Link Search Menu Expand Document
BSafes Library

Vulnerabilities

May 27, 2025

Unpatched Critical Vulnerability in TI WooCommerce Wishlist Plugin Full Text

Abstract A critical unauthenticated arbitrary file upload vulnerability, tracked as CVE-2025-47577, has been discovered in the TI WooCommerce Wishlist plugin for WordPress. The flaw affects all versions up to and including 2.9.2.

Patch Stack

May 27, 2025

Arm Mali GPU Vulnerability Enables Bypass of MTE and Arbitrary Kernel Code Execution Full Text

Abstract A critical vulnerability, CVE-2025-0072, has been identified in the Arm Mali GPU driver, affecting devices using the Command Stream Frontend (CSF) architecture, including Google Pixel 7, 8, and 9 series.

GBHackers

May 27, 2025

Critical GitHub MCP Server Vulnerability Allows Unauthorized Access to Private Repositories Full Text

Abstract A critical vulnerability in the GitHub MCP integration has been discovered, exposing private repository data through prompt injection attacks. This flaw affects users leveraging coding agents and IDEs integrated with GitHub MCP.

GBHackers

May 27, 2025

Hackers Exploit HTTP/2 Flaw to Launch Arbitrary Cross-Site Scripting Attacks Full Text

Abstract Researchers have uncovered critical vulnerabilities in HTTP/2 server push and Signed HTTP Exchange (SXG) that allow attackers to bypass the Same-Origin Policy (SOP). These flaws enable off-path attacks.

GBHackers

May 26, 2025

Oracle TNS Flaw Exposes System Memory to Unauthorized Access Full Text

Abstract Oracle has patched a medium-severity vulnerability (CVE-2025-30733) in its Transparent Network Substrate (TNS) protocol, which could allow unauthenticated remote attackers to access sensitive system memory.

GBHackers

May 26, 2025

Critical RCE Vulnerability in vBulletin via PHP Reflection API Bypass Full Text

Abstract A critical vulnerability in vBulletin versions 5.x and 6.x running on PHP 8.1 or later allows unauthenticated attackers to invoke protected methods remotely, leading to remote code execution (RCE).

Karmain Security

May 26, 2025

D-Link Routers Exposed by Hard-Coded Telnet Credentials Full Text

Abstract A critical vulnerability identified as CVE-2025-46176 affects D-Link DIR-605L and DIR-816L routers, exposing hardcoded Telnet credentials that allow unauthenticated remote command execution.

GBHackers

May 24, 2025

Cloudflare Closes Security Gap That Could Leak Visitor URLs Full Text

Abstract Cloudflare has addressed CVE-2025-4366, a request smuggling vulnerability in the Pingora OSS framework, affecting its CDN free tier and users of pingora-proxy and pingora-cache crates.

The Cyber Express

May 24, 2025

Critical NETGEAR Router Flaw Allows Full Admin Access by Attackers Full Text

Abstract A critical authentication bypass vulnerability (CVE-2025-4978) has been discovered in NETGEAR DGND3700v2 wireless routers. The flaw, rated CVSSv4 9.3, allows unauthenticated attackers to gain full administrative access via a hidden backdoor.

GBHackers

May 23, 2025

Apple XNU Kernel Flaw Enables Attackers to Escalate Privileges Full Text

Abstract Apple has patched CVE-2025-31219, a critical vulnerability in the XNU kernel affecting macOS, iOS, iPadOS, tvOS, watchOS, and visionOS. The flaw allows local attackers to escalate privileges and execute arbitrary code with kernel-level access.

GBHackers

May 23, 2025

Critical Vulnerabilities in ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Control Systems Full Text

Abstract ABB has issued a security advisory (AV25-290) on May 22, 2025, addressing critical vulnerabilities in multiple control system products. These flaws affect ASPECT-Enterprise, NEXUS Series, and MATRIX Series devices running version 3.08.03 or earlier.

Cyber

May 22, 2025

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware Full Text

Abstract A Chinese threat group, UAT-6382, is actively exploiting CVE-2025-0994—a remote code execution vulnerability in Trimble Cityworks—to deploy malware and maintain persistent access in U.S. local government networks.

Talos Intelligence

May 22, 2025

Grafana security release: High severity security fix for CVE-2025-4123 Full Text

Abstract A high-severity cross-site scripting (XSS) vulnerability, tracked as CVE-2025-4123 with a CVSS score of 7.6, has been discovered in Grafana. This flaw allows attackers to redirect users to malicious websites and execute arbitrary JavaScript code.

Grafana

May 22, 2025

Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication Full Text

Abstract Multiple critical vulnerabilities in Versa Concerto (versions 12.1.2–12.2.0) remain unpatched, enabling attackers to bypass authentication and achieve remote code execution (RCE) and host compromise.

GBHackers

May 22, 2025

Cisco Identity Services RADIUS Process Vulnerability Let Attackers Trigger DoS Condition Full Text

Abstract Cisco has disclosed a critical vulnerability in its Identity Services Engine (ISE) version 3.4 that allows unauthenticated remote attackers to trigger a denial-of-service (DoS) condition.

Cybersecurity News

May 22, 2025

Several GitLab Vulnerabilities Enable Attackers to Launch DoS Attacks Full Text

Abstract GitLab has released critical patches for 11 vulnerabilities in its CE and EE platforms, including three high-severity DoS flaws. These affect all deployment models and could lead to system downtime, data exposure, and authentication bypass.

GBHackers

May 20, 2025

300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race (CVE-2025-24076 and CVE-2025-24994) Full Text

Abstract A critical privilege escalation vulnerability in Windows 11, tracked as CVE-2025-24076, allows attackers to elevate privileges from a standard user to SYSTEM in just 300 milliseconds.

Compass Security

May 20, 2025

Auth0-PHP Vulnerability Enables Unauthorized Access for Attackers Full Text

Abstract

GBHackers

May 20, 2025

Critical Vulnerabilities in My Volkswagen App Expose Personal Data and Enable Unauthorized Vehicle Access Full Text

Abstract A security researcher uncovered critical vulnerabilities in the My Volkswagen app that exposed sensitive personal and vehicle data. The flaws allowed unauthorized access to user accounts and vehicle features using only a vehicle’s VIN number.

LoopSec

May 19, 2025

Thousands of WordPress Sites at Risk Due to Critical Crawlomatic Plugin Vulnerability Full Text

Abstract A critical vulnerability (CVE-2025-4389) in the Crawlomatic Multisite Scraper Post Generator WordPress plugin allows unauthenticated attackers to upload arbitrary files, leading to remote code execution.

The Cyber Express

May 19, 2025

Beware! A threat actor could steal the titles of your private (and draft) WordPress posts! Full Text

Abstract A newly discovered vulnerability in WordPress allows attackers to exfiltrate titles of private and draft posts via the XMLRPC pingback feature. This flaw affects all WordPress installations with XMLRPC enabled.

Imperva

May 19, 2025

New ‘Defendnot’ tool tricks Windows into disabling Microsoft Defender Full Text

Abstract A new tool named Defendnot demonstrates a critical method to disable Microsoft Defender on Windows systems by exploiting an undocumented Windows Security Center (WSC) API.

Bleeping Computer

May 19, 2025

CVE-2025-30072 Tiiwee X1 Alarm System - Authentication Bypass by Capture-replay Full Text

Abstract A critical authentication bypass vulnerability (CVE-2025-30072) has been identified in the Tiiwee X1 Alarm System (version TWX1HAKV2). The system's use of unencrypted 433 MHz radio communication allows attackers to perform capture-replay attacks.

Seclists

May 19, 2025

SEC Consult SA-20250506-0 :: Honeywell MB Secure Authenticated Command Injection Full Text

Abstract A critical authenticated command injection vulnerability (CVE-2025-2605) has been identified in Honeywell MB-Secure and MB-Secure PRO systems. Exploiting this flaw allows authenticated attackers to execute arbitrary OS commands with root privileges.

Seclists

May 19, 2025

Session Invalidation in Economizzer Allows Unauthorized Access After Logout Full Text

Abstract A session management vulnerability has been identified in Economizzer v.0.9-beta1, which allows unauthorized access due to improper session invalidation. Even after a user logs out, the session remains active.

Seclists

May 17, 2025

Multiple Critical Vulnerabilities Addressed in Latest Metasploit Framework Update Including RCE and Privilege Escalation Full Text

Abstract The latest Metasploit Framework update introduces five new modules targeting critical vulnerabilities across multiple platforms, including POWERCOM UPSMON PRO, Car Rental System 1.0, WordPress plugins, and LINQPad.

Cyware

May 15, 2025

Node.js Vulnerability Enables Attackers to Crash Processes and Disrupt Services Full Text

Abstract Node.js has released critical security updates addressing three vulnerabilities—CVE-2025-23166, CVE-2025-23167, and CVE-2025-23165—that could allow attackers to crash server processes and disrupt services.

GBHackers

May 14, 2025

Critical Heap Overflow Vulnerabilities in Windows RDP and RD Gateway Allow Remote Code Execution Full Text

Abstract Microsoft has disclosed two critical vulnerabilities in its Windows Remote Desktop services that could allow attackers to execute arbitrary code on vulnerable systems over a network.

GBHackers

May 14, 2025

Critical Authentication Bypass in Ivanti Neurons for ITSM and Privilege Escalation in CSA Full Text

Abstract Tracked as CVE-2025-22462, the security flaw can let unauthenticated attackers gain administrative access to unpatched systems in low-complexity attacks, depending on system configuration.

Bleeping Computer

May 10, 2025

Legacy Login in Microsoft Entra ID Exploited to Breach Cloud Accounts Full Text

Abstract A targeted campaign exploited Microsoft Entra ID’s legacy authentication protocol BAV2ROPC, allowing attackers to bypass MFA and gain unauthorized access to admin accounts across finance, healthcare, and tech sectors.

Hack Read

May 9, 2025

CVSS 10.0 Vulnerability Found in Ubiquity UniFi Protect Cameras Full Text

Abstract Ubiquity has disclosed two vulnerabilities in its UniFi Protect platform, including a critical RCE flaw (CVE-2025-23123) with a CVSS score of 10.0 and a medium-severity livestream access issue (CVE-2025-23164) with a CVSS score of 4.4.

The Cyber Express

May 7, 2025

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version Full Text

Abstract Multiple critical vulnerabilities have been discovered in the on-premise version of SysAid IT support software, enabling pre-authenticated remote code execution (RCE) with elevated privileges.

The Hacker News

May 7, 2025

Microsoft: April updates cause Windows Server auth issues Full Text

Abstract Microsoft has confirmed that the April 2025 security update (KB5055523) is causing authentication issues on domain controllers running Windows Server 2016, 2019, 2022, and 2025.

Bleeping Computer

May 7, 2025

IBM Cognos Analytics Security Vulnerability Allowed Unauthorized File Uploads Full Text

Abstract IBM has disclosed two high-severity vulnerabilities in its Cognos Analytics platform—CVE-2024-40695 and CVE-2024-51466. These flaws allow unauthorized file uploads and remote code execution.

GBHackers

May 7, 2025

Unexpected behavior in Snowflake’s Cortex AI Full Text

Abstract Snowflake’s CORTEX Search Service introduces a critical security risk: unintended data exposure. This vulnerability persists even in environments with tightly configured access and masking policies due to the inherent design of the AI service.

Cyera

May 7, 2025

Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet Full Text

Abstract Threat actors are actively exploiting critical vulnerabilities in end-of-life (EoL) GeoVision IoT devices and Samsung MagicINFO servers to deploy the Mirai botnet. These attacks leverage command injection and path traversal flaws.

The Hacker News

May 6, 2025

Critical RCE Vulnerability in Samsung MagicINFO 9 Server Actively Exploited Full Text

Abstract The vulnerability stems from inadequate input validation in the file upload functionality of Samsung MagicINFO 9 Server. Specifically, the server fails to sanitize filename inputs and does not enforce file extension or authentication checks.

Arctic Wolf

May 6, 2025

Researcher Exploits Regex Filter Flaw to Gain Remote Code Execution Full Text

Abstract The vulnerability enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise, data exfiltration, and unauthorized access.

GBHackers

May 6, 2025

Critical Windows Deployment Services UDP Flaw Exposes Enterprise Networks to Remote DoS Attacks Full Text

Abstract A newly discovered pre-authentication denial-of-service (DoS) vulnerability in Microsoft’s Windows Deployment Services (WDS) allows remote attackers to crash systems by sending malicious UDP packets.

Windows Forum

May 5, 2025

Multiple Flaws in Tenda RX2 Pro Let Attackers Gain Admin Access Full Text

Abstract Security researchers have identified 11 critical vulnerabilities in the Tenda RX2 Pro Dual-Band Gigabit Wi-Fi 6 Router (Firmware V16.03.30.14), enabling remote attackers to gain administrative and root access.

GBHackers

May 5, 2025

Critical SQL Injection Vulnerability Found in ADOdb PHP Library – CVE-2025-46337 (CVSS 10.0) Full Text

Abstract Tracked as CVE-2025-46337, the vulnerability resides in the PostgreSQL driver’s pg_insert_id() method, potentially allowing attackers to execute arbitrary SQL commands in vulnerable applications.

Security Online

May 2, 2025

Netgear EX6200 Flaw Enables Remote Access and Data Theft Full Text

Abstract Three critical vulnerabilities (CVE-2025-4148, CVE-2025-4149, CVE-2025-4150) have been discovered in the Netgear EX6200 Wi-Fi range extender (firmware version 1.0.3.94), a device widely used in homes and small businesses.

GBHackers

April 30, 2025

PowerDNS DNSdist 1.9.9 released, fixing CVE-2025-30194 Full Text

Abstract A critical vulnerability (CVE-2025-30194) has been identified in PowerDNS DNSdist versions 1.9.0 to 1.9.8, allowing remote attackers to trigger a denial-of-service (DoS) condition when DNS-over-HTTPS (DoH) is configured using the nghttp2 provider.

Power DNS

April 30, 2025

Chrome 136 Released With Patch For 20-Year-Old Privacy Vulnerability Full Text

Abstract Google has released Chrome 136 for Windows, Mac, and Linux, introducing critical privacy and security enhancements. The update addresses a 23-year-old privacy flaw and patches multiple vulnerabilities, including a critical heap buffer overflow.

Cybersecurity News

April 30, 2025

Researchers Exploit OAuth Misconfigurations to Gain Unrestricted Access to Sensitive Data Full Text

Abstract A researcher discovered a critical OAuth2 misconfiguration vulnerability. The flaw allowed unauthorized access to sensitive user and business data due to exposed client credentials and a lack of access controls.

GBHackers

April 30, 2025

Zimbra Collaboration GraphQL Flaw Lets Hackers Steal User Information Full Text

Abstract A critical Cross-Site Request Forgery (CSRF) vulnerability, tracked as CVE-2025-32354, has been identified in Zimbra Collaboration Suite (ZCS) versions 9.0 to 10.1. The flaw resides in the GraphQL endpoint (/service/extension/graphql).

GBHackers

April 30, 2025

Docker Registry Vulnerability Lets macOS Users Access Any Registry Without Authorization Full Text

Abstract A medium-severity vulnerability (CVE-2025-4095) in Docker Desktop for macOS allows authenticated users to bypass Registry Access Management (RAM) policies and access unapproved container registries.

GBHackers

April 30, 2025

Apache Tomcat security advisory (AV25-239) Full Text

Abstract Apache has released security advisories addressing vulnerabilities in multiple versions of Apache Tomcat. Users and administrators are urged to review the advisories and apply the necessary updates to maintain system security.

Cyber

April 30, 2025

GPUAF: Two Methods to Root Qualcomm-Based Android Phones Full Text

Abstract Security researchers have uncovered two critical vulnerabilities—CVE-2024-23380 and CVE-2024-23373—in Qualcomm GPU drivers, affecting a wide range of Android devices from manufacturers such as Samsung, Xiaomi, Honor, and Vivo.

GBHackers

April 29, 2025

Linux Kernel Exploitation Full Text

Abstract A critical vulnerability in the Linux kernel, CVE-2025-21756 and dubbed Attack of the Vsock, allows local attackers to escalate privileges to root. The flaw resides in VMware vsock driver and affects systems using vsock for inter-VM communication.

Hoefler

April 29, 2025

Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi Full Text

Abstract Newly discovered vulnerabilities in Apple’s AirPlay protocol could allow attackers to move laterally across networks via Wi-Fi, spreading malware between devices. These pose a risk by enabling attackers to exploit wireless connections.

Wired

April 28, 2025

Viasat Modems Zero-Day Vulnerabilities Let Attackers Execute Remote Code Full Text

Abstract A severe zero-day vulnerability has been uncovered in multiple Viasat satellite modem models, including the RM4100, RM4200, EM4100, RM5110, RM5111, RG1000, RG1100, EG1000, and EG1020.

GBHackers

April 28, 2025

Critical FastCGI Library Flaw Exposes Embedded Devices to Code Execution Full Text

Abstract A critical vulnerability (CVE-2025-23016) in the FastCGI library threatens embedded and IoT devices with remote code execution. The flaw, located in the ReadParams function, allows attackers to exploit heap buffer overflows.

GBHackers

April 28, 2025

iOS and Android juice jacking defenses have been trivial to bypass for years Full Text

Abstract Researchers have revealed that the defenses implemented by Apple and Google against "juice jacking" attacks have been fundamentally flawed. The input establishes a Bluetooth connection to a second miniaturized keyboard inside the malicious charger.

ArsTechnica

April 28, 2025

React Router Vulnerabilities Allow Attackers to Spoof Content and Alter Values Full Text

Abstract Two high-severity vulnerabilities (CVE-2025-43864 and CVE-2025-43865) have been identified in the React Router library, affecting versions 7.0.0 to 7.5.1. Developers must update to version 7.5.2 immediately.

GBHackers

April 28, 2025

NVIDIA Riva Vulnerabilities Leave AI-Powered Speech and Translation Services at Risk Full Text

Abstract Trend Micro Research identified two vulnerabilities (CVE-2025-23242 and CVE-2025-23243) in NVIDIA Riva deployments, exposing AI-powered speech and translation services to unauthorized access, resource abuse, and intellectual property theft.

Trend Micro

April 28, 2025

PII Disclosure Full Text

Abstract A critical vulnerability chain involving CORS misconfiguration, CSRF, and open redirect flaws was discovered, potentially exposing sensitive PII for approximately 170,000 users.

Infosec Writeups

April 26, 2025

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers Full Text

Abstract Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs.

The Hacker News

April 25, 2025

SonicWall security advisory (AV25-231) - Canadian Centre for Cyber Security Full Text

Abstract SonicWall has released a security advisory (AV25-231), addressing a vulnerability affecting multiple SonicOS Gen7 and TZ series firewall products. Timely updates are essential to maintain network integrity and prevent unauthorized access.

Canadian Centre for Cyber Security

April 24, 2025

Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely Full Text

Abstract A critical vulnerability (CVE-2025-34028) in Commvault Command Center Innovation Release (versions 11.38.0 through 11.38.19) allows unauthenticated remote attackers to execute arbitrary code.

The Hacker News

April 24, 2025

Linux ‘io_uring’ security blindspot allows stealthy rootkit attacks Full Text

Abstract A critical security blind spot in the Linux kernel's io_uring interface enables stealthy rootkit attacks that bypass traditional runtime security tools. The io_uring interface supports 61 operation types.

Bleeping Computer

April 24, 2025

Redis DoS Flaw Allows Attackers to Crash Servers or Drain Memory Full Text

Abstract A high-severity DoS vulnerability in Redis, tracked as CVE-2025-21605, allows unauthenticated attackers to crash servers or exhaust memory by exploiting unlimited client output buffers. Redis versions 2.6 and above are affected.

GBHackers

April 24, 2025

SonicWall SSLVPN Flaw Allows Hackers to Crash Firewalls Remotely Full Text

Abstract SonicWall has disclosed a high-severity vulnerability (CVE-2025-32818) in its SSLVPN Virtual Office interface that allows unauthenticated attackers to remotely crash firewalls, causing denial-of-service (DoS) and widespread network disruptions.

GBHackers

April 24, 2025

BBOT 2.1.0 - Local Privilege Escalation via Malicious Module Execution Full Text

Abstract A local privilege escalation vulnerability has been identified in BBOT version 2.1.0. When configured with sudo access, BBOT can be exploited to execute malicious Python modules, allowing attackers to escalate privileges and gain root access.

Seclists

April 23, 2025

Synology Network File System Vulnerability Allows Unauthorized File Access Full Text

Abstract A critical vulnerability in Synology DiskStation Manager (DSM), tracked as CVE-2025-1021, allows unauthenticated remote attackers to access arbitrary files via the NFS service.

GBHackers

April 23, 2025

Samsung One UI Vulnerability Leaks Sensitive Data in Plain Text With no expiration! Full Text

Abstract A significant privacy vulnerability has been discovered in Samsung’s One UI clipboard history feature. The system stores all copied text—including passwords, 2FA codes, and personal data—in plain text indefinitely, without auto-expiry.

GBHackers

April 22, 2025

Critical Security Vulnerability Found in WordPress Plugin InstaWP Connect Full Text

Abstract The vulnerability, identified as CVE-2025-2636, specifically impacts older versions of the plugin. Versions prior to 0.1.0.88 are at risk. This security flaw enables unauthorized attackers to remotely execute malicious PHP code on affected websites.

The Cyber Express

April 22, 2025

PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability Full Text

Abstract The flaw (CVSSv3 10.0) stems from improper handling of SSH protocol messages, enabling attackers to bypass authentication and send malicious payloads during the connection phase.

GBHackers

April 22, 2025

Over 50k WordPress Sites at Takeover Risk Via Vulnerable Plugin Full Text

Abstract Tracked as CVE-2025-3616 and carrying a CVSS score of 8.8, this flaw allows authenticated users — even those with mere subscriber-level access — to upload arbitrary files, including malicious PHP scripts, and execute them remotely.

Security Online

April 22, 2025

Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation Full Text

Abstract A newly discovered vulnerability in the Windows Update Stack, tracked as CVE-2025-21204, could enable attackers to execute arbitrary code and escalate privileges to SYSTEM level on targeted machines.

GBHackers

April 22, 2025

Critical CVE-2025-1976 Vulnerability in Brocade Fabric OS Actively Exploited Full Text

Abstract A critical security vulnerability has been identified in Brocade Fabric OS, posing a significant risk to affected systems. The vulnerability could allow a local user with admin privileges to execute arbitrary code with full root privileges.

Security Online

April 21, 2025

WordPress ad-fraud plugins generated 1.4 billion ad requests per day Full Text

Abstract A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests.

Bleeping Computer

April 21, 2025

Hackers Bypassed Windows Defender Policies Using WinDbg Preview via Microsoft Store Full Text

Abstract A newly documented technique reveals how attackers can exploit the WinDbg Preview debugger to bypass even the strictest Windows Defender Application Control (WDAC) policies.

GBHackers

April 19, 2025

ASUS warns of critical auth bypass flaw in routers using AiCloud Full Text

Abstract ASUS has disclosed a critical authentication bypass vulnerability (CVE-2025-2492) affecting multiple router models with AiCloud enabled. The flaw allows remote attackers to execute unauthorized functions without authentication.

Bleeping Computer

April 17, 2025

Model Context Protocol Flaw Allows Attackers to Compromise Victim Systems Full Text

Abstract A critical vulnerability in the widely adopted Model Context Protocol (MCP), an open standard for integrating generative AI (GenAI) tools with external systems, has exposed organizations to risks of data theft, ransomware, and unauthorized access.

GBHackers

April 16, 2025

CVE-2025-24054: Actively Exploited NTLM Hash Disclosure Vulnerability Full Text

Abstract Check Point Research has issued a warning over the active exploitation of a newly disclosed vulnerability—CVE-2025-24054—that allows attackers to leak NTLMv2-SSP hashes through specially crafted .library-ms files.

Security Online

April 16, 2025

Microsoft warns of blue screen crashes caused by April updates Full Text

Abstract Microsoft warned customers this week that their systems might crash with a blue screen error caused by a secure kernel fatal error after installing Windows updates released since March.

Bleeping Computer

April 16, 2025

Firefox Fixes High-Severity Vulnerability Causing Memory Corruption via Race Condition Full Text

Abstract Mozilla has released Firefox 137.0.2, addressing a high-severity security flaw that could potentially allow attackers to exploit memory corruption. The patched vulnerability, CVE-2025-3608, was found in the nsHttpTransaction component of Firefox.

GBHackers

April 15, 2025

Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence Full Text

Abstract A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change.

The Hacker News

April 15, 2025

Australian Businesses at Risk as Threat Actors Exploit Fortinet Vulnerabilities Full Text

Abstract Australian organizations using Fortinet products are being urged to take immediate action following a new advisory highlighting the active exploitation of previously known vulnerabilities.

The Cyber Express

April 15, 2025

Gladinet flaw CVE-2025-30406 actively exploited in the wild Full Text

Abstract Security researchers at Huntress warn of attacks in the wild exploiting a critical vulnerability, tracked as CVE-2025-30406, in Gladinet CentreStack and Triofox software.

Security Affairs

April 10, 2025

Dell Addresses Security Vulnerabilities in PowerScale OneFS Full Text

Abstract Dell has released a security advisory addressing multiple vulnerabilities in PowerScale OneFS, its scale-out network-attached storage operating system. The vulnerabilities could be exploited by malicious users to compromise affected systems.

Security Online

April 10, 2025

SonicWall Patches Multiple Vulnerabilities in NetExtender VPN Client Full Text

Abstract SonicWall has issued a security advisory disclosing three newly identified vulnerabilities in its NetExtender Windows client, a popular VPN tool used by organizations for secure remote access to internal networks.

Security Online

April 10, 2025

SureTriggers Vulnerability Exposes 100,000+ WordPress Sites to Full Takeover Full Text

Abstract A critical vulnerability in the popular WordPress automation plugin SureTriggers has exposed over 100,000 sites to the risk of unauthenticated administrative account creation, potentially allowing full site takeover.

Security Online

April 8, 2025

TVT DVR Devices Under Siege as Massive Exploitation Attempts Expose Critical Flaw Full Text

Abstract GreyNoise intelligence reports “a significant spike 3 times that of typical activity in exploitation attempts against TVT NVMS9000 DVRs,” with the peak occurring on April 3rd, registering over 2,500 unique attacking IP addresses.

Security Online

April 8, 2025

WhatsApp for Windows Spoofing Vulnerability Poses Code Execution Risk Full Text

Abstract A security advisory from Facebook detailed a spoofing vulnerability (CVE-2025-30401) in WhatsApp for Windows, highlighting a potential risk where malicious actors could trick users into executing arbitrary code.

Security Online

April 8, 2025

Critical BentoML Flaw Allows Full Remote Code Execution, Exploit Available Full Text

Abstract The vulnerability, tracked as CVE-2025-27520 (CVSS 9.8), allows for remote code execution (RCE) and poses a significant risk to systems utilizing the affected versions of the library.

Security Online

April 8, 2025

Pexip Issues Urgent Security Update to Address Critical Vulnerabilities Full Text

Abstract The two high-severity vulnerabilities, tracked as CVE-2025-32095 and CVE-2025-30080, could allow a remote attacker to trigger a software abort, leading to a denial of service. Users are recommended to upgrade to Pexip Infinity v37.0 for the fixes.

Security Online

April 8, 2025

PoC Exploit Released for Yelp Flaw Exposes SSH Keys on Ubuntu Systems Full Text

Abstract A security vulnerability, identified as CVE-2025-3155, has been discovered in Yelp, the GNOME user help application that comes pre-installed on Ubuntu systems. The vulnerability involves the way Yelp handles the “ghelp://” URI scheme.

Security Online

April 8, 2025

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities Full Text

Abstract Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two flaws, CVE-2024-53150 (out-of-bounds read) and CVE-2024-53197 (privilege escalation), reside in the USB sub-component of Kernel.

The Hacker News

April 8, 2025

MediaTek’s April 2025 Security Bulletin Addresses Critical WLAN Vulnerability in Multiple Chipsets Full Text

Abstract One of the most severe vulnerabilities highlighted in the bulletin is an out-of-bounds write in the WLAN service (CVE-2025-20654). This vulnerability could lead to remote code execution with no additional execution privileges needed.

Security Online

April 7, 2025

Python JSON Logger Vulnerability Enables Remote Code Execution - PoC Released Full Text

Abstract A recent security disclosure has revealed a remote code execution (RCE) vulnerability, CVE-2025-27607, in the Python JSON Logger package, affecting versions between 3.2.0 and 3.2.1.This vulnerability arises from a missing dependency.

GBHackers

April 7, 2025

Critical pgAdmin Flaw Allows Remote Code Execution Full Text

Abstract Notably, the flaw requires authentication, limiting immediate widespread exploitation. However, compromised accounts or phishing attacks could bypass this barrier. The pgAdmin team resolved the issue in version 9.2.

GBHackers

April 4, 2025

OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code Full Text

Abstract OpenVPN has patched a security vulnerability (CVE-2025-2704) that could potentially allow attackers to crash servers and execute remote code under certain conditions, with the flaw affecting specific server configurations.

