Security Week Review - VulnVerse #23

Welcome back to VulnVerse! It's our 23th weekly dispatch, and we've got another jam-packed edition for you. Let's dive into the latest vulnerabilities, exploits, and cyber threats.

Content:

• Vulnerabilities and Exploits 🔥: 16

• Data Breaches 💥: 1

• Malware and Ransomware 🐛: 14

• Software and System Issues ⚙️: 3

• Cloud ☁️: 2

• Tools 🛠️: 1

• Cybersecurity Measures and Recommendations 🔒️: 4

• Advanced Persistent Threats (APT) 🕵️: 3

Vulnerabilities and Exploits 🔥

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024

Highlights newly identified vulnerabilities, including CVE-2024-43441, with details about their risks, affected systems, and potential mitigations.

CERT-In Warns Of WPForms Vulnerability CVE-2024-11205

Discusses CERT-In’s advisory on the CVE-2024-11205 vulnerability, detailing the affected systems, exploitation mechanisms, and mitigation strategies to prevent potential breaches.

Microsoft 365 Copilot Generated Images Accessible Without Authentication!

Uncovers a security flaw in Microsoft 365 Copilot that allows unauthorized image generation.

A Signature Verification Bypass in Nuclei (CVE-2024-43405)

Explains a security flaw allowing attackers to bypass signature verification in Nuclei, a popular tool for automated vulnerability scanning.

Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability

Investigates how multi-turn techniques are used to bypass safety mechanisms in large language models, exposing vulnerabilities and discussing strategies for reinforcing security.

Four-Faith Industrial Router CVE-2024-12856 Exploited in the Wild

Explores the CVE-2024-12856 vulnerability affecting Four-Faith devices, describing the technical aspects, potential exploits, and mitigation steps for securing impacted systems.

Critical: .NET Install links are changing

Announces upcoming changes to critical .NET installation links, explaining the reasons behind the update and providing guidance for developers to adjust their workflows.

Botnets Continue to Target Aging D-Link Vulnerabilities

Examines how botnets exploit outdated vulnerabilities in D-Link devices, emphasizing the importance of timely updates and proactive defense strategies for network security.

CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet

Provides an in-depth analysis of the CVE-2024-3393 vulnerability, detailing its technical specifics, exploitation methods, and mitigation strategies recommended by Palo Alto Networks.

DoubleClickjacking: A New Era of UI Redressing

Introduces and explains the concept of DoubleClickjacking, a novel web security threat. The technique builds upon traditional clickjacking by exploiting user interactions across multiple clicks, making it harder to detect.

Premium WPLMS WordPress plugins address seven critical flaws

Covers the resolution of seven critical vulnerabilities in the premium WPLMS WordPress plugins, outlining the risks these flaws posed and the patches provided to secure affected websites.