Tecplix ThreatTrack Insights -March II

1.?Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug

Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting the Bamboo Data Center and Server that could be exploited without requiring user interaction.

Key Takeaways:

• Unauthenticated attackers can exploit this vulnerability to steal, modify, or disrupt critical data.
• The vulnerability resides within a dependency (org.postgresql:postgresql) used by Bamboo.

Impact:

This vulnerability is critical (CVSS score: 10.0) and can lead to severe consequences, including:

• Data confidentiality breaches (exposed sensitive information)
• Data integrity compromise (altered or manipulated data)
• System availability disruption (denial of service)

Who is Affected:

Users running Bamboo Data Center and Server versions 8.2.1 through 9.5.0 with the non-default connection property "preferQueryMode=SIMPLE" set are at risk.

Recommendation:

Upgrade to the latest patch from the link below:

• https://confluence.atlassian.com/security/security-bulletin-march-19-2024-1369444862.html
• https://confluence.atlassian.com/bambooreleases/bamboo-release-notes[1]1189793869.html

2.?Critical Vulnerabilities in Adobe Products

Multiple critical security vulnerabilities have been identified in various Adobe products. These vulnerabilities could allow attackers to remotely compromise your system, steal sensitive information, or take complete control.

?Key Takeaways:

• Affected products include Adobe Experience Manager, Premiere Pro, ColdFusion, Bridge, Lightroom, Animate, and others.
• Attackers could exploit these vulnerabilities to bypass security measures, run malicious code, and gain unauthorized access to your system.
• This could lead to data theft, system damage, and other security risks.

Impact:

These vulnerabilities pose a significant risk to users of affected Adobe products. Successful exploitation could have severe consequences, including compromised systems, stolen data, and disrupted workflows.

Who is Affected:

?This advisory applies to anyone using the following Adobe products:

• Adobe Experience Manager (AEM) versions 6.5.19.0 and earlier
• Adobe Premiere Pro (Windows & macOS) versions 24.1 and earlier, versions 23.6.2 and earlier
• ColdFusion versions 2023 Update 6 and earlier, 2021 Update 12 and earlier
• Adobe Bridge (Windows & macOS) versions 13.0.5 and earlier, versions 14.0.1 and earlier
• Lightroom versions 7.1.2 and earlier (macOS)
• Adobe Animate (Windows & macOS) versions 23.0.3 and earlier, versions 24.0 and earlier
• And potentially other Adobe products

Recommendation:

Apply appropriate updates as mentioned by the vendor: https://helpx.adobe.com/security/products/premiere_pro/apsb24-12.html https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html https://helpx.adobe.com/security/products/bridge/apsb24-15.html https://helpx.adobe.com/security/products/experience-manager/apsb2405.html https://helpx.adobe.com/security/products/lightroom/apsb24-17.html https://helpx.adobe.com/security/products/animate/apsb24-19.html

3.?StrelaStealer Malware Targets Businesses in EU and US

A sophisticated phishing campaign utilizing StrelaStealer malware is targeting businesses across various sectors in the EU and US. This information-stealing malware steals email login credentials and evades detection through frequent updates and obfuscation techniques.

?Key Takeaways:

• StrelaStealer targets email login data and has been used in large-scale campaigns since November 2022.
• Phishing emails with attachments (ZIP files in recent campaigns) deliver the malware.
• Attackers continuously change tactics (file formats, obfuscation) to bypass security measures.
• Other malware threats like RATs are also being used in phishing campaigns.

Impact:

• Compromised email accounts can lead to data breaches, financial losses, and reputational damage.
• Businesses of all sizes across various sectors are at risk.

Who is Affected:

This campaign poses a threat to organizations in the EU and US, particularly those in high-tech, finance, professional services, manufacturing, government, energy, insurance, and construction sectors.

Recommendations:

• Enforce robust MFA for accessing sensitive accounts and systems.
• Implement email filtering solutions to block phishing emails before they reach users' inboxes.
• Educate employees about the dangers of phishing emails and the importance of not clicking on suspicious links or downloading attachments from unknown senders.

4.?Critical Security Flaw in miniOrange WordPress Plugins

A critical security vulnerability has been discovered in miniOrange's Malware Scanner and Web Application Firewall plugins for WordPress. This flaw allows attackers to take complete control of affected websites.

Key Takeaways:

• The vulnerability (CVE-2024-2172) impacts both Malware Scanner (versions <= 4.7.2) and Web Application Firewall (versions <= 2.1.1).
• These plugins have been permanently discontinued and will not receive a security patch.
• Unpatched websites are vulnerable to attacker takeover, enabling them to steal data, inject malware, or deface the website.

Impact:

• This vulnerability allows unauthenticated attackers to gain full administrative access to WordPress websites.
• Attackers can then manipulate the website in various ways, including uploading malware, modifying content, or redirecting users to malicious websites.

Who is Affected:

WordPress administrators using miniOrange Malware Scanner (versions <= 4.7.2) or Web Application Firewall (versions <= 2.1.1).

Recommendations:

• Delete the affected plugins, including Malware Scanner (versions <= 4.7.2), Web
• Application Firewall (versions <= 2.1.1), and RegistrationMagic (versions <= 5.3.0.0), from your WordPress websites.
• Perform regular security audits of your WordPress website to identify and address any vulnerabilities or weaknesses.
• Implement security best practices such as using strong and unique passwords, enabling two-factor authentication (2FA) for user accounts, limiting user permissions to the minimum required for their roles, and regularly backing up your website may indicate malware activity.

5.?GitLab Vulnerabilities Allow Privilege Escalation and Security Bypass

Multiple critical vulnerabilities have been identified in GitLab versions before 16.9.2, 16.8.4, and 16.7.7 (both Community and Enterprise Editions). These vulnerabilities could be exploited by attackers to bypass security measures and gain unauthorized control of your GitLab instance.

Key Takeaways:

• Attackers can potentially bypass authorization for CODEOWNERS, allowing unauthorized access to sensitive information.
• An attacker with a custom role can potentially steal group access tokens with owner privileges, granting them full control over your GitLab instance.

Impact:

Successful exploitation of these vulnerabilities could allow attackers to:

• Gain unauthorized access to sensitive Git repositories and data.
• Disrupt project workflows and deployments.
• Take complete control over your GitLab instance.

Who is Affected:

All users of GitLab Community Edition (CE) or Enterprise Edition (EE) versions prior to 16.9.2, 16.8.4, and 16.7.7 are at risk.

Recommendation:

Apply appropriate update as mentioned in GitLab security release: https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/ https://about.gitlab.com/update/

In Crisis?

If you suspect a compromise or face a critical security issue, connect with us to unlock rapid, expert protection. Your Security and Business Continuity is our top Priority!

Get in touch with our security team by filling out this form or call at +91 6366 600 700.