GBHackers

March 31, 2025

Canon Fixes Critical Printer Driver Flaw Full Text

Abstract The vulnerability, identified as CVE-2025-1268, is described as an out-of-bounds vulnerability that “may prevent printing and/or potentially be able to execute arbitrary code when the print is processed by a malicious application“.

Security Online

March 31, 2025

Dell Unity Hit by 9.8 CVSS Root-Level Command Injection Flaw Full Text

Abstract Dell released an update for Unity OS version 5.4 and earlier, addressing a set of critical vulnerabilities that exposed the enterprise storage systems under Unity, UnityVSA, and Unity XT lines.

Security Online

March 31, 2025

Mitel Addresses High Severity XSS Vulnerability in MiContact Center Business Full Text

Abstract Mitel has issued a security advisory regarding a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2025-23092 (CVSS 7.1), in the Legacy Chat component of its MiContact Center Business software.

Security Online

March 31, 2025

Critical Flaw Discovered in WordPress Plugin with 90,000+ Active Installs Full Text

Abstract The vulnerability, tracked as CVE-2025-2294, is a Local File Inclusion (LFI) flaw present in the Kubio AI Page Builder plugin. This flaw affects all versions of the plugin up to and including 2.5.1.

Security Online

March 29, 2025

New Ubuntu Linux Security Bypasses Require Manual Mitigations Full Text

Abstract Three security bypasses have been discovered in Ubuntu Linux’s unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components.

Bleeping Computer

March 28, 2025

Critical Severity Vulnerabilities in Ghostscript Put Users at Risk Full Text

Abstract A series of security vulnerabilities has been identified in Artifex Ghostscript, a widely used interpreter for PostScript and PDF files. These vulnerabilities could lead to buffer overflows and unauthorized file access.

Security Online

March 27, 2025

Synology Mail Server Vulnerability Allows Remote Configuration Tampering Full Text

Abstract “A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions,” according to Synology’s official advisory.

Security Online

March 27, 2025

Millions of Web Applications at Risk Due to PoC Exploit Released for Vite Arbitrary File Read Flaw Full Text

Abstract Vite, the frontend build tool that powers millions of modern web applications, has been found vulnerable to a file access control bypass flaw that could expose arbitrary file contents to the browser.

Security Online

March 27, 2025

RCE and Data Leak Vulnerabilities Patched in Splunk Enterprise and Splunk Cloud Platform Full Text

Abstract CVE-2025-20229 allows low-privileged users to execute arbitrary code remotely by uploading malicious files. The second flaw, CVE-2025-20231, affects the Splunk Secure Gateway App and leads to the exposure of user session and authorization tokens.

Security Online

March 27, 2025

Synapse Servers at Risk Due to Zero-Day DoS Flaw Exploited in the Wild Full Text

Abstract A critical zero-day vulnerability has been discovered in Synapse, an open-source Matrix homeserver implementation. This flaw is actively being exploited in the wild and can lead to a denial-of-service condition.

Security Online

March 27, 2025

Use-After-Free Vulnerability in Exim Exposes Systems to Privilege Escalation Full Text

Abstract The use-after-free vulnerability can be exploited to achieve privilege escalation. This could allow an attacker to gain unauthorized access to system resources and execute arbitrary commands with elevated privileges.

Security Online

March 26, 2025

New Windows Zero-Day Leaks NTLM Hashes, Gets Unofficial Patch Full Text

Abstract Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer.

Bleeping Computer

March 26, 2025

Apache VCL Hit by SQL Injection and XSS Vulnerabilities Full Text

Abstract Recent advisories revealed two vulnerabilities (CVE-2024-53678 and CVE-2024-53679) in Apache VCL, a widely-used open-source cloud computing platform designed to deliver custom computing environments.

Security Online

March 26, 2025

CrushFTP Warns Users to Patch Unauthenticated Access Flaw Immediately Full Text

Abstract CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. The vulnerability is mitigated if the DMZ feature of CrushFTP is enabled.

Bleeping Computer

March 26, 2025

NetApp SnapCenter Users at Risk Due to CVSS 9.9 Privilege Escalation Vulnerability Full Text

Abstract A high-severity security vulnerability has been discovered in NetApp SnapCenter, posing a significant risk to systems utilizing this platform. NetApp has released a security advisory detailing the issue and urging users to take immediate action.

Security Online

March 26, 2025

Critical Authentication Bypass Flaw Impacts VMware Tools for Windows Full Text

Abstract The vulnerability is due to improper access control. Low-privileged local attackers can exploit this vulnerability in simple attacks without user interaction to escalate privileges on vulnerable VMs.

Security Affairs

March 26, 2025

Critical RCE Flaw Found in MoxieManager Full Text

Abstract Tiny Technologies recently issued a security advisory regarding a critical vulnerability discovered in MoxieManager, a file and media management solution popular for its integration into PHP and .NET environments.

Security Online

March 26, 2025

EncryptHub Linked to MMC Zero-Day Attacks on Windows Systems Full Text

Abstract Attackers can leverage the vulnerability to evade Windows file reputation protections and execute code because the user is not warned before loading unexpected MSC files on unpatched devices.

Bleeping Computer

March 25, 2025

Update: Public Exploit Released for Linux Kernel Privilege Escalation Bug Full Text

Abstract The vulnerability, tracked as CVE-2025-0927, a heap overflow in the HFS+ file system implementation, could allow an attacker to escalate local privileges on affected systems.

Security Online

March 25, 2025

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication Full Text

Abstract After responsible disclosure, the vulnerabilities were fixed in Ingress NGINX Controller versions 1.12.1, 1.11.5, and 1.10.7. Users should update promptly and secure the admission webhook endpoint from external exposure.

The Hacker News

March 24, 2025

Critical Flaw in kcp Lets Attackers Manipulate Any Workspace Full Text

Abstract The vulnerability, tracked as CVE-2025-29922 with a CVSS score of 9.6, allows for unauthorized creation and deletion of objects in arbitrary workspaces through the APIExport Virtual Workspace.

Security Online

March 24, 2025

Nuxt Users Warned of Cache Poisoning Attacks Due to High-Severity Flaw Full Text

Abstract Tracked as CVE-2025-27415 and scored 7.5 on the CVSS scale, this vulnerability affects Nuxt versions 3.0.0 up to but not including 3.16.0. The issue lies in how Nuxt handles certain HTTP requests.

Security Online

March 24, 2025

Next.js Patches a Critical Authorization Bypass Flaw Full Text

Abstract By abusing the flaw, malicious actors could gain unauthorized access to protected resources and functionalities within applications relying on Next.js middleware for authentication and authorization.

Security Online

March 22, 2025

Critical Security Flaw in ArcGIS Enterprise Exposes Admin Accounts to Remote Takeover Full Text

Abstract The vulnerability, tracked as CVE-2025-2538, carries a CVSS score of 9.8, marking it as a critical severity issue. It specifically affects certain deployments of Portal for ArcGIS, a core component in the ArcGIS Enterprise ecosystem.

Security Online

March 21, 2025

WordPress security plugin WP Ghost vulnerable to remote code execution bug Full Text

Abstract The flaw, tracked as CVE-2025-26909, impacts all versions of WP Ghost up to 5.4.01 and stems from insufficient input validation in the 'showFile()' function. Exploitation could allow attackers to include arbitrary files via manipulated URL paths.

Bleeping Computer

March 20, 2025

Multiple Vulnerabilities Patched in Dell SmartFabric OS10 Software Full Text

Abstract The vulnerabilities, affecting version 10.5.6.x, could allow attackers to perform various malicious activities, including elevation of privileges, unauthorized access, code execution, and server-side request forgery.

Security Online

March 20, 2025

Critical RCE Vulnerability Discovered in Veeam Backup & Replication Full Text

Abstract While no public proof-of-concept (PoC) exploit has been released at the time of this publication, the large deployment footprint of Veeam Backup & Replication makes it an attractive target for attackers.

Security Online

March 20, 2025

PoC Exploit Released for Windows Explorer Vulnerability Exposing NTLM Hashes Full Text

Abstract A proof-of-concept (PoC) for the CVE-2025-24071 vulnerability is available on GitHub, and a Metasploit module for this flaw is also available. The flaw was addressed in the Microsoft Patch Tuesday this month.

Security Online

March 19, 2025

Critical Flaws Expose SICK DL100 Devices to Code Execution and Password Hacks Full Text

Abstract SICK strongly recommends operating the affected systems within a secure infrastructure to minimize risk. The advisory provides workarounds for each CVE, emphasizing the importance of applying general security practices.

Security Online

March 19, 2025

Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems Full Text

Abstract Organizations are recommended to apply the latest patches, enforce network segmentation by isolating SCADA systems from IT networks, enforce strong authentication, and monitor for suspicious activity.

The Hacker News

March 19, 2025

Stack Overflow Flaw Threatens Patient Data in PACS Servers, PoC Published Full Text

Abstract Users of Sante PACS Server are strongly advised to upgrade to version 4.2.0 or later to patch these critical security flaws and protect their systems from potential attacks.

Security Online

March 19, 2025

Node.js Library xml-crypto Hit by Critical Security Flaws Full Text

Abstract Successful exploitation of these vulnerabilities can allow attackers to bypass authentication or authorization mechanisms in systems that use xml-crypto to verify signed XML documents.

Security Online

March 19, 2025

Synology Patches Critical Code Execution Flaw in Multiple Products Full Text

Abstract Synology updated its security advisories to disclose a critical security vulnerability affecting several products, including Synology BeeStation Manager (BSM), Synology DiskStation Manager (DSM), and Synology Unified Controller (DSMUC).

Security Online

March 18, 2025

Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 Full Text

Abstract An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.

The Hacker News

March 18, 2025

Multiple Security Vulnerabilities Plague PHP, Exposing Applications to Risk Full Text

Abstract Researchers reported multiple security flaws in PHP’s HTTP stream wrapper, exposing web applications to risks like information leaks, denial of service, and request smuggling.

Security Online

March 14, 2025

Miniaudio and Adobe Acrobat Reader Vulnerabilities Discovered Full Text

Abstract CVE-2024-41147 is an out-of-bounds write vulnerability in Miniaudio. CVE-2025-27163 and CVE-2025-27164 are out-of-bounds read vulnerabilities in the font functionality in Adobe Acrobat, which can lead to information disclosure.

Talos

March 13, 2025

Tenda AC7 Routers at Risk of Root Compromise, PoC Released Full Text

Abstract The vulnerability is a stack-based buffer overflow within the formSetFirewallCfg function. A remote attacker can exploit this flaw by sending a specially crafted payload to the router’s web interface.

Security Online

March 13, 2025

Siemens Exposes 9.8-Rated Bootloader Flaw in SINAMICS S200 Devices Full Text

Abstract The vulnerability has been assigned a CVSS v3.1 base score of 9.8. Siemens has not released a firmware update to address the vulnerability. Customers are urged to follow the recommendations in the security advisory to protect their devices.

Security Online

March 13, 2025

AMI Releases Updates to Address Vulnerabilities in SPx, AptioV and EDK2 Full Text

Abstract AMI has released updates to address these vulnerabilities. The AptioV and EDK2 vulnerabilities are fixed in version BKC_5.38, while the SPx vulnerability is addressed in versions SPx_12.7+ and SPx_13.5.

Security Online

March 13, 2025

Cisco Issues High-Severity Security Alert for IOS XR Software Full Text

Abstract The vulnerability impacts Cisco IOS XR 64-bit Software across all device configurations. To determine if a specific Cisco software release is vulnerable, users are advised to consult the “Fixed Software” section of the advisory.

Security Online

March 12, 2025

Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches Full Text

Abstract Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees.

The Hacker News

March 12, 2025

Critical Flaw Found in Siemens SiPass Access Control Systems Full Text

Abstract Siemens has issued a security advisory warning of multiple vulnerabilities in SiPass integrated access control systems. The vulnerabilities could allow attackers to execute commands on the devices with root privileges and access sensitive data.

Security Online

March 12, 2025

Font Library FreeType Flaw Exploited in the Wild, Millions at Risk Full Text

Abstract A critical vulnerability in the FreeType font rendering library has been revealed, potentially putting millions of devices at risk of RCE. The flaw, tracked as CVE-2025-27363 and having a CVSS score of 8.1, impacts FreeType versions 2.13.0 and below.

Security Online

March 11, 2025

Multiple vulnerabilities found in ICONICS industrial SCADA software Full Text

Abstract A popular set of SCADA software systems used in critical infrastructure around the world suffered from at least five known vulnerabilities that could have allowed for privilege escalation, DLL hijacking and the ability to modify critical files.

CyberScoop

March 11, 2025

SAP Patches High-Severity XSS and Authorization Flaws in Latest Security Updates Full Text

Abstract SAP has released its latest round of security updates, addressing 21 new vulnerabilities and providing 3 updates to previously released Security Notes. The updates include fixes for several high-severity vulnerabilities.

Security Online

March 11, 2025

Chrome Update: 5 Security Fixes, High-Risk Flaws Addressed ASAP Full Text

Abstract An important security update has been released for the Chrome Stable channel, addressing five vulnerabilities, including three high-severity flaws that could allow attackers to execute arbitrary code.

Security Online

March 10, 2025

PHP-CGI RCE Flaw Exploited in Attacks on Japan’s Tech, Telecom, and E-Commerce Sectors Full Text

Abstract "The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researchers said.

The Hacker News

March 10, 2025

New Chirp tool uses audio tones to transfer data between devices Full Text

Abstract A new open-source tool named 'Chirp' transmits data between computers (and smartphones) through different audio tones. Other microphone-equipped computers running Chirp may capture the sound and translate the message back into text.

Bleeping Computer

March 10, 2025

Undocumented commands found in Bluetooth chip used by a billion devices Full Text

Abstract Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices.

Bleeping Computer

March 8, 2025

Multiple Vulnerabilities Discovered in ICONICS Suite SCADA System Full Text

Abstract Unit 42 assessed the ICONICS Suite SCADA system and identified five vulnerabilities in versions 10.97.2 and earlier for Windows. The ICONICS security team issued multiple patches in 2024 to resolve these issues.

Palo Alto Networks

March 6, 2025

Critical Code Execution Vulnerability Patched in Elastic Kibana Full Text

Abstract Elastic has released a security update to address a critical vulnerability in Kibana. The vulnerability, tracked as CVE-2025-25012 and assigned a CVSS score of 9.9, could allow attackers to execute arbitrary code on vulnerable systems.

Security Online

March 6, 2025

Critical Flaw in Chaty Pro Plugin Exposes Thousands of WordPress Sites to Takeover Full Text

Abstract The vulnerability stems from a lack of proper authorization and security checks in the code responsible for handling user input. The developers of Chaty Pro have addressed CVE-2025-26776 in version 3.3.4.

Security Online

March 5, 2025

Zoho Patches Account Takeover Vulnerability in ADSelfService Plus Full Text

Abstract The vulnerability stems from improper session management, potentially exposing sensitive user information and enabling attackers to hijack accounts. Zoho has confirmed that the issue has been resolved in ADSelfService Plus version 6511.

Security Online

March 5, 2025

NVIDIA Addresses High-Severity HGX Management Controller Vulnerability Full Text

Abstract Nvidia has issued a security update addressing two vulnerabilities (CVE-2024-0114 and CVE-2024-0141) in its Hopper HGX 8-GPU HMC, including a high-severity flaw that could allow unauthorized code execution, privilege escalation, and data tampering.

Security Online

March 5, 2025

PoC Exploit Published for Critical HPE Insight RS Flaw Posing RCE Risks Full Text

Abstract The vulnerability stems from improper path validation in the processAtatchmentDataStream method. This flaw allows attackers to bypass directory restrictions and upload malicious files outside the intended directory.

Security Online

March 5, 2025

Vim Users Warned Code Execution Flaw That can be Trigged by Crafted TAR Files Full Text

Abstract The Vim project has released patch v9.1.1164, which addresses CVE-2025-27423. Users are strongly advised to update their Vim installations to this version or later immediately.

Security Online

March 5, 2025

Broadcom Fixes Three VMware Zero-Days Exploited in Attacks Full Text

Abstract The three zero-day vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) impact VMware ESX products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform.

Bleeping Computer

March 1, 2025

Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363) Full Text

Abstract A high-severity vulnerability (CVE-2025-23363) in the Siemens Teamcenter product lifecycle management (PLM) software could allow an attacker to steal users’ valid session data and gain unauthorized access to the vulnerable application.

Help Net Security

March 1, 2025

Account Takeover Vulnerability Found in Better Auth Library Full Text

Abstract A critical security vulnerability has been discovered in the Better Auth library, a popular TypeScript authentication framework. The vulnerability could allow attackers to bypass security measures and potentially take over user accounts.

Security Online

March 1, 2025

LibreOffice Flaws Allow Attackers to Run Malicious Files on Windows Full Text

Abstract The vulnerability, which impacts versions before 24.8.5, revolves around improper validation of non-file URLs interpreted as Windows file paths through the ShellExecute function.

GBHackers

February 26, 2025

Rsync Flaws Allow Hackers to Take Over Servers, PoC Published Full Text

Abstract Google Cloud Vulnerability Research published the technical details and proof-of-concept (PoC) exploits for five critical Rsync vulnerabilities, identified as CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, and CVE-2024-12088.

Security Online

February 26, 2025

Massive WordPress Plugin Vulnerability Exposes Millions to XSS Attacks Full Text

Abstract The vulnerability, tracked as CVE-2025-24752, is a reflected Cross-Site Scripting (XSS) issue that could allow malicious actors to inject harmful scripts into unsuspecting users’ browsers.

Security Online

February 26, 2025

GRUB2 Bootloader Vulnerabilities Expose Millions of Systems to Attacks Full Text

Abstract A series of critical vulnerabilities have been discovered in GRUB2, the popular boot loader used by many Linux distributions. These flaws could allow attackers to bypass security measures, potentially compromising millions of systems globally.

Security Online

February 26, 2025

OpenH264 Codec Vulnerability Poses Remote Code Execution Risk Full Text

Abstract Tracked as CVE-2025-27091 and assigned a CVSSv4 score of 8.6, this vulnerability could allow remote attackers to trigger a heap overflow, potentially leading to arbitrary code execution.

Security Online

February 26, 2025

Attackers Exploiting Cisco Vulnerabilities Tied to Salt Typhoon Campaign Full Text

Abstract GreyNoise researchers observed active exploitation of two Cisco vulnerabilities, CVE-2018-0171 and CVE-2023-20198, which reportedly have been used in recent attacks by the Chinese nation-state threat group known as Salt Typhoon.

Cybersecurity Dive

February 24, 2025

Zero-Day in Parallels Desktop Allows Root Privilege Escalation, PoC Released Full Text

Abstract Independent researcher Mickey Jin (@patch1t) publicly disclosed the exploit after Parallels left the vulnerability unpatched for over seven months, despite multiple responsible disclosure attempts.

Security Online

February 24, 2025

Exim Mail Transfer Vulnerability Allows Attackers to Inject Malicious SQL Full Text

Abstract Systems become vulnerable when compiled with the _USE_SQLITE_ option, which activates SQLite integration for hints database management, and when administrators enable ETRN commands without proper serialization safeguards.

GBHackers

February 24, 2025

Libxml2 Flaws Could Lead to Code Execution Full Text

Abstract Users of libxml2 are strongly encouraged to update to the latest versions, 2.12.10 or 2.13.6, to address these vulnerabilities. Older branches of libxml2 will not receive updates.

Security Online

February 24, 2025

Moxa PT Switches Vulnerable to Denial-of-Service Attack Full Text

Abstract CVE-2024-9404 poses a significant remote threat if the affected PT switches are exposed to publicly accessible networks. Attackers could exploit this vulnerability to disrupt critical operations in various industrial environments.

Security Online

February 24, 2025

Critical Vulnerability in Pentaho Business Analytics Server Full Text

Abstract To fully address the critical vulnerability (CVE-2024-37361), users are advised to upgrade to the latest Hitachi Vantara Pentaho 10.2 release or, for version 9.3, to install Service Pack 9.3.0.9 or higher.

Security Online

February 24, 2025

CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks Full Text

Abstract The flaw is tracked as CVE-2025-23209 and is a high severity (CVSS v3 score: 8.0) code injection (RCE) vulnerability impacting Craft CMS versions 4 and 5. Federal agencies have until March 13, 2025, to patch the Craft CMS flaw.

The Hacker Newes

February 21, 2025

Proof-of-Concept Exploit Released for Four Ivanti Vulnerabilities Full Text

Abstract Horizon3.ai researchers on Wednesday released technical details and a proof-of-concept (PoC) exploit for four critical Ivanti vulnerabilities that were first disclosed and patched last month.

Cybersecurity Dive

February 20, 2025

Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit Full Text

Abstract These vulnerabilities have been assigned Common Vulnerability Scoring System (CVSS) numbers ranging from 2.8 to 3.3 representing a Low level of impact. Successful exploitation could lead to limited denial of service and information disclosure.

Palo Alto Networks

February 20, 2025

SICK Warns of Severe Security Flaws in MEAC300 Sensors Full Text

Abstract The vulnerabilities, tracked as CVE-2022-0778 and CVE-2025-0867, could allow attackers to cause a denial of service or potentially execute arbitrary code on affected devices.

Security Online

February 20, 2025

Update: Windows Disk Cleanup Tool Flaw Exploited to Gain SYSTEM Privileges, PoC Released Full Text

Abstract The vulnerability was anonymously disclosed to Microsoft and subsequently, a proof-of-concept exploit was published on GitHub by a security researcher. The exploit leverages a DLL sideloading technique with cleanmgr.exe.

Security Online

February 20, 2025

Netgear C7800 Router Flaw Exposes User Credentials, No Patch! Full Text

Abstract An attacker who successfully performs a man-in-the-middle attack on the WLAN or LAN can intercept user credentials. This could grant full control over the router, enabling settings manipulation, data theft, or launch further attacks.

Security Online

February 20, 2025

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability Full Text

Abstract The two critical-rated vulnerabilities include CVE-2025-21355 (CVSS score: 8.6), a Microsoft Bing remote code execution vulnerability, and CVE-2025-24989 (CVSS score: 8.2), a Microsoft Power Pages elevation of privilege vulnerability.

The Hacker News

February 19, 2025

Two New OpenSSH Bugs Threaten Enterprise Security, Uptime Full Text

Abstract Qualys discovered the bugs (CVE-2025-26465 and CVE-2025-26466) in January, per its disclosure timeline. These vulnerabilities enable machine-in-the-middle (MitM) attacks and pre-authentication denial-of-service (DoS) attacks.

The Register

February 19, 2025

Exploit Code Published for Critical GatesAir Transmitter Vulnerabilities, No Patches Available Yet Full Text

Abstract Security researcher Mohamed Shahat has disclosed three critical vulnerabilities affecting GatesAir Maxiva UAXT and VAXT transmitters. These transmitters are widely used in various industries, including broadcasting, transportation, and public safety.

Security Online

February 19, 2025

Chrome Buffer Overflow Flaws Let Hackers Execute Arbitrary Code & Gain System Access Full Text

Abstract The update (version 133.0.6943.126/.127 for Windows/Mac and 133.0.6943.126 for Linux) follows the discovery of exploits in Chrome’s V8 JavaScript engine, GPU component, and network stack, underscoring escalating risks to billions of users worldwide.

GBHackers

February 19, 2025

Apache Ignite Vulnerability Could Allow Remote Code Execution Full Text

Abstract The Apache Ignite team has addressed this vulnerability in version 2.17.0. Users of affected versions are strongly urged to upgrade to the latest release as soon as possible.

Security Online

February 19, 2025

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials Full Text

Abstract Following responsible disclosure on March 26, 2024, the vulnerabilities were addressed as part of Service Pack 57.75.53 released late last month for VersaLink C7020, 7025, and 7030 series printers.

The Hacker News

February 18, 2025

PoC Exploits for Two Critical LibreOffice Vulnerabilities Released, Patch ASAP Full Text

Abstract These flaws—CVE-2024-12425 (Arbitrary File Write) and CVE-2024-12426 (Remote File Read)—require no user interaction beyond opening a malicious document, making them highly exploitable in both desktop and server environments.

Security Online

February 18, 2025

Juniper Warns of Critical Authentication Bypass Flaw in Session Smart Routers Full Text

Abstract Currently, Juniper SIRT is not aware of any malicious exploitation of the CVE-2025-21589 vulnerability. However, given the severity of the flaw, prompt action is crucial to prevent potential attacks.

Security Online

February 18, 2025

AMD Patches Multiple Vulnerabilities in Embedded Processors Full Text

Abstract AMD has released security updates addressing multiple vulnerabilities in its EPYC and Ryzen Embedded processors, some of which could allow arbitrary code execution, memory corruption, or privilege escalation.

Security Online

February 17, 2025

Metasploit-Ready: CVE-2025-1094 SQLi in PostgreSQL Exposes Systems to Remote Attacks Full Text

Abstract CVE-2025-1094 stems from an “incorrect assumption that when attacker-controlled untrusted input has been safely escaped via PostgreSQL’s string escaping routines, it cannot be leveraged to generate a successful SQL injection attack.

Security Online

February 17, 2025

CVE-2022-31631 (CVSS 9.1): Critical PHP Flaw Exposes Websites to SQL Injection Attacks Full Text

Abstract A serious vulnerability has been discovered in PHP, potentially exposing websites and applications to SQL injection attacks. This function is commonly used to sanitize user-supplied data before it’s used in database queries.

Security Online

February 17, 2025

Palo Alto Networks and SonicWall Firewalls Under Attack Full Text

Abstract Palo Alto Networks and SonicWall customers are being advised to patch their products, after it emerged that threat actors are actively exploiting vulnerabilities in both.

Infosecurity Magazine

February 17, 2025

YouTube ID exploited to find Gmail deets, says researcher Full Text

Abstract A security researcher found that Google could leak the email addresses of YouTube channels. Last week he explained he found two vulnerabilities that, when chained, make it possible to sniff out the email addresses.

The Register

February 15, 2025

Windows Explorer GUI Zero-Day Vulnerability Actively Exploited in the Wild Full Text

Abstract The flaw involves how Windows handles files extracted from compressed “RAR” archives. When extracted into a folder, these files appear invisible in the Windows Explorer GUI, misleading users into believing the folder is empty.

GBHackers

February 14, 2025

New ‘whoAMI’ Attack Enables Code Execution on Amazon EC2 Instances Full Text

Abstract Dubbed "whoAMI," the attack was crafted by DataDog researchers in August 2024, who demonstrated that it's possible for attackers to gain code execution within AWS accounts by exploiting how software projects retrieve AMI IDs.

Bleeping Computer

February 14, 2025

WinZip Vulnerability Opens Door to Remote Code Execution Full Text

Abstract The vulnerability, tracked as CVE-2025-1240 and with a CVSS score of 7.8, stems from insufficient validation of user-supplied data during 7Z file parsing. While the vulnerability itself is serious, exploitation requires user interaction.

Security Online

February 13, 2025

Surge in Attacks Exploiting Old ThinkPHP and ownCloud Flaws Full Text

Abstract Threat monitoring platform GreyNoise reported spikes in threat actors leveraging CVE-2022-47945 and CVE-2023-49103 that affect ThinkPHP Framework and the open-source ownCloud solution for file sharing and syncing.

Bleeping Computer

February 13, 2025

Update: PoC Exploit Published for macOS Security Flaw Enabling KASLR Bypass Full Text

Abstract The vulnerability, tracked as CVE-2024-54531, allows an app to bypass KASLR, effectively revealing the kernel’s memory layout. It leverages speculative execution during system calls, a previously unexploited weakness in Apple’s kernel isolation.

Security Online

February 13, 2025

Palo Alto Networks Fixes Two High-Severity PAN-OS Vulnerabilities Full Text

Abstract CVE-2025-0108 affects PAN-OS versions 11.2 (before 11.2.4-h4), 11.1 (before 11.1.6-h1), 10.2 (before 10.2.13-h3), and 10.1 (before 10.1.14-h9). CVE-2025-0110 affects PAN-OS OpenConfig plugin versions before 2.1.2.

Security Online

February 13, 2025

Critical Vulnerability in Falcon Sensor for Linux Enables TLS MiTM Exploits Full Text

Abstract While no evidence of exploitation has been detected, CrowdStrike has rated the flaw as high severity, with a CVSS score of 8.1. The flaw affects versions of the Falcon sensor for Linux, Kubernetes Admission Controller, and Container Sensor.

GBHackers

February 13, 2025

NVIDIA Patches High-Severity Vulnerability in Jetson and IGX Orin Platforms Full Text

Abstract “NVIDIA Jetson AGX Orin™ and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree,” the bulletin explains.

Security Online

February 13, 2025

Google Chrome Gets Patches for Four High-Severity Vulnerabilities in Latest Stable Channel Update Full Text

Abstract The update, which will roll out over the coming days and weeks, patches vulnerabilities in key components of the Chrome browser, including the V8 JavaScript engine, the Browser UI, and the Navigation component.

Security Online

February 12, 2025

Misconfigured APIs Expose Sensitive Medical Data in Major Diagnostic Chain Full Text

Abstract A recent investigation by CloudSEK’s BeVigil platform has revealed critical vulnerabilities in the API infrastructure of a prominent diagnostic chain, exposing sensitive personal and medical data of potentially millions of users.

