Critical Infrastructure Targeted: Pro-Russian Hacktivists and Path Traversal Vulnerabilities Pose Ongoing Threats - May 2, 2024
May 3, 2024
Critical Vulnerabilities in ArubaOS
Multiple critical remote code execution (RCE) vulnerabilities have been discovered in HPE Aruba Networking's ArubaOS. These vulnerabilities, if exploited, could allow an attacker to remotely execute arbitrary code as a privileged user on affected devices. This poses a significant risk to network security and could lead to data breaches, service disruptions, or even complete system compromise.
The vulnerabilities are present in several versions of ArubaOS, including 10.5.x.x, 10.4.x.x, 8.11.x.x, and 8.10.x.x. HPE Aruba Networking has released patches to address these issues, and it is crucial for network administrators to apply these updates immediately. Older versions of ArubaOS that are no longer supported will remain vulnerable, and upgrading to a supported version is strongly recommended.
References
Dropbox Sign Hacked
Dropbox has confirmed a security breach impacting its Dropbox Sign eSignature service. Hackers gained access to customer information, including email addresses, usernames, phone numbers, hashed passwords, API keys, and authentication tokens. This data could be used for phishing attacks, identity theft, or further unauthorized access to Dropbox Sign accounts.
Dropbox has reset passwords for all affected accounts and is urging users to create new, strong passwords. They are also rotating API keys and OAuth tokens. If you use Dropbox Sign, it is important to be extra vigilant for suspicious activity and to report any potential security incidents to Dropbox immediately.
References
Path Traversal Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint alert regarding the continued threat of directory traversal vulnerabilities in software. These vulnerabilities allow attackers to access files and directories outside of the intended scope, potentially leading to data breaches, system compromise, and disruption of critical services.
CISA and the FBI are urging software manufacturers to prioritize secure by design principles and to conduct thorough testing for directory traversal vulnerabilities before releasing software products. This includes implementing proper input validation and access controls to prevent unauthorized access to sensitive files and directories.
References
Pro-Russian Hacktivists Targeting Critical Infrastructure
Government agencies from the US, Canada, and the UK have issued a joint advisory warning of pro-Russian hacktivist groups targeting critical infrastructure organizations in North America and Europe. These groups are focusing on industrial control systems (ICS) and operational technology (OT) systems, with the potential to cause physical damage and disrupt essential services.
While the observed attacks have primarily employed unsophisticated techniques, the advisory emphasizes that these actors possess the capability to execute more serious attacks. Critical infrastructure operators are strongly urged to implement the recommended mitigations, including securing internet-facing connections, updating software, using strong passwords, and enabling multi-factor authentication.
References