Featured Story
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
Threat actors are attempting to exploit a recently disclosed security flaw in Apache Struts that could lead to remote code execution. The issue (CVE-2024-53677, CVSS 9.5) affects Struts versions 2.0.0 through 2.3.37 (end-of-life), 2.5.0 through 2.5.33, and 6.0.0 through 6.3.0.2. A patch is available in version 6.4.0.
The flaw is similar to CVE-2023-50164, which was exploited shortly after disclosure. It involves manipulating file upload parameters to achieve path traversal and, under some conditions, upload a malicious file that could be executed.
Organizations using Apache Struts must upgrade to 6.4.0 or later and review all application logic that handles file uploads. Simply patching may not be enough—refactoring code to align with the new upload mechanism is essential to mitigate future risk.
Other Stories
WARNING: Critical Vulnerability in Cleo Products Harmony, VLTrader and LexiCom
The Cl0p ransomware group has exploited vulnerabilities in Cleo products, including CVE-2024-50623 and CVE-2024-55956. The latter allows unauthenticated attackers to execute Bash or PowerShell commands by exploiting default Autorun directory settings in versions before 5.8.0.24.
CISA added this vulnerability to its Known Exploited Vulnerabilities Catalog. Customers using affected Cleo solutions must upgrade to version 5.8.0.24 immediately to reduce risk of ransomware attacks.
BeyondTrust Patches Critical Vulnerability Discovered During Security Incident Probe
BeyondTrust patched CVE-2024-12356 (CVSS 9.8), a remote command execution flaw in its Privileged Remote Access (PRA) and Remote Support (RS) products. It was discovered during an investigation of unauthorized access in customer cloud instances.
Customers should update PRA and RS products immediately. Cloud users are already patched, but on-premise users must apply the fix manually. Versions older than 22.1 require a full upgrade first.
Fraudulent Emails Targeting Businesses in the Name of Atradius
Businesses have reported phishing emails impersonating Atradius, falsely demanding payment for environmental and sewerage taxes. These emails are fraudulent and are often sent by a fake bailiff as a “reminder.”
Always contact the supposed sender via official channels if uncertain. Suspicious emails can be forwarded to suspicious@safeonweb.be. As always, our SOC team is available for support in reviewing suspected phishing communications.
Contact the Approach Cyber SOC team for tailored support and training programs.
