Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 12 – 2024

Publication date

22.03.2024

Featured Story

Critical Fortinet’s FortiClient EMS flaw actively exploited in the wild

Fortinet EMS Vulnerability

Researchers from Horizon3 have developed a proof-of-concept (PoC) exploit for a critical vulnerability (CVE-2023-48788, CVSS score 9.3) in Fortinet’s FortiClient Enterprise Management Server (EMS). The flaw, a SQL injection in the DAS component, allows remote code execution through specially crafted requests. Fortinet has confirmed active exploitation in the wild. Affected users are urged to upgrade to FortiClientEMS version 7.2.3 or 7.0.11 depending on their current version.

SOC Analysis: As indicated in the article, the CVE-2023-48788 vulnerability noted in CVSS 9.3 is being actively exploited in the wild. It is recommended to upgrade your FortiClientEMS 7.2 to version 7.2.3 or above and FortiClientEMS 7.0 to version 7.0.11 or above if your servers are exposed on the internet. If you are unable to upgrade, isolate them immediately. Check logs in C:\Program Files (x86)\Fortinet\FortiClientEMS\logs for suspicious connections.

Other Stories

Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk

A vulnerability in Jenkins’ args4j library (CVE-2024-23897) enables unauthorized file reads and potential remote code execution. Attackers have already begun exploiting the flaw, with over 45,000 vulnerable servers detected. Exploits are spreading through HTTP, WebSocket, and SSH, targeting systems globally. Patches are available in Jenkins 2.442 and LTS 2.426.3.

SOC Analysis: This CVSS 10-rated flaw is under active exploitation. If your systems run Jenkins 2.441 or earlier, or LTS 2.426.2 or earlier, immediate patching to the latest secure version is essential to mitigate severe risk.

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

Attackers are targeting JetBrains TeamCity On-Premises vulnerabilities (CVE-2024-27198 and CVE-2024-27199) to deploy ransomware and backdoors. These flaws allow full administrative control via authentication bypass. Patches have been released in version 2023.11.4, and a plugin is available for users unable to upgrade.

SOC Analysis: With CVSS scores of 9.8 and 7.3, these vulnerabilities pose a significant risk. If you’re using TeamCity On-Premises 2023.11.3 or earlier, update immediately or apply the security plugin. Contact us for assistance in patching or incident response.

False e-mails circulating, impersonating Spa Grand Prix

Fraudulent emails claiming to be from Spa Grand Prix are offering fake gift vouchers to trick users into sharing bank details. These messages link to phishing websites that mimic the official Spa Grand Prix site.

SOC Analysis: Never click on links from unsolicited emails. Instead, navigate directly to trusted websites. Suspicious emails should be forwarded to Safeonweb at
verdacht@safeonweb.be
suspect@safeonweb.be
suspicious@safeonweb.be
Our SOC is available to assess any potentially harmful messages.

Want to enhance your organization’s cyber awareness or compliance strategy? Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?