Sunday, May 26, 2024
HomeNewsAruba Devices Exposed to RCE Attack Due to Four Critical Vulnerabilities 

Aruba Devices Exposed to RCE Attack Due to Four Critical Vulnerabilities 

The four critical vulnerabilities listed below among ten found security flaws have contributed immensely to the exposure by impacting Mobility Conductor (formerly Mobility Master), Mobility Controllers, and WLAN Gateways and SD-WAN Gateways managed by Aruba Central present in ArubaOS 10.5.1.0 and below, ArubaOS 10.4.1.0 and below, ArubaOS 8.11.2.1 and below, and ArubaOS 8.10.0.10 and below.

  • CVE-2024-26304 (CVSS score: 9.8) – Unauthenticated Buffer Overflow Vulnerability in the L2/L3 Management Service Accessed via the PAPI Protocol
  • CVE-2024-26305 (CVSS score: 9.8) – Unauthenticated Buffer Overflow Vulnerability in the Utility Daemon Accessed via the PAPI Protocol
  • CVE-2024-33511 (CVSS score: 9.8) – Unauthenticated Buffer Overflow Vulnerability in the Automatic Reporting Service Accessed via the PAPI Protocol
  • CVE-2024-33512 (CVSS score: 9.8) – Unauthenticated Buffer Overflow Vulnerability in the Local User Authentication Database Accessed via the PAPI Protocol

Over 400 Million Google Accounts Now Use Passkeys 

According to a report by Google on the 2nd of May 2024, there is a record of users getting authenticated over 1 billion times for the past two years due to over 400 million Google accounts adopting the use of passkeys. This shift to passkeys proves their superiority over the legacy form of two-factor authentication such as SMS one-time passwords (OTPs) and app-based OTPs on Google accounts. In a statement released by the tech giant, they highlighted the benefits of passkeys, stating, “Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin, making them 50% faster than passwords.”

Stainless Foundry & Engineering Inc, a company with over 200 employees and a revenue of $ 34.5 million, has fallen victim to a devastating Play ransomware group attack. This attack has affected the company’s operations in Aerospace, Marine, Nuclear, Structural, Power Generation, Heat treatment equipment, Chemical, Petrochemical, Metering, Valve, Pule & Paper, Instrumentation , Military , Pharmaceutical , Pump, Knives, Food & Dairy, and Pollution Abatement sectors.

North Korean Hackers are Spoofing Emails from Trusted Sources 

Joint information from the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State advised North Korean threat actors’ attempts to send phishing emails perfectly drafted to appear from legitimate sources and trusted parties. NSA claimed, “The DPRK [Democratic People’s Republic of Korea] leverages these spear-phishing campaigns to collect intelligence on geopolitical events, adversary foreign policy strategies, and any information affecting DPRK interests by gaining illicit access to targets’ private documents, research, and communications.” Further details about the threat actors’ action revealed the technique focused on exploiting wrongly configured DNS Domain-based Message Authentication, Reporting, and Conformance (DMARC) to conceal social engineering attempts.

Microsoft Graph API Abuse is Experiencing a Tremendous Increase.

A report revealed that a threat actor is leveraging Microsoft Graph API for stealthy malware communications. Further information revealed that the threat actor intends to facilitate communications with the command-and-control (C&C) infrastructure hosted on Microsoft cloud services. This isn’t the first time a threat actor has leveraged the Microsoft Graph API for this purpose. In June 2021, the first instance of its use was recorded in an activity labelled Harvester.

 

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular