Zero-day vulnerability in Mozilla Firefox
Mozilla Firefox is under active attack due to a critical security vulnerability tracked as CVE-2024-9680 (CVSS score: 9.8).
This is a use-after-free flaw in Animation timelines discovered by ESET researcher Damien Schaeffer. Animation timelines are the mechanism that controls and synchronizes animations on web pages.
A use-after-free attack occurs when the memory that has been freed is still being used by the program, allowing attackers to add their own malicious data to the memory area and execute their own code.
The issue is resolved in Firefox 131.0.2, Firefox ESR 128.3.1 and Firefox ESR 115.16.1.
Users are advised to update to the latest version to protect themselves from active threats.
Internet Archive hacked, data leak affects 31 million users
The Internet Archive, known for its “The Wayback Machine” project, is addressing a security incident where an attacker compromised a website and stole a user database containing 31 million records.
The database contains authentication information of registered members, including their email addresses, usernames, passwords in Bcrypt format and other internal data.
The most recent time stamp on the stolen records is September 28, 2024, the date the database was likely stolen.
It is not yet known how the attackers were able to breach the Internet Archive and whether additional data was stolen.
Critical RCE flaw in Veeam is actively exploited
Ransomware gangs are now exploiting a critical security flaw that allows attackers to remotely execute code (RCE) on vulnerable Veeam Backup & Replication (VBR) servers.
Code White security researcher Florian Hauser found that the security flaw, tracked as CVE-2024-40711, is caused by a weakness in data deserialization that can be exploited by unauthenticated attackers.
Sophos X-Ops researchers found that the CVE-2024-40711 vulnerability was exploited in the Akira and Fog ransomware attacks.
“In one case, attackers deployed the Fog ransomware. Another attack in the same time period attempted to deploy Akira ransomware. In each case, the attackers initially accessed the targets using compromised VPN gateways without multi-factor authentication enabled. In the case of the Fog ransomware, the attacker deployed it on an unprotected Hyper-V server and then used the rclone tool to exfiltrate the data.” Sophos X-Ops said.
Veeam reports that its products are used by more than 550,000 customers worldwide, including at least 74% of all Global 2000 companies. We recommend updating to the latest version as soon as possible.
Privilege Escalation and Remote Code Execution on Cisco Routers
Cisco has highlighted several vulnerabilities affecting its Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN routers.
These vulnerabilities, tracked as CVE-2024-20393 and CVE-2024-20470, could potentially expose enterprises to serious security risks. The vulnerabilities allow an authenticated attacker to elevate privileges and execute arbitrary commands on compromised devices.
The first vulnerability, identified as CVE-2024-20393, is severe and allows a remote attacker to elevate privileges to an administrator account. This vulnerability is located in the web administration interface.
Unfortunately, Cisco has confirmed that there are no solutions available for either of these vulnerabilities other than to disable remote router management. Additionally, these routers are no longer supported by Cisco and thus will not be patched for these vulnerabilities.