Locks and Security News: your weekly locks and security industry newsletter
31st May 2023 Issue no. 658
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
May Threat Advisory - Top 5
F5 Released Patch for Critical Remote Code Execution Vulnerability in BIG-IP
Threat Reference: Global
Risks: System Takeover, Arbitrary System Command Execution
Advisory Type: Updates/Patches
Priority: Standard
F5 has patched critical remote code execution vulnerability having CVSS Score 9.8 in iControl REST component of the BIG-IP which allows unauthenticated attacker with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP by sending undisclosed requests to bypass the iControl REST authentication.
Recommendations
- It is recommended to update BIG-IP to latest fixed versions.
Apple Patched Zero-day Vulnerabilities Along with Multiple Other Vulnerabilities Affecting Apple Devices.
Threat Reference: Global
Risks: Arbitrary Code Execution
Advisory Type: Updates/Patches
Priority: Elevated
Apple released security update to fix zero-day vulnerability which is actively exploited along with multiple other vulnerabilities for Apple devices. The vulnerability exists due to an error within the AppleAVD subsystem. Successful exploitation of these vulnerabilities could lead to arbitrary code execution on the targeted devices with the kernel level privileges.
Recommendation
- It is recommended to update Apple devices to their latest available version/patches.
VMware Fixed Critical Vulnerabilities in Multiple Products.
Threat Reference: Global
Risks: Privilege Escalation
Advisory Type: Advisory/Patches
Priority: Standard
VMware has released updates to fix a Critical and important vulnerability in various VMware products.
Recommendations
- It is recommended to update the affected VMware products to latest fixed versions.
Critical and High Vulnerabilities Fixed in Jupiter Theme and JupiterX Core WordPress Plugin
Threat Reference: Global
Risks: Privilege Escalation (Broken Access Control), Local File Inclusion (LFI)
Advisory Type: Updates/Patches
Priority: Standard
Security researchers discovered a critical privilege escalation vulnerability, Authenticated Path Traversal, and Local File Inclusion vulnerability in Jupiter Theme and JupiterX core WordPress Plugin.
Recommendation
- It is recommended to update affected software to the latest available version (Jupiter Theme 6.10.2 and JupiterX Core Plugin 2.0.8)
SonicWall Patched High Severity Unauthenticated Access Control Bypass Vulnerability in SMA 1000 Series
Threat Reference: Global
Risks: Improper Access Control vulnerability
Advisory Type: Updates/Patches
Priority: Standard
SonicWall released a security update to patch the unauthenticated access control bypass vulnerability with a CVSS score of 8.2 (High) and other vulnerabilities in the SMA 1000 Series. Successful exploitation of the vulnerability can allow an unauthenticated attacker to bypass access control and gain access to an organization's internal resources.
Recommendations
- It is recommended to update SonicWALL SMA 1000 Series firmware to the latest available version/patch.
Having conducted incident response investigations across a wide range of industries, SecurityHQ are best placed to work with businesses large and small, and across numerous technical environments to reduce the impact of a cyber security incident. For more information on these threats, speak to an expert here.
Or if you suspect a security incident, you can report an incident here.
SecurityHQ’s Monthly Threat Report, Drawn from Recent Advisories of May 2022
Credit to SecurityHQ team members: Devendra Bendre, Harsh Gajbhiya, Mandeep Sheoran, Geethu Krishna G
About SecurityHQ
SecurityHQ is a Global MSSP, that detects, and responds to threats, instantly. As your security partner, we alert and act on threats for you. Gain access to an army of analysts that work with you, as an extension of your team, 24/7, 365 days a year. Receive tailored advice and full visibility to ensure peace of mind, with our Global Security Operation Centres. Utilize our award-winning security solutions, knowledge, people, and process capabilities, to accelerate business and reduce risk and overall security costs.
Author: Eleanor Barlow, Content Manager, SecurityHQ
Facebook: https://www.facebook.com/Sechq
Twitter: https://twitter.com/security_hq
LinkedIn: https://www.linkedin.com/company/securityhq/
25th May 2022