Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 33 – 2024

Publication date

16.08.2024

Featured Story

SolarWinds Urges Upgrade After Revealing Critical RCE Bug

IT management software provider SolarWinds has urged customers to immediately patch a critical vulnerability in its Web Help Desk platform.

CVE-2024-28986 is a Java deserialization remote code execution (RCE) bug discovered by Inmarsat Government researchers, according to an advisory published this week.

The vulnerability has been given a CVSS v3 score of 9.8, illustrating the criticality of patching the issue immediately. SolarWinds has published instructions on how to upgrade to WHD 12.8.3 and install the hotfix, as well as how to uninstall it if required.

SOC Analysis:
With a CVSS v3 score of 9.8, this vulnerability presents a severe risk, enabling attackers to execute arbitrary code remotely. Immediate patching is essential to prevent potential exploitation.

Other Stories

Critical SAP flaw allows remote attackers to bypass authentication

SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system.

The flaw, tracked as CVE-2024-41730 and rated 9.8 as per the CVSS v3.1 system, is a “missing authentication check” bug impacting SAP BusinessObjects Business Intelligence Platform. Also addressed is CVE-2024-29415, a server-side request forgery flaw in SAP Build Apps.

SOC Analysis:
SAP’s August 2024 patch addresses two critical and several high-severity vulnerabilities. Immediate patching is essential to prevent exploitation and safeguard critical business data and operations.

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited

Microsoft has issued warnings about six actively exploited Windows security defects, exposing users to remote code execution, privilege escalation, and security bypass vulnerabilities. These include flaws in RMCAST, TCP/IP, Windows Network Virtualization, and Azure Health Bot.

SOC Analysis:
These zero-day vulnerabilities demand urgent attention from sysadmins. Immediate patching is essential to protect systems against exploitation and ensure operational integrity.

Beware: fake promotions and competitions are currently circulating

False emails and social media ads are circulating on behalf of Decathlon, promising a free tent in exchange for clicking a link. This is a phishing campaign aimed at stealing your personal data.

SOC Analysis:
Never click on suspicious links or provide personal data in response to unexpected offers. Report phishing messages to Safeonweb and educate users about common scam techniques.

Want to enhance your organization’s cyber awareness or compliance strategy?
Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?