Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On September 27, 2024, evilsocket.net (Simone Margaritelli) published information about several vulnerabilities in CUPS (Common UNIX Printing System), which can allow for arbitrary remote code execution (RCE). There are currently 4 CVEs associated with these findings, with potentially more on the way. There is also some debate about the severity of these vulnerabilities, however, one of the CVEs was initially given a CVSS score of 9.9. We will update this blog if new information becomes available.

On September 23rd, Twitter user Simone Margaritelli (@evilsocket) announced that he has discovered and privately disclosed a CVSS 9.9 GNU/Linux unauthenticated RCE, which affects almost all Linux distributions, and that the public disclosure will happen on September 30th, Due to a suspected leak in the disclosure process, @evilsocket decided to advance the disclosure, and on September 26th, the vulnerabilities were disclosed in @evilsocket’s blog, along with a full proof of concept.

In a significant move towards enhancing the security of its Android operating system, Google has announced a substantial reduction in memory vulnerabilities by adopting memory-safe programming languages, particularly Rust. This shift aligns with Google's secure-by-design philosophy, aiming to minimize security risks associated with new code development. In this blog, we’ll explore the implications of this transition, the statistical outcomes, and what this means for the future of secure coding.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for several new threats. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

CVE-2024-6670 is a critical (CVSS v3 score: 9.8) SQL injection vulnerability. Threat researcher Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) discovered that, if the application is configured with only one user, unauthenticated attackers can leverage this vulnerability to retrieve users’ encrypted passwords.

In many standard enterprise applications, consistent logging serves a multitude of purposes. It helps businesses identify and rectify errors, provides valuable analytical insights, and lets you test new solutions. However, this also makes log injections one of the most common ways hackers can hijack or even gain access to sensitive user information.

On September 24, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing three critical command injection vulnerabilities affecting Aruba Networking Access Points. These vulnerabilities, identified as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507, could allow remote unauthenticated attackers to execute code with privileged access.

Envoy has carved out a critical role in cloud-native computing, becoming increasingly prevalent as the default ingress controller for Kubernetes. This high-performance proxy, developed by Lyft and now part of the Cloud Native Computing Foundation’s arsenal, is integral for companies scaling up their Kubernetes deployments. Envoy ensures efficient load balancing, security, and operational agility by managing external access to services within Kubernetes clusters,.