Security Online

February 12, 2025

Over 12,000 KerioControl Firewalls Exposed to Exploited RCE Flaw Full Text

Abstract GFI Software released a security update for the problem with version 9.4.5 Patch 1 on December 19, 2024, yet three weeks later, according to Censys, over 23,800 instances remained vulnerable.

Bleeping Computer

February 12, 2025

OpenSSL Patched High-Severity Flaw Enabling Man-in-the-Middle Attacks Full Text

Abstract The vulnerability impacts TLS clients that explicitly enable RPKs and rely on SSL_VERIFY_PEER to detect authentication failures. Project maintainers pointed out that RPKs are disabled by default in both TLS clients and TLS servers.

Security Affairs

February 12, 2025

SonicWall Firewall Exploit Lets Hackers Hijack VPN Sessions, Patch Now Full Text

Abstract Security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704 vulnerability that bypasses the authentication mechanism in certain SonicOS SSL VPN application versions.

Bleeping Computer

February 12, 2025

Microsoft February 2025 Patch Tuesday Fixes 4 Zero-Days, 55 Flaws Full Text

Abstract This month's Patch Tuesday fixes two actively exploited and two publicly exposed zero-day vulnerabilities. Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.

Bleeping Computer

February 12, 2025

Ivanti Patches Critical Flaws in Connect Secure and Policy Secure Full Text

Abstract Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution.

The Hacker News

February 11, 2025

Apple Patches Actively Exploited iOS Zero-Day in Emergency Update Full Text

Abstract Tracked as CVE-2025-24200, the vulnerability has been described as an authorization issue that could enable a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber-physical attack.

The Hacker News

February 11, 2025

Progress LoadMaster Security Update Addresses Multiple Vulnerabilities Full Text

Abstract These vulnerabilities stem from improper input validation, enabling attackers with access to the LoadMaster management interface to inject malicious commands via crafted HTTP requests.

Security Online

February 11, 2025

Critical RCE Vulnerability Found in Visual Weather Products Full Text

Abstract IBL Software Engineering urged users to take immediate action to remediate the CVE-2025-1077 vulnerability. The recommended solution is to upgrade to the patched versions of Visual Weather: 7.3.10 or higher, or 8.6.0 or higher.

Security Online

February 11, 2025

Multiple Vulnerabilities Addressed in SAP Security Patch Day February 2025 Full Text

Abstract The most severe vulnerability addressed (CVE-2025-0064, CVSS 8.7) allows an attacker with admin rights to impersonate any user within the SAP BusinessObjects Business Intelligence platform.

Security Online

February 11, 2025

Update: GitHub Enterprise SAML Bypass Flaw Uncovered With Technical Analysis and Exploit PoC Full Text

Abstract Given the severity of this issue, organizations using GitHub Enterprise with SAML authentication enabled are strongly advised to review their authentication configurations and apply patches immediately.

Security Online

February 10, 2025

WordPress ASE Plugin Vulnerability Threatens Site Security Full Text

Abstract Security analysts at Patchstack discovered that the flaw was due to insufficient checks on user role restoration. Specifically, the process failed to include robust permission verification, relying only on a nonce check.

Infosecurity Magazine

February 10, 2025

Critical SQL Injection Bug Patched in Zimbra Collaboration Full Text

Abstract CVE-2025-25064 (CVSS 9.8) is a critical SQL injection vulnerability that affects Zimbra Collaboration versions 10.0.x before 10.0.12 and 10.1.x before 10.1.4. This vulnerability is due to insufficient sanitization of a user-supplied parameter.

Security Online

February 10, 2025

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers Full Text

Abstract The flaw, tracked as CVE-2025-0994, is a high severity (CVSS v4.0 score: 8.6) deserialization problem that allows authenticated users to perform RCE attacks against a customer's Microsoft Internet Information Services (IIS) servers.

Bleeping Computer

February 10, 2025

Critical Flaw in ABB Drive Composer Enables File System Access Full Text

Abstract The vulnerability stems from improper directory validation, allowing attackers to craft malicious Drive Composer files (such as parameter backup files) that, when opened, can extract files to arbitrary locations on the victim’s system.

Security Online

February 8, 2025

Researcher Outsmarts, Jailbreaks OpenAI’s New o3-mini Full Text

Abstract Despite its improvements, a CyberArk researcher found a way to exploit o3-mini by pretending to be a historian seeking knowledge. While engaging with it, he eventually led it to produce steps that could be used to exploit a critical Windows process.

Dark Reading

February 8, 2025

Critical RCE Flaw in Microsoft Outlook Now Exploited in Attacks Full Text

Abstract Discovered by Check Point vulnerability researcher Haifei Li and tracked as CVE-2024-21413, the flaw is caused by improper input validation when opening emails with malicious links using vulnerable Outlook versions.

Bleeping Computer

February 8, 2025

Update: Hackers Exploit SimpleHelp RMM Flaws to Deploy Sliver malware Full Text

Abstract The attack started with the threat actors exploiting the vulnerabilities in the SimpleHelp RMM client, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, to establish an unauthorized connection to a target endpoint.

Bleeping Computer

February 7, 2025

Cisco Addressed Two Critical Flaws in its Identity Services Engine Full Text

Abstract Cisco addressed multiple vulnerabilities, including two critical remote code execution flaws, tracked as CVE-2025-20124 (CVSS score of 9.9) and CVE-2025-20125 (CVSS score of 9.1), in Identity Services Engine (ISE).

Security Affairs

February 5, 2025

Netgear Warns Users to Patch Critical WiFi Router Vulnerabilities Full Text

Abstract The two critical security vulnerabilities impact multiple WiFi 6 access points (WAX206, WAX214v2, and WAX220) and Nighthawk Pro Gaming router models (XR1000, XR1000v2, XR500).

Bleeping Computer

February 5, 2025

Critical Veeam Backup Vulnerability Enables Remote Code Execution Full Text

Abstract The vulnerability affects a wide range of Veeam products, including Veeam Backup for Salesforce, Nutanix AHV, AWS, Microsoft Azure, Google Cloud, Oracle Linux Virtualization Manager, and Red Hat Virtualization.

Security Online

February 5, 2025

Update: PoC Exploit Released for Linux Kernel Enabling Privilege Escalation and Container Escape Full Text

Abstract The vulnerability affects various Linux kernel versions, including v6.8 to v6.9, v5.15.147, v6.1.78, and v6.6.17. System administrators are advised to upgrade to patched versions immediately.

Security Online

February 4, 2025

Update: PoC Privilege Escalation Exploit Revealed for Active Directory Domain Services Full Text

Abstract The exploit takes advantage of Windows Performance Counters, a mechanism that allows applications and services to register monitoring routines via PerfMon.exe or Windows Management Instrumentation (WMI).

Security Online

February 4, 2025

AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access Full Text

Abstract A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions. The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2.

The Hacker News

February 4, 2025

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score Full Text

Abstract Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions.

The Hacker News

February 4, 2025

7-Zip Vulnerability Exploited in Attacks on Ukraine Full Text

Abstract The vulnerability, tracked as CVE-2025-0411, allows attackers to bypass Windows Mark-of-the-Web (MOTW) protections, which are designed to prevent the execution of malicious files downloaded from the internet.

Security Online

February 4, 2025

Google Fixes Android Kernel Zero-Day Exploited in Attacks Full Text

Abstract This high-severity zero-day (tracked as CVE-2024-53104) is a privilege escalation security flaw in the Android Kernel's USB Video Class driver that allows authenticated local threat actors to elevate privileges in low-complexity attacks.

Bleeping Computer

February 4, 2025

Microsoft SharePoint Connector Flaw Could Have Enabled Credential Theft Across Power Platform Full Text

Abstract The vulnerability, at its core, is an instance of server-side request forgery (SSRF) stemming from the use of the "custom value" functionality within the SharePoint connector that permits an attacker to insert their own URLs as part of a flow.

The Hacker News

February 3, 2025

MediaTek Warns of Critical WLAN Vulnerabilities Expose Millions to Remote Attacks Full Text

Abstract Three particularly concerning vulnerabilities (CVE-2025-20633, CVE-2025-20632, CVE-2025-20631) reside in the WLAN AP driver. An incorrect bounds check could allow remote code execution without needing any additional privileges or user interaction.

Security Online

February 3, 2025

Update: PoC Exploit Released for macOS Kernel Vulnerability Full Text

Abstract A newly discovered race condition in Apple’s macOS kernel (XNU) could allow attackers to escalate privileges, corrupt memory, and potentially achieve kernel-level code execution, according to security researcher Joseph Ravichandran of MIT CSAIL.

Security Online

February 3, 2025

End-of-Life D-Link Routers Vulnerable to Unauthenticated RCE Full Text

Abstract The affected routers, including D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, and DSR-1000N, reached their end-of-life (EOL) status in 2015 and 2024, meaning they no longer receive security updates or support from D-Link.

Security Online

February 1, 2025

FDA, CISA Warn About Vulnerabilities in Patient Health Monitors Full Text

Abstract Unauthorized users could control the monitors, interrupt their functions, or corrupt patient data. A backdoor in the software allows bypassing cybersecurity controls, exposing patient data.

Cybersecurity Dive

January 31, 2025

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft Full Text

Abstract Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information.

The Hacker News

January 22, 2025

Critical Apache Ambari Security Vulnerabilities Discovered Full Text

Abstract These vulnerabilities (CVE-2025-23195, CVE-2025-23196, and CVE-2024-51941), ranging from moderate to important severity, could allow attackers to gain unauthorized access to sensitive data and execute malicious code on vulnerable systems.

Security Online

January 22, 2025

Node.js Vulnerability Exposes Sensitive Data and Resources Full Text

Abstract The vulnerability, tracked as CVE-2025-23083, affects Node.js versions 20, 22, and 23. It exists in the diagnostics_channel utility, which can be used to hook into events, including worker thread creation.

Security Online

January 22, 2025

Critical Flaw in AdForest Theme Allows Complete Account Takeover, Thousands of Sites at Risk Full Text

Abstract A severe security flaw (CVE-2024-12857) has been discovered in the AdForest WordPress theme, a popular premium classified ads theme with over 8,743 sales globally. This vulnerability, rated CVSS 9.8, allows attackers to bypass authentication.

Security Online

January 22, 2025

ChatGPT Crawler Vulnerability can Enable DDoS Attacks via HTTP Requests Full Text

Abstract This intriguing flaw was reported by cybersecurity researcher Benjamin Flesch. According to him, a single HTTP request to the ChatGPT API could trigger a flood of unrelenting network requests targeting a specific web resource.

Security Online

January 22, 2025

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers Full Text

Abstract As many as 4.2 million hosts have been found susceptible to the attacks, including VPN servers, ISP home routers, core internet routers, mobile network gateways, and content delivery network (CDN) nodes.

The Hacker News

January 20, 2025

New PoC Exploit Code Released for Zero-Day Vulnerability in Windows CLFS Driver Full Text

Abstract The vulnerability, described as an elevation of privilege flaw, is linked to the CLFS Driver, a core Windows component used for logging system operations. Microsoft confirmed it had been actively exploited in the wild before the patch release.

Security Online

January 20, 2025

Moxa Warns of Critical Authorization Vulnerability in EDS-508A Series Ethernet Switches Full Text

Abstract This flaw affects EDS-508A Series running the firmware version 3.11 and earlier. Moxa has developed a security patch to address the vulnerability. Administrators are encouraged to “contact Moxa Technical Support for the security patch.”

Security Online

January 20, 2025

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation Full Text

Abstract Successful exploitation of the flaws could permit an attacker to hijack the execution flow by embedding a shellcode in the HTTP request and gain the ability to execute operating system commands.

The Hacker News

January 18, 2025

NVIDIA Releases Security Update for Container Toolkit and GPU Operator Full Text

Abstract The security update released by NVIDIA addresses three security flaws that could potentially allow attackers to execute malicious code, escalate privileges, or launch denial-of-service attacks.

Security Online

January 18, 2025

AWS Patches Vulnerabilities in WorkSpaces, AppStream 2.0, and DCV Clients Full Text

Abstract These vulnerabilities, identified as CVE-2025-0500 and CVE-2025-0501, carry a CVSSv4 score of 7.7. The vulnerabilities, if exploited, could allow attackers to perform man-in-the-middle (MITM) attacks, granting unauthorized access to remote sessions.

Security Online

January 17, 2025

Veeam Releases Patch for High-Risk SSRF Vulnerability CVE-2025-23082 in Azure Backup Solution Full Text

Abstract Veeam disclosed a critical vulnerability in its Veeam Backup for Microsoft Azure product. Identified as CVE-2025-23082, this Server-Side Request Forgery (SSRF) vulnerability carries a CVSS score of 7.2, placing it in the high-severity category.

Security Online

January 17, 2025

Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions Full Text

Abstract Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration.

The Hacker News

January 17, 2025

Popular WordPress Caching Plugin Exposes Millions of Sites to Attack Full Text

Abstract Any website using W3 Total Cache version 2.8.1 or earlier is vulnerable. Given the plugin’s popularity with over 1 million active installations, this represents a significant portion of the WordPress ecosystem.

Security Online

January 14, 2025

Critical IBM DOORS Next Flaw Enables Remote Code Execution Full Text

Abstract The two vulnerabilities, both rated with a CVSS Base Score of 9.8, reflect severe risks to organizations relying on IBM’s DOORS Next and Rhapsody Model Manager software for engineering requirements management and systems design.

Security Online

January 14, 2025

Microsoft: macOS bug lets hackers install malicious kernel drivers Full Text

Abstract Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions.

Bleeping Computer

January 14, 2025

Linux Kernel Privilege Escalation Vulnerability (CVE-2024-27397) Exploited: PoC Released Full Text

Abstract This vulnerability resides in the netfilter nf_tables component and can be exploited during rollback operations involving expired elements. The issue specifically arises in the nft_set_elem_expired function defined in nf_tables.h.

Security Online

January 14, 2025

Zyxel Urges Patch Application for Privilege Escalation Vulnerability (CVE-2024-12398) Full Text

Abstract Zyxel has issued an advisory for a newly identified security vulnerability, CVE-2024-12398, that affects multiple access points (AP) and security routers. The vulnerability is an improper privilege management flaw within the web management interface.

Security Online

January 13, 2025

Critical Vulnerability Patched in GiveWP Plugin Full Text

Abstract The GiveWP plugin (version 3.19.3 and below) suffers from an unauthenticated PHP Object Injection vulnerability. The vulnerability occurred due to the insecure storage of meta in the DB which ended up being unserialized.

Cyware

January 13, 2025

NETGEAR Router Flaw Exploited in the Wild for Years, PoC Published Full Text

Abstract A security vulnerability in some Netgear routers allows remote attackers to gain unauthorized access and control over the devices. The vulnerability, tracked as CVE-2024-12847 (CVSS 9.8), has been exploited in the wild since at least 2017.

Cyware

January 10, 2025

Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices Full Text

Abstract Researchers detailed a now-patched security flaw impacting Monkey's Audio decoder on Samsung smartphones that could lead to code execution. The vulnerability, tracked as CVE-2024-49415, affects Samsung devices running Android versions 12, 13, and 14.

The Hacker News

January 9, 2025

CVE-2024-5594 (CVSS 9.1): Critical Vulnerability in OpenVPN Enables Code Execution Full Text

Abstract The most critical flaw (CVE-2024-5594) allows attackers to inject arbitrary data into third-party executables or plugins. The flaw, with a CVSS score of 9.1, could be exploited by a malicious OpenVPN peer to execute code or cause DoS conditions.

Security Online

January 9, 2025

Command Injection Flaws in HPE Aruba Devices, PoC Publicly Available Full Text

Abstract To address these vulnerabilities, HPE Aruba Networking has released software version V2.1.2.0-B0033 for the 501 Wireless Client Bridge. Users are strongly advised to upgrade to this version as soon as possible.

Security Online

January 9, 2025

Hackers Exploit KerioControl Firewall Flaw to Steal Admin CSRF Tokens Full Text

Abstract Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in the GFI KerioControl firewall product.

Bleeping Computer

January 9, 2025

Apache OpenMeetings Users Urged to Patch Critical Flaw Full Text

Abstract The vulnerability stems from insecure deserialization of untrusted data in OpenMeetings’ cluster mode. This issue arises due to a lack of proper whitelisting and blacklisting configurations for OpenJPA, a Java persistence framework used in it.

Security Online

January 9, 2025

GitLab Tackles Critical Security Flaws in Latest Patch Release Full Text

Abstract GitLab has released an important patch update to fix several security vulnerabilities affecting its import functionality and other core features. The new versions 17.7.1, 17.6.3, and 17.5.5 are available for download.

Security Online

January 9, 2025

Unpatched Critical Flaws Impact Fancy Product Designer WordPress Plugin Full Text

Abstract Despite Patchstack notifying the vendor of the issues a day after discovering them, Radykal hasn't responded. Even after releasing 20 new versions, with the latest being 6.4.3, released 2 months ago, the two critical security issues remain unpatched.

Bleeping Computer

January 9, 2025

Mutiple Vulnerabilities Found in Palo Alto Networks Expedition Tool Full Text

Abstract Palo Alto Networks has issued a security advisory addressing multiple vulnerabilities in its Expedition migration tool, which could expose sensitive data and allow unauthorized actions on affected systems.

Security Online

January 8, 2025

Crims Backdoored Their Backdoors. Then the Domains Lapsed Full Text

Abstract Thousands of vulnerable backdoors exist on expired domains and abandoned infrastructure, exposing government and academic hosts to potential hijacking by malicious actors.

The Register

January 8, 2025

New Research Highlights Vulnerabilities in MLOps Platforms Like Azure ML, BigML, and Google Cloud Vertex AI Full Text

Abstract Security researchers have identified multiple attack scenarios targeting MLOps platforms like Azure Machine Learning (Azure ML), BigML and Google Cloud Vertex AI, among others.

Infosecurity Magazine

January 8, 2025

Critical Command Injection Vulnerability in Aviatrix Network Controller Patched Full Text

Abstract The vulnerability exists in Aviatrix Controller versions 7.x through 7.2.4820, where improper neutralization of special elements in system commands enables unauthenticated attackers to execute arbitrary code remotely.

Security Online

January 8, 2025

BIOS Flaws Expose Illumina iSeq 100 DNA Sequencers to Bootkit Attacks Full Text

Abstract Researchers found that the vulnerable BIOS (B480AM12 - 04/12/2018) on iSeq 100 did not have firmware protections enabled, which allowed modifying the code for booting the device.

Bleeping Computer

January 8, 2025

Trio of Critical Vulnerabilities in Netis Routers Enables Unauthenticated RCE Full Text

Abstract These vulnerabilities, tracked as CVE-2024-48455, CVE-2024-48456, and CVE-2024-48457, could be chained together to allow unauthenticated remote code execution (RCE), exposing thousands of devices to exploitation.

Security Online

January 7, 2025

Novel Stealthy Steganography Backdoor Attack Targets Android Apps Full Text

Abstract BARWM is a novel attack technique that utilizes DNN-based steganography to generate sample-specific backdoor triggers that are imperceptible. It is able to circumvent the limitations of real-world deep learning (DL) models deployed on mobile devices.

GBHackers

January 7, 2025

Exploiting Misconfigurations in Argo Workflows for Kubernetes Cluster Takeover Full Text

Abstract A researcher at E.V.A Information Security revealed alarming vulnerabilities stemming from misconfigurations in Argo Workflows instances. These flaws could allow attackers to compromise entire Kubernetes clusters.

Security Online

January 7, 2025

Nuclei Flaw Lets Malicious Templates Bypass Signature Verification Full Text

Abstract A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems.

Bleeping Computer

January 7, 2025

Critical OpenVPN Connect Vulnerability Leaks Private Keys Full Text

Abstract A recent vulnerability (CVE-2024-8474) in OpenVPN Connect leaves millions of users exposed. The flaw, present in versions before 3.5.0, allowed the app to log the configuration profile’s private key in clear text within the application log.

Security Online

January 7, 2025

Critical RCE Flaw in MediaTek Chipsets Impacts Millions Full Text

Abstract MediaTek released its January 2025 Product Security Bulletin, addressing a range of security flaws affecting its various chipsets. The bulletin details flaws found in products ranging from smartphones and tablets to IoT devices and smart TVs.

Security Online

January 6, 2025

PoC Exploit Released for Windows Registry Elevation of Privilege Bug Full Text

Abstract Reported by Mateusz Jurczyk of Google Project Zero, this flaw exploits a design oversight in Windows registry hive memory management, potentially allowing attackers to gain SYSTEM-level access on vulnerable machines.

Security Online

January 6, 2025

Karmada Vulnerability Grants Attackers Control of Kubernetes Systems Full Text

Abstract The vulnerability affects all versions of Karmada prior to 1.12.0. Karmada has released version 1.12.0, which includes a patch for this vulnerability. Users are strongly advised to upgrade to this version or a later version as soon as possible.

Security Online

January 6, 2025

GoCD Patches Critical Vulnerability Allowing User Privilege Escalation Full Text

Abstract Users are strongly urged to update to GoCD version 24.5.0, which includes the necessary patch to remediate this vulnerability. For those unable to upgrade, the GoCD project suggests blocking access to vulnerable paths and reducing the user base.

Security Online

January 6, 2025

ASUS Routers at Risk Due to Two Command Injection Flaws Full Text

Abstract “Injection and execution vulnerabilities in certain ASUS router firmware series that allow authenticated attackers to trigger command execution have been identified in ASUS router AiCloud,” ASUS stated in their advisory.

Security Online

January 6, 2025

Flaw in UpdraftPlus Plugin Exposes Millions of WordPress Sites to Unauthenticated PHP Object Injection Exploits Full Text

Abstract Identified as CVE-2024-10957 and assigned a CVSS score of 8.8, the UpdraftPlus Backup & Migration Plugin flaw could allow unauthenticated attackers to exploit PHP Object Injection vulnerabilities under certain conditions.

Security Online

January 6, 2025

Moxa Issues Critical Patches for its Cellular Routers and Network Security Appliances Full Text

Abstract These vulnerabilities, identified as CVE-2024-9138 and CVE-2024-9140, could allow attackers to gain unauthorized access to systems and execute commands, potentially compromising sensitive data and disrupting critical infrastructure.

Cyware

January 4, 2025

SysBumps Attack Breaks macOS Kernel Address Space Layout Randomization for Apple Silicon Full Text

Abstract The SysBumps attack exploits speculative execution vulnerabilities in macOS system calls. This flaw enables attackers to bypass kernel isolation and infer the validity of kernel addresses.

Security Online

January 4, 2025

Patched But Still Vulnerable: Windows BitLocker Encryption Bypassed Again Full Text

Abstract The vulnerability, dubbed “bitpixie” (CVE-2023-21563), was initially addressed by Microsoft in November 2022. However, researchers warned that attackers can exploit an outdated Windows bootloader via Secure Boot to extract encryption keys.

Security Online

January 4, 2025

iTerm2 Patches Critical Security Flaw Exposing User Input and Output Full Text

Abstract A critical security vulnerability, tracked as CVE-2025-22275 (CVSS 9.3) has been discovered and patched in iTerm2, a popular terminal emulator for macOS. The flaw is present in versions 3.5.6 through 3.5.10, and beta versions 3.5.6 and later.

Security Online

January 4, 2025

Next.js Patches Denial-of-Service Vulnerability (CVE-2024-56332) in Server Actions Full Text

Abstract The denial of service vulnerability (CVE-2024-56332) affects Next.js deployments using Server Actions, particularly those without protection against long-running function executions.

Security Online

January 3, 2025

Active Directory Flaw can Crash any Microsoft Server Full Text

Abstract One of two critical Active Directory Domain Controller vulnerabilities patched by Microsoft last month goes beyond the original denial-of-service (DoS) attack chain and can be used to crash multiple, unpatched Windows servers at once.

Dark Reading

January 3, 2025

Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API Full Text

Abstract The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three flaws reside in Power Platform's OData Web API Filter, while the third vulnerability is rooted in the FetchXML API.

The Hacker News

January 2, 2025

New “DoubleClickjacking” Exploit Bypasses Clickjacking Protections to Enable Account Takeover Full Text

Abstract Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites.

The Hacker News

January 2, 2025

Novel Multi-Turn Technique “Bad Likert Judge” Jailbreaks LLMs by Misusing Their Evaluation Capability Full Text

Abstract The technique asks the target LLM to act as a judge scoring the harmfulness of a given response using the Likert scale, a rating scale measuring a respondent’s agreement or disagreement with a statement.

Palo Alto Networks

January 2, 2025

Apache NiFi Vulnerability Exposes Sensitive Data to Unauthorized Users Full Text

Abstract A new vulnerability, tracked as CVE-2024-56512, affects all versions of Apache NiFi from 1.10.0 to 2.0.0. The vulnerability stems from a lack of fine-grained authorization when creating new Process Groups within NiFi.

Security Online

January 2, 2025

PoC Exploit Published for Linux Kernel Privilege Escalation Flaw Full Text

Abstract The vulnerability affects Linux Kernel versions v5.9-rc1 to v6.5-rc3. Users and administrators are strongly advised to update their systems to the latest patched versions to mitigate the risk of exploitation.

Security Online

January 2, 2025

Progress Issues Critical Patch for WhatsUp Gold Network Monitoring Software Full Text

Abstract The most severe vulnerability (CVE-2024-12108) patched has a CVSS score of 9.6 and allows attackers to gain complete control of the Progress WhatsUp Gold server via the public API.

Security Online

January 2, 2025

66,000 DrayTek Gateways Vulnerable to Remote Command Injection, PoC Published Full Text

Abstract Security researcher Netsecfish has discovered a command injection vulnerability, tracked as CVE-2024-12987, in the web management interface of popular DrayTek gateway devices. This flaw could enable attackers to execute arbitrary commands remotely.

Security Online

January 2, 2025

Update: PoC Exploit Code Published for Severe Oracle WebLogic Server Flaw Full Text

Abstract The vulnerability resides in the Core component of Oracle’s WebLogic Server, a widely used Java EE application server. Supported versions impacted include 12.2.1.4.0 and 14.1.1.0.0.

Security Online

December 31, 2024

TrueNAS CORE Vulnerability Let Attackers Execute Remote Code Full Text

Abstract Security researchers Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7 disclosed a critical vulnerability in TrueNAS CORE, a widely-used open-source storage operating system developed by iXsystems.

Cyware

December 30, 2024

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials Full Text

Abstract A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-12856, has been described as an OS command injection bug affecting router models F3x24 and F3x36.

Cyware

December 28, 2024

Critical SSRF Vulnerability (CVE-2024-53353) Found in Invoice Ninja Full Text

Abstract The flaw allows both local and remote users with permissions to create or edit invoices and low-privileged client portal users to inject malicious payloads during PDF generation in Invoice Ninja.

Cyware

December 28, 2024

Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately Full Text

Abstract The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, and Prisma Access running PAN-OS versions. It has been addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and later versions.

Cyware

December 27, 2024

Critical XXE Vulnerability Discovered in libxml2 Full Text

Abstract The vulnerability, tracked as CVE-2024-40896 (CVSS 9.1) and assigned a critical severity score of 9.1, affects libxml2 versions 2.11 prior to 2.11.9, 2.12 prior to 2.12.9, and 2.13 prior to 2.13.3.

Cyware

December 24, 2024

PoC Exploit Released for Windows Elevation of Privilege Vulnerability Full Text

Abstract Security researcher Alex Birnberg with SSD Secure Disclosure published the technical details and a proof-of-concept (PoC) exploit code for CVE-2024-30085, a Windows Cloud Files Mini Filter Driver Elevation of Privilege vulnerability.

Security Online

December 24, 2024

Critical Webmin Vulnerability Leaves a Million Servers Exposed to RCE Full Text

Abstract The vulnerability was discovered by Trend Micro’s Zero Day Initiative and has been addressed in Webmin version 2.111. All Webmin and Virtualmin administrators are strongly urged to update their installations immediately.

Security Online

December 24, 2024

Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP Full Text

Abstract Among the most severe flaws discovered by PatchStack were arbitrary file uploads, including CVE-2024-56046, allowing attackers to upload malicious files, potentially leading to remote code execution (RCE).

Infosecurity Magazine

December 24, 2024

Critical CrushFTP Flaw Exposes Users to Account Takeover Full Text

Abstract CrushFTP urges all users to update their servers to the latest versions (10.8.3 or 11.2.3) as soon as possible. In addition to patching, administrators must configure allowed email reset URL domains to further enhance security.

Security Online

December 21, 2024

Critical Flaws in Rockwell Automation PowerMonitor 1000 Devices Full Text

Abstract The vulnerabilities, tracked as CVE-2024-12371, CVE-2024-12372, and CVE-2024-12373, have each been assigned a CVSS v3.1 Base Score of 9.8/10, underscoring their critical nature.

Security Online

December 21, 2024

Routers With Default Passwords are Attracting Mirai Infections, Juniper Says Full Text

Abstract A specific line of Juniper Networks devices can easily become infected with Mirai malware if users don’t scrap their default passwords, the networking equipment company said in an advisory.

The Record

December 18, 2024

Multiple Vulnerabilities in SHARP Routers Demand Urgent Firmware Updates Full Text

Abstract The vulnerabilities impact various SHARP router models, including those provided by NTT DOCOMO, INC., SoftBank Corp., and KDDI CORPORATION. The flaws can lead to OS command injection, denial-of-service, and unauthorized file access.

Security Online

December 18, 2024

New Dirty DAG Vulnerabilities in Azure Data Factory’s Apache Airflow Integration Full Text

Abstract The vulnerabilities can provide attackers with shadow admin control over Azure infrastructure, which could lead to data exfiltration, malware deployment and unauthorized data access.

Palo Alto Networks

December 18, 2024

Hackers Exploit Critical Apache Struts RCE Flaw After PoC Exploit Release Full Text

Abstract Rated 9.5 on the CVSSv4 scale, CVE-2024-53677 allows remote attackers to execute arbitrary code by abusing flaws in the file upload logic. It affects a broad range of Apache Struts versions, including 2.0.0 to 2.5.33 and 6.0.0 to 6.3.0.2.

Security Online

December 18, 2024

Critical XXE Vulnerability Found in http4k Toolkit Full Text

Abstract With a CVSS score of 9.8, this vulnerability poses significant risks, including sensitive data exposure, Server-Side Request Forgery (SSRF), and, under certain circumstances, remote code execution.

Security Online

December 17, 2024

Multiple Flaws in Volkswagen Group’s Infotainment Units Allow for Vehicle Compromise Full Text

Abstract Researchers from PCAutomotive discovered multiple vulnerabilities in the infotainment units used in some Volkswagen. Remote attackers can exploit the flaws to achieve certain controls and track the location of cars in real time.

Security Affairs

December 17, 2024

RCE Vulnerability Discovered in Laravel Pulse Monitoring Tool Full Text

Abstract Tracked as CVE-2024-55661, this vulnerability could allow authenticated users with access to the Pulse dashboard to execute arbitrary code on the server, potentially leading to full system compromise.

Security Online

December 17, 2024

Open Sesame Attack: Ruijie Networks Devices Vulnerable to Remote Takeover Full Text

Abstract Internet of Things (IoT) vendor Ruijie Networks has shored up its Reyee cloud management platform against 10 newly discovered vulnerabilities that could have given adversaries control of thousands of connected devices in a single cyberattack.

Dark Reading

December 14, 2024

Dell Warns of Critical Flaws in Enterprise Products, Including CVE-2024-37143 (CVSS 10) Full Text

Abstract These vulnerabilities, identified as CVE-2024-37143 and CVE-2024-37144, pose significant risks, ranging from remote code execution to information disclosure, with CVSS scores of 10.0 and 8.2, respectively.

Security Online

December 14, 2024

Secure Email Gateways Fail to Stop Advanced Phishing Campaign Targeting Multiple Industries Full Text

Abstract To conceal their malicious intent, the attackers employed URL redirections via Google AMP and encoded parameters to create a complex trail. This multi-layered strategy not only bypassed SEGs but also complicated manual detection efforts.

Security Online

December 14, 2024

Woffice WordPress Theme Vulnerabilities Could Lead to Full Site Takeovers Full Text

Abstract Patchstack identified two critical flaws in the Woffice Core plugin, which is required for the theme’s functionality. This includes a privilege escalation vulnerability (CVE-2024-43153) and an unauthenticated account takeover (CVE-2024-43234).

Security Online

December 12, 2024

Exploiting CDN Integrations: A WAF Bypass Threatening Global Web Applications Full Text

Abstract By exploiting this flaw, threat actors can bypass WAF protections, directly targeting backend servers and exposing them to distributed denial-of-service (DDoS) attacks or vulnerabilities within the web applications themselves.

Security Online

December 12, 2024

Hunk Companion WordPress Plugin Exploited to Install Vulnerable Plugins Full Text

Abstract Hackers are exploiting a critical vulnerability in the "Hunk Companion" plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository.

Bleeping Computer

December 12, 2024

Splunk Secure Gateway App Vulnerability Allows Remote Code Execution Full Text

Abstract The vulnerability, identified as CVE-2024-53247 and with a CVSS score of 8.8, affects Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.2.461 and 3.7.13 of the Splunk Secure Gateway app on the Splunk Cloud Platform.

Security Online

December 12, 2024

Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts Full Text

Abstract Oasis identified a vulnerability involving a lack of rate limits and extended validation time for Time-based One-Time Passwords (TOTPs), enabling attackers to rapidly guess all code permutations without alerting victims to failed login attempts.

The Hacker News

December 12, 2024

Critical Vulnerability in Apache Struts Allows Remote Code Execution Full Text

Abstract Developers using the popular Apache Struts framework are urged to update their systems immediately following the discovery of a critical security flaw (CVE-2024-53677, CVSS 9.5) that could allow attackers to execute malicious code remotely.

Security Online

December 12, 2024

GitLab Vulnerability Exposes User Accounts Full Text

Abstract GitLab issued an update, which includes versions 17.6.2, 17.5.4, and 17.4.6 for GitLab Community Edition (CE) and Enterprise Edition (EE), to tackle flaws that could lead to account takeovers, denial of service attacks, and information disclosure.

Security Online

December 11, 2024

Apache Superset Patches Multiple Security Flaws in Latest Release Full Text

Abstract These vulnerabilities, identified as CVE-2024-53947, CVE-2024-53948, and CVE-2024-53949, range in severity and could potentially allow attackers to bypass security controls, access sensitive data, and gain unauthorized privileges.

Security Online

December 11, 2024

Critical Vulnerability in Cleo Software Actively Exploited in the Wild Full Text

Abstract The exploitation chain leverages an arbitrary file-write vulnerability. The attackers plant malicious files in Cleo’s autorun directory, which the software automatically processes and deletes post-execution.

Security Online

December 11, 2024

Researcher Details a Critical TCC Bypass Flaw in macOS and iOS Full Text

Abstract Designated as CVE-2024-44131, this flaw enables malicious applications to bypass user consent mechanisms and access sensitive data without the user’s knowledge. The vulnerability has since been patched in macOS 15 and iOS 18.

Security Online

December 11, 2024

Microsoft December 2024 Patch Tuesday Fixes One Exploited Zero-Day, 71 Flaws Full Text

Abstract Microsoft's December 2024 Patch Tuesday offered security updates for 71 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday fixed sixteen critical vulnerabilities, all of which are remote code execution flaws.

Bleeping Computer

December 11, 2024

Siemens Healthineers Addresses Critical Flaw in Medical Imaging Software Full Text

Abstract To address this vulnerability, Siemens Healthineers has released a new hotfix (HF05) for syngo.plaza VB30E. The company strongly advises all users to update their systems to the latest version as soon as possible.

Security Online

December 11, 2024

Schneider Electric Warns of Critical Flaw in Modicon Controllers Full Text

Abstract The vulnerability, tracked as CVE-2024-11737 and assigned a CVSS score of 9.8, could allow an attacker to cause a denial of service and compromise the integrity of an affected controller.

Security Online

December 11, 2024

Google Chrome Gets Patches for Two High-Severity Vulnerabilities Full Text

Abstract The update, rolling out progressively to Windows, Mac, and Linux users over the coming days/weeks, brings Chrome to version 131.0.6778.139/.140 for Windows and Mac, and 131.0.6778.139 for Linux.

Security Online

December 10, 2024

SAP Issues Critical Patch for NetWeaver AS for JAVA Full Text

Abstract One of the most urgent issues, CVE-2024-47578, affects SAP NetWeaver AS for JAVA (Adobe Document Services). This vulnerability, combined with two related CVEs—CVE-2024-47579 and CVE-2024-47580—allows for severe exploitation risks.

Security Online

December 10, 2024

Vulnerability in WPForms Plugins Affects 6 Million WordPress Sites, Enables Payment Refund and Subscription Cancellation Full Text

Abstract The vulnerability, assigned a CVSS v3.1 base score of 8.5, allowed authenticated attackers with subscriber-level privileges or higher to execute unauthorized refunds of Stripe payments and cancellations of Stripe subscriptions.

WordFence

December 10, 2024

OpenWrt Sysupgrade Flaw Let Hackers Push Malicious Firmware Images Full Text

Abstract The critical (CVSS v4 score: 9.3) flaw, tracked as CVE-2024-54143, was fixed within hours of being disclosed to OpenWrt's developers. However, users are urged to perform checks to ensure the safety of their installed firmware.

Bleeping Computer

December 10, 2024

Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI Full Text

Abstract Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack.

The Hacker News

December 7, 2024

Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks Full Text

Abstract Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution.

The Hacker News

December 6, 2024

Mitel MiCollab Zero-Day Flaw Gets Proof-of-Concept Exploit Full Text

Abstract Researchers released a PoC exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances.

Bleeping Computer

December 6, 2024

Browser Isolation Bypassed: QR Codes Used in Novel C2 Attacks Full Text

Abstract A recent report from Thibault Van Geluwe de Berlaere at Mandiant unveils an innovative method for attackers to bypass browser isolation and execute command-and-control (C2) operations using QR codes.

Security Online

December 5, 2024

Multiple Vulnerabilities Found in Lorex 2K Indoor Wi-Fi Security Cameras Full Text

Abstract Discovered during the 2024 Pwn2Own IoT competition, these vulnerabilities let attackers compromise the devices, potentially accessing live video feeds and executing harmful code remotely.

Rapid 7

December 5, 2024

High-Severity Flaws in Veeam Backup & Replication Put Data at Risk Full Text

Abstract Veeam has fixed these vulnerabilities in Veeam Backup & Replication 12.3 (build 12.3.0.310) and Veeam Agent for Microsoft Windows 6.3 (build 6.3.0.177) and urges all users to upgrade to this version immediately.

Security Online

December 4, 2024

I-O DATA Routers Under Attack; Urgent Firmware Update Needed Full Text

Abstract Japan's JPCERT/CC issued a warning that these vulnerabilities leave devices open to serious attacks, including credential theft, command execution, and complete firewall bypass.

December 4, 2024

PoC Confirms Root Privilege Exploit in TP-Link Archer AXE75 Vulnerability Full Text

Abstract A newly discovered vulnerability in the TP-Link Archer AXE75 router, tracked as CVE-2024-53375, could allow remote attackers to execute arbitrary commands on vulnerable devices.

Security Online

December 4, 2024

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console Full Text

Abstract The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing.

The Hacker News

December 4, 2024

MobSF XSS Vulnerability Let Attackers Inject Malicious Scripts Full Text

Abstract This vulnerability, CVE-2024-53999 is a Stored Cross-Site Scripting (XSS) flaw found in the “Diff or Compare” functionality, which occurs due to improper handling of file uploads with script-laden filenames.

GBHackers

December 3, 2024

ProFTPD Vulnerability Grants Root Access to Attackers Full Text

Abstract ProFTPD contains a critical security flaw that could allow attackers to gain root access to vulnerable systems. The vulnerability, tracked as CVE-2024-48651 (CVSS 7.5), exists in the mod_sql component of ProFTPD versions 1.3.8b and earlier.

Security Online

December 2, 2024

New Windows Server 2012 Zero-Day Gets Free, Unofficial Patches Full Text

Abstract Free unofficial security patches have been released through the 0patch platform to address a zero-day vulnerability introduced over two years ago in the Windows Mark of the Web (MotW) security mechanism.

Bleeping Computer

November 30, 2024

Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP Full Text

Abstract Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges.

The Hacker News

November 30, 2024

Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks Full Text

Abstract Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild.

The Hacker News

November 29, 2024

Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC Full Text

Abstract “An attacker can craft a CSR to include application policies that are preferred over the configured Extended Key Usage attributes specified in the template,” according to the TrustedSec analysis.

Security Online

November 29, 2024

Integer Overflow Vulnerability in Windows Driver Enables Privilege Escalation, PoC Published Full Text

Abstract The flaw, which allows a local attacker to exploit an integer overflow for privilege escalation, has been successfully demonstrated and highlighted during the prestigious TyphoonPWN 2024 event, earning second place.

Security Online

November 29, 2024

Contiki-NG IoT OS Patches Critical Vulnerabilities Full Text

Abstract While the SNMP module is disabled by default in Contiki-NG, developers who have enabled it are strongly urged to update their systems. Patches for CVE-2024-41125 and CVE-2024-41126 are available in pull requests #2936 and #2937, respectively.

Security Online

November 28, 2024

HPE Insight Remote Support Hit with Critical Vulnerabilities, Urgent Patch Released Full Text

Abstract HPE has issued an urgent security bulletin addressing critical vulnerabilities in its Insight Remote Support service. These flaws could allow attackers to gain unauthorized access to sensitive information or even execute malicious code remotely.

Security Online

November 28, 2024

Bootkitty: Analyzing the First UEFI Bootkit for Linux Full Text

Abstract Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks.

WeLiveSecurity

November 28, 2024

Jenkins Users Beware: Multiple Security Vulnerabilities Discovered Full Text

Abstract Jenkins has issued a security advisory addressing multiple vulnerabilities impacting both its core system and plugins. These flaws, ranging from denial of service to cross-site scripting, pose significant risks to Jenkins users if left unpatched.

Security Online

November 28, 2024

CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix Full Text

Abstract Zabbix, a popular open-source IT infrastructure monitoring tool used by organizations worldwide, has been found to contain a critical SQL injection vulnerability (CVE-2024-42327) with a CVSS score of 9.9.

Security Online

November 26, 2024

Critical WordPress Plugin Flaw Exposes 200,000 Sites Full Text

Abstract These vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, could allow unauthenticated attackers to compromise websites by installing malicious plugins and executing arbitrary code.

Security Online

November 22, 2024

CVE-2024-10126 & CVE-2024-10127: M-Files Addresses File Inclusion and Authentication Bypass Flaws Full Text

Abstract M-Files, a leading provider of information management solutions, has released security updates to address two vulnerabilities in its server software. The vulnerabilities are identified as CVE-2024-10126 and CVE-2024-10127.

Security Online

November 21, 2024

Fortinet VPN design flaw hides successful brute-force attacks Full Text

Abstract Researchers at Pentera discovered that a successful login is recorded only if the process passes both the authentication and the authorization steps; otherwise, FortiClient VPN will log a failed authentication.

Bleeping Computer

November 21, 2024

NTLM Privilege Escalation: The Unpatched Microsoft Vulnerabilities No One is Talking About Full Text

Abstract The Microsoft Outlook application in particular has become a primary target for initial access due to its frequent and often silent network connections, which can trigger unintended NTLM authentication.

MorphiSec

November 21, 2024

Google’s AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects Full Text

Abstract These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets. Google added the ability to leverage LLMs to improve fuzzing coverage in OSS-Fuzz.

The Hacker News

November 21, 2024

CVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses, PoC Published Full Text

Abstract A newly discovered vulnerability in popular remote desktop software AnyDesk could allow attackers to uncover users’ IP addresses, posing significant privacy risks. The flaw is tracked as CVE-2024-52940.

Security Online

November 21, 2024

WorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts Full Text

Abstract This vulnerability, dubbed the “WorkflowKit Race Vulnerability,” targets the extraction and signing processes of shortcuts within WorkflowKit, potentially allowing a malicious app to intercept and modify shortcut files during import.

Security Online

November 21, 2024

CVE-2024-42450 (CVSS 10): Versa Networks Addresses Critical Vulnerability in Versa Director Full Text

Abstract Versa Networks has issued a security advisory addressing a critical vulnerability (CVE-2024-42450) affecting its Versa Director software. The vulnerability, carries a CVSS score of 10, could allow unauthenticated attackers to access sensitive data.

Security Online

November 20, 2024

Decades-Old Security Vulnerabilities Found in Ubuntu’s Needrestart Package Full Text

Abstract Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction.

The Hacker News

November 20, 2024

CVE-2024-51503: Trend Micro Deep Security Agent RCE Vulnerability Fixed Full Text

Abstract A recently discovered vulnerability in the Trend Micro Deep Security 20 Agent could have allowed attackers to execute arbitrary code on affected machines. The vulnerability, identified as CVE-2024-51503, has been addressed in the latest update.

Security Online

November 20, 2024

D-Link urges users to retire VPN routers impacted by unfixed RCE flaw Full Text

Abstract D-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices.

Bleeping Computer

November 20, 2024

CVE-2024-47533 (CVSS 9.8): Cobbler Vulnerability Exposes Linux Servers to Compromise Full Text

Abstract A critical vulnerability has been discovered in Cobbler, a popular Linux installation server used for network-based deployments. The vulnerability is tracked as CVE-2024-47533 and assigned a CVSS score of 9.8.

Security Online

November 19, 2024

Palo Alto Networks patches two firewall zero-days used in attacks Full Text

Abstract The first flaw, tracked as CVE-2024-0012, is an authentication bypass found in the PAN-OS management web interface that remote attackers can exploit to gain administrator privileges without requiring authentication or user interaction.

Bleeping Computer

November 19, 2024

Critical RCE bug in VMware vCenter Server now exploited in attacks Full Text

Abstract ?Broadcom has warned that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw. The RCE vulnerability was reported during China's 2024 Matrix Cup hacking contest.

Bleeping Computer

November 15, 2024

Researchers Find New Zero-Day Vulnerability in Fortinet Products Full Text

Abstract The new vulnerability found by watchTowr triggers FortiJump and includes two file overwrite vulnerabilities. The company stated that Fortinet's patch for FortiJump is ineffective for all exploit methods.

Infosecurity Magazine

November 15, 2024

Synology Issues Patches for Critical Camera Flaws Discovered at Pwn2Own Full Text

Abstract Security researchers from Viettel Cyber Security and Zien uncovered the vulnerabilities, which could allow remote attackers to execute arbitrary code or commands on affected devices.

Security Online

November 13, 2024

New Exploit Method Targets Google Chrome Without Needing Zero-Days Full Text

Abstract A security researcher from Imperva found a new way for attackers to target Chrome users without needing zero-day vulnerabilities. Using the File System Access API, websites can read and write to local files when users give permission.

Security Online

November 13, 2024

Microsoft November 2024 Patch Tuesday Fixes 91 Flaws, Including Four Zero-Days Full Text

Abstract Microsoft patched two actively exploited zero-days, including CVE-2024-43451, which exposes NTLM hashes with minimal interaction, and CVE-2024-49039, enabling privilege escalation via crafted applications.

Bleeping Computer

November 13, 2024

Citrix Issues Patches for Zero-Day Recording Manager Bugs Full Text

Abstract Citrix has released patches for two vulnerabilities in its Virtual Apps and Desktop technology that could allow remote attackers to escalate privileges or execute arbitrary code on affected systems.

Dark Reading

November 12, 2024

Schneider Electric Warns of Multiple Vulnerabilities in Modicon Controllers Full Text

Abstract Schneider Electric has issued a security notification regarding critical vulnerabilities in its Modicon M340, Momentum, and MC80 controllers. These programmable automation controllers (PACs) are used to monitor and control industrial operations.

Security Online

November 12, 2024

SAP Patches Multiple Vulnerabilities in November 2024 Security Patch Day Full Text

Abstract SAP released eight new security notes and updated two previously released notes to address critical flaws, including cross-site scripting, missing authorization checks, privilege escalation, information disclosure, and NULL pointer dereference.

Security Online

November 12, 2024

Critical D-Link DSL-6740C Flaw Spotted, Immediate Replacement Advised Full Text

Abstract TWCERT/CC has identified critical vulnerabilities in the D-Link DSL-6740C modem. These include flaws like unauthorized modification of passwords, arbitrary file reading, and OS command injection.

Security Online

November 12, 2024

Unpatched Epson Devices at Risk Due to Insecure Initial Password Configuration Full Text

Abstract A new security vulnerability, CVE-2024-47295, has been discovered in SEIKO EPSON products, allowing attackers to gain control of devices with administrative privileges due to an insecure initial password configuration in the Web Config software.

Security Online

November 12, 2024

XStream Security Advisory Warns of a Denial of Service Vulnerability Full Text

Abstract The issue stems from how XStream’s BinaryStreamDriver handles string value IDs during deserialization, enabling attackers to create input that triggers an endless recursion loop and stack overflow.

Security Online

November 9, 2024

Critical Command Injection Flaw Threatens Over 61,000 D-Link NAS Devices Full Text

Abstract CVE-2024-10914, a critical vulnerability in D-Link NAS devices, affects over 61,000 systems globally. The flaw allows remote attackers to execute commands via HTTP GET requests. It impacts models like DNS-320, DNS-320LW, DNS-325, and DNS-340L.

Security Online

November 9, 2024

Cisco NDFC Vulnerability Grants Attackers Extensive Control Full Text

Abstract This flaw allows authenticated remote attackers to execute SQL commands on affected devices, posing a significant security risk. The vulnerability is due to inadequate user input validation in Cisco NDFC's REST API endpoint and management interface.

Security Online

November 8, 2024

Authentication Bypass Flaw Impacts Apache ZooKeeper Admin Server Full Text

Abstract This flaw, rated as "important," exposes the ZooKeeper Admin Server to authentication bypass via client IP spoofing due to weak default IP detection configurations in IP address detection.

Security Online

November 7, 2024

Critical Bug in Cisco UWRB Access Points Allows Attackers to Run Commands as Root Full Text

Abstract The vulnerability (CVE-2024-20418) lets remote, unauthenticated attackers execute commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points.

Security Affairs

November 7, 2024

New Privilege Escalation Vulnerability in Veritas NetBackup on Windows Reported Full Text

Abstract Veritas has released a security advisory about a privilege escalation vulnerability in NetBackup on Windows systems. This vulnerability affects the primary server, media server, and client components of NetBackup on Windows.

Security Online

November 6, 2024

Stealthy Process Injection Technique via New Kernel Callback Table Exposed Full Text

Abstract Security researcher Hossam Ehab recently detailed a sophisticated method for process injection on Windows systems, involving manipulation of the Kernel Callback Table within the Process Environment Block (PEB).

Security Online

November 6, 2024

ABB Smart Building Software Flaws Invite In Hackers Full Text

Abstract Vulnerabilities in a smart building energy management system have been identified, including an unpatched flaw from two years ago that hackers could exploit to take over misconfigured instances exposed to the internet.

Bank Infosecurity

November 6, 2024

Google Patches Two High-Severity Chrome Vulnerabilities Full Text

Abstract Google has released a new update for Chrome browser (version 130.0.6723.116/.117) to fix two high-severity vulnerabilities (CVE-2024-10826 and CVE-2024-10827), which could be exploited by cybercriminals.

Security Online

November 6, 2024

Unpatched XSS Flaw in pfSense Allows Remote Exploits, PoC Published Full Text

Abstract A critical XSS vulnerability (CVE-2024-46538) has been discovered in pfSense v2.5.2 by security researcher physicszq. This flaw in interfacesgroupsedit.php allows attackers to inject malicious scripts, potentially leading to remote code execution.

Security Online

November 6, 2024

PoC Exploit Released for Critical Symlink Flaw in Apple’s iOS Full Text

Abstract Cybersecurity researchers Maloufi and Mina highlighted CVE-2024-44258, a symlink vulnerability in Apple's ManagedConfiguration framework. This flaw allows attackers to redirect files to restricted areas during backup restoration.

Security Online

November 5, 2024

QNAP Patches Zero-Day Flaw in QuRouter Following Pwn2Own Ireland 2024 Exploits Full Text

Abstract The flaw, CVE-2024-50389, could allow hackers to compromise QuRouter devices, leading to a patch for affected versions 2.4.x. Users are urged to update to version 2.4.5.032 or later immediately.

Security Online

November 5, 2024

Google Researchers Claim First Vulnerability Found Using AI Full Text

Abstract Researchers from Google Project Zero and Google DeepMind discovered a vulnerability using a large language model (LLM). The vulnerability was found in SQLite, an open-source database engine, and reported to developers before its official release.

Infosecurity Magazine

November 5, 2024

Century Systems Routers Vulnerable to Remote Exploitation Full Text

Abstract Century Systems Co. , Ltd. has issued a security advisory for their FutureNet NXR series routers due to a critical vulnerability (CVE-2024-50357) with a severity score of 9.8. This flaw allows attackers to exploit exposed REST-APIs remotely.

Security Online

November 5, 2024

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning Full Text

Abstract Security researchers have detected six security vulnerabilities in the Ollama artificial intelligence framework that could be used by attackers for malicious activities like denial-of-service, model poisoning, and model theft.

The Hacker News

November 5, 2024

Okta Fixes Auth Bypass Bug After 3-Month Lull Full Text

Abstract Okta fixed a bug that could let hackers bypass authentication by using long usernames or lengthy domain names. Cybercriminals could exploit this security hole to access Okta AD/LDAP delegated authentication with just a username.

Dark Reading

November 4, 2024

Hackers Target Critical Zero-Day Vulnerability in PTZ Cameras Full Text

Abstract Hackers are targeting PTZOptics pan-tilt-zoom live streaming cameras using two zero-day vulnerabilities, CVE-2024-8956 and CVE-2024-8957. GreyNoise discovered these flaws in April 2024 after noticing unusual activity on its honeypot.

Cyware

November 4, 2024

PoC Exploit Releases for Critical Flaw in Synology TC500 and BC500 Camera to Get Root Access Full Text

Abstract Synacktiv cybersecurity researcher Baptiste MOINE discovered a critical format string vulnerability in the Synology TC500 security camera, running on ARM 32-bit architecture.

Cyware

November 4, 2024

Popular WordPress AI Plugin Exposed to Critical Security Risk Full Text

Abstract This flaw, with a 9.8 CVSS score, allows unauthenticated attackers to upload harmful files to websites, gaining full control. The issue lies in the plugin’s image upload function, failing to validate file types properly.

Cyware

November 2, 2024

LiteSpeed Cache Plugin Vulnerability Poses Admin Access Risk Full Text

Abstract A vulnerability in the LiteSpeed Cache plugin for WordPress allows unauthorized users to gain administrator-level access, potentially leading to the installation of malicious plugins.

Infosecurity Magazine

November 1, 2024

Hikvision Patches Security Flaw in Network Cameras, Preventing Cleartext Credential Transmission Full Text

Abstract Hikvision, a prominent provider of network cameras and surveillance systems, has recently issued firmware updates to rectify a security flaw that could compromise users’ Dynamic DNS credentials.

Security Online

November 1, 2024

18-Year-Old Bug in X.Org Server Leaves Systems Vulnerable to Attack Full Text

Abstract A critical flaw was unearthed in the X.Org Server after being present in the codebase for 18 years. The vulnerability lies in the _XkbSetCompatMap() function, allowing attackers to seize control of affected systems through a buffer overflow attack.

Security Online

November 1, 2024

Critical Vulnerability Patched in Waitress WSGI Server Full Text

Abstract The Pylons Project has issued a crucial security advisory regarding a vulnerability in the Waitress WSGI server, identified as CVE-2024-49768 with a CVSS score of 9.1. This flaw poses a significant threat to applications utilizing Waitress.

Security Online

October 31, 2024

‘CrossBarking’ Attack Exposes Opera Browser Users via Private APIs Full Text

Abstract Guardio researchers demonstrated how hackers could exploit private APIs in Opera browser, gaining the ability to manipulate settings, hijack accounts, disable security extensions, add malicious extensions, and more.

Dark Reading

October 31, 2024

Researchers Uncover Vulnerabilities in Open-Source AI and ML Models Full Text

Abstract Around three dozen security vulnerabilities have been uncovered in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which pose risks of remote code execution and data theft.

The Hacker News

October 31, 2024

ChatGPT can be Manipulated Using Hexadecimal Encoding Full Text

Abstract This technique leverages the model's ability to process multiple input formats and its focus on step-by-step instructions. By encoding malicious instructions in hexadecimal format, the model is tricked into decoding and executing them.

Dark Reading

October 30, 2024

Attacker Abuses Victim Resources to Reap Rewards from Titan Network Full Text

Abstract Trend Micro researchers observed an attacker exploiting the Atlassian Confluence vulnerability CVE-2023-22527 to achieve remote code execution for cryptomining via the Titan Network.

Trend Micro

October 30, 2024

New Windows Themes Zero-Day Gets Free, Unofficial Patches Full Text

Abstract ACROS Security researchers found the new zero-day flaw while developing a micropatch for a security issue, which could leak user credentials, bypassing another Windows Themes spoofing vulnerability patched by Microsoft in January.

Bleeping Computer

October 29, 2024

PoC Exploit Released for 9.9-Rated Critical Grafana Vulnerability Full Text

Abstract This vulnerability affects Grafana versions 11.0.x, 11.1.x, and 11.2.x, with a CVSS score of 9. 9, allowing attackers with 'viewer' permissions to exploit the SQL expressions feature.

Security Online

October 29, 2024

Xlight FTP Server Flaw Leaves Users Exposed to Remote Attacks, PoC Published Full Text

Abstract This vulnerability, identified as CVE-2024-46483, allows unauthenticated attackers to execute remote code or trigger denial of service due to a pre-authentication heap overflow issue.

Security Online

October 29, 2024

CLFS Flaw in Windows 11 Allows for Privilege Escalation, PoC Published Full Text

Abstract The issue is in the CClfsBaseFilePersisted::WriteMetadataBlock function, related to an unverified return value in ClfsDecodeBlock, leading to potential data corruption in CLFS, and a way for privilege escalation.

Security Online

October 29, 2024

Synology Fixes Critical Vulnerabilities in Synology Photos and BeePhotos After Pwn2Own Exposure Full Text

Abstract Synology has released security updates to patch critical vulnerabilities in Synology Photos and BeePhotos, its photo management applications for network-attached storage (NAS) and personal cloud storage devices.

Security Online

October 29, 2024

New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors Full Text

Abstract New research has revealed that both AMD and Intel processors are still vulnerable to speculative execution attacks, such as the Spectre security flaw discovered over six years ago.

The Hacker News

October 28, 2024

Critical RCE Flaw in VMware vCenter Revealed Full Text

Abstract This vulnerability, classified as CWE-122 (Heap-based Buffer Overflow), allows attackers to exploit memory handling in the DCERPC protocol and potentially execute remote code.

Cyware

October 28, 2024

New Windows Driver Signature Bypass Allows Kernel Rootkit Installs Full Text

Abstract Attackers can downgrade Windows kernel components to bypass security features such as Driver Signature Enforcement and deploy rootkits on fully patched systems by taking control of the Windows Update process.

Cyware

October 28, 2024

Critical RKE2 Flaw Exposes Windows Nodes to Privilege Escalation Full Text

Abstract A critical security flaw, CVE-2023-32197, has been discovered in RKE2, affecting Windows nodes and allowing unauthorized access to sensitive files. This vulnerability, rated 9.1 on the CVSS scale, poses a privilege escalation risk.

Cyware

October 28, 2024

WhatsUp Gold Users Beware: Critical Authentication Bypass Flaw Exposed Full Text

Abstract Progress Software has disclosed a severe vulnerability in WhatsUp Gold, a network monitoring solution, exposing organizations to cyberattacks by allowing unauthorized access to user credentials.

Cyware

October 28, 2024

Researchers Discover Command Injection Flaw in Wi-Fi Alliance’s Test Suite Full Text

Abstract A security flaw in the Wi-Fi Test Suite could allow unauthenticated local attackers to run arbitrary code with elevated privileges. The vulnerability, known as CVE-2024-41992, affects Arcadyan FMIMG51AX000J routers.

Cyware

October 23, 2024

VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability Full Text

Abstract VMware has released software updates to address a security flaw in the vCenter Server, known as CVE-2024-38812, with a CVSS score of 9.8. The vulnerability involves a heap overflow issue in the DCE/RPC protocol implementation.

The Hacker News

October 23, 2024

Fortinet Releases Patches for Undisclosed Critical FortiManager Vulnerability Full Text

Abstract Fortinet has issued critical security updates for FortiManager to address a vulnerability exploited by Chinese threat actors. The company privately informed select customers of the issue and provided temporary mitigation advice.

Help Net Security

October 22, 2024

Oracle WebLogic Flaw That Could Give Attackers Full Control Full Text

Abstract These vulnerabilities, affecting versions 12.2.1.4.0 and 14.1.1.0.0, have high CVSS scores with CVE-2024-21216 being particularly critical, allowing for a remote system takeover.

Cyware

October 22, 2024

Critical Flaw in SICK Products Exposes Systems to Remote Attacks Full Text

Abstract A critical vulnerability in various SICK products, identified as CVE-2024-10025, poses a significant cybersecurity risk to industries using the company's automation and sensor technologies.

Cyware

October 22, 2024

Critical Flaw in Synology Camera Firmware Expose Devices to RCE and DoS Attacks Full Text

Abstract Synology has released a security advisory, Synology-SA-24:17, warning of critical vulnerabilities in its camera firmware products such as Synology Camera BC500, TC500, and CC400W.

Cyware

October 22, 2024

Critical File Read Flaw Discovered in Vendure E-commerce Platform Full Text

Abstract Vendure, a popular open-source headless commerce platform, recently patched a critical security vulnerability (CVE-2024-48914) that allows attackers to read arbitrary files from the server.

Cyware

October 22, 2024

Update: Microsoft Windows Flaw PoC Exploit Published, Posing SYSTEM Privilege Threat Full Text

Abstract Security researcher Angelboy (@scwuaptx) from DEVCORE discovered a privilege escalation vulnerability in Microsoft's Kernel Streaming service, labeled as CVE-2024-30090 with a CVSS score of 7.0.

Cyware

October 17, 2024

Critical Authentication Bypass Vulnerability Patched in Apache Solr Full Text

Abstract CVE-2024-45216 affects instances using PKIAuthenticationPlugin, potentially allowing authentication bypass. The second flaw, CVE-2024-45217, involves insecure initialization of ConfigSets during backup restore, enabling remote code execution.

Security Online

October 16, 2024

E2EE Cloud Storage Vulnerabilities Exposed in Multiple Providers Full Text

Abstract A report from Jonas Hofmann and Kien Tuong Truong of ETH Zurich revealed vulnerabilities in major end-to-end encryption (E2EE) cloud storage providers like Sync, pCloud, Icedrive, Seafile, and Tresorit.

Security Online

October 16, 2024

Recently-Patched Firefox Bug Exploited Against Tor Browser Users Full Text

Abstract The Tor anonymity network issued an emergency patch for a security flaw (CVE-2024-9680) that lets attackers run malicious code in the browser's content process. It was discovered by ESET and first fixed by Mozilla in Firefox.

The Record

October 16, 2024

Jetpack Fixes Critical Information Disclosure Flaw Existing Since 2016 Full Text

Abstract The issue has affected all Jetpack versions since 3.9.9. Automattic released patches for 101 impacted versions, urging website owners to ensure their plugins have been updated. No evidence of exploitation exists so far.

Bleeping Computer

October 16, 2024

Rittal IoT Interface and CMC III Processing Unit Plagued by Critical Security Flaws Full Text

Abstract The flaws include improper signature verification for firmware upgrades (CVE-2024-47943), missing protection for alternate hardware interfaces (CVE-2024-47944), and predictable session ID generation (CVE-2024-47945).

Security Online

October 16, 2024

CVE-2024-9486 (CVSS 9.8): Kubernetes Image Builder Flaw Exposes VMs to Root Access Full Text

Abstract The Kubernetes Security Response Committee reported two vulnerabilities in the Kubernetes Image Builder (CVE-2024-9486 and CVE-2024-9594) that could lead to root access on VMs due to default credentials used during the image build process.

Security Online

October 16, 2024

Linux Systems Vulnerable to New ‘noexec’ Bypass Technique: Arbitrary Code Execution Now Possible Full Text

Abstract The technique involves using Perl, Bash, and PHP scripts to inject shellcode into running processes and load binaries from memory, even on partitions with 'noexec' enabled.

Security Online

October 15, 2024

Zero-day Flaws Exposed EV Chargers to Shutdowns and Data Theft Full Text

Abstract The vulnerabilities, rated as high and medium severity, could allow unauthorized access, disruption of charger operations, and privilege escalation for limited users. Exploiting these vulnerabilities could lead to remote code execution.

Hack Read

October 15, 2024

Researcher Reveals Critical Zendesk Email Spoofing Flaw Full Text

Abstract Security researcher Daniel uncovered a critical email spoofing flaw in Zendesk's system. Despite Zendesk initially dismissing the report, the seriousness of the vulnerability was acknowledged later, prompting companies to take immediate action.

Security Online

October 15, 2024

Microsoft Issues Guidance to Combat Rising Kerberoasting Attacks Full Text

Abstract Kerberoasting attacks exploit the Kerberos protocol to steal AD credentials, allowing attackers extensive access to sensitive resources. It involves attackers cracking encrypted service tickets to obtain credentials and gain unauthorized access.

Security Online

October 15, 2024

Popular Java Security Framework ‘pac4j’ Vulnerable to RCE Full Text

Abstract Researcher Michael Stepankin from GitHub Security Lab identified a critical flaw in pac4j versions prior to 4.0.0. The vulnerability arises from improper handling of user profile attributes, allowing attackers to inject malicious serialized objects.

Security Online

October 15, 2024

Plane Project Management Tool Patches Critical SSRF Flaw Full Text

Abstract This vulnerability could result in unauthorized access, sensitive data leakage, system manipulation, and port scanning. Users are advised to update to version v0.23 to mitigate the CVE-2024-47830 vulnerability that affects all versions prior.

Security Online

October 14, 2024

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems Full Text

Abstract Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands.

The Hacker News

October 14, 2024

Zyxel Devices Targeted by Malicious Actors: Urgent Firmware Update Required Full Text

Abstract Zyxel security appliances are being targeted by malicious actors, exploiting vulnerabilities in ATP and USG FLEX devices to steal credentials and gain unauthorized access via SSL VPN tunnels.

Security Online

October 12, 2024

Progress Patches Critical Security Flaw CVE-2024-8015 (CVSS 9.1) in Telerik Report Server Full Text

Abstract Progress Software has issued a security advisory regarding four new vulnerabilities in the Telerik Report Server. These flaws, designated as CVE-2024-7292, CVE-2024-7293, CVE-2024-7294, and CVE-2024-8015, impact versions before 2024 Q3 (10.2.24.924).

Security Online

October 11, 2024

Critical Flaw Exposes Schneider Electric Industrial PCs to Attack Full Text

Abstract The flaw, tracked as CVE-2024-8884, allows unauthorized actors to access sensitive information over an insecure HTTP connection, posing risks of DoS attacks, data leaks, and operational failures.

Security Online

October 11, 2024

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries Full Text

Abstract Researchers have discovered significant security vulnerabilities in industrial systems using the Manufacturing Message Specification (MMS) protocol that could have serious consequences if exploited.

The Hacker News

October 10, 2024

Code Execution Flaw Discovered in Apache Subversion for Windows Full Text

Abstract Apache Subversion for Windows has been found to have a code execution flaw (CVE-2024-45720) with a CVSS score of 8.2. This vulnerability can be exploited to inject command line arguments and execute unintended programs.

Security Online

October 10, 2024

Adobe Releases Security Updates to Patch Multiple Products Full Text

Abstract Adobe has issued a security alert for critical vulnerabilities, urging users to update their software immediately to protect against potential cyber threats. The update enhances safety and protects against unauthorized access by cybercriminals.

The Cyber Express

October 10, 2024

Researcher Details Privilege Escalation in Palo Alto Networks’ GlobalProtect MSI Installer Full Text

Abstract Researcher Michael Baer from SEC Consult Vulnerability Lab has identified a critical local privilege escalation flaw (CVE-2024-9473) in Palo Alto Networks’ GlobalProtect MSI installer.

Security Online

October 10, 2024

GitLab Users Urged to Update Now to Fix Critical Flaw Full Text

Abstract GitLab released critical security updates for versions 17.4.2, 17.3.5, and 17.2.9 of both Community and Enterprise Editions, fixing vulnerabilities, including a critical flaw (CVE-2024-9164) that lets attackers run pipelines on arbitrary branches.

Security Online

October 10, 2024

Microsoft Fixes Five Zero-Days in October Patch Tuesday Full Text

Abstract Two bugs were actively exploited, including an RCE vulnerability in Microsoft Management Console (CVE-2024-43572, CVSS score: 7.8). Another exploited zero-day (CVE-2024-43573, CVSS score: 6.5) is a Windows MSHTML platform spoofing vulnerability.

Infosecurity Magazine

October 8, 2024

Critical Apache Avro SDK RCE flaw impacts Java applications Full Text

Abstract A critical security flaw in Apache Avro SDK for Java has been revealed, allowing remote code execution on vulnerable systems. The vulnerability, CVE-2024-47561, affects all versions prior to 1.11.4.

Security Affairs

October 8, 2024

Critical Zero-Day Automotive Systems Vulnerabilities Exposed Full Text

Abstract UncoveredRecent research by security expert Amit Geynis has shed light on the presence of critical vulnerabilities in modern vehicles, raising concerns about the safety of connected cars.

Security Online

October 8, 2024

Update: Exploit Released for TeamViewer Flaws Letting Unprivileged Users Load Arbitrary Kernel Drivers Full Text

Abstract These flaws enable attackers to execute arbitrary code and escalate privileges on Windows systems by exploiting inadequate cryptographic signature verification during driver installation.

Security Online

October 8, 2024

PoC Exploit Released for Linux Kernel Flaw Enabling Container Escape Full Text

Abstract Researchers disclosed technical details and a proof-of-concept (PoC) exploit for a vulnerability in the Linux kernel, tracked as CVE-2023-52447. This use-after-free flaw affects Linux kernel versions from v5.8 to v6.6, with a CVSS score of 7.8.

Security Online

October 7, 2024

MediaTek Patches Critical Vulnerabilities in Smartphone, Tablet, and IoT Chipsets Full Text

Abstract The vulnerabilities, affecting various chipsets like MT6761, MT6765, and MT6873, could lead to remote code execution, privilege escalation, or denial-of-service conditions if exploited.

Security Online

October 7, 2024

Privilege Escalation and Remote Code Execution Threaten Cisco Routers; No Updates Available Full Text

Abstract Privilege escalation and remote code execution vulnerabilities have been identified in Cisco's Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers, posing serious security risks for business networks.

Security Online

October 7, 2024

Redis Patches for Multiple Flaws, Including Potential RCE Full Text

Abstract Three key vulnerabilities (CVE-2024-31449, CVE-2024-31227, and CVE-2024-31228) have been identified, with the most critical being CVE-2024-31449, allowing remote attackers to execute code.

Security Online

October 7, 2024

Critical Flaw in OATH-Toolkit PAM Module Could Lead to Root Exploits Full Text

Abstract Discovered by Matthias Gerstner of the SUSE Security Team, this vulnerability (CVE-2024-47191) allows unprivileged users to manipulate file operations conducted by the PAM stack, which operates with root privileges.

Security Online

October 7, 2024

Update: PoC Exploit Released Local Privilege Escalation Vulnerability in iTunes Full Text

Abstract This flaw, now fixed by Apple as of September 12, 2024, enables an attacker to achieve SYSTEM-level access on Windows devices by exploiting the AppleMobileDeviceService[.]exe component that comes with iTunes.

Security Online

October 5, 2024

Update: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit Full Text

Abstract Adobe Commerce and Magento stores are being targeted by CosmicSting exploit, with about 5% already compromised. The exploit, tracked as CVE-2024-34102, allows for remote code execution due to an XXE vulnerability.

The Hacker News

October 4, 2024

Critical Zimbra RCE Vulnerability Under Mass Exploitation Full Text

Abstract A critical Zimbra RCE vulnerability (CVE-2024-45519) is being exploited by attackers to run arbitrary commands on vulnerable systems. The attacks began after patches were released, with ProjectDiscovery detailing the vulnerability.

Help Net Security

October 4, 2024

Chrome Releases Stable Channel Update Addressing High Security Vulnerabilities Full Text

Abstract These flaws could allow attackers to execute arbitrary code, leak sensitive information, or manipulate web content. Users are advised to update their browsers to the latest version to ensure they are protected against these risks.

Security Online

October 4, 2024

Cisco Nexus Dashboard Fabric Controller Exposed to RCE Full Text

Abstract Cisco has issued a security advisory for a critical flaw in the Nexus Dashboard Fabric Controller (NDFC), allowing a remote attacker with network-admin privileges to execute arbitrary commands.

Security Online

October 4, 2024

Unix Printing Vulnerabilities Enable Easy DDoS Attacks Full Text

Abstract While the focus was on remote code execution, researchers found that the vulnerabilities can also be exploited for DDoS attacks. Attackers can manipulate a target system by sending crafted packets to vulnerable CUPS servers.

Dark Reading

October 3, 2024

LiteSpeed Cache Plugin Flaw Threatens Millions of WordPress Sites Full Text

Abstract The LiteSpeed Cache plugin for WordPress has a serious security flaw (CVE-2024-47374) that allows unauthenticated users to inject malicious scripts leading to data theft or privilege escalation. This flaw was patched in version 6.5.1.

Security Online

September 28, 2024

HPE Patches Three Critical Security Holes in Aruba PAPI Full Text

Abstract HPE has released patches for three critical security vulnerabilities in Aruba's networking access points, which could allow attackers to run code on the systems by sending specially crafted packets to UDP port 8211.

The Register

September 28, 2024

Critical RCE Vulnerability Found in OpenPLC Full Text

Abstract The most severe issue is a stack-based buffer overflow vulnerability (CVE-2024-34026) that allows an attacker to execute remote code. Users are advised to update to the latest version of OpenPLC to protect against these security risks.

Security Affairs

September 28, 2024

Kia Dealer Portal Flaw Could Let Attackers Hack Millions of Cars Full Text

Abstract The vulnerabilities could be exploited to remotely control Kia vehicles equipped with remote hardware in under 30 seconds, exposing the sensitive personal information of car owners.

Bleeping Computer

September 28, 2024

ChatGPT macOS Flaw Could’ve Enabled Long-Term Spyware via Memory Function Full Text

Abstract A security flaw in OpenAI's ChatGPT app for macOS, now patched, could have allowed attackers to implant persistent spyware into the AI tool's memory. This could lead to continuous data exfiltration of user information across chat sessions.

The Hacker News

September 27, 2024

Critical Vulnerabilities Discovered in Automated Tank Gauge Systems From Multiple Vendors Full Text

Abstract Security researchers at Bitsight discovered critical vulnerabilities in Automated Tank Gauge (ATG) systems, including Maglink LX, Maglink LX4, OPW SiteSentinel, Proteus OEL8000, Alisonic Sibylla, and Franklin TS-550.

Bitsight

September 27, 2024

Critical Flaw in HashiCorp Vault Enables Unrestricted SSH Access, Threatens System Security Full Text

Abstract HashiCorp has released updated versions (1.17.6, 1.16.10, 1.15.15) to fix the flaw, along with a new configuration option to enhance security. Users are advised to upgrade or adjust their configurations to protect against exploitation.

Security Online

September 23, 2024

FreeBSD Issues Critical Security Advisory for CVE-2024-41721 (CVSS 9.8) Full Text

Abstract The flaw, CVE-2024-41721, in bhyve's USB emulation functionality could lead to malicious code execution, posing a serious threat to systems running vulnerable versions of FreeBSD.

Security Online

September 23, 2024

Critical Dragonfly2 Flaw Due to Hardcoded Key Threatens Admin Access Full Text

Abstract The flaw, tracked as CVE-2023-27584, stems from a hard-coded cryptographic key used in the authentication process, posing a serious risk of unauthorized access, including admin-level privileges.

Security Online

September 23, 2024

Critical Grafana Plugin SDK Flaw Exposes Sensitive Information Full Text

Abstract This flaw, tracked as CVE-2024-8986 with a CVSS score of 9.1, could lead to the unintentional exposure of sensitive information, such as repository credentials, due to the build metadata being included in compiled binaries.

Security Online

September 23, 2024

Keycloak Vulnerability Puts SAML Authentication at Risk Full Text

Abstract The vulnerability lies in Keycloak's XMLSignatureUtil class, which incorrectly verifies SAML signatures, disregarding the vital "Reference" element that specifies the signed portion of the document.

Security Online

September 21, 2024

Patch this Critical Safeguard for Privileged Passwords Authentication Bypass Flaw Full Text

Abstract Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access.

Help Net Security

September 21, 2024

Microsoft Entra ID’s Administrative Units Weaponized to Gain Stealthy Persistence Full Text

Abstract Datadog Security Labs recently revealed a security risk within Microsoft Entra ID, showing how its administrative units (AUs) can be weaponized by attackers to create persistent backdoor access.

Security Online

September 20, 2024

Acronis Backup Plugins Hit by CVE-2024-8767: CVSS 9.9 Severity Alert Full Text

Abstract Acronis Backup Plugins have been affected by a critical security flaw, CVE-2024-8767 (CVSS 9.9). The vulnerability impacts Linux-based plugins for cPanel & WHM, Plesk, and DirectAdmin, potentially leading to data breaches and unauthorized operations.

Security Online

September 20, 2024

CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet FortiClient EMS Full Text

Abstract Cybersecurity researchers at Darktrace have discovered cybercriminals exploiting Fortinet’s FortiClient EMS. The attackers targeted a critical vulnerability, CVE-2023-48788, to gain unauthorized access through an SQL injection flaw.

Security Online

September 19, 2024

Microsoft Confirms CVE-2024-37985 as Zero-Day Bug in Windows Full Text

Abstract Microsoft has confirmed CVE-2024-37985 as a zero-day bug in Windows with a CVSS score of 5.9. It is a Windows Kernel information disclosure vulnerability, allowing attackers to access heap memory from a privileged process on a vulnerable server.

Security Online

September 19, 2024

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution Full Text

Abstract Broadcom has released a patch for a critical security flaw in VMware vCenter Server, allowing remote code execution through a heap overflow vulnerability in the DCE/RPC protocol (CVE-2024-38812).

The Hacker News

September 19, 2024

Update: PKfail Secure Boot Bypass Remains a Significant Risk Two Months Later Full Text

Abstract Approximately nine percent of tested firmware images use non-production cryptographic keys that are publicly known, making Secure Boot devices vulnerable to UEFI bootkit malware attacks.

Bleeping Computer

September 17, 2024

Update: PoC Exploit Released for Windows Hyper-V Zero-Day Vulnerability Full Text

Abstract This critical flaw, actively exploited in the wild, allows attackers to elevate privileges to SYSTEM level, posing a significant risk to organizations using Microsoft's Hyper-V virtualization technology.

Security Online

September 17, 2024

Supply Chain Attack on Google Cloud Composer Could Have Resulted in Remote Code Execution Full Text

Abstract Google has addressed a critical security flaw in Google Cloud Platform (GCP) Composer that could have allowed remote code execution via a supply chain attack known as dependency confusion.

Tenable

September 17, 2024

Critical Vulnerability in AutoGPT Puts Over 166,000 Projects at Risk Full Text

Abstract A critical vulnerability, CVE-2024-6091 (CVSS 9. 8), has been found in AutoGPT, a popular AI tool with over 166,000 projects at risk. The flaw allows for OS Command Injection, potentially enabling unauthorized actions.

Security Online

September 17, 2024

Zero-Click Calendar Invite: Critical macOS Vulnerability Chain Uncovered Full Text

Abstract The vulnerability, tracked as CVE-2022-46723, enables attackers to manipulate files within the macOS Calendar app environment and execute remote code during system upgrades.

Security Online

September 14, 2024

GitLab Warns of Critical Pipeline Execution Vulnerability Full Text

Abstract GitLab released updates covering versions 17.1.7, 17.2.5, and 17.3.2 for GitLab Community Edition (CE) and Enterprise Edition (EE), addressing a total of 18 security issues.

Bleeping Computer

September 14, 2024

Citrix Workspace App Users Urged to Update Following Two Privilege Escalation Flaws Full Text

Abstract Users of Citrix Workspace App are advised to update due to two privilege escalation flaws. Cloud Software Group disclosed vulnerabilities (CVE-2024-7889 & CVE-2024-7890) in the Windows app, allowing attackers to gain high-level access.

Security Online

September 12, 2024

Microsoft Fixes Windows Smart App Control Zero-Day Exploited Since 2018 Full Text

Abstract Threat actors have been using this flaw, now labeled as CVE-2024-38217, to bypass Smart App Control and MotW security features to run potentially dangerous applications without warnings.

Bleeping Computer

September 12, 2024

Microsoft Discloses Four Zero-Days in September Update Full Text

Abstract Microsoft recently revealed four zero-day vulnerabilities in its September update, part of the Patch Tuesday release containing 79 vulnerabilities, making it the fourth-largest release of the year.

Dark Reading

September 7, 2024

Veeam Backup & Replication Faces RCE Flaw Allows Full System Takeover Full Text

Abstract A critical Remote Code Execution (RCE) flaw, CVE-2024-40711, with a CVSS score of 9. 8 has been discovered in Veeam Backup & Replication, allowing unauthorized attackers to take full control over systems.

Security Online

September 7, 2024

Apache fixes critical OFBiz remote code execution vulnerability Full Text

Abstract Apache has addressed a critical remote code execution vulnerability in its OFBiz software, which could allow attackers to run malicious code on Linux and Windows servers. OFBiz is a CRM and ERP suite that serves as a Java-based web framework.

Bleeping Computer

September 6, 2024

OpenStack Ironic Users Urged to Patch Critical Vulnerability Full Text

Abstract The flaw, discovered by security researchers at Red Hat and G-Research, could lead to unauthorized access to sensitive data through mishandled images processed by qemu-img.

Security Online

September 5, 2024

Litespeed Cache Flaw Exposes Millions of WordPress Sites to Takeover Attacks Full Text

Abstract Discovered by security researcher Rafie Muhammad, the flaw allows unauthorized users to take control of logged-in accounts, potentially gaining administrator privileges on WordPress sites.

Security Online

September 5, 2024

Cisco Fixes Root Escalation Vulnerability With Public Exploit Code Full Text

Abstract Local attackers can exploit this weakness through malicious CLI commands without user interaction, but only if they have Administrator privileges. So far, there is no evidence of this vulnerability being exploited in the wild.

Bleeping Computer

September 5, 2024

Cisco Warns of Backdoor Admin Account in Smart Licensing Utility Full Text

Abstract Cisco has issued a warning about a backdoor admin account discovered in the Cisco Smart Licensing Utility (CSLU), allowing unauthorized access to unpatched systems. This critical flaw (CVE-2024-20439) enables remote access with admin privileges.

Bleeping Computer

September 5, 2024

EUCLEAK Attack Allows Yubico Security Keys to be Cloned Full Text

Abstract Despite this, the risk is limited as attackers would need physical access to the device, specific knowledge of targeted accounts, and specialized equipment for the attack.

Help Net Security

September 5, 2024

Google Fixed Actively Exploited Android Privilege Escalation Flaw (CVE-2024-32896) Full Text

Abstract Google has patched a high-severity vulnerability, known as CVE-2024-32896, in its Android OS actively exploited in the wild. The issue involves a privilege escalation in the Android Framework component.

Security Affairs

September 4, 2024

VMware Fixed a Code Execution Flaw in Fusion Hypervisor Full Text

Abstract VMware has patched a high-severity code execution flaw in its Fusion hypervisor. The vulnerability, tracked as CVE-2024-38811, is caused by an insecure environment variable.

Security Affairs

September 3, 2024

Canonical Addresses Critical Linux Kernel AWS Vulnerabilities with New Patches Full Text

Abstract Security researchers have identified six vulnerabilities, including a race condition in the Bluetooth RFCOMM protocol driver that can crash the system, a race condition in the Bluetooth subsystem, and a double-free error in the net/mlx5e module.

The Cyber Express

September 3, 2024

Researchers Find SQL Injection Flaw to Bypass Airport TSA Security Checks Full Text

Abstract Security researchers discovered a SQL injection vulnerability in FlyCASS, a third-party web service used by airlines to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS).

Bleeping Computer

August 29, 2024

Critical Fortra FileCatalyst Workflow Vulnerability Patched (CVE-2024-6633) Full Text

Abstract The flaw, known as CVE-2024-6633, involves the use of default credentials for the HSQL database, which could compromise the software's confidentiality, integrity, and availability.

Help Net Security

August 29, 2024

AWS Load Balancer Plagued by Authentication Bypass Flaw Full Text

Abstract Miggo has uncovered a security flaw in AWS Load Balancer that could allow cybercriminals to bypass authentication and authorization services, potentially affecting over 15,000 applications.

Security Boulevard

August 27, 2024

Google Tags a Tenth Chrome Zero-Day as Exploited This Year Full Text

Abstract The vulnerability, tracked as CVE-2024-7965 and reported by a security researcher known as TheDog, involved a bug in the compiler backend that could allow remote attackers to exploit heap corruption through a crafted HTML page.

Bleeping Computer

August 27, 2024

SonicWall Patches Critical Flaw Affecting its Firewalls (CVE-2024-40766) Full Text

Abstract SonicWall has addressed a critical vulnerability (CVE-2024-40766) in its next-gen firewalls, which could be exploited by remote attackers to gain unauthorized access and potentially crash the devices.

Help Net Security

August 24, 2024

Urgent Edge Security Update: Microsoft Patches Zero-day & RCE Vulnerabilities Full Text

Abstract The urgent security update, Microsoft Edge Stable Channel Version 128.0.2739.42, based on Chromium versions 128.0.6613.85 and 128.0.6613.84, addresses a total of 25 security issues.

Security Onine

August 24, 2024

Slack Patches AI Bug That Exposed Private Channels Full Text

Abstract Slack fixed a vulnerability in its AI feature that could allow attackers to steal data from private channels. The flaw involved a prompt injection flaw in an AI feature, which allowed attackers to manipulate the system to perform malicious actions.

Dark Reading

August 24, 2024

Exploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows Kernel Streaming WOW Thunk Full Text

Abstract This vulnerability allows local attackers to escalate privileges to SYSTEM level through a heap-based buffer overflow. With a CVSS score of 7.8, CVE-2024-38054 is a critical flaw patched by Microsoft in July.

Security Online

August 22, 2024

Ingress-NGINX Annotation Validation Bypass Flaw (CVE-2024-7646) Allows Command Injection Full Text

Abstract The vulnerability allows attackers to inject malicious content into annotations, leading to arbitrary command injection and potential access to controller credentials, enabling full access to cluster secrets.

