Weekly Vulnerabilities Review (September 19 – September 26)
Weekly Vulnerabilities Review (September 19 – September 26)

Let’s take a look at a brief overview of new cybersecurity solutions from last week. In the spotlight: Trend Micro, VulnCheck, Juniper Networks, Apple, Cytrox, Palo Alto Networks Unit 42, GitLab, Atlassian, Atos Unify.

Trend Micro issued a critical advisory alerting its customers to a zero-day vulnerability actively being exploited in the wild. This security flaw, designated as CVE-2023-41179, affects its Apex One, Apex One SaaS, and Worry-Free Business Security software suites.

VulnCheck, a leading threat intelligence firm, has disclosed a fresh exploit targeting a recent vulnerability in Junos OS. Unpatched appliances from Juniper Networks are potentially at risk by the thousands. This particular vulnerability, identified as CVE-2023-36845, is characterized by a PHP environment variable manipulation issue found within the J-Web interface of Juniper’s SRX series firewalls and EX series switches that run on specific versions of Junos OS.

From May to September 2023, Citizen Lab uncovered three zero-day vulnerabilities that Apple addressed just last week. These flaws were exploited as part of an exploit chain to disseminate the espionage software, Predator, developed by Cytrox.

This week, Trend Micro has once again sounded the alarm bells, warning users about the patching of a dire 0-day vulnerability affecting Apex One and various other endpoint products. This vulnerability has already been a tool in cybercriminals’ arsenals.

A counterfeit PoC exploit for a recently rectified vulnerability in WinRAR has been spotted on GitHub. The cybersecurity experts at Palo Alto Networks Unit 42 have discovered that this exploit was merely a façade for the VenomRAT malware downloader.

GitLab has announced the release of patches to correct a severe vulnerability that could allow adversaries to trigger pipelines on behalf of other users by manipulating scheduled security scanning policies.

Atlassian has declared the roll-out of fixes for four pressing vulnerabilities impacting its renowned products – Jira, Confluence, Bitbucket, and Bamboo.

Earlier this year, two vulnerabilities were identified in Atos Unify products. Malicious actors could potentially exploit these to induce operational disruptions or even embed a backdoor into the target system.