Cyble researchers had a productive week, delving into 19 vulnerabilities that emerged in the cybersecurity landscape in the week ending on October 1st. Out of these vulnerabilities, eight were identified as high-priority concerns that demanded immediate attention and mitigation efforts.
The latest weekly IT vulnerability report from Cyble shed light on a variety of exploits permeating the dark web and cybercrime forums. Of particular note were discussions surrounding an OpenSSH vulnerability impacting 8 million exposures, as well as claims of zero-day vulnerabilities affecting Apple and Android devices. Threat actors were also seen discussing vulnerabilities in major tech platforms such as SolarWinds, Microsoft, Zimbra, WordPress, and Fortinet on underground forums.
In a comprehensive report by Cyble Research & Intelligence Labs (CRIL), eight vulnerabilities across four products were highlighted as top priorities for security teams. Among these were vulnerabilities in Optigo’s ONS-S8 Spectra Aggregation Switch, NVIDIA’s Container Toolkit, Adobe Commerce, and Linux CUPS.
The ONS-S8 Spectra Aggregation Switch, utilized for deploying passive optical networking in intelligent buildings, was flagged for PHP Remote File Inclusion (RFI) and weak authentication vulnerabilities. Given its widespread use in critical infrastructure, these vulnerabilities were deemed crucial and a potential target for attackers.
NVIDIA’s Container Toolkit vulnerability, characterized by Time-of-check Time-of-Use (TOCTOU) flaws, posed a significant risk for container escape attacks and unauthorized access to host systems. The potential consequences included code execution, denial of service, privilege escalation, information disclosure, and data tampering.
A critical XML External Entity Reference (XXE) vulnerability in Adobe Commerce/Magento was identified, enabling arbitrary code execution through crafted XML documents. Threat actors were observed exploiting this vulnerability to compromise Adobe Commerce and Magento stores, underscoring the urgency for remediation actions.
The report also highlighted vulnerabilities in the Common UNIX Printing System (CUPS), affecting components such as libcupsfilters, libppd, cups-browsed, and cups-filters. These vulnerabilities could be exploited to execute arbitrary code remotely, emphasizing the need for immediate patching.
Cyble researchers monitored the dark web for additional exploits, uncovering critical vulnerabilities in SolarWinds Web Help Desk, Microsoft Office, Apple operating systems, WordPress plugins, Zimbra Collaboration Suite, OpenSSH utilities, Adobe Commerce, Magento, FortiClient EMS, Apple iMessage, and Android text messaging. These vulnerabilities ranged from hardcoded credentials to SQL injection and remote code execution vulnerabilities, with some threat actors actively selling exploits for substantial sums.
Overall, the diverse array of vulnerabilities identified by Cyble researchers underscores the ongoing challenges faced by security teams in mitigating cyber threats across various platforms and technologies. With cybercriminals actively exploiting these weaknesses, proactive measures and timely patching are imperative to safeguard critical systems and data from potential breaches.