Armo

August 22, 2024

Google Fixes Ninth Chrome Zero-Day Exploited in Attacks This Year Full Text

Abstract Google released an emergency security update to fix the ninth zero-day vulnerability exploited in attacks this year. The vulnerability, known as CVE-2024-7971, involves a type confusion weakness in Chrome's V8 JavaScript engine.

Bleeping Computer

August 22, 2024

Critical Flaw in LiteSpeed Cache Plugin Actively Exploited: Over 30,000 Attacks Blocked in 24 Hours Full Text

Abstract The widely used LiteSpeed Cache plugin for WordPress is being actively exploited through a critical security vulnerability, CVE-2024-28000, with over 30,000 attack attempts blocked in just 24 hours.

Security Online

August 21, 2024

Ubuntu Addresses Multiple OpenJDK 8 Vulnerabilities Full Text

Abstract Canonical has released security fixes for multiple OpenJDK 8 vulnerabilities that could result in denial of service, information disclosure, or arbitrary code execution on certain Ubuntu releases.

TuxCare

August 21, 2024

Critical Remote Code Execution Vulnerability Addressed in GiveWP Plugin Full Text

Abstract The vulnerability, identified as CVE-2024-5932, arises from inadequate validation of user-provided serialized data, allowing attackers to inject harmful PHP objects through the give_title parameter.

The Cyber Express

August 21, 2024

Researcher Details Microsoft Outlook Zero-Click Vulnerability (CVE-2024-38021) Full Text

Abstract The vulnerability stems from how Outlook handles hyperlink objects in image tags in emails, enabling attackers to exploit a composite moniker to trigger remote code execution.

Security Online

August 21, 2024

TLS Bootstrap Attack on Azure Kubernetes Services can Leak Sensitive Credentials Full Text

Abstract A new threat known as "WireServing" has been identified in Azure Kubernetes Services (AKS) by Mandiant. This vulnerability could have allowed attackers to escalate privileges and access sensitive credentials within compromised clusters.

Google

August 21, 2024

Critical Heap Overflow Vulnerability Discovered in FFmpeg, PoC Published Full Text

Abstract CVE-2024-7272 is a critical heap overflow vulnerability found in FFmpeg, the popular multimedia framework. The vulnerability affects versions up to 5.1.5 and has a CVSS score of 8.8.

Security Online

August 21, 2024

RCE Vulnerability in Atlassian Bamboo Data Center and Server Full Text

Abstract This flaw, present in versions 9.1.0 through 9.6.0, allows authenticated attackers to execute arbitrary code within the Bamboo environment, posing risks to confidentiality, integrity, and availability.

Security Online

August 21, 2024

Spring Security Flaw Leaves Applications Open to Unauthorized Access Full Text

Abstract A high-severity vulnerability (CVE-2024-38810) has been discovered in Spring Security, potentially allowing unauthorized access to sensitive data within affected applications. The vulnerability impacts Spring Security versions 6.3.0 and 6.3.1.

Security Online

August 19, 2024

Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs Full Text

Abstract Cymulate's proof-of-concept attack demonstrates how multiple on-premises domains syncing to a single Azure tenant can lead to credential mishandling, potentially allowing unauthorized access to different domains.

Dark Reading

August 17, 2024

Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk Full Text

Abstract Google Pixel devices shipped globally since September 2017 were found to contain a pre-installed app called Showcase.apk, leaving them vulnerable to potential attacks and malware infections.

The Hacker News

August 15, 2024

Research Uncovers New Microsoft Outlook Vulnerability Full Text

Abstract A new vulnerability has been discovered in Microsoft Outlook by security researchers, labeled as CVE-2024-38173 with a CVSS score of 6.7. This Form Injection RCE flaw is similar to a previous vulnerability, CVE-2024-30103, patched in July 2024.

Infosecurity Magazine

August 15, 2024

Windows TCP/IP RCE Impacts all Systems with IPv6 Enabled, Patch Now Full Text

Abstract A critical TCP/IP remote code execution (RCE) vulnerability affecting all Windows systems with IPv6 enabled has been discovered, prompting Microsoft to issue a warning urging users to patch their systems immediately.

Bleeping Computer

August 15, 2024

SolarWinds Urges Upgrade After Revealing Critical RCE Bug Full Text

Abstract SolarWinds is advising customers to upgrade their Web Help Desk platform due to a critical vulnerability, CVE-2024-28986, discovered by Inmarsat Government researchers. The bug allows for remote code execution through Java deserialization.

Infosecurity Magazine

August 14, 2024

Update: New Windows SmartScreen Bypass Exploited as Zero-Day Since March Full Text

Abstract A security loophole in Windows SmartScreen, known as CVE-2024-38213, was exploited by attackers as a zero-day to bypass protection. Microsoft patched this vulnerability during the June 2024 Patch Tuesday.

Bleeping Computer

August 14, 2024

Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access Full Text

Abstract Ivanti Virtual Traffic Manager has a critical flaw that could allow rogue admin access. A security update has been released for this vulnerability, tracked as CVE-2024-7593, with a CVSS score of 9.8.

The Hacker News

August 14, 2024

Microsoft Azure AI Health Bot Infected With Critical Vulnerabilities Full Text

Abstract Multiple privilege escalation issues in Microsoft Azure's cloud-based Health Bot service opened the platform to server-side request forgery (SSRF) and could have allowed access to cross-tenant resources.

Dark Reading

August 13, 2024

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks Full Text

Abstract Researchers at SySS GmbH revealed that attackers could exploit vulnerabilities in Ewon Cosy+ to gain elevated access, decrypt encrypted data, and hijack VPN sessions, posing a significant threat to users and industrial infrastructure.

The Hacker News

August 13, 2024

Researchers Uncover 10 Flaws in Google’s File Transfer Tool Quick Share Full Text

Abstract The flaws include denial-of-service issues, unauthorized file write bugs, directory traversal, and forced Wi-Fi connections. Google has released an update (v1.0.1724.0) to address these vulnerabilities and is tracking them under two CVE identifiers.

The Hacker News

August 10, 2024

‘0.0.0.0 Day’ Flaw Puts Chrome, Firefox, Mozilla Browsers at RCE Risk Full Text

Abstract An open source security firm, Oligo Security, has discovered a vulnerability called "0.0.0.0 Day" that allows attackers to execute code on web browsers like Chrome, Safari, and Firefox, potentially leading to data theft and malware.

Dark Reading

August 10, 2024

Cisco Warns of Critical RCE Zero-Days in End of Life IP Phones Full Text

Abstract Cisco has issued a warning about critical remote code execution zero-days affecting the web-based management interface of the Small Business SPA 300 and SPA 500 series IP phones, which are no longer supported.

Bleeping Computer

August 10, 2024

Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins Full Text

Abstract An issue with Microsoft's Entra ID identity and access management service could allow a hacker with admin-level access to gain global administrator privileges within an organization's cloud environment.

Dark Reading

August 9, 2024

How to Weaponize Microsoft Copilot for Cyberattackers Full Text

Abstract Copilot is an AI-based chatbot used by enterprises to streamline tasks, but it can also be manipulated by attackers to steal data and conduct phishing scams without leaving a trace.

Dark Reading

August 6, 2024

Around 20K Ubiquiti IoT Cameras & Routers are Sitting Ducks for Hackers Full Text

Abstract Around 20,000 Ubiquiti IoT cameras and routers are at risk due to a vulnerability that has been known for five years. Researchers have found that despite patches being available, many devices are still vulnerable.

Dark Reading

August 6, 2024

Google Fixes Android Kernel Zero-Day Exploited in Targeted Attacks Full Text

Abstract Google has patched a zero-day vulnerability in the Android kernel that was being exploited in targeted attacks. The vulnerability, tracked as CVE-2024-36971, allows for arbitrary code execution without user interaction on unpatched devices.

Bleeping Computer

August 6, 2024

Researchers Warn of a New Critical Apache OFBiz Flaw Full Text

Abstract The vulnerability allows unauthenticated users to execute screen rendering code under certain conditions in versions up to 18.12.14, with version 18.12.15 addressing the issue.

Security Affairs

August 2, 2024

Homebrew Security Audit Finds 25 Vulnerabilities Full Text

Abstract A security audit sponsored by the Open Tech Fund in August 2023 revealed 25 vulnerabilities in Homebrew. The audit found issues that could have allowed attackers to execute code, modify builds, control CI/CD workflows, and access sensitive data.

Homebrew

August 1, 2024

DigiCert Mass-Revoking TLS Certificates Due to Domain Validation Bug Full Text

Abstract DigiCert discovered a bug in how domain ownership was verified, leading to the mass revocation of SSL/TLS certificates. Approximately 0.4% of domain validations conducted between August 2019 and June 2024 are affected.

Bleeping Computer

July 31, 2024

Multiple SMTP Servers Vulnerable to Spoofing Attacks, Let Hackers Bypass Authentication Full Text

Abstract Multiple SMTP servers are vulnerable to spoofing attacks that allow hackers to bypass authentication. Two vulnerabilities, CVE-2024-7208 and CVE-2024-7209, exploit weaknesses in authentication and verification mechanisms provided by SPF and DKIM.

Cybersecurity News

July 31, 2024

Ubuntu Fixes Two OpenVPN Vulnerabilities Full Text

Abstract Ubuntu has fixed two vulnerabilities in OpenVPN, a virtual private network software. These vulnerabilities could keep the closing session active or lead to denial of service. Canonical released security updates for affected Ubuntu releases.

TuxCare

July 30, 2024

Meta’s AI Safety System Manipulated by Space Bar Characters to Enable Prompt Injection Full Text

Abstract A bug hunter discovered a bypass in Meta's Prompt-Guard-86M model by inserting character-wise spaces between English alphabet characters, rendering the classifier ineffective in detecting harmful content.

The Register

July 30, 2024

Microsoft Warns of Ransomware Gangs Abusing VMware ESXi Authentication Bypass in Attacks Full Text

Abstract Ransomware operators like Black Basta and Akira have already used this vulnerability in attacks, with Storm-0506 deploying Black Basta ransomware on the ESXi hypervisors of a North American engineering firm.

Bleeping Computer

July 29, 2024

WhatsApp for Windows Lets Python, PHP Scripts Execute with no Warning Full Text

Abstract WhatsApp currently blocks certain file types considered risky, but Python and PHP scripts are not included in the blocklist. Security researcher Saumyajeet Das identified this vulnerability while testing file attachments in WhatsApp conversations.

Bleeping Computer

July 29, 2024

Acronis Warns of Cyber Infrastructure Default Password Abused in Attacks Full Text

Abstract The vulnerability (CVE-2023-45249) was patched nine months ago but is still being exploited in attacks. Admins are advised to update their systems immediately to prevent unauthorized remote code execution.

Bleeping Computer

July 27, 2024

PKfail Secure Boot bypass Lets Attackers Install UEFI Malware Full Text

Abstract The issue originates from a test Secure Boot key provided by American Megatrends International (AMI) that was not replaced by OEMs, resulting in devices shipping with untrusted keys.

Bleeping Computer

July 25, 2024

ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions Full Text

Abstract Researchers have uncovered a vulnerability in Google Cloud Platform's Cloud Functions service called ConfusedFunction. This flaw allows an attacker to escalate their privileges to access other services and sensitive data in an unauthorized manner.

Tenable

July 25, 2024

Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 Full Text

Abstract The critical vulnerability in Docker Engine, identified as CVE-2024-41110 with a severity score of 10/10, was first discovered in 2018 and reappeared due to a missed patch in January 2019. It allows attackers to bypass authorization plugins.

Docker

July 22, 2024

Several Linux Kernel Azure Vulnerabilities Fixed in Ubuntu Full Text

Abstract Canonical released security updates to fix various vulnerabilities in the Linux kernel for Microsoft Azure Cloud systems on Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. These flaws could lead to denial of service, data leakage, or arbitrary code execution.

TuxCare

July 19, 2024

Critical Splunk Flaw can be Exploited to Grab Passwords Full Text

Abstract A critical vulnerability (CVE-2024-36991) in Splunk Enterprise on Windows is considered more severe than initially thought, allowing attackers to grab passwords. Various proof-of-concept exploits have been published.

Help Net Security

July 19, 2024

Critical TE.0 HTTP Request Smuggling Vulnerability Impacts Thousands of Google Cloud-hosted Websites Full Text

Abstract This new class of HTTP Request Smuggling vulnerabilities poses a significant risk to thousands of websites, including those protected by Google's Load Balancer and Identity-Aware Proxy (IAP).

Bug Crowd

July 17, 2024

WP Time Capsule Plugin Update Urged After Critical Security Flaw Full Text

Abstract By exploiting this flaw, attackers could bypass critical authentication checks, manipulating JSON-encoded POST data to elevate their privileges and effectively log in as site administrators.

Infosecurity Magazine

July 12, 2024

Multiple Threat Actors Exploit PHP Flaw CVE-2024-4577 to Deliver Malware Full Text

Abstract The PHP vulnerability, tracked as CVE-2024-4577, with a CVSS score of 9.8, allows attackers to execute commands on Windows systems using Chinese and Japanese language settings.

Security Affairs

July 12, 2024

Veeam Flaw Becomes Ransomware Vector a Year After Patching Full Text

Abstract A new ransomware gang known as EstateRansomware is exploiting a Veeam vulnerability that was patched over a year ago to spread file-encrypting malware and demand ransom payments.

The Register

July 10, 2024

Microsoft July 2024 Patch Tuesday Fixes 142 Flaws, 4 Zero-Days Full Text

Abstract As part of Microsoft's July 2024 Patch Tuesday, 142 flaws were addressed, including two zero-days actively exploited and two publicly disclosed. Five critical vulnerabilities were fixed, all related to remote code execution.

Bleeping Computer

July 10, 2024

Blast RADIUS Attack can Bypass Authentication for Clients Full Text

Abstract This vulnerability, known as Blast RADIUS and rated 7.5 out of 10 on the severity scale, affects the RADIUS networking protocol, potentially granting unauthorized access to network devices and services without credentials.

The Register

July 9, 2024

Critical Ghostscript flaw exploited in the wild. Patch it now! Full Text

Abstract This vulnerability affects Ghostscript versions ? 10.03.0 and can have a significant impact on web applications and services using Ghostscript for document conversion and previews.

Security Affairs

July 9, 2024

Apache Fixed a Source Code Disclosure Flaw in Apache HTTP Server Full Text

Abstract This vulnerability, tracked as CVE-2024-39884 and caused by a regression, can lead to unintentional exposure of sensitive data when legacy content-type configurations are used.

Security Affairs

July 9, 2024

Splunk Addresses Critical Vulnerabilities in Enterprise and Cloud Platforms Full Text

Abstract Splunk has released a set of security updates to address 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including high-severity issues. CVE-2024-36985 allows remote code execution via External Lookup in Splunk Enterprise.

The Cyber Express

July 9, 2024

Increase in the Exploitation of Microsoft SmartScreen Vulnerability Full Text

Abstract Cyble Research and Intelligence Labs (CRIL) has identified an increase in the exploitation of the Microsoft SmartScreen vulnerability (CVE-2024-21412) through an active campaign targeting regions like Spain, the US, and Australia.

Cyble

July 6, 2024

Latest Ghostscript Vulnerability Haunts Experts as the Next Big Breach Enabler Full Text

Abstract The vulnerability could be exploited to compromise systems without requiring user interaction, contrary to some severity assessments initially made by Tenable and Red Hat.

The Register

July 6, 2024

Traeger Security Bugs Threatening Grillers’ Hard Work Full Text

Abstract Traeger grills face security bugs that could spell trouble for BBQ enthusiasts. High-severity vulnerabilities in the Traeger Grill D2 Wi-Fi Controller could allow remote attackers to control the grill's temperature or shut it down.

The Register

July 4, 2024

Ghostscript Vulnerabilities Patched in Recent Ubuntu Updates Full Text

Abstract Canonical has released Ubuntu security updates to address bugs in Ghostscript, a tool used for interpreting PostScript and PDF files. These vulnerabilities could potentially allow attackers to bypass security restrictions or execute malicious code.

Security Boulevard

July 4, 2024

Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform Full Text

Abstract Splunk has released security updates to address 16 vulnerabilities in Splunk Enterprise and Cloud Platform. These vulnerabilities include high-severity flaws such as Remote Code Execution (RCE) and Serialized Session Payload exploits.

Security Affairs

July 3, 2024

RCE, DoS Exploits Found in Rockwell PanelView Plus: Patch Now Full Text

Abstract Microsoft has exposed two significant vulnerabilities in Rockwell Automation's PanelView Plus devices that could be exploited by attackers to execute remote code and launch denial-of-service attacks.

The Cyber Express

July 3, 2024

Vulnerabilities in CocoaPods: The Achilles’ Heel of the Apple App Ecosystem Full Text

Abstract Recent discoveries have unveiled severe vulnerabilities within CocoaPods, a dependency manager essential for iOS and macOS application development. These security flaws could lead to significant supply chain attacks, jeopardizing numerous applications. The exploit allows attackers to alter the soft ... Read More

Cyware

July 2, 2024

Dev Rejects CVE Severity, Makes his GitHub Repository Read-Only Full Text

Abstract The open source project 'ip' has been archived on GitHub due to a dubious CVE report filed against it. This is not an isolated incident, as open-source developers have seen an increase in unsubstantiated CVE reports for their projects.

Bleeping Computer

July 2, 2024

Latest Intel CPUs Impacted by New Indirector Side-Channel Attack Full Text

Abstract Researchers at the University of California, San Diego have discovered a new type of attack called 'Indirector' that targets modern Intel processors, including those from the Raptor Lake and Alder Lake generations.

Bleeping Computer

July 1, 2024

Apple CocoaPods Bugs Expose Millions of Apps to Code Injection Full Text

Abstract A report by E.V.A Information Security reveals that Apple's popular dependency manager, CocoaPods, has been plagued with three critical vulnerabilities for several years.

Dark Reading

July 1, 2024

Multiple Vulnerabilities Found in Gas Chromatographs Full Text

Abstract Multiple critical vulnerabilities have been discovered in Emerson gas chromatographs, which could potentially enable unauthorized access to sensitive data, cause denial-of-service attacks, and execute arbitrary commands.

Bank Infosecurity

July 1, 2024

New ‘regreSSHion’ Remote Unauthenticated Code Execution Vulnerability Discovered in OpenSSH Server Full Text

Abstract Approximately 700,000 external internet-facing instances are vulnerable, accounting for 31% of global instances with OpenSSH. Additionally, a small percentage of vulnerable instances are running an End-Of-Life/End-Of-Support version of OpenSSH.

Qualys

June 29, 2024

Your Phone’s 5G Connection Is Vulnerable to Bypass, DoS Attacks Full Text

Abstract One attack involves setting up a fake base station using a Raspberry Pi or a software-defined radio (SDR). These devices can imitate a real base station and are readily available for purchase.

Dark Reading

June 29, 2024

Critical GitLab Bug Lets Attackers Run Pipelines as Any User Full Text

Abstract A critical vulnerability has been discovered in certain versions of GitLab Community and Enterprise Edition products. This vulnerability allows an attacker to run pipelines as any user.

Bleeping Computer

June 27, 2024

PoC Exploit for Critical Fortra FileCatalyst Flaw Published Full Text

Abstract The vulnerability allows attackers to create administrative user accounts, modify and delete data in the application database, and potentially gain full control of vulnerable systems.

Help Net Security

June 27, 2024

Update: MOVEit Transfer Vulnerability Targeted Amid Disclosure Drama Full Text

Abstract The non-profit cybersecurity organization, the Shadowserver Foundation, has observed exploitation attempts against CVE-2024-5806. They noted that the exploitation began soon after the vulnerability details were made public.

TechTarget

June 27, 2024

Critical ADOdb Vulnerabilities Fixed in Ubuntu Full Text

Abstract These vulnerabilities include SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses. Ubuntu has released updates for various versions, including Ubuntu 22.04 LTS, 20.04 LTS, 18.04 ESM, and 16.04 ESM.

Tux Care

June 26, 2024

Multiple Vulnerabilities in Siemens Power Automation Products Full Text

Abstract Siemens recently patched several vulnerabilities in its Sicam products that could be exploited to target the energy sector. The updates addressed two high-severity and one medium-severity flaws.

SEC Consult

June 26, 2024

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping Full Text

Abstract The vulnerability, tracked as CVE-2024-27867, affects various AirPods models, Powerbeats Pro, and Beats Fit Pro. An attacker in Bluetooth range could spoof the source device and gain access to the headphones, potentially allowing eavesdropping.

The Hacker News

June 26, 2024

Authentication Bypasses in MOVEit Transfer and MOVEit Gateway Full Text

Abstract A critical security vulnerability, CVE-2024-5806, has been found in MOVEit Transfer, a popular file transfer software. The vulnerability allows attackers to bypass authentication checks and gain administrative access by sending manipulated requests.

Rapid 7

June 24, 2024

Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool Full Text

Abstract The vulnerability, tracked as CVE-2024-37032 and dubbed Probllama, was patched in version 0.1.34 released on May 7, 2024. Ollama is a service used for running large language models locally on Windows, Linux, and macOS devices.

The Hacker News

June 24, 2024

Researchers Say Microsoft Power BI Reports Expose Sensitive Data on the Web Full Text

Abstract The vulnerability in Power BI reports allows access to underlying raw data when shared with others. This includes detailed records, hidden tables, non-displayed columns, and filtered-out data.

NOKOD Security

June 21, 2024

CosmicSting Flaw Impacts 75% of Adobe Commerce, Magento Sites Full Text

Abstract Approximately 75% of affected e-commerce platforms have not applied the security update, which exposes them to XML external entity injection (XXE) and remote code execution (RCE) risks.

Bleeping Computer

June 20, 2024

Critical Vulnerability CVE-2024-38428 in wget Full Text

Abstract A critical vulnerability has been found in the command line program wget, with a CVSS Base Score of 10.0. It is present in versions <=1.24.5 and poses a risk for users on Linux and Windows.

BornCity

June 20, 2024

Unpatched Bug Allows Anyone to Impersonate Microsoft Corporate Email Accounts Full Text

Abstract A bug has been discovered in Microsoft's corporate email accounts that allows attackers to impersonate them and conduct phishing. The security researcher, Vsevolod Kokorin, uncovered the flaw and reported it to Microsoft but received no response.

Security Affairs

June 20, 2024

Google Chrome 126 Update Addresses Multiple High-Severity Flaws Full Text

Abstract Google has released the Chrome 126 update to fix several vulnerabilities, including a high-severity issue demonstrated at the TyphoonPWN 2024 hacking competition. One of the flaws is a type confusion problem in the V8 script engine.

Security Affairs

June 18, 2024

VMware by Broadcom Warns of Critical vCenter Flaws Full Text

Abstract Broadcom's VMware has discovered two critical-rated flaws, CVE-2024-37079 and CVE-2024-37080, in its vCenter Server, a tool used to manage virtual machines in its Cloud Foundation and vSphere suites.

The Register

June 17, 2024

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems Full Text

Abstract A new speculative execution attack named "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data with over a 95% chance of success, allowing hackers to bypass the security feature.

Bleeping Computer

June 15, 2024

Exploiting File Read Vulnerabilities in Gradio to Steal Secrets from Hugging Face Spaces Full Text

Abstract Two high-severity vulnerabilities were disclosed to Hugging Face. CVE-2023-51449 is a path traversal vulnerability in the file endpoint whereas CVE-2024-1561 arises from an input validation flaw in the component_server API endpoint.

Horizon3

June 15, 2024

Critical Security Gaps Uncovered in Open Source AI/ML Tools Full Text

Abstract A report by Protect AI revealed a dozen critical vulnerabilities found in various open-source AI/ML tools in recent months. These vulnerabilities can lead to information disclosure, unauthorized access, privilege escalation, and server takeover.

Protect AI

June 15, 2024

‘Sleepy Pickle’ Exploit Subtly Poisons ML Models Full Text

Abstract Pickle files provide an opportunity for attackers to insert malicious bytecode into ML programs, which can have various consequences such as manipulated output and data theft.

Dark Reading

June 13, 2024

Multiple Flaws in Fortinet FortiOS Fixed Full Text

Abstract Fortinet released security updates for FortiOS to address multiple vulnerabilities. These included a high-severity code execution flaw and several stack-based buffer overflow vulnerabilities.

Security Affairs

June 6, 2024

Vulnerability in Cisco Webex Cloud Service Exposed Government Authorities, Companies Full Text

Abstract A vulnerability in Cisco Webex allowed a German journalist to find links to video conference meetings held by the Bundeswehr and the SPD, affecting both self-hosted and cloud instances.

Help Net Security

June 5, 2024

Patch Your Hardy Barth cPH2 Wallbox for Critical Security Flaw Full Text

Abstract Interpol404, a threat actor (TA) is selling exploit code for a critical security vulnerability (CVE-2023-46359) on the Nuovo BreachForums. The TA has set a price tag of $200 for this vulnerability.

The Cyber Express

June 5, 2024

Android Security Bulletin for June 2024 Addresses 37 Vulnerabilities Full Text

Abstract The June 2024 update for Android includes patches for high-severity flaws in the Framework and System components, addressing issues such as elevation of privilege and information disclosure.

Android

June 5, 2024

Zyxel Issues Emergency RCE Patch for End-of-Life NAS Devices Full Text

Abstract An attacker can exploit the vulnerabilities to perform command injection attacks and achieve remote code execution. Two flaws can also allow attackers to elevate privileges.

Bleeping Computer

June 4, 2024

Azure Service Tags Tagged as Security Risk, Microsoft Disagrees Full Text

Abstract Azure Service Tags, which are used for firewall filtering and access control, have been flagged as a security risk by Tenable. They discovered a vulnerability that could enable attackers to access customers' confidential information.

Bleeping Computer

June 4, 2024

Experts Released PoC Exploit Code for a Critical Bug in Progress Telerik Report Servers Full Text

Abstract Researchers published a proof-of-concept (PoC) exploit code for an authentication bypass vulnerability on Progress Telerik Report Servers. Telerik Report Server is an end-to-end report management solution developed by Progress® Telerik.

Security Affairs

June 4, 2024

High-Risk Atlassian Confluence RCE Fixed, PoC Available (CVE-2024-21683) Full Text

Abstract A high-risk remote code execution (RCE) vulnerability in Atlassian Confluence has been fixed. Users should upgrade to the latest version as a Proof of Concept (PoC) and technical details of the flaw (CVE-2024-21683) are already public.

Help Net Security

June 3, 2024

Critical Apache Log4j2 Flaw Still Threatens Global Finance Full Text

Abstract The critical Apache Log4j2 vulnerability (CVE-2021-44832) still poses a significant threat to the global finance industry, even though it was discovered and patched over a year ago.

Security Affairs

June 1, 2024

Active Exploitation of Unauthenticated Stored XSS Vulnerabilities in WordPress Plugins Full Text

Abstract Fastly has issued a warning about vulnerabilities in three WordPress plugins, namely WP Statistics, WP Meta SEO, and LiteSpeed Cache, being exploited to inject malicious scripts and backdoors into websites.

Fastly

May 28, 2024

SingCERT Warns Critical Vulnerabilities Found in Multiple WordPress Plugins Full Text

Abstract Security updates have been promptly released to address these critical vulnerabilities in multiple WordPress plugins. SingCERT reported 9 critical plugin vulnerabilities and shared the mitigation strategies to avoid exploration by threat actors.

The Cyber Express

May 28, 2024

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors Full Text

Abstract When DDNS is combined with automatic TLS certificate generation using ACME clients, the public Certificate Transparency logs can be abused by attackers to find vulnerable devices en masse.

Security Affairs

May 27, 2024

NVD Leaves Exploited Vulnerabilities Unchecked Full Text

Abstract In the report published on May 23, VulnCheck showed that 30 out of 59 known exploited vulnerabilities (KEVs) registered since February 12 have not yet been analyzed by the NVD team.

Infosecurity Magazine

May 27, 2024 – Government

EU Wants Universities to Work with Intelligence Agencies to Protect Their Research Full Text

Abstract Europe’s leading research universities should work more closely with the continent’s intelligence agencies to help secure their research from being stolen by hostile states, EU member states recommended this week.

The Record

May 24, 2024

Three-Year-Old Apache Flink Flaw Now Under Active Attack Full Text

Abstract An improper access control bug in Apache Flink that was fixed in January 2021 has been added to the US government's Known Exploited Vulnerabilities Catalog, meaning criminals are right now abusing the flaw in the wild to compromise targets.

The Register

May 24, 2024

High-Severity GitLab Flaw Lets Attackers Take Over Accounts Full Text

Abstract The security flaw (tracked as CVE-2024-4835) is an XSS weakness in the VS code editor (Web IDE) that lets threat actors steal restricted information using maliciously crafted pages.

Bleeping Computer

May 22, 2024

Set of Bugs Puts Software Company and IoT Device Makers Into Motion Full Text

Abstract Cybersecurity researchers and Internet of Things (IoT) technology companies say they worked together to eliminate four software vulnerabilities that could have given malicious hackers deep access to networks.

