Weekly Threat Briefing: January 15 - 19, 2024
Every week, eSentire’s Threat Response Unit (TRU) compiles the following threat intelligence overview, providing cybersecurity leaders with expert analysis and insights on the most important events of the past week along with important security tips.
Critical GitLab Vulnerabilities
On January 11th, GitLab disclosed multiple vulnerabilities, including one which received the maximum criticality rating of CVSS: 10, tracked as CVE-2023-7028. This vulnerability allows for a user account’s password reset emails to be delivered to an unverified email address, enabling account takeover. Proof-of-Concept (PoC) exploit code was publicly released on January 13th.
Vulnerabilities in GitLab can lead to significant risks such as intellectual property theft, disruption of critical software delivery pipelines, and potential for broader network compromise.
In addition to the public security advisory released on January 15th, eSentire Managed Vulnerability Service (MVS) has plugins in place to identify all the recently disclosed GitLab vulnerabilities and eSentire MDR for Network has rules in place to identify CVE-2023-7028 exploitation attempts.
Critical Confluence Vulnerability
2024-01-22 Update: As of January 21st, there are reports of real-world exploitation of CVE-2023-22527.
On January 16th, Atlassian disclosed a new critical vulnerability that impacts multiple versions of Confluence Data Center and Servers. The vulnerability, tracked as CVE-2023-22527 (CVSS: 10), allows a remote and unauthenticated threat actor to execute arbitrary code on impacted systems.
It's possible that real-world exploitation will occur in the near future so applying the available security patches before exploitation occurs in the wild is critical to prevent abuse.
We released a public advisory on January 17th and eSentire Managed Vulnerability Service (MVS) has plugins in place to detect versions of Confluence vulnerable to CVE-2023-22527.
领英推荐
Volt Typhoon Targets Cisco Routers
On January 11th, SecurityScorecard’s STRIKE Team released a new report outlining attacks on End-of-Life (EoL) Cisco routers; this activity has been attributed to the Chinese state-sponsored APT group Volt Typhoon (aka. Bronze Silhouette).
In these latest attacks, Volt Typhoon is suspected to have targeted two Cisco vulnerabilities that were initially disclosed in 2019: CVE-2019-1653 and CVE-2019-1652. These vulnerabilities impact Cisco RV320/325 routers which are EoL, meaning that no security patches or software updates will be made available.
The recent campaign has impacted government assets in the U.S., U.K., and Australia, where the newly discovered webshell was identified.
The Volt Typhoon campaign's exploitation of vulnerabilities in end-of-life Cisco devices underscores the critical importance of timely patch management, network monitoring, and the urgent need to replace or upgrade outdated technology in modern cyber defense strategies.
Organizations must prioritize upgrading end-of-life devices and continuously monitor their network infrastructure. Regularly updating network assets and implementing robust security protocols are essential to defend against sophisticated threats like Volt Typhoon.
About the eSentire Threat Response Unit (TRU)
Our industry-renowned Threat Response Unit (TRU) is an elite team of threat hunters and researchers, that supports our 24/7 Security Operations Centers (SOCs), builds detection models across our XDR Cloud Platform, and works as an extension of your security team to continuously improve our Managed Detection and Response service. TRU has been recognized for its threat hunting, original research and content development capabilities. TRU is strategically organized into cross-functional groups to protect you against advanced and emerging threats, allowing your organization to gain leading threat intelligence and incredible cybersecurity acumen.