 Risk and Vulnerability Assessments
CISA has published its analysis of risk and vulnerability assessments (RVAs) for fiscal year 2023, revealing critical insights into the most common security weaknesses in federal agencies. The report provides recommendations for strengthening defenses.

Google Introduces Kyber on Web for Enhanced Post-Quantum Security
Google has introduced Kyber, a post-quantum cryptography algorithm, for secure web applications. This marks a significant step in preparing for future quantum threats, ensuring web communications remain secure in the coming years.

GitLab CE/EE Critical Security Flaw Exposed
A critical vulnerability affecting GitLab Community Edition (CE) and Enterprise Edition (EE) has been identified, potentially allowing attackers to execute arbitrary code. GitLab administrators are advised to apply the latest patches immediately.

Researchers Investigate Backdoors in 1.3 Million Android Streaming Boxes
Security researchers are investigating how over 1.3 million Android streaming boxes were infected with backdoors. The devices are being exploited for various malicious activities, though the initial infection vector remains unclear.

Fortinet Customer Data Breach via Third-Party Vendor
Fortinet has disclosed a data breach affecting customer information, which occurred through a third-party vendor. The breach underscores the importance of vetting third-party service providers to avoid data exposure risks.

Army Division Runs Cybersecurity Operations for Remote Brigade
In a first, a U.S. Army division provided remote cybersecurity support for a brigade stationed far away. The exercise demonstrates how military units can now protect their networks across large geographical distances through advanced cybersecurity measures.

Deep Dive into Ivanti Endpoint Manager RCE Vulnerability (CVE-2024-29847)
Horizon3.ai explores the Ivanti Endpoint Manager deserialization vulnerability (CVE-2024-29847) that could allow remote code execution (RCE). Attackers exploiting this flaw could gain complete control over affected systems, making patching critical.

Apple Vision Pro Vulnerability Discovered
Researchers have uncovered a security vulnerability in Apple’s Vision Pro headset, potentially allowing attackers to hijack the device. Apple is investigating and working on a patch to secure this next-generation technology.

Reducing Fraud Risk in User Sign-Ups with Amazon Cognito
Amazon is rolling out new features in Cognito User Pools to reduce the risks of user sign-up fraud and SMS pumping. These tools help improve the security of user registrations and prevent abuse by bad actors.

Cryptographic Vulnerability: Don’t Reuse Nonces
Trail of Bits explores the dangers of nonce reuse in cryptographic operations, which can lead to serious vulnerabilities. The blog stresses the importance of proper nonce generation and management in secure systems.

Hadooken Malware Targets Oracle WebLogic Servers
Hadooken malware is exploiting Oracle WebLogic servers to deploy ransomware and other malicious activities. Administrators of WebLogic environments are urged to apply recent patches and strengthen their security configurations.

Malware Locks Browsers in Kiosk Mode to Steal Google Credentials
A new form of malware locks victims' browsers in kiosk mode to trick them into entering their Google credentials. This technique highlights the growing sophistication of phishing attacks aimed at stealing account information.

The Dark Nexus Between Harm Groups and the .COM
Brian Krebs explores the connection between harmful online groups and the use of .COM domains for illegal activities. This investigation sheds light on how cybercriminals leverage these domains for malicious purposes.