The Record

May 22, 2024

Veeam Warns of Critical Backup Enterprise Manager Auth Bypass Bug Full Text

Abstract ?Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM).

Bleeping Computer

May 21, 2024

QNAP QTS Zero-Day in Share Feature Gets Public RCE Exploit Full Text

Abstract An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed.

Bleeping Computer

May 21, 2024

‘Linguistic Lumberjack’ Flaw in Logging Utility Fluent Bit Impacts Cloud Services Full Text

Abstract Cybersecurity researchers have discovered a critical vulnerability, dubbed "Linguistic Lumberjack," in the popular logging and metrics utility Fluent Bit that could allow for denial-of-service (DoS), information disclosure, or remote code execution.

Tenable

May 20, 2024

AI Python Package Flaw ‘Llama Drama’ Threatens Software Supply Chain Full Text

Abstract A critical vulnerability in the Jinja2 template rendering Python tool used by the llama_cpp_python package for integrating AI models can allow hackers to execute arbitrary code, putting systems and data at risk.

HackRead

May 16, 2024

Researchers Discover 11 Vulnerabilities in GE Ultrasound Devices Full Text

Abstract Researchers identified 11 security flaws in certain GE HealthCare ultrasound devices, including the Invenia ABUS 2.0, that could allow malicious actors with physical access to the devices to implant ransomware or access and manipulate patient data.

Bank Info Security

May 16, 2024

Google Patches Third Exploited Chrome Zero-Day in a Week Full Text

Abstract Google has released an emergency security update for Chrome to address the third zero-day vulnerability exploited in attacks within a week, highlighting the ongoing challenges in securing the popular web browser against sophisticated cyber threats.

Bleeping Computer

May 15, 2024

Several Vulnerabilities Addressed in Ubuntu 24.04 Full Text

Abstract Ubuntu 24.04 LTS has addressed several security vulnerabilities, including issues in less, Glibc, Curl, GnuTLS, libvirt, and Pillow, which could potentially lead to denial of service or arbitrary code execution.

TuxCar

May 14, 2024

NHS Digital Hints at Exploit Sightings of Arcserve UDP Vulnerabilities Full Text

Abstract The UK's National Health Service (NHS) is warning of possible exploitation attempts targeting vulnerabilities in the Arcserve Unified Data Protection (UDP) software, which were disclosed in March and had PoC exploit code released shortly after.

The Register

May 14, 2024

Apple Backports Fix for Zero-Day Exploited in Attacks to Older iPhones Full Text

Abstract The flaw is a memory corruption issue in Apple's RTKit real-time operating system that enables attackers with arbitrary kernel read and write capability to bypass kernel memory protections.

Bleeping Computer

May 14, 2024

Google Chrome Emergency Update Fixes Sixth Zero-Day Exploited in 2024 Full Text

Abstract The latest bug is tracked as CVE-2024-4761. It is an out-of-bounds write problem impacting Chrome’s V8 JavaScript engine, which is responsible for executing JS code in the application.

Bleeping Computer

May 13, 2024

Researchers Use MITM Attack to Bypass FIDO2 Phishing-Resistant Protection Full Text

Abstract The passwordless authentication standard FIDO2 has a critical flaw that allows attackers to launch Man-in-the-Middle (MitM) attacks and bypass authentication, gaining access to users' private areas and potentially removing their registered devices.

SILVERFOR

May 11, 2024

Attack Makes Autonomous Vehicle Tech Ignore Road Signs Full Text

Abstract Researchers have developed a technique called "GhostStripe" that can exploit the camera-based computer vision systems of autonomous vehicles, causing them to fail to recognize road signs, making it very risky for Tesla and Baidu Apollo vehicles.

The Register

May 9, 2024

Findings Show MFA Bypass in Microsoft Azure Entra ID Using Seamless SSO Full Text

Abstract Researchers at Pen Test Partners successfully bypassed Azure’s MFA requirement for SSO by changing the user-agent of a browser. They used a browser that resembled Chrome on Linux but encountered an error message stating MFA was required.

Hack Read

May 8, 2024

Report: Log4J Still Among Top Exploited Vulnerabilities Full Text

Abstract In a new report, Cato observed that the Log4J exploit represented 30% of the outbound vulnerability exploitations and 18% of the inbound vulnerability exploitations detected in the first quarter of 2024.

Infosecurity Magzine

May 8, 2024

Hackers Exploit LiteSpeed Cache Flaw to Create WordPress Admins Full Text

Abstract WPScan observed in April increased exploitation activity against WordPress sites with versions of the plugin older than 5.7.0.1, which are vulnerable to a high-severity (8.8) unauthenticated cross-site scripting flaw tracked as CVE-2023-40000.

Bleeping Compute

May 4, 2024

Android Bug can Leak DNS Traffic With VPN Kill Switch Enabled Full Text

Abstract The Android bug discovered by a Mullvad VPN user reveals that Android devices can leak DNS queries even with the "Always-on VPN" feature and "Block connections without VPN" option enabled.

Bleeping Computer

May 3, 2024

“Dirty Stream” Attack Affects Popular Android Apps Full Text

Abstract A vulnerability in popular Android apps like Xiaomi File Manager and WPS Office could allow malicious apps to overwrite files in the vulnerable app's home directory, potentially leading to code execution and unauthorized access to user data.

Microsoft

May 3, 2024

More Than Two Dozen Android Vulnerabilities Fixed Full Text

Abstract Xiaomi resolved 20 flaws, ensuring user safety by fixing issues like arbitrary access to system components and data leaks. Google also fixed six vulnerabilities, including geolocation access through the camera and arbitrary file access.

The Register

May 2, 2024

HPE Aruba Networking Fixes Four Critical RCE Flaws in ArubaOS Full Text

Abstract HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.

Bleeping Computer

May 2, 2024

Vulnerability Exploits Triple as Initial Access Point for Breaches Full Text

Abstract According to Verizon’s 2024 Data Breach Investigations Report, this method of gaining unauthorized access leading to a breach accounted for 14% of malicious actors’ way into a network. It is the third most used after credential theft and phishing.

Infosecurity Magazine

May 1, 2024

Programming Language R Patches Code Execution Security Flaw Full Text

Abstract The vulnerability, tagged CVE-2024-27322, can be exploited by tricking someone into loading a maliciously crafted RDS (R Data Serialization) file into an R-based project, or by fooling them into integrating a poisoned R package into a code base.

The Register

May 1, 2024

Patched Deserialization Flaw in Siemens Product Allows RCE Full Text

Abstract Researchers detailed a deserialization vulnerability in Siemens software used to monitor industrial energy consumption and attributed the flaw to the German conglomerate's decision to use a programming method that has known security risks.

Healthcare Info Security

April 27, 2024

Thousands of Qlik Sense Servers Open to Cactus Ransomware Full Text

Abstract Nearly five months after security researchers warned of the Cactus ransomware group leveraging a set of three vulnerabilities in Qlik Sense data analytics and BI platform, many organizations remain dangerously vulnerable to the threat.

Dark Reading

April 26, 2024

Researchers Found 18 Vulnerabilities in Brocade SANnav Full Text

Abstract Three of the vulnerabilities could allow an attacker to send malicious data, intercept credentials sent in clear text, and potentially compromise the entire Fibre Channel infrastructure.

Pierre Kim

April 25, 2024

Vulnerabilities in Microsoft’s PlayReady DRM Could Enable Illegal Movie Downloads From Streaming Services Full Text

Abstract The research identified deficiencies in various PMP components that could be exploited to gain access to plaintext content keys guarded by PlayReady DRM in Windows 10/11 environments.

Security Explorations

April 25, 2024

Maximum Severity Flowmon Bug has a Public Exploit, Patch Now Full Text

Abstract Flowon developer Progress Software first alerted about the flaw on April 4, warning that it impacts versions of the product v12.x and v11.x. The company urged system admins to upgrade to the latest releases, v12.3.4 and 11.1.14.

Bleeping Computer

April 24, 2024

Security Bugs in a Popular Phone-Tracking App Exposed Users’ Precise Locations Full Text

Abstract A security researcher discovered vulnerabilities in the popular phone-tracking app iSharing, which has over 35 million users. The bugs allowed a user to access others' precise coordinates, even if the user wasn't actively sharing their location data.

Tech Crunch

April 24, 2024

Major Security Flaws Expose Keystrokes of Over One Billion Chinese Keyboard App Users Full Text

Abstract The vulnerabilities could be exploited to "completely reveal the contents of users' keystrokes in transit," researchers Jeffrey Knockel, Mona Wang, and Zoë Reichert said.

The Hacker News

April 22, 2024

Dependency Confusion Vulnerability Found in Apache Project Full Text

Abstract The exploit occurs when referencing a private/local package, which inadvertently fetches a malicious package similarly named from the public registry due to misconfigurations in package managers.

Infosecurity Magazine

April 22, 2024

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers Full Text

Abstract New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.

The Hacker News

April 20, 2024

CrushFTP Warns Users to Patch Exploited Zero-Day “Immediately” Full Text

Abstract As the company also explains in a public security advisory published on Friday, this zero-day bug enables unauthenticated attackers to escape the user's virtual file system (VFS) and download system files.

Bleeping Computer

April 20, 2024

Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware Full Text

Abstract In a briefing at Black Hat Asia, Shmuel Cohen, security researcher at SafeBreach, described how he not only reverse-engineered and cracked into the company's signature Cortex product but also weaponized it to deploy a reverse shell and ransomware.

Dark Reading

April 17, 2024

Ivanti Warns of Critical Flaws in Its Avalanche MDM Solution Full Text

Abstract Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution.

Bleeping Computer

April 17, 2024

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware Full Text

Abstract Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The vulnerability (CVE-2023-22518) allows an unauthenticated attacker to reset Confluence and create an administrator account.

The Hacker News

April 17, 2024

Several GTKWave Vulnerabilities Fixed in Debian Full Text

Abstract Recently, the Debian security team fixed several issues in GTKWave, an open-source waveform viewer for VCD files. These vulnerabilities, if exploited, could result in the execution of arbitrary code, posing a significant risk to users.

Tuxcare

April 17, 2024

Update: Researchers Released Exploit Code for Actively Exploited Palo Alto Networks PAN-OS Bug Full Text

Abstract Researchers at watchTowr Labs have released a technical analysis of the vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS and a proof-of-concept exploit that can be used to execute shell commands on vulnerable firewalls.

Security Affairs

April 16, 2024

AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs Full Text

Abstract New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations.

The Hacker News

April 15, 2024

Update: Palo Alto Networks Fixes Zero-Day Exploited to Backdoor Firewalls Full Text

Abstract This maximum severity security flaw (CVE-2024-3400) affects PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with device telemetry and GlobalProtect (gateway or portal) enabled.

Bleeping Computer

April 15, 2024

Critical Vulnerability in Delinea Secret Server Allows Auth Bypass, Admin Access Full Text

Abstract Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets.

Help Net Security

April 13, 2024

Telegram Fixes Windows App Zero-Day Used to Launch Python Scripts Full Text

Abstract A proof of concept exploit was shared on the XSS hacking forum explaining that a typo in the source code for Telegram for Windows could be exploited to send Python .pyzw files that bypass security warnings when clicked.

Cyware

April 12, 2024

Intel and Lenovo Servers Impacted by 6-Year-Old BMC Flaw Full Text

Abstract The security issue could lead to the exfiltration of process memory addresses, which could help attackers bypass protection mechanisms like Address Space Layout Randomization (ASLR).

Cyware

April 12, 2024

Microsoft Fixed Two Zero-Day Flaws Exploited in Malware Attacks Full Text

Abstract Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware payloads on vulnerable systems.

Cyware

April 12, 2024

Palo Alto Networks Fixed Multiple DoS Bugs in its Firewalls Full Text

Abstract Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system, including CVE-2024-3385, CVE-2024-3384, CVE-2024-3382.

Cyware

April 11, 2024

X Fixes URL Blunder That Could Enable Social Media Phishing Full Text

Abstract Users started noticing on Monday that X's programmers implemented a rule on its iOS app that auto-changed Twitter.com links that appeared in Xeets (tweets) to X.com links.

The Register

April 11, 2024

New Spectre v2 Attack Impacts Linux Systems Running on Intel CPUs Full Text

Abstract Researchers have demonstrated the "first native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors.

Bleeping Computer

April 11, 2024

Rust Addresses Critical Vulnerability on Windows Full Text

Abstract The vulnerability, which carries a perfect 10 base severity score, is tracked as CVE-2024-24576. It affects the Rust standard library, which was found to be improperly escaping arguments when invoking batch files on Windows using the Command API.

The Register

April 10, 2024

91,000 Smart LG TV Devices Vulnerable to Remote Takeover Full Text

Abstract Cybersecurity researchers from Bitdefender discovered critical vulnerabilities in LG TVs running webOS versions 4 through 7. These vulnerabilities could allow attackers to gain complete control over the TV, steal data, or install malware.

Hack Read

April 10, 2024

Novel Ahoi Attacks Could Compromise Confidential VMs Full Text

Abstract The researchers presented two variations of what they call Ahoi attacks. One of them, dubbed Heckler, involves a malicious hypervisor injecting interrupts to alter data and control flow, breaking the integrity and confidentiality of CVMs.

SC Magazine

April 9, 2024

Patches for CVE-2024-1086 for CloudLinux 6h, 7 Users on KernelCare Live Full Text

Abstract The KernelCare team is working on deploying a live patch for CVE-2024-1086 for CloudLinux users. A patch has already been released for CloudLinux 6h and CloudLinux 7, and users can manually update without a live patch.

Tuxcare

April 8, 2024

Over 92,000 Internet-Facing D-Link NAS Devices can be Easily Hacked Full Text

Abstract A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as CVE-2024-3273, that impacts multiple end-of-life D-Link NAS device models.

Security Affairs

April 8, 2024

Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft Full Text

Abstract Cloud security provider Wiz found two critical architecture flaws in generative AI models uploaded to Hugging Face, namely shared Inference infrastructure takeover and shared CI/CD takeover.

Infosecurity Magazine

April 5, 2024

Critical Flaw in LayerSlider WordPress Plugin Impacts One Million Sites Full Text

Abstract A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.

Bleeping Computer

April 4, 2024

Google Fixed Another Chrome Zero-Day Exploited at Pwn2Own Full Text

Abstract The vulnerability CVE-2024-3159 is an out-of-bounds memory access in the V8 JavaScript engine. The flaw was demonstrated by Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto Networks during the Pwn2Own 2024 on March 22, 2024.

Security Affair

March 30, 2024

Easy Privilege Escalation Exploit Lands for Linux Kernels Full Text

Abstract A Linux privilege-escalation proof-of-concept exploit has been published that, according to the bug hunter who developed it, typically works effortlessly on kernel versions between at least 5.14 and 6.6.14.

The Register

March 29, 2024

Several ImageMagick Vulnerabilities Addressed in Ubuntu Full Text

Abstract The vulnerabilities addressed by the updates impact several Ubuntu releases, including Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 23.10, Ubuntu 23.04, Ubuntu 18.04, and Ubuntu 16.04.

Tux Care

March 28, 2024

Google Fixes Chrome Zero-Days Exploited at Pwn2Own 2024 Full Text

Abstract Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition.

Bleeping Computer

March 26, 2024

New ZenHammer Memory Attack Impacts AMD CPUs Based on Zen Architecture Full Text

Abstract Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on a recent AMD Zen microarchitecture that maps physical addresses on DDR4 and DDR5 memory chips.

Bleeping Computer

March 23, 2024

Mozilla Fixes Two Firefox Zero-Day Bugs Exploited at Pwn2Own Full Text

Abstract Mozilla fixed the security flaws in Firefox 124.0.1 and Firefox ESR 115.9.1 to block potential remote code execution attacks targeting unpatched web browsers on desktop devices.

Bleeping Computer

March 22, 2024

Apple M-Series Chip Vulnerability Puts Encryption Keys at Risk Full Text

Abstract Foresight News reported that the vulnerability poses a serious risk of leakage of wallet keys, The flaw operates as a side channel, facilitating the extraction of end-to-end keys during encrypted transactions.

The Cyber Express

March 21, 2024

Critical Flaw in Atlassian Bamboo Data Center and Server Must Be Fixed Immediately Full Text

Abstract The vulnerability allows unauthenticated attackers to expose assets in the environment, with a high impact on confidentiality, integrity, and availability, without requiring user interaction.

Security Affairs

March 20, 2024

50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty Full Text

Abstract The DoD Cyber Crime Center (DC3) reported on March 15, 2024, that it processed its 50,000th vulnerability since introducing its crowd-sourced ethical hacking scheme in November 2016.

Infosecurity Magazine

March 16, 2024

Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins Full Text

Abstract Thousands of WordPress websites are at risk due to critical vulnerabilities in two discontinued MiniOrange plugins, allowing attackers to escalate privileges and compromise sites.

Word Fence

March 14, 2024

JetBrains Vulnerability Exploitation Highlights Debate Over ‘Silent Patching’ Full Text

Abstract Rapid7's decision to release details on the vulnerabilities led to immediate exploitation by attackers, according to JetBrains. The dispute arose from Rapid7's objection to JetBrains' preference for private patch releases and silent patching.

The Record

March 14, 2024

Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes Full Text

Abstract The vulnerability affects default installations of Kubernetes earlier than version 1.28.4 running on-prem deployments and Azure Kubernetes Service, highlighting the importance of patching.

Dark Reading

March 13, 2024

New Research Exposes Security Risks in ChatGPT Plugins Full Text

Abstract These vulnerabilities could allow attackers to take control of organization accounts on third-party platforms and access sensitive user data, including Personal Identifiable Information (PII).

Cyware

March 12, 2024

Experts Released PoC Exploit for Critical Progress Software OpenEdge Bug Full Text

Abstract Researchers from Horizon3.ai have disclosed technical details and a proof-of-concept exploit for a critical security flaw (CVE-2024-1403) in Progress Software OpenEdge Authentication Gateway and AdminServer.

Cyware

March 9, 2024

Canva Warns of Three Security Vulnerabilities in Fonts Full Text

Abstract The first, CVE-2023-45139, involved a high-severity bug in the FontTools library. The second and third vulnerabilities, CVE-2024-25081 and CVE-2024-25082, were related to naming conventions and compression.

Cyware

March 9, 2024

Flaws in Public Records Management Tool Could Let Hackers Nab Sensitive Data Linked to Requests Full Text

Abstract The GovQA platform, used by state and local governments for public records requests, had vulnerabilities that could have allowed hackers to access sensitive personal information, edit requests, and download unsecured files.

Cyware

March 8, 2024

Google Releases Android March 2024 Patches, Including Fixes for Two Critical Issues Full Text

Abstract Google has released the Android March 2024 security patches, addressing a total of 38 vulnerabilities, including two critical issues. These vulnerabilities could lead to remote code execution and elevation of privilege for attackers.

Cyware

March 7, 2024

Update: Critical TeamCity Flaw Now Widely Exploited to Create Admin Accounts Full Text

Abstract Hackers are exploiting a critical authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, leading to the creation of hundreds of unauthorized users on unpatched instances.

Cyware

March 6, 2024

Apple Emergency Security Updates Fix Two New iOS Zero-Days Full Text

Abstract The vulnerabilities, tracked as CVE-2024-23225 and CVE-2024-23296, are related to kernel and RTKit memory corruptions. The affected devices include iPhone XS and later, iPad Pro, iPad Air, and iPad mini models.

Cyware

March 4, 2024

Update: Ivanti Disputes CISA Findings of Post-Factory Reset Hacking Full Text

Abstract Ivanti disputes the U.S. cybersecurity agency's claim that hackers can establish persistence on rooted appliances through a factory reset, stating that it won't succeed in a live customer environment.

Cyware

March 1, 2024

Researchers Found a Zero-Click Facebook Account Takeover Full Text

Abstract The critical vulnerability in Facebook's password reset process involved a rate-limiting issue in a specific endpoint, which could be exploited to brute-force a nonce and gain access to a user's account.

Cyware

February 27, 2024

New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks Full Text

Abstract Cybersecurity researchers discovered a vulnerability in the Hugging Face Safetensors conversion service that could be exploited by attackers to compromise machine learning models submitted by users, leading to supply chain attacks.

Cyware

February 27, 2024

Zyxel Issues Security Advisory for Multiple Vulnerabilities in Firewalls and APs Full Text

Abstract Zyxel has identified and patched four critical vulnerabilities in its firewall and access point products, including flaws that could lead to remote code execution and denial-of-service attacks.

Cyware

February 24, 2024

Update: New ScreenConnect RCE Flaw Exploited in Ransomware Attacks Full Text

Abstract LockBit ransomware attacks are still occurring despite law enforcement takedown efforts, with threat actors exploiting ScreenConnect vulnerabilities to deploy the ransomware on compromised networks.

Cyware

February 23, 2024

Researchers Detail Apple’s Recent Zero-Click Shortcuts Vulnerability Full Text

Abstract A security flaw in Apple's Shortcuts app allowed shortcuts to access sensitive data on devices without user consent. The vulnerability, tracked as CVE-2024-23204, was patched by Apple on January 22, 2024.

Cyware

February 22, 2024

Multiple FreeImage Vulnerabilities Fixed in Ubuntu Full Text

Abstract On 16th January 2024, the Ubuntu security team released critical security updates addressing several FreeImage vulnerabilities in different Ubuntu releases, including Ubuntu 16.04 and Ubuntu 18.04.

Cyware

February 21, 2024

VMware Urges Admins to Remove Deprecated, Vulnerable Enhanced Authentication Plug-in Full Text

Abstract VMware has urged users to uninstall the deprecated Enhanced Authentication Plugin (EAP) due to the discovery of critical security flaws, including an arbitrary authentication relay bug and a session hijack flaw.

Cyware

February 20, 2024

Critical Flaws Found in ConnectWise ScreenConnect Software Full Text

Abstract ConnectWise has released software updates to address two critical security flaws in its ScreenConnect remote desktop and access software. The vulnerabilities could allow remote code execution and unauthorized access to restricted directories.

Cyware

February 20, 2024

Over 28,500 Exchange Servers Vulnerable to Actively Exploited Bug Full Text

Abstract The CVE-2024-21410 vulnerability allows remote unauthenticated actors to perform NTLM relay attacks, potentially leading to unauthorized access to confidential data and network exploitation.

Cyware

February 20, 2024

Hackers Exploit Critical RCE Flaw in Bricks WordPress Site Builder Full Text

Abstract The vulnerability, tracked as CVE-2024-25600, was discovered by a researcher named 'snicco' and a fix became available on February 13 with the release of version 1.9.6.1.

Cyware

February 19, 2024

RCE Vulnerabilities Fixed in Solarwinds Enterprise Solutions Full Text

Abstract SolarWinds has patched critical vulnerabilities in its Access Rights Manager (ARM) and (Orion) Platform that could allow attackers to execute code, emphasizing the importance of promptly updating to the fixed versions.

Cyware

February 16, 2024

CISA Adds Microsoft Windows Bugs to Its Known Exploited Vulnerabilities Catalog Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Microsoft Windows vulnerabilities to its list of Known Exploited Vulnerabilities. These flaws, CVE-2024-21412 and CVE-2024-21351, are actively being exploited in the wild.

Cyware

February 14, 2024

Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs Full Text

Abstract One of the zero-days, CVE-2024-21412, allows attackers to bypass security features and deploy malware. The other zero-day, CVE-2024-21351, enables attackers to bypass SmartScreen protections and potentially gain remote code execution capabilities.

Cyware

February 14, 2024

20-Year-Old DNSSEC Vulnerability Puts Big Chunk of the Internet at Risk Full Text

Abstract A 20-plus-year-old design flaw in the DNSSEC specification, named KeyTrap, can be exploited by a single packet to disable vulnerable DNS servers, affecting web clients and other applications relying on them.

Cyware

February 09, 2024

Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways Full Text

Abstract Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication. The issue, tracked as  CVE-2024-22024 , is rated 8.3 out of 10 on the CVSS scoring system. "An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication," the company  said  in an advisory. The company said it discovered the flaw during an internal review as part of its ongoing investigation into multiple security weaknesses in the products that have come to light since the start of the year, including  CVE-2023-46805, CVE-2024-21887 ,  CVE-2024-21888, and CVE-2024-21893 . CVE-2024-22024 affects the following versions of the products - Ivanti Connect Secure (versions 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2, a

The Hacker News

February 8, 2024

Google Fixed an Android Critical Remote Code Execution Flaw Full Text

Abstract Google has released the February 2024 security patches for Android to fix 46 vulnerabilities, including a critical remote code execution flaw (CVE-2024-0031) in the System component.

Cyware

February 7, 2024

Critical Shim Bug Impacts Every Linux Bootloader Signed in the Past Decade Full Text

Abstract The maintainers of 'shim' released version 15.8 to address six vulnerabilities, with the most critical one (CVE-2023-40547) potentially leading to remote code execution and Secure Boot bypass.

Cyware

February 07, 2024

Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux Distros Full Text

Abstract The maintainers of shim have released  version 15.8  to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as  CVE-2023-40547  (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of the Microsoft Security Response Center (MSRC) has been  credited  with discovering and reporting the bug. "The shim's http boot support (httpboot.c) trusts attacker-controlled values when parsing an HTTP response, leading to a completely controlled out-of-bounds write primitive," Oracle's Alan Coopersmith  noted  in a message shared on the Open Source Security mailing list oss-security. Demirkapi, in a  post  shared on X (formerly Twitter) late last month, said the vulnerability "exists in every Linux boot loader signed in the past decade." shim refers to a "trivial"  software package  that's  designed  to work as a firs

The Hacker News

February 7, 2024

Critical Bugs in Canon Printers Allow Code Execution, DDoS Full Text

Abstract Canon has patched critical buffer-overflow bugs in its printers that could allow attackers to remotely perform denial of service or execute arbitrary code, emphasizing the importance of promptly updating firmware.

Cyware

February 7, 2024

New Vulnerabilities in Azure HDInsight Could Have Led to Privilege Escalations and Denial of Service Full Text

Abstract These vulnerabilities could have allowed attackers to gain cluster administrator privileges, disrupt operations, and negatively impact the availability and reliability of the affected systems.

Cyware

February 07, 2024

Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now Full Text

Abstract JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors to take over susceptible instances. The vulnerability, tracked as  CVE-2024-23917 , carries a CVSS rating of 9.8 out of 10, indicative of its severity. "The vulnerability may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server," the company  said . The issue impacts all TeamCity On-Premises versions from 2017.1 through 2023.11.2. It has been addressed in version 2023.11.3. An unnamed external security researcher has been credited with discovering and reporting the flaw on January 19, 2024. Users who are unable to update their servers to version 2023.11.3 can alternately download a security patch plugin to apply fixes for the flaw. "If your server is publicly acce

The Hacker News

February 06, 2024

Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services Full Text

Abstract Three new security vulnerabilities have been discovered in Azure HDInsight's Apache  Hadoop ,  Kafka , and  Spark  services that could be exploited to achieve privilege escalation and a regular expression denial-of-service ( ReDoS ) condition. "The new vulnerabilities affect any authenticated user of Azure HDInsight services such as Apache Ambari and Apache Oozie," Orca security researcher Lidor Ben Shitrit  said  in a technical report shared with The Hacker News. The list of flaws is as follows - CVE-2023-36419  (CVSS score: 8.8) - Azure HDInsight Apache Oozie Workflow Scheduler XML External Entity (XXE) Injection Elevation of Privilege Vulnerability CVE-2023-38156  (CVSS score: 7.2) - Azure HDInsight Apache Ambari Java Database Connectivity (JDBC) Injection Elevation of Privilege Vulnerability Azure HDInsight Apache Oozie Regular Expression Denial-of-Service (ReDoS) Vulnerability (no CVE) The two privilege escalation flaws could be exploited by an authenticate

The Hacker News

February 05, 2024

New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw Full Text

Abstract The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. The attacks entail a new variant of the malware that was first observed in 2019, Palo Alto Networks Unit 42 said in a report published last week. Propagated via phishing mails, Mispadu is a Delphi-based information stealer known to specifically infect victims in the Latin American (LATAM) region. In March 2023, Metabase Q  revealed  that Mispadu spam campaigns harvested no less than 90,000 bank account credentials since August 2022. It's also part of the larger family of LATAM banking malware, including  Grandoreiro , which was dismantled by Brazilian law enforcement authorities last week. The latest infection chain identified by Unit 42 employs rogue internet shortcut files contained within bogus ZIP archive files that leverage CVE-2023-36025 (CVSS score: 8.8), a high-severity bypass flaw in Windows Smar

The Hacker News

February 03, 2024

Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account Full Text

Abstract The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. "Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the maintainers said in a terse advisory. The vulnerability, tracked as  CVE-2024-23832 , has a severity rating of 9.4 out of a maximum of 10. Security researcher  arcanicanis  has been credited with discovering and reporting it. It has been described as an "origin validation error" ( CWE-346 ), which can typically allow an attacker to "access any functionality that is inadvertently accessible to the source." Every Mastodon version prior to 3.5.17 is vulnerable, as are 4.0.x versions before 4.0.13, 4.1.x versions before 4.1.13, and 4.2.x versions before 4.2.5. Mastodon said it's withholding additional technical specifics about the flaw until February 15, 2024, to give  admins  ampl

The Hacker News

February 3, 2024

Critical Vulnerability in Mastodon Sparks Patching Frenzy Full Text

Abstract Mastodon users and administrators need to upgrade to the latest version to patch a critical vulnerability (CVE-2024-23832) that allows attackers to take over accounts remotely.

