Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 4 – 2024

Publication date

26.01.2024

Featured Story

5379 GitLab Servers Vulnerable to Zero-Click Account Takeover Attacks

GitLab zero-day

GitLab has patched a critical zero-click account takeover vulnerability (CVE-2023-7028), affecting versions 16.1 to 16.7. A CVSS 10-rated flaw, it allows attackers to hijack accounts through a password reset flow without user interaction. ShadowServer reports over 5,300 exposed instances globally.

Analysis from our SOC team:
Update to 16.7.2, 16.6.4, or 16.5.6—or backport to 16.1.6, 16.2.9, or 16.3.7.

Check logs for suspicious password reset requests with multiple email addresses in:
gitlab-rails/production_json.log
gitlab-rails/audit_json.log

Our SOC can assist in reviewing or investigating suspected compromise.


Other Highlights

Apple Patches Critical iPhone and Mac Zero-Day

CVE-2024-23222 is a WebKit flaw actively exploited to execute malicious code via crafted web content. Patches released across iOS, iPadOS, macOS, tvOS, and Safari.

Analysis from our SOC team:
Install the latest updates (e.g. iOS 17.3, macOS 14.3) to stay protected. We can assist with vulnerability management if needed.

Cisco UC/Contact Center Critical Flaw (CVE-2024-20253)

A CVSS 9.9 bug allows unauthenticated remote code execution across Cisco Unified Communications and Contact Center products.

Analysis from our SOC team:
Apply patches immediately. If unable, use ACLs to restrict access to affected ports and systems. Need help assessing your risk or patch rollout? Let us know.

Exploit Code Released for Fortra GoAnywhere (CVE-2024-0204)

Attackers can bypass authentication and create admin accounts on GoAnywhere MFT. Exploit code is now public. CVSS: 9.8.

Analysis from our SOC team:
Check for suspicious admin users and monitor logs under goanywhere\userdata\database\goanywhere\log. Patch immediately. Clop ransomware previously targeted GoAnywhere.

WordPress Plugin: Better Search Replace Vulnerability (CVE-2023-6933)

Unauthenticated PHP Object Injection with CVSS 9.8 affects Better Search Replace plugin ≤ v1.4.4. Exploitation may lead to file deletion or sensitive data theft.

Analysis from our SOC team:
Patch to v1.4.5 or later immediately. Monitor for abnormal behavior. Approach SOC can handle triage and monitoring for your WordPress environment.

Want to enhance your organization’s cyber awareness or compliance strategy? Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?