Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 3 – 2024

Publication date

19.01.2024

Featured Story

Citrix Patches Two Actively Exploited Zero-Days

Citrix zero-days

Citrix urges customers to patch CVE-2023-6548 and CVE-2023-6549 affecting NetScaler ADC and Gateway appliances. Exploitation in the wild has already been observed.

Analysis from our SOC team:
If your management interface is exposed to the internet (which is not best practice), patch your systems immediately to prevent exploitation.

Other Highlights

Google Chrome – Zero-Day Fix

Google released urgent patches for four Chrome vulnerabilities, including an actively exploited out-of-bounds memory flaw.

Analysis from our SOC team:
Attackers may gain access to sensitive data both inside and outside the Chrome sandbox. Update Chrome immediately.

GitLab – Critical Account Takeover Vulnerability

A critical vulnerability in GitLab allows remote takeover of accounts without user interaction. Assigned CVSS 10.

Analysis from our SOC team:
Upgrade GitLab immediately and check for signs of prior compromise. Reach out to us for incident response or hunting support.

Atlassian Confluence – CVSS 10 RCE Exploit

Atlassian has fixed CVE-2023-22527, a template injection vulnerability affecting older versions of Confluence Server/Data Center (8.0.x to 8.5.3).

Analysis from our SOC team:
If you’re using a vulnerable version, patch immediately and investigate potential signs of compromise. This flaw is being actively exploited in the wild.

Redis – High-Impact Remote Code Execution Vulnerability

CVE-2023-41056 affects Redis versions 7.0.9–7.0.15 and 7.2.0–7.2.4. An attacker can achieve remote code execution without needing privileges or interaction.

Analysis from our SOC team:
If your applications use Redis, update immediately to prevent RCE scenarios. Redis is widely embedded in modern stacks and must not be overlooked.

Want to enhance your organization’s cyber awareness or compliance strategy? Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?