SecurityDigest: Cybersecurity News and Updates 14.10.2024-21.10.2024

Microsoft warned of the loss of critical security logs for a month

Microsoft has notified corporate clients about a bug that caused security logs not to be appropriately collected from September 2 to 19, 2024. This crucial data includes logins and activity logs, vital for monitoring suspicious activity and preventing cyberattacks. Although the problem has been resolved, all service activities were at risk until October 3.

This significantly impacted the services of Microsoft Entra, Azure Logic Apps, Microsoft Sentinel, and others, resulting in gaps in secure data.

During other updates, this new bug triggered a deadlock in the agent's dispatching mechanism, preventing telemetry uploads.

Recommendations

Customers are advised to check the integrity of their security logs, update their systems to the latest patches immediately, and consider implementing additional security monitoring tools to reduce the risk of future data loss.

Сritical vulnerability in Kubernetes Image Builder provides access to Root rights on virtual machines

Two vulnerabilities (CVE-2024-9486 and CVE-2024-9594) have been discovered in Kubernetes Image Builder that could allow attackers to gain root access to virtual machines (VMs). The most serious of these, CVE-2024-9486 (CVSS 9.8), concerns building images using the Proxmox provider where standard credentials are not disabled. This allows attackers to gain complete control over vulnerable nodes. Another vulnerability (CVE-2024-9594) affects the Nutanix , OVA, QEMU, and raw providers, but these default credentials are disabled after the build process is complete.

Recommendations

You should check the version of Image Builder and update it to v0.1.38 or later. It is also recommended that all vulnerable images be rebuilt. A workaround is to disable the "builder" account on the affected VMs using the "usermod -L builder" command.

VMware Patches Critical SQL Injection Vulnerability in HCX Platform

VMware has released a patch for the critical vulnerability CVE-2024-38814 in its HCX platform. This vulnerability allows users with non-administrative privileges to execute remote code on the HCX manager via specially crafted SQL queries. The vulnerability has a high severity rating (CVSS 8.8/10), affecting versions 4.8.x, 4.9.x, and 4.10.x. The company recommends applying available patches as soon as possible.

Recommendations

Please ensure that you apply the patches released by VMware for all vulnerable versions of the HCX platform.

Cisco Releases Patches for Analog Telephone Adapter Vulnerabilities

思科 has released security updates for eight vulnerabilities in the firmware of the ATA 190 series analog telephone adapters, two of which are considered high risk.

The first vulnerability (CVE-2024-20458) allows remote attackers to modify settings or delete configurations via unauthorized access to the web management interface.

The second vulnerability (CVE-2024-20421) allows CSRF attacks by forcing users to click on malicious links.

Cisco also fixed other medium-severity flaws that could lead to the execution of commands with administrative privileges or the leakage of passwords. Patches are available in firmware version 12.0.2 for ATA 191 and 11.2.5 for ATA 191 and 192.

Recommendations

Update the firmware to the latest version to close the vulnerabilities. If installing patches immediately is impossible, turn off the web management interface to mitigate the risks.

Follow our weekly updates to stay up-to-date with recommendations on how to protect your data from cyber-attacks.

Best Regards,

FS Group Team