The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library – CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11’s latest versions contain fixes for these vulnerabilities.

In the rapidly evolving cybersecurity landscape, organizations face an ever-increasing barrage of threats. Traditional vulnerability management, while foundational, often falls short in proactively and continuously identifying and mitigating threats. This necessitates a paradigm shift towards Continuous Threat Exposure Management (CTEM), a more dynamic approach that aligns with the complexities of today’s digital environments.

XML-RPC is a powerful and versatile protocol in the ever-evolving web development and data communication landscape. XML-RPC, which stands for Extensible Markup Language – Remote Procedure Call, provides a standardized way for software applications to communicate over the Internet. XML-RPC for PHP is affected by a remote code-injection vulnerability. An attacker may exploit this issue to execute arbitrary commands or code in the webserver context.

GitLab has addressed two critical vulnerabilities in the GitLab Community Edition and Enterprise Edition that require immediate attention.

In the murky waters of cyber threats, one tactic has steadily gained wide adoption: URL redirection in phishing attacks. This stealthy technique allows cybercriminals to cloak malicious links, making them appear harmless to unsuspecting users. Among the vast expanse of online services, various Google Services stand out as frequent targets for exploitation. Cybercriminals find it opportune ground to hide their nefarious intents behind seemingly innocuous links.

On January 10, 2024, Cisco disclosed a critical vulnerability, CVE-2024-20272, with a CVSS score of 7.3, in their Cisco Unity Connection software. This vulnerability allows an unauthenticated remote attacker to upload arbitrary files and execute commands on the underlying operating system. Cisco has released a patch to address the issue.

As applications and their software supply chains become more complex, designing an AppSec program that is agile enough to keep pace, while still providing a clear, enterprise-wide view of risk requires a deep understanding of applications — depth that covers every line of code and package from development all the way to their live, running state.

Cybersecurity researchers recently uncovered a critical flaw in the widely used Apache OFBiz Enterprise Resource Planning (ERP) system, CVE-2023-51467. The zero-day vulnerability CVE-2023-51467 poses a significant threat, boasting a CVSS score of 9.8. This authentication bypass vulnerability stems from an incomplete patch for a previously disclosed Pre-auth Remote Code Execution (RCE) vulnerability, CVE-2023-49070.

In mid-December 2023, Volexity observed UTA0178–a potential Chinese nation-state threat actor–leveraging two zero-day vulnerabilities in Ivanti Connect Secure (formerly known as Pulse Connect Secure) VPN appliances to steal configuration data, modify and download files, establish a reverse tunnel, and ultimately place webshells (GLASSTOKEN) on multiple internal and external-facing web servers.

Note: These vulnerabilities remain under active exploitation, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. Two zero-day vulnerabilities have been discovered in Ivanti Connect Secure (ICS), formerly known as Pulse Connect Secure and Ivanti Policy Secure gateways.