On 10 December 2024, SafeBreach researcher Yuki Chen discovered two vulnerabilities in LDAP.

The first, tracked as CVE -2024-49112 with a CVSS rating of 9.8, is a serious remote code execution (RCE) vulnerability. An attacker exploiting this vulnerability would use a specially crafted RPC call to the target LDAP server.

The second vulnerability, tracked as CVE-2024-49113 with a CVSS rating of 7.5, allows an attacker to cause LSASS to crash and restart the server. The attack consists of several phases, including a DCE/RPC request, a DNS query, and a specially crafted CLDAP packet.

The vulnerability affects all versions of Windows Server, including Windows Server 2019 and 2022. Exploitation could allow an attacker to take control of a domain environment.

A PoC exploit for these vulnerabilities is publicly available and has been published by SafeBreach on its GitHub.

Microsoft patched these vulnerabilities in December’s Patch Tuesday.

Volkswagen cyber security breach

Volkswagen is facing a major security breach that has exposed sensitive information on around 800,000 owners of Volkswagen, Audi, Seat and Skoda electric vehicles.

The leak was caused by misconfigured cloud storage on Amazon Web Services (AWS), managed by Volkswagen subsidiary Cariad. The exposed data included vehicle owners’ contact information such as email addresses, phone numbers and home addresses. Alarmingly, the data also contained very precise information about the location of the vehicles.

For around 460,000 vehicles (some Volkswagen and Seat models), the location data was extremely accurate and could be used to track the daily routines of the owners of these cars.

The vulnerability was discovered by an anonymous hacker who reported it to the Chaos Computer Club (CCC). After testing the vulnerability, the CCC informed Volkswagen and provided technical details.

Volkswagen said the bug had been fixed and that no customer payment or login details had been included in the data set.

Critical vulnerability in Apache Tomcat

The Apache Software Foundation (ASF) has released a security update to resolve a critical vulnerability in the Tomcat software.

The vulnerability, tracked as CVE-2024-56337 with a CVSS rating of 9.8, is a critical vulnerability that could allow remote code execution (RCE) under certain conditions.

It is a time-of-check time-of-use (TOCTOU) race condition affecting Apache Tomcat versions 11.0.0-M1 through 11.0.1, 10.1.0-M1 through 10.1.33, and 9.0.0.M1 through 9.0.97.

This vulnerability is the result of an incomplete patch for an earlier vulnerability, CVE-2024-50379. An attacker can exploit this vulnerability primarily on Windows systems where Tomcat is write-protected by default. This makes it possible to bypass Tomcat’s security measures and upload files containing malicious code.

Apache has issued security updates to address this vulnerability. Users should upgrade to Apache Tomcat 11.0.2, 10.1.34, 9.0.98 or later versions of these major releases.

In addition to the update, other configuration changes are required depending on the version of Java. For Java 8 or Java 11, you must explicitly set the sun.io.useCanonCaches system property to false. For Java 17, you must ensure that this property, if set, is set to false. For Java 21 and later, no further action is required.

Tenable plugin updates knock out Nessus agents worldwide

According to Tenable, customers will need to manually update their software to revive Nessus agents that were taken out of service on 31 December due to faulty plugin updates.

This incident affects systems that have been updated to 10.8.0 and 10.8.1. Tenable has since withdrawn these affected versions and released Nessus Agent 10.8.2, which fixes the problem that caused the agents to shut down.

“To resolve the above issue, all Tenable Vulnerability Management and Tenable Security Center customers using Tenable Nessus Agent version 10.8.0 or 10.8.1 must either upgrade to agent version 10.8.2 or downgrade to version 10.7.3. If you are using agent profiles to upgrade or downgrade an agent, you will need to perform a separate plugin reset to restore all offline agents,” Tenable said.