Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 19 – 2024

Publication date

10.05.2024

Featured Story

Experts Warn of Two BIG-IP Next Central Manager Flaws That Allow Device Takeover

F5 has addressed two high-severity vulnerabilities (CVE-2024-26026 and CVE-2024-21793) in BIG-IP Next Central Manager that allow attackers to gain full administrative control of devices. The flaws are SQL injection vulnerabilities within the API interface, enabling privilege escalation and data exfiltration. Exploitation could allow attackers to create accounts on any F5 assets managed by the system.

The vulnerabilities affect versions 20.0.1 to 20.1.0 and can be mitigated by upgrading to version 20.2.0. One flaw is only exploitable if LDAP is enabled; however, the other is exploitable in the default configuration.

SOC Analysis: While not currently exploited in the wild, the risk is substantial given the elevated control an attacker can gain. Organizations using affected versions must upgrade to 20.2.0 as a priority. If you need assistance with patching or exposure assessments, reach out to our SOC team.

Other Stories

High-Severity Vulnerability Affects Apache ActiveMQ

Apache ActiveMQ versions up to 6.1.1 have an insecure default configuration that leaves REST APIs exposed without authentication. The flaw, CVE-2024-32114, allows unauthenticated access and manipulation of the message broker.

SOC Analysis: Although a configuration-based mitigation exists, we strongly recommend upgrading to version 6.1.2 which secures APIs by default. The issue is low complexity and high impact—do not delay remediation.

Critical Bug Could Open 50K+ Tinyproxy Servers to DoS, RCE

Tinyproxy versions 1.10.0 and 1.11.1 are affected by CVE-2023-49606, a critical use-after-free flaw that can lead to denial-of-service or remote code execution. Over 50,000 vulnerable services have been identified online.

SOC Analysis: Update immediately to version 1.11.2 when available. Until then, use version 1.11.1 and ensure the proxy service is not exposed to the public internet to reduce risk.

LiteSpeed Cache WordPress Plugin Actively Exploited in the Wild

The LiteSpeed Cache plugin for WordPress is vulnerable to CVE-2023-40000, a stored XSS issue that allows unauthenticated attackers to create rogue admin accounts. This affects versions 5.6 and earlier.

SOC Analysis: With over 5 million installations, the exposure is massive. Ensure you’ve updated to version 5.7.0.1 or newer. Rogue admin access means total compromise of your site—patch without delay.

Beware of Message from a Postal Company

Scam messages impersonating postal services are circulating, claiming that shipping costs must be paid urgently. These messages contain links to malicious sites.

SOC Analysis: Never click on links or download files in unexpected messages. Forward such messages to Safeonweb’s reporting addresses:
  • verdacht@safeonweb.be
  • suspect@safeonweb.be
  • suspicious@safeonweb.be

Our SOC is always available if you have doubts about suspicious emails or messages.


Want to enhance your organization’s cyber awareness or compliance strategy? Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?