slider

Netizen: Monday Security Brief (11/18/2024)

Today’s Topics:

  • Zero-Day Vulnerabilities in Palo Alto Networks Firewalls Demand Immediate Action
  • Critical WordPress Plugin Vulnerability Exposes Millions of Websites
  • How can Netizen help?

Zero-Day Vulnerabilities in Palo Alto Networks Firewalls Demand Immediate Action

Palo Alto Networks has confirmed that a critical zero-day vulnerability in its PAN-OS firewall management interface is being actively exploited in targeted attacks. The issue, initially flagged in early November, has now been classified under two separate CVEs: CVE-2024-0012, an authentication bypass vulnerability (CVSS 9.3), and CVE-2024-9474, a privilege escalation flaw (CVSS 6.9). These vulnerabilities can potentially be chained to achieve remote code execution on exposed management interfaces.

The exploitation, tracked under the name “Lunar Peek,” was identified on interfaces exposed to the internet. Palo Alto Networks strongly recommends restricting access to the firewall management interface to trusted IPs, as doing so can significantly reduce the attack surface. The vulnerabilities do not impact Prisma Access and Cloud NGFW products. Updates for patches and prevention signatures are expected soon.

Separately, three additional vulnerabilities in Palo Alto’s Expedition platform (CVE-2024-9463, CVE-2024-9465, and another SQL injection flaw) have also been exploited in the wild, highlighting a broader need for vigilant monitoring and adherence to best practices, such as disabling internet-facing management interfaces.

Forensic evidence so far includes indications of webshell payloads in attacks, pointing to the severity of potential exploits if these vulnerabilities are left unaddressed. Administrators are urged to monitor for suspicious activities such as unexpected configuration changes or unauthorized user accounts.

To read more about this article, click here.


Critical WordPress Plugin Vulnerability Exposes Millions of Websites

A severe authentication bypass vulnerability has been uncovered in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress. This flaw, tracked as CVE-2024-10924 with a critical CVSS score of 9.8, poses a significant threat to over 4 million websites using the plugin. If exploited, it could allow attackers to gain full administrative access remotely.

The issue arises from improper error handling in the check_login_and_get_user function, particularly affecting the two-factor authentication feature in plugin versions 9.0.0 through 9.1.1.1. This oversight permits unauthenticated attackers to log in as any user, including site administrators, effectively bypassing security measures.

The vulnerability’s nature makes it highly exploitable at scale. According to István Márton, a security researcher at Wordfence, the flaw is “scriptable,” enabling automated mass exploitation against WordPress websites.

Following its responsible disclosure on November 6, 2024, the plugin maintainers released a patch in version 9.1.2 within a week. Due to the severity, WordPress collaborated with the plugin developers to force-update all affected installations, ensuring maximum protection even before public disclosure.

Users are urged to confirm their plugin is updated to the latest version and audit their site access logs for potential unauthorized activity.

Successful exploitation could allow threat actors to:

  • Gain unauthorized administrative access.
  • Hijack affected websites.
  • Execute additional malicious activities, such as phishing campaigns or malware distribution.

This disclosure follows another critical issue reported by Wordfence in the WPLMS Learning Management System theme for WordPress, tracked as CVE-2024-10470 (CVSS score: 9.8). The vulnerability affects versions prior to 4.963 and enables attackers to:

  • Read and delete arbitrary files due to insufficient validation of file paths and permission checks.
  • Access sensitive files such as wp-config.php, forcing the website into a setup state. This state allows attackers to connect the site to a malicious database, potentially leading to a complete takeover.

Users of the WPLMS theme are advised to upgrade to the latest version and implement strict access controls. Regular monitoring and secure backup practices are also essential to mitigate risks.

To read more about this article, click here.


How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 


Copyright © Netizen Corporation. All Rights Reserved.