Critical Authentication Bypass Vulnerability Identified in Dell OpenManage Server Software
Dell has recently published a critical security advisory for it’s OpenManage Server Administrator (OMSA) software, highlighting a critical severity vulnerability in Apache Tomcat that could allow threat actors to bypass authentication and gain access to affected systems. The security flaw, tracked as CVE-2024-52316 has been given a CVSS score of 9.8/10, marking it as critical.
The vulnerability itself stems from an unchecked error condition within Apache Tomcat’s Jakarta Authentication ServerAuthContext component, where if an exception occurs during the authentication process without setting an HTTP failure status, the authentication process may not fail as expected. This could allow unauthorised users to bypass the authentication altogether and gain access to the affected system.
There are multiple vulnerable versions of Apache Tomcat, which are listed below:
11.0.0-M1 to 11.0.0-M26
10.1.0-M1 to 10.1.30
9.0.0-M1 to 9.0.95
Dell has advised that all users update to Apache Tomcat version 11.1.0.0 or later to mitigate this security flaw.
Using Norm’s Vulnerability Management can automate patch management and protect your systems against vulnerabilities like these, keeping you safe from potential exploits.
Phishing Link Click Rates Tripled in Size in 2024, blowing 2023 Out of the Water
Throughout 2024, the rate at which business users clicked on phishing links almost tripled compared to 2023, according to new research published by Netskope. In the recently published article, Netskope discovered that more than 8 out of 1000 users clicked on a phishing link each month within 2024 which is an increase of 190% when compared to 2023.
The researchers have stated that the drastic increase has been caused by a combination of factors including mental fatigue, increased volumes of phishing attempts and harder to detect phishing attempts. The top target for phishing campaigns by the number of user clicks were cloud application phishes, as targeting these applications can compromise user accounts, which would then be sold on and used to perform higher-end cyber attacks against businesses or other high-value victims. According to Netskope’s research, Microsoft was the most targeted cloud app brand, making up 42% of phishing clicks within the cloud app category. The following highest targets were banking and telecoms providers at 17% and 13% respectively.
The report has also highlighted a shift in the locations in which users click on phishing links. In the past, the majority of phishing clicks have occurred from emails, however throughout 2024 there was a shift away from emails, moving towards web-based clicks. According to the study, 19% of phishing link clicks occurred via search engines where attackers can leverage SEO poisoning to appear at the top of the search results, along with malicious ads pushing themselves onto user. Another top source of phishing clicks was online shopping sites, which are a common target for phishing scams, especially during holiday periods.
Throughout 2024 there were several newly published CVE’s that appeared, which is expected due to the nature of cyber security in which new systems and software are released, and with these new releases comes new vulnerabilities and security flaws. However, according to research published by security researcher Jerry Gamblin, 2024 was a historic year for vulnerabilities.
2024 saw the publishing of over 40,000 new CVE’s throughout the year, marking a significant increase from 2023 which saw just over 28,000 CVE’s published in the entire year. This marked a 38% increase in newly published vulnerabilities, with an average of 108 CVE’s published each day. May 2024 saw the highest number of published CVE’s with a staggering 5,010 vulnerabilities published, making up 12.5% of the yearly total in just one month.
The average CVSS score of 2024 vulnerabilities stands at 6.67, which reflects a medium/high severity average for 2024 vulnerabilities. In terms of critical vulnerabilities, we saw 231 vulnerabilities achieve a 10/10 CVSS score in 2024. On the opposite end of the scale, we saw a vulnerability with the new lowest recorded CVSS score ever at 1.6, marking a very limited impact.
Looking at this data it is clear to see that vulnerabilities are becoming increasingly prevalent in the cyber security world, making it even more important to ensure that all systems within an organisation or at home are up-to-date and properly patched, as this increase in published CVEs indicates that we may see even more within 2025.
