Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution vulnerability

Severity: Zero day

Date of Publish: 06,Aug'24

Affected System:

Apache OFBiz: through 18.12.14

Summary

Apache OFBiz open-source enterprise resource planning ERP Allows Remote Code Execution vulnerability

Description

a zero-day pre-authentication remote code execution vulnerability was  identified  in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow remote attacker to execute arbitrary code in the affected systems..

Recommendations /Solutions

upgrade to version 18.12.15

 

Vendor Reference:

https://issues.apache.org/jira/browse/OFBIZ-13128
https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w
https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html

 

CVE:

CVE-2024-38856

NOTE : The information is provide is on “as is “ basis, without assurance of any kind .

 Revision history

1. 06-Aug-24 - First advisory released. ---update -update version avaible

 

Read More

Windows Crashes Due to Crowdstrike Updates

Windows Crashes Due to Crowdstrike Updates

Date of Publish : July 20,2024

Severity-Critical

System Affected

• Windows hosts

Non Affected systems

• MacOS
• Linux system

Summary

Crowdstrike released an update that is causing widespread "blue screens of death" (BSOD) on Windows systems.

Description,

This situation occur may be by sending a phishing emails circulating claiming come from "Crowdstrike Support" or "Crowdstrike Security" to update the component. One domain possibly associated with these phishing attacks is : crowdfalcon-immed-update [ .] com .once copned and download it will cause BSOD attack.

Workaround steps for individual hosts:

• Reboot the host to give it an opportunity to download the reverted channel file. We strongly recommend putting the host on a wired network (as opposed to WiFi) prior to rebooting as the host will acquire internet connectivity considerably faster via ethernet.
• If the host crashes again, then:
• Boot Windows into Safe Mode or the Windows Recovery Environment
• NOTE: Putting the host on a wired network (as opposed to WiFi) and using Safe Mode with Networking can help remediation.
• Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory
• Windows Recovery defaults to X:\windows\system32
• Navigate to the appropriate partition first (default is C:\), and navigate to the crowdstrike directory:
• C:
• cd windows\system32\drivers\crowdstrike
• Note: On WinRE/WinPE, navigate to the Windows\System32\drivers\CrowdStrike directory of the OS volume
• Locate the file matching “C-00000291*.sys” and delete it.
• Do not delete or change any other files or folders
• Cold Boot the host
• Shutdown the host.
• Start host from the off state.

Note: BitLocker-encrypted hosts may require a recovery key

References.

Vendor Reference.

https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/.

NOTE : The information is provide is on “as is “ basis, without assurance of any kind .

Revision history

1. 19-Jun-24 - First advisory released. ---update -workaround available 

Read More

DLP- Data Leakage prevention -Explained

DLP- Data Leakage prevention -Explained

DLP provides cybersecurity solution that detects and prevents data breaches. implements a set of processes, procedures, and tools to prevent the loss, misuse of data from cyber threats.

Type of DLP

•        Network DLP
• Endpoint DLP
• Cloud DLP
• Storage /Data center DLP

 

DLP Tools:

•    Teramind
•     Safetica
•     Code42 Incydr
•     Check Point
•     Trend Micro IDLP
•     Sophos
•     Endpoint Protector
•     Symantec DLP
•     Digital Guardian
•     Trelix
•     Forcepoint DLP
•     Proofpoint DLP
•     Fidelis
•     Clumio
•     Microsoft Purview DLP
•     DTEX inTERCEPT

Network DLP is a Data Loss Prevention solution that monitors risky user behaviour on the network to detect and block potential data exfiltration.

 

·        Data Packet Inspection

·        Protocol Inspection

·        Data Filtering

·        User Activity Monitoring

 

Endpoint DLP: Focuses on securing data at the endpoint– individual devices such as individual employee computers. 

 

• Data Discovery and Classification
• Data Encryption
• Device Control
• User Behaviour Monitoring

Cloud data loss prevention (DLP) helps keep an organization’s sensitive or critical information safe from cyber-attacks, insider threats and accidental  exposure. Cloud DLP provides protection for sensitive data in SaaS and IaaS applications.

·       API Monitoring

·       Data Encryption

·       Cloud access control

·       Shadow IT detection

 

Storage /Data-center DLP- security strategy and focuses on detecting and preventing the loss, leakage, or misuse of data through breaches, exfiltration transmissions, and unauthorized use.

 

·       Data access control

·       Data activity Monitoring

·       Data anonymization

·       Data masking

 

 

NOTE : The information is provide is on “as is “ basis, without assurance of any kind .

 

Read More

Sysinternals' Process Monitor v4 Released

Sysinternals' Process Monitor v4 Released

Date of Publish: June 26,2024

New version of process  monitor is released and  improves performance and user interface.

