Skip to main content
We are continuing to get a large number of reports of emails imitating Manx Telecom being sent to @manx.net addresses and are aware of 33 subsequent account compromises.

Overview

Juniper Networks has released a security update addressing 225 vulnerabilities in multiple software libraries used by Juniper Secure Analytics. Five vulnerabilities are critical-severity.

Juniper Secure Analytics is a security information and event management (SIEM) and log analytics system for the Juniper Connected Security portfolio of products.

Avaya has released an advisory to address two vulnerabilities in IP Office, a unified communications platform that allows for call recording, tracking, and reporting.

  • CVE-2024-4196 – a critical-severity, improper input validation vulnerability could allow an attacker to perform remote command or code execution (RCE) via a specially crafted web request to the Web Control component.
  • CVE-2024-4197 – a critical-severity, unrestricted file upload vulnerability could allow an attacker to perform remote command or code execution via the One-X component.

Progress has reported a new vulnerability (CVE-2024-5806) in MOVEit Transfer.  This critical-severity, authentication bypass vulnerability could allow an attacker to circumvent the SFTP authentication process, which is involved in file transfers.  The attacker could then access data stored on the MOVEit Transfer server.  A proof-of-concept exploit code has already been made public.  MOVEit Cloud customer should not need to mitigate this threat, as patches are automatically deployed.

Fortra’s File Catalyst Workflow is affected by a critical-severity SQL-injection vulnerability.  Fortra has said, ‘Likely impacts include creation of administrative users and deletion or modification of data in the application database’. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled.

Wordpress Plugins: several Wordpress plugins have been reported to have been backdoored through the injection of malicious code, according to the Wordfence Threat Intelligence team.  The Wordfence blog states, ‘If you have any of these plugins installed, you should consider your installation compromised and immediately go into incident response mode’. An initial (but not yet comprehensive) determination is that following plugins are definitely affected:

Social Warfare 4.4.6.4 – 4.4.7.1

Patched Version: 4.4.7.3

 

Blaze Widget 2.2.5 – 2.5.2

Patched Version: None

 

Wrapper Link Element 1.0.2 – 1.0.3

Patched Version: It appears that someone removed the malicious  code, however, the latest version is tagged as 1.0.0 which is lower than the infected versions. This means it may be difficult to update to the latest version, so we recommend removing the plugin until a properly tagged version is released.

 

Contact Form 7 Multi-Step Add-on 1.0.4 – 1.0.5

Patched Version: None

 

Simply Show Hooks 1.2.1

Patched Version: None

 

Recommended Action

Organisations are encouraged to review the appropriate security advisory pages and apply the updates:

Juniper – Knowledge Base

Avaya – Support

Progress – MOVEit Transfer Alert Bulletin

Fortra Security advisory

Wordpress – Wordfence blog

 

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates