There’s also a host of vulnerabilities to be aware of.
A vulnerability in Microsoft’s Copilot Studio, identified as CVE-2024-38206, allowed researchers to exploit server-side request forgery (SSRF) to access sensitive cloud data, potentially affecting multiple tenants. The flaw enabled authenticated attackers to bypass protections and leak information from Microsoft’s internal infrastructure. Microsoft has since mitigated the issue, but the incident highlights the risks associated with the tool’s HTTP request feature, which could be abused to gain unauthorized access to sensitive resources.
A critical configuration vulnerability known as “ALBeast” threatens over 15,000 AWS applications using Application Load Balancer for authentication, potentially compromising business resources and data. The issue arises from inadequate validation of token signatures and misconfigured security groups. AWS recommends allowing traffic only from trusted sources and implementing signature validation, while experts emphasize the importance of proper token verification and using diagnostic tools to prevent such configuration errors.
SolarWinds has issued a critical update for its Web Help Desk product due to hardcoded credentials that allow remote, unauthenticated attackers to access sensitive data. The vulnerability tracked as CVE-2024-28987 received a CVSS severity rating of 9.1, affecting versions 12.8.3 HF1 and earlier. Users are urged to install the hotfix to mitigate risks, especially given the company’s client base across various sectors. This follows a recent critical vulnerability in the same software.
Researchers at Cisco Talos have identified serious vulnerabilities in Microsoft applications for macOS that could allow attackers to misuse permissions, enabling them to spy on users or steal sensitive information. Eight vulnerabilities were found, with Microsoft considering them low risk despite the potential for exploitation without user verification. While some Microsoft apps have been updated to address these issues, others like Excel, Outlook, PowerPoint, and Word remain vulnerable. Cisco Talos recommends that Apple implement user prompts for loading third-party plug-ins to enhance security.
Why do we care?
Tactically, note the ones that matter to you. I did want to highlight that SolarWinds one – hard coded credentials? Really? Way to make us question your post-breach security. Disclosure, I’m a shareholder.
The recurring nature of vulnerabilities in vendor products (as seen with Microsoft and SolarWinds) reinforces the importance of comprehensive vendor assessments and the need for robust contracts that mandate timely disclosure and resolution of security issues.
