18/10/2024 - Version 6.4.32 Release Notes

🔧 Bug Fixes
> Resolved issue with missing password characters
 🧩 Data Collection & Responses
> Office 365 Management plugin have been updated
> SCOPNet NAC plugin have been updated
> TR7 ASP plugin have been updated
> Added support for IAS XML format plugin
> Support for IIS JSON log plugin has been added

🔄 Updates & Enhancements

> Added support for sending incidents to other systems
> Adjusted maximum row count for XLS exports
> Added dynamic enum key validation checks
> Separated workers for SMB and SFTP operations
> Updated and refined InfluxDB configuration and logging
> Improved SFTP queue management
> Updated the link for the notification center
> Security improvements have been made in the elasticsearch.service
> Added source based raw message

🛡️ Security Enhancements

Summary
This release includes critical security enhancements aimed at
improving the reliability and security of the system. Specific
vulnerabilities and issues related to connection leaks, third-party
dependencies, and security concerns have been addressed to bolster
system integrity and protect against potential exploits.


Affected Version
Ekran Resmi 2024-10-19 14.23.26.png

Solution
Ekran Resmi 2024-10-19 14.14.53.png

Vulnerability Details
>
ZK Connection Leak:A connection leak issue in the Action Rule Worker
has been resolved, improving system stability and resource management.
> Log4j Vulnerability:Including Elasticsearch SQL jar files and the
Zamane client, have been updated to remove the Log4j dependency,
addressing widely known vulnerabilities that could lead to remote code
execution or other serious risks. Additionally, the Node.js dependency
has been removed, further reducing the system’s exposure to potential
exploits and improving overall security posture.
> ZDI-CAN-25336:A critical security issue was resolved, addressing
a vulnerability related to two-factor authentication (2FA)
brute-force attempts.
Mitigating Factors
Customers are strongly advised to upgrade to 6.4.32 or later to
ensure that these vulnerabilities are properly addressed
Acknowledgement
Logsign appreciates the efforts of security researchers and the
community in helping to identify these issues. Special thanks to
Abdessamad Lahlali and Smile Thanapattheerakul from Trend Micro Zero
Day Initiative
for responsibly disclosing the 2FA vulnerability.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.