AWS vulnerability exposes accounts, Cisco and VMWare patches, MFA and identify attacks lead Q3 threat landscape...
Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.
Vulnerabilities and Patches
AWS CDK Vulnerability Exposed Accounts to Full Takeover Risk
AWS patched a critical flaw in its Cloud Development Kit (CDK) that left accounts vulnerable to takeover through predictable S3 bucket names. Identified by Aqua Security, the flaw affected unpatched versions of CDK. AWS has urged users to update to CDK v2.149.0 and perform a one-time environment bootstrap to secure their accounts.
Cisco Patches Vulnerability Exploited in Brute-Force Attack Campaign
Cisco released patches addressing vulnerabilities in Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Secure Firewall Management Center (FMC) products. Among them, CVE-2024-20481, a vulnerability in the Remote Access VPN service of ASA and FTD, was actively exploited in large-scale brute-force attacks. The flaw could lead to a denial-of-service condition due to resource exhaustion. Cisco also issued patches for other high-severity issues that could allow unauthorized access or system control.
VMware Releases vCenter Server Update to Address Critical RCE Vulnerability
VMware has issued updates for its vCenter Server software to patch a critical remote code execution (RCE) vulnerability, CVE-2024-38812, with a CVSS score of 9.8. The flaw, which impacts specific versions of vCenter, can be exploited through specially crafted packets, potentially allowing unauthorized remote access. Users are strongly advised to update to secure their environments.
Cyber Attacks
Cybercriminals Exploiting Docker API for Crypto Mining with SRBMiner Malware
Cybercriminals are exploiting exposed Docker API servers to deploy SRBMiner for illicit cryptocurrency mining. By leveraging gRPC and HTTP/2 protocol upgrades, attackers bypass security layers and establish a connection to initiate SRBMiner payloads on Docker hosts. Trend Micro researchers emphasize securing Docker APIs with strict access controls and monitoring unusual activities to prevent such abuses.
In Other News...
Poor MFA and Identity Attacks Lead Q3 2024 Cyber Threat Landscape
Cisco Talos’ latest report shows identity-based attacks and poor multi-factor authentication (MFA) configurations dominate Q3 2024 threats. Attackers increasingly leverage brute-force methods and phishing to bypass MFA or exploit misconfigurations, allowing account takeovers. Misconfigured MFA, inadequate defences, and phishing were major culprits, with identity attacks often enabling further social engineering and data breaches.
New LLM Jailbreak Method with 65% Success Rate Developed by Researchers
Researchers at Palo Alto Networks’ Unit 42 have created a new large language model (LLM) jailbreak method called “Deceptive Delight,” achieving a 65% success rate. The multi-turn attack, which spreads harmful content requests over multiple interactions, exploits LLMs’ limitations in contextual awareness, circumventing model safeguards. Researchers stress the need for additional content filters and robust system prompts to counter these types of vulnerabilities.