Process Monitor:https://learn.microsoft.com/sysinternals/downloads/procmon

 

NOTE : The information is provide is on “as is “ basis, without assurance of any kind 

 

Read More

Multiple vulnerbilities in Redhat Enterprise Linux

Date:June 21,2024

Severity:Medium

Impacted system

• Red Hat Enterprise Linux for x86_64
• Red Hat Enterprise Linux for ARM 64
• Red Hat Enterprise Linux for Power, little endian
• Red Hat Enterprise Linux for IBM z Systems
• Red Hat Enterprise Linux Fast Datapath (for IBM z Systems)
• Red Hat Enterprise Linux Fast Datapath (for RHEL Server for IBM Power LE)
• Red Hat Enterprise Linux Fast Datapath
• Red Hat Enterprise Linux Fast Datapath (for RHEL for ARM 64)
• Red Hat Service Interconnect
• Red Hat OpenShift Serverless for IBM Z and LinuxONE
• Red Hat Openshift Serverless
• Red Hat Openshift Serverless for ARM
• Red Hat OpenShift Serverless for IBM Power, little endian
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support
• Red Hat Enterprise Linux for x86_64 - Extended Update Support
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions
• Red Hat Enterprise Linux Server - TUS
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support
• Red Hat Enterprise Linux Server - Extended Life Cycle Support
• Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian
• Red Hat Enterprise Linux Server
• Red Hat Enterprise Linux Desktop
• Red Hat Enterprise Linux Workstation
• Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates
• Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates
• Red Hat Enterprise Linux Server - AUS
• Red Hat CodeReady Linux Builder for ARM 64
• Red Hat CodeReady Linux Builder for Power, little endian
• Red Hat CodeReady Linux Builder for x86_64
• Red Hat CodeReady Linux Builder for IBM z Systems
• Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support
• Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support
• Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support
• Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support
• Red Hat Migration Toolkit for Applications

Summary

Redhat publish multiple vulnerabilities in their Redhat  enterprise linux and other system by which an attacker could allow remote code execution or take control of the affected system .

Description

RHSA-2024:4004	Important:thunderbird security update
RHSA-2024:4014	Important:ghostscript security update
RHSA-2024:4015	Important:thunderbird security update
RHSA-2024:4016	Important:thunderbird security update
RHSA-2024:4018	Important:thunderbird security update
RHSA-2024:4023	Important:Release of openshift-serverless-clients kn 1.33.0 security update & enhancements
RHSA-2024:4028	Moderate:Release of OpenShift Serverless 1.33.0 security update & enhancements
RHSA-2024:4034	Important:Red Hat Service Interconnect 1.5.4 Release security update (images)
RHSA-2024:4035	Important:ovn-2021 security update
RHSA-2024:4036	Important:thunderbird security update
RHSA-2024:4003	Important:thunderbird security update
RHSA-2024:4002	Important:thunderbird security update
RHSA-2024:4001	Important:thunderbird security update
RHSA-2024:4000	Important:ghostscript security update
RHSA-2024:3999	Important:ghostscript security update
RHSA-2024:3998	Moderate:curl security update
RHSA-2024:3989	Important:Migration Toolkit for Applications security and bug fix update

Solution

Please apply patches/fixes as recommended by vendor :

https://access.redhat.com/security/security-updates/security-advisories?q=&p=1&sort=portal_publication_date+desc&rows=10&portal_advisory_type=Security+Advisory&documentKind=Errata

Vendor Information

Redhat :

https://access.redhat.com/security/security-updates/security-advisories?q=&p=1&sort=portal_publication_date+desc&rows=10&portal_advisory_type=Security+Advisory&documentKind=Errata

NOTE : The information is provide is on “as is “ basis, without assurance of any kind 

Read More

Multiple remote code execution in VMWare products

Multiple remote code execution in VMWare products.

Date of Publish: June 20,24

Severity:Critical

Affected Software:

• VMware vCenter Server
• VMware Cloud Foundation

Summary:

Multiple remote code execution vulnerabilities in VMware products  which can allow attacket to take over the contrl of the affected systems.

Description:

The list of vulnerabilities is as follows -

• CVE-2024-37079 & CVE-2024-37080- Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could allow a,n attacker with network access to vCenter Server can do remote code execution by sending a specially crafted network packet

• CVE-2024-37081 - Multiple local privilege escalation vulnerabilities in VMware vCenter arising due to the misconfiguration of ("sudo") that an authenticated local user with non-administrative privileges could exploit to obtain root permissions.

Impacted CVE:

CVE-2024-37079
CVE-2024-37080
CVE-2024-37081

 Solution:

https://core.vmware.com/resource/vmsa-2024-0012-questions-answers#introduction

 

Vendor reference:

https://core.vmware.com/resource/vmsa-2024-0012-questions-answers#introduction

Broadcom:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453 

 

NOTE : The information is provide is on “as is “ basis, without assurance of any kind 

Read More