Cyware

February 1, 2024

Zero-Day Vulnerability can Blind Defenses Relying on Windows Event Logs Full Text

Abstract The vulnerability can be leveraged by an attacker with local network access, and until Microsoft issues a patch, users can implement micropatches provided by Acros to mitigate the risk.

Cyware

January 31, 2024

RunC Flaws Enable Container Escapes, Granting Attackers Host Access Full Text

Abstract Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks. The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed  Leaky Vessels  by cybersecurity vendor Snyk. "These container escapes could allow an attacker to gain unauthorized access to the underlying host operating system from within the container and potentially permit access to sensitive data (credentials, customer info, etc.), and launch further attacks, especially when the access gained includes superuser privileges," the company  said  in a report shared with The Hacker News. runC  is a tool for spawning and running containers on Linux. It was originally developed as part of Docker and later  spun out  into a separate open-source library in 2015. A brief description of each of the flaws is below - CVE-202

The Hacker News

January 31, 2024

Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation Full Text

Abstract Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-21888  (CVSS score: 8.8) - A privilege escalation vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator CVE-2024-21893  (CVSS score: 8.2) - A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication The Utah-based software company  said  it found no evidence of customers being impacted by CVE-2024-21888 so far, but acknowledged "the exploitation of CVE-2024-21893 appears to be targeted" and that it's "aware of a limited number of cust

The Hacker News

January 31, 2024

Vulnerabilities in Lamassu Bitcoin ATMs Full Text

Abstract The attack, IOActive explains, was possible due to a vulnerability in the ATM’s software update mechanism that could allow an attacker to supply their own malicious file and trigger legitimate processes for code execution.

Cyware

January 30, 2024

URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite Full Text

Abstract GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to write arbitrary files while creating a  workspace . Tracked as  CVE-2024-0402 , the vulnerability has a CVSS score of 9.9 out of a maximum of 10. "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.5.8, 16.6 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace," GitLab  said  in an advisory released on January 25, 2024. The company also noted patches for the bug have been backported to 16.5.8, 16.6.6, 16.7.4, and 16.8.1. Also resolved by GitLab are four medium-severity flaws that could lead to a regular expression denial-of-service (ReDoS), HTML injection, and the disclosure of a user's public email address via the tags RSS feed. The latest updat

The Hacker News

January 29, 2024

Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords Full Text

Abstract A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file. The issue, tracked as CVE-2023-35636 (CVSS score: 6.5), was addressed by the tech giant as part of its  Patch Tuesday updates  for December 2023. "In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file," Microsoft  said  in an advisory released last month. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability." Put differently, the adversary would have to convince users to click a link, either embedded in a phishing email or sent via an instant message, and then deceive them into opening the file in question. CVE-2023-3563

The Hacker News

January 27, 2024

Update: Nearly 800 GoAnywhere Instances are Unpatched, Exposed to Critical CVE Full Text

Abstract The majority of GoAnywhere MFT admin interfaces running on default port settings are hosted in the U.S., with more than 3 in 5 publicly exposed instances hosted on cloud networks operated by Amazon, Microsoft, and Google.

Cyware

January 26, 2024

Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems Full Text

Abstract Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. Tracked as  CVE-2024-20253  (CVSS score: 9.9), the issue stems from improper processing of user-provided data that a threat actor could abuse to send a specially crafted message to a listening port of a susceptible appliance. "A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user," Cisco  said  in an advisory. "With access to the underlying operating system, the attacker could also establish root access on the affected device." Synacktiv security researcher Julien Egloff has been credited with discovering and reporting CVE-2024-20253. The following products are impacted by the flaw - Unified Communications Manager (versions 11

The Hacker News

January 25, 2024

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP! Full Text

Abstract The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier  CVE-2024-23897 , has been described as an arbitrary file read vulnerability through the built-in command line interface ( CLI ) "Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands," the maintainers  said  in a Wednesday advisory. "This command parser has a feature that replaces an @ character followed by a file path in an argument with the file's contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it." A threat actor could exploit this quirk to read arbitrary files on the Jenkins controller file system

The Hacker News

January 25, 2024

Security Vendors are Accused of Bending CVE Assignment Rules Full Text

Abstract Both Juniper Networks and Ivanti have attracted criticism from members of the infosec industry for the way they've handled the disclosure of vulnerabilities over the past week.

Cyware

January 24, 2024

Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters Full Text

Abstract Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters in the wild are estimated to be susceptible to the attack vector. In a report shared with The Hacker News, security researcher Ofir Yakobi said it "stems from a likely widespread misconception that the system:authenticated group in Google Kubernetes Engine includes only verified and deterministic identities, whereas in fact, it includes any Google authenticated account (even outside the organization)." The system:authenticated group is a special group that includes all authenticated entities, counting human users and service accounts. As a result, this could have serious consequences when administrators inadvertently bestow it with overly permi

The Hacker News

January 23, 2024

~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation Full Text

Abstract Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as CVE-2023-22527 (CVSS score: 10.0), the vulnerability impacts out-of-date versions of the software, allowing unauthenticated attackers to achieve remote code execution on susceptible installations. The shortcoming affects Confluence Data Center and Server 8 versions released before December 5, 2023, as well as 8.4.5. But merely days after the flaw became public knowledge, nearly 40,000 exploitation attempts targeting CVE-2023-22527 have been recorded in the wild as early as January 19 from more than 600 unique IP addresses, according to both the Shadowserver Foundation and the DFIR Report . The activity is currently limited "testing callback attempts and 'whoami' execution," suggesting that threat actors are opportunistically scanning for vulnerable servers

The Hacker News

January 18, 2024

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks Full Text

Abstract Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source  TensorFlow  machine learning framework could have been exploited to orchestrate  supply chain attacks . The misconfigurations could be abused by an attacker to "conduct a supply chain compromise of TensorFlow releases on GitHub and PyPi by compromising TensorFlow's build agents via a malicious pull request," Praetorian researchers Adnan Khan and John Stawinski  said  in a report published this week. Successful exploitation of these issues could permit an external attacker to upload malicious releases to the GitHub repository, gain remote code execution on the self-hosted GitHub runner, and even retrieve a GitHub Personal Access Token (PAT) for the  tensorflow-jenkins user . TensorFlow uses GitHub Actions to automate the software build, test, and deployment pipeline. Runners, which refer to machines that execute jobs in a GitHub Actions workflow, can be either self-

The Hacker News

January 18, 2024

Apple, AMD, Qualcomm, Imagination GPUs Open to Data Theft Using New LeftoverLocals Vulnerability Full Text

Abstract The vulnerability affects various GPU products, with AMD and Apple planning mitigations, and Imagination and Qualcomm issuing fixes. Nvidia and Arm are reportedly unaffected.

Cyware

January 18, 2024

PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft Full Text

Abstract Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface ( UEFI ) specification used widely in modern computers. Collectively dubbed  PixieFail  by Quarkslab, the  nine issues  reside in the TianoCore EFI Development Kit II ( EDK II ) and could be exploited to achieve remote code execution, denial-of-service (DoS), DNS cache poisoning, and leakage of sensitive information. UEFI firmware – which is responsible for  booting the operating system  – from AMI, Intel, Insyde, and Phoenix Technologies are impacted by the shortcomings. EDK II incorporates its own TCP/IP stack called  NetworkPkg  to enable network functionalities available during the initial Preboot eXecution Environment ( PXE , pronounced "pixie") stage, which allows for management tasks in the absence of a running operating system. In other words, it is a client-server interface to  boot a

The Hacker News

January 17, 2024

Vulnerabilities Discovered in Android-based POS Terminals From PAX Technology Full Text

Abstract The PoS terminals from PAX Technology, based on Android, are found to have several vulnerabilities that can be exploited to execute arbitrary code or commands, according to a report by STM Cyber.

Cyware

January 17, 2024

PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions Full Text

Abstract The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to their rapid deployment in Poland, said it unearthed half a dozen flaws that allow for privilege escalation and local code execution from the bootloader. Details about one of the vulnerabilities (CVE-2023-42133) have been currently withheld. The other flaws are listed below - CVE-2023-42134 & CVE-2023-42135 (CVSS score: 7.6) - Local code execution as root via kernel parameter injection in fastboot (Impacts PAX A920Pro/PAX A50) CVE-2023-42136 (CVSS score: 8.8) - Privilege escalation from any user/application to system user via shell injection binder-exposed service (Impacts All Android-based PAX PoS devices) CVE-2023-42137 (CVSS score: 8.8) - Privilege escalation from

The Hacker News

January 17, 2024

GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials Full Text

Abstract GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials within a production container. The Microsoft-owned subsidiary said it was made aware of the problem on December 26, 2023, and that it addressed the issue the same day, in addition to rotating all potentially exposed credentials out of an abundance of caution. The rotated keys include the GitHub commit signing key as well as GitHub Actions, GitHub Codespaces, and Dependabot customer encryption keys, necessitating users who rely on these keys to import the new ones. There is no evidence that the high-severity vulnerability, tracked as  CVE-2024-0200  (CVSS score: 7.2), has been previously found and exploited in the wild. "This vulnerability is also present on GitHub Enterprise Server (GHES)," GitHub's Jacob DePriest  said . "However, exploitation requires an authenticated user with an  organization owner role

The Hacker News

January 17, 2024

Citrix Warns Admins to Immediately Patch NetScaler for Actively Exploited Zero-Days Full Text

Abstract The vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, can lead to remote code execution or denial-of-service attacks, and specific recommendations for mitigating the risks are provided.

Cyware

January 16, 2024

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now Full Text

Abstract Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). "The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern," Jon Williams, a senior security engineer at Bishop Fox,  said  in a technical analysis shared with The Hacker News. The vulnerabilities in question are listed below - CVE-2022-22274  (CVSS score: 9.4) - A stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote, unauthenticated attacker to cause DoS or potentially result in code execution in the firewall. CVE-2023-0656  (CVSS score: 7.5) - A stack-based buffer overflow vulnerability in the SonicOS allows a remote, unauthenticated attacker to cause DoS, which could result in a crash. While there are no reports of exploitation of the flaws

The Hacker News

January 16, 2024

Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer Full Text

Abstract Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called  Phemedrone Stealer . "Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord," Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun  said . "It also takes screenshots and gathers system information regarding hardware, location, and operating system details. The stolen data is then sent to the attackers via Telegram or their command-and-control (C&C) server." The attacks leverage  CVE-2023-36025  (CVSS score: 8.8), a security bypass vulnerability in Windows SmartScreen, that could be exploited by tricking a user into clicking on a specially crafted Internet Shortcut (.URL) or a hyperlink pointing to an Internet Shortcut file. The actively-exploited shortcoming was  addressed  by Microsoft as part of its November 2023 Patch Tuesday updates.

The Hacker News

January 15, 2024

Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows Full Text

Abstract Cybersecurity researchers have disclosed a security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system. The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs research team owing to the fact that it takes advantage of a feature called  My Flow  that makes it possible to sync messages and files between mobile and desktop devices. "This is achieved through a controlled browser extension, effectively bypassing the browser's sandbox and the entire browser process," the company  said  in a statement shared with The Hacker News. The issue impacts both the Opera browser and Opera GX. Following responsible disclosure on November 17, 2023, it was addressed as part of  updates  shipped on November 22, 2023. My Flow features a chat-like interface to exchange notes and files, the latter of which can be opened via a web interface, meaning a file can be ex

The Hacker News

January 15, 2024

High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners Full Text

Abstract Multiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, if successfully exploited, could allow attackers to execute arbitrary code on affected systems. Romanian cybersecurity firm Bitdefender, which  discovered  the flaw in Bosch BCC100 thermostats last August, said the issue could be weaponized by an attacker to alter the device firmware and implant a rogue version. Tracked as  CVE-2023-49722  (CVSS score: 8.3), the high-severity vulnerability was addressed by Bosch in November 2023. "A network port 8899 is always open in BCC101/BCC102/BCC50 thermostat products, which allows an unauthenticated connection from a local WiFi network," the company  said  in an advisory. The issue, at its core, impacts the WiFi microcontroller that acts as a network gateway for the thermostat's logic microcontroller. By exploiting the flaw, an attacker could send commands to the thermostat, including writing a malicious updat

The Hacker News

January 15, 2024

China Warns of Apple AirDrop De-Anonymization Flaw Full Text

Abstract The Beijing Wangshendongjian Judicial Appraisal Institute Institute's claim that AirDrop's anonymization techniques can be easily circumvented raises concerns about the vulnerability of user identities and the potential for surveillance.

Cyware

January 13, 2024

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches Full Text

Abstract Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as  CVE-2024-21591 , is rated 9.8 on the CVSS scoring system. "An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS) or Remote Code Execution (RCE) and obtain root privileges on the device," the company  said  in an advisory. The networking equipment major, which is set to be  acquired by Hewlett Packard Enterprise (HPE)  for $14 billion, said the issue is caused by use of an insecure function allowing a bad actor to overwrite arbitrary memory. The flaw impacts the following versions, and has been fixed in versions 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and later - Junos OS versions earlier than 20.4R

The Hacker News

January 13, 2024

Vulnerability Affecting Smart Thermostats Patched by Bosch Full Text

Abstract German technology manufacturer Bosch has fixed a vulnerability in its popular line of smart thermostats that allowed attackers to replace the device firmware with a rogue version.

Cyware

January 11, 2024

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems Full Text

Abstract Cybersecurity researchers have  developed  a proof-of-concept (PoC) code that exploits a  recently disclosed critical flaw  in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is  CVE-2023-51467  (CVSS score: 9.8), a bypass for another severe shortcoming in the same software ( CVE-2023-49070 , CVSS score: 9.8) that could be weaponized to bypass authentication and remotely execute arbitrary code. While it was fixed in  Apache OFbiz version 18.12.11  released last month, threat actors have been observed attempting to exploit the flaw, targeting vulnerable instances. The latest findings from VulnCheck show that CVE-2023-51467 can be exploited to execute a payload directly from memory, leaving little to no traces of malicious activity. Security flaws disclosed in Apache OFBiz (e.g.,  CVE-2020-9496 ) have been  exploited  by threat actors in the past, including by threat actors associated with th

The Hacker News

January 10, 2024

Microsoft’s January 2024 Windows Update Patches 48 New Vulnerabilities Full Text

Abstract Microsoft has addressed a total of  48 security flaws  spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days. The fixes are in addition to  nine security vulnerabilities  that have been resolved in the Chromium-based Edge browser since the release of  December 2023 Patch Tuesday  updates. This also includes a fix for a zero-day ( CVE-2023-7024 , CVSS score: 8.8) that Google said has been actively exploited in the wild. The most critical among the flaws patched this month are as follows - CVE-2024-20674  (CVSS score: 9.0) - Windows Kerberos Security Feature Bypass Vulnerability CVE-2024-20700  (CVSS score: 7.5) - Windows Hyper-V Remote Code Execution Vulnerability "The authentication feature could be bypas

The Hacker News

January 9, 2024

High-Severity Vulnerabilities Patched in QNAP QTS, Video Station, QuMagie, Netatalk Products Full Text

Abstract While there is no evidence that the flaws have been exploited in the wild, it's recommended that users take steps to update their installations to the latest version to mitigate potential risks.

Cyware

January 09, 2024

Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager Full Text

Abstract A security flaw has been disclosed in Kyocera's  Device Manager  product that could be exploited by bad actors to carry out malicious activities on affected systems. "This vulnerability allows attackers to coerce authentication attempts to their own resources, such as a malicious SMB share, to capture or relay Active Directory hashed credentials if the 'Restrict NTLM: Outgoing NTLM traffic to remote servers' security policy is not enabled," Trustwave  said . Tracked as  CVE-2023-50916 , Kyocera, in an  advisory  released late last month, described it as a path traversal issue that enables an attacker to intercept and alter a local path pointing to the backup location of the database to a universal naming convention (UNC) path. This, in turn, causes the web application to attempt to authenticate the rogue UNC path, resulting in unauthorized access to clients' accounts and data theft. Furthermore, depending on the configuration of the environment, it could be exploited to

The Hacker News

January 9, 2024

Update: Apache OFBiz Zero-Day Sees Thousands of Daily Exploit Attempts Full Text

Abstract The authentication bypass flaw in OFBiz allows attackers to remotely execute arbitrary code and access sensitive information. Upgrading to OFBiz version 18.12.11 is crucial to patch both this zero-day vulnerability and another equally serious hole.

Cyware

January 05, 2024

Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution Full Text

Abstract Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS scoring system. The shortcoming impacts EPM 2021 and EPM 2022 prior to SU5. "If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication," Ivanti  said  in an advisory. "This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server." The disclosure arrived weeks after the company  resolved  nearly two dozen security flaws in its Avalanche enterprise mobile device management (MDM) solution. Of the 21 issues, 13 are rated critical (CVSS scores: 9.8

The Hacker News

January 4, 2024

Threat Actor Demands $1M for Remote Command Injection Vulnerability in Cisco ASA Full Text

Abstract The sale of this vulnerability poses significant risks, including network disruption, data compromise, and financial and reputational damage for organizations reliant on Cisco ASA.

Cyware

January 03, 2024

SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails Full Text

Abstract A new exploitation technique called Simple Mail Transfer Protocol ( SMTP ) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. "Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from arbitrary email addresses, allowing targeted phishing attacks," Timo Longin, a senior security consultant at SEC Consult,  said  in an analysis published last month. SMTP is a TCP/IP protocol used to send and receive email messages over a network. To relay a message from an email client (aka mail user agent), an SMTP connection is established between the client and server in order to transmit the actual content of the email. The server then relies on what's called a mail transfer agent (MTA) to check the domain of the recipient's email address, and if it's different from that of the sender, it queries the domain name system (DNS) to look up the  MX (mail exchanger) rec

The Hacker News

January 01, 2024

New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security Full Text

Abstract Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell ( SSH ) cryptographic network protocol that could allow an attacker to downgrade the connection's security by breaking the integrity of the secure channel. Called  Terrapin  ( CVE-2023-48795 , CVSS score: 5.9), the exploit has been described as the "first ever practically exploitable prefix truncation attack." "By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it," researchers Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk  said . SSH is a  method  for securely sending commands to a computer over an unsecured network. It relies on cryptography to authenticate and encrypt connections between devices. This is accomplished by means of a handshake in which a client and server agree up

The Hacker News

December 29, 2023

Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks Full Text

Abstract Microsoft on Thursday said it's once again disabling the  ms-appinstaller protocol handler  by default following its abuse by multiple threat actors to distribute malware. "The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution," the Microsoft Threat Intelligence team  said . It further noted that several cybercriminals are offering a malware kit for sale as a service that leverages the MSIX file format and ms-appinstaller protocol handler. The  changes  have gone into effect in App Installer version 1.21.3421.0 or higher. The attacks take the form of signed malicious MSIX application packages that are distributed via Microsoft Teams or malicious advertisements for legitimate popular software on search engines like Google. At least four different financially motivated hacking groups have been observed taking advantage of the App Installer service since mi

The Hacker News

December 28, 2023

Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service Full Text

Abstract Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the  Fluent Bit  logging container could combine that access with high privileges required by  Anthos Service Mesh  (on clusters that have enabled it) to escalate privileges in the cluster," the company  said  as part of an advisory released on December 14, 2023. Palo Alto Networks Unit 42, which discovered and reported the shortcoming, said adversaries could weaponize it to carry out "data theft, deploy malicious pods, and disrupt the cluster's operations." There is no evidence that the issue has been exploited in the wild. It has been addressed in the following versions of Google Kubernetes Engine (GKE) and Anthos Service Mesh (ASM) - 1.25.16-gke.1020000 1.26.10-gke.1235000 1.27.7-gke.1293000 1.28.4-gke.1083000 1.17.8-asm.8 1.18.

The Hacker News

December 28, 2023

Three Main Tactics Attackers Use to Bypass MFA Full Text

Abstract SE Labs has warned that multi-factor authentication (MFA) is not foolproof and can be bypassed by attackers using old-school methods such as social engineering, malware, and phishing.

Cyware

December 27, 2023

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack Full Text

Abstract A new zero-day security flaw has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as  CVE-2023-51467 , resides in the login functionality and is the result of an incomplete patch for another critical vulnerability ( CVE-2023-49070 , CVSS score: 9.8) that was released earlier this month. "The  security measures  taken to patch CVE-2023-49070 left the root issue intact and therefore the authentication bypass was still present," the SonicWall Capture Labs threat research team, which discovered the bug,  said  in a statement shared with The Hacker News. CVE-2023-49070 refers to a pre-authenticated remote code execution flaw impacting versions prior to 18.12.10 that, when successfully exploited, could allow threat actors to gain full control over the server and siphon sensitive data. It is caused due to a deprecated XML-RPC component within Apache

The Hacker News

December 26, 2023

Ubuntu Security Updates Fixed Vim Vulnerabilities Full Text

Abstract The vulnerabilities range from denial of service risks to arbitrary code execution possibilities. It emphasizes the importance of regularly updating Vim and applying security patches to mitigate these risks.

Cyware

December 23, 2023

ESET Fixed a High-Severity Bug in the Secure Traffic Scanning Feature of Several Products Full Text

Abstract The vulnerability was due to improper validation of server certificates, allowing browsers to trust sites with certificates signed with outdated algorithms. ESET has released security patches and is not aware of any attacks exploiting this flaw.

Cyware

December 21, 2023

Google Addressed a New Actively Exploited Chrome Zero-Day Full Text

Abstract Google has released emergency updates to fix a zero-day vulnerability in the Chrome browser. The vulnerability, known as CVE-2023-7024, is a heap buffer overflow issue in WebRTC.

Cyware

December 18, 2023

Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits Full Text

Abstract Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans any user interaction. "An attacker on the internet can chain the vulnerabilities together to create a full, zero-click remote code execution (RCE) exploit against Outlook clients," Akamai security researcher Ben Barnea, who discovered the vulnerabilities, said in a  two-part   report  shared with The Hacker News. The security issues, which were addressed by Microsoft in  August  and  October 2023 , respectively, are listed below - CVE-2023-35384  (CVSS score: 5.4) - Windows HTML Platforms Security Feature Bypass Vulnerability CVE-2023-36710  (CVSS score: 7.8) - Windows Media Foundation Core Remote Code Execution Vulnerability CVE-2023-35384 has been described by Akamai as a bypass for a critical security flaw that Microsoft patched in March 2023. Tracked as  CVE-2023-23397  (C

The Hacker News

December 15, 2023

New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now Full Text

Abstract Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. The issues relate to two reflected cross-site scripting ( XSS ) bugs and one command injection flaw, according to new findings from Sonar. "Security inside a local network is often more lax as network administrators trust their firewalls to protect them from remote attacks," security researcher Oskar Zeino-Mahmalat  said . "Potential attackers could have used the discovered vulnerabilities to spy on traffic or attack services inside the local network." Impacting pfSense CE 2.7.0 and below and pfSense Plus 23.05.1 and below, the shortcomings could be weaponized by tricking an authenticated pfSense user (i.e., an admin user) into clicking on a specially crafted URL, which contains an XSS payload that activates command injection. A brief description

The Hacker News

December 13, 2023

Sophos Backports Fix for CVE-2022-3236 for EOL Firewall Firmware Full Text

Abstract Sophos has backported the patch for CVE-2022-3236 to end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the vulnerability. The code injection vulnerability is being actively exploited by threat actors to target South Asia.

Cyware

December 13, 2023

Microsoft’s Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical Full Text

Abstract Microsoft released its final set of Patch Tuesday updates for 2023, closing out  33 flaws  in its software, making it one of the lightest releases in recent years. Of the 33 shortcomings, four are rated Critical and 29 are rated Important in severity. The fixes are in addition to  18 flaws  Microsoft addressed in its Chromium-based Edge browser since the release of  Patch Tuesday updates for November 2023 . According to data from the  Zero Day Initiative , the software giant has patched more than 900 flaws this year, making it one of the busiest years for Microsoft patches. For comparison, Redmond resolved 917 CVEs in 2022. While none of the vulnerabilities are listed as publicly known or under active attack at the time of release, some of the notable ones are listed below - CVE-2023-35628  (CVSS score: 8.1) - Windows MSHTML Platform Remote Code Execution Vulnerability CVE-2023-35630  (CVSS score: 8.8) - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability CVE

The Hacker News

December 12, 2023

Gamers Warned of Potential CS2 Exploit That can Reveal IP Addresses Full Text

Abstract The exploit, which is an XSS vulnerability, allows players to display GIFs using HTML code blocks in-game. This poses a potential security threat to players, as the exploit can access player IP addresses and potentially execute code on their PCs.

Cyware

December 12, 2023

Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws Full Text

Abstract Apple on Monday released  security patches  for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for  12 security vulnerabilities  in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari Private Browsing, and WebKit.  macOS Sonoma 14.2 , for its part, resolves 39 shortcomings, counting six bugs impacting the  ncurses library . Notable among the flaws is  CVE-2023-45866 , a critical security issue in Bluetooth that could allow an attacker in a privileged network position to inject keystrokes by spoofing a keyboard. The vulnerability was disclosed by SkySafe security researcher Marc Newlin last week. It has been remediated in iOS 17.2, iPadOS 17.2, and macOS Sonoma 14.2 with improved checks, the iPhone maker said. Also released by Apple is  Safari 17.2 , containing fixes for two WebKit flaws – C

The Hacker News

December 12, 2023

New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now Full Text

Abstract Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked as  CVE-2023-50164 , the vulnerability is  rooted  in a flawed "file upload logic" that could enable unauthorized path traversal and could be exploited under the circumstances to upload a malicious file and achieve execution of arbitrary code. Struts is a Java framework that uses the Model-View-Controller ( MVC ) architecture for building enterprise-oriented web applications. Steven Seeley of Source Incite has been credited with discovering and reporting the flaw, which impacts the following versions of the software - Struts 2.3.37 (EOL) Struts 2.5.0 - Struts 2.5.32, and Struts 6.0.0 - Struts 6.3.0 Patches for the bug are available in versions 2.5.33 and 6.3.0.2 or greater. There are no workarounds that remediate the issue. "All developers are strongly advised to perform this upgr

The Hacker News

December 11, 2023

Apache Fixed Critical RCE Flaw CVE-2023-50164 in Struts 2 Full Text

Abstract The Apache Software Foundation has released security updates to address a critical file upload vulnerability in the Struts 2 framework, which could allow for remote code execution.

Cyware

December 9, 2023

Researchers Automated Jailbreaking of LLMs With Other LLMs Full Text

Abstract Researchers have developed an automated machine learning technique, called TAP, that can quickly exploit vulnerabilities in large language models (LLMs) and make them produce harmful and toxic responses.

Cyware

December 09, 2023

SLAM Attack: New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUs Full Text

Abstract Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called  SLAM  that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The attack is an end-to-end exploit for Spectre based on a new feature in Intel CPUs called  Linear Address Masking  ( LAM ) as well as its analogous counterparts from AMD (called  Upper Address Ignore  or  UAI ) and Arm (called  Top Byte Ignore  or  TBI ). "SLAM exploits unmasked gadgets to let a userland process leak arbitrary ASCII kernel data," VUSec researchers  said , adding it could be leveraged to leak the root password hash within minutes from kernel memory. While LAM is presented as a security feature, the study found that it ironically degrades security and "dramatically" increases the  Spectre attack surface , resulting in a transient execution attack, which exploits  speculative execution  to extract sensitive data via

The Hacker News

December 08, 2023

New 5G Modems Flaws Affect iOS Devices and Android Models from Major Brands Full Text

Abstract A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS. Of the 14 flaws – collectively called  5Ghoul  (a combination of "5G" and "Ghoul") – 10 affect 5G modems from the two companies, out of which three have been classified as high-severity vulnerabilities. "5Ghoul vulnerabilities may be exploited to continuously launch attacks to drop the connections, freeze the connection that involve manual reboot or downgrade the 5G connectivity to 4G," the researchers  said  in a study published today. As many as 714 smartphones from 24 brands are impacted, including those from Vivo, Xiaomi, OPPO, Samsung, Honor, Motorola, realme, OnePlus, Huawei, ZTE, Asus, Sony, Meizu, Nokia, Apple, and Google. The vulnerabilities were disclosed by a team of researchers from the ASSET (Automated

The Hacker News

December 8, 2023

Novel ‘DDSpoof’ Attacks Abuse Microsoft DHCP Servers to Spoof DNS Records Full Text

Abstract The default configuration of Microsoft Dynamic Host Configuration Protocol (DHCP) servers leaves a significant number of organizations vulnerable to these attacks, making them accessible to a wide range of attackers.

Cyware

December 08, 2023

WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability Full Text

Abstract WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. "A remote code execution vulnerability that is not directly exploitable in core; however, the security team feels that there is a potential for high severity when combined with some plugins, especially in multisite installations," WordPress  said . According to WordPress security company Wordfence, the  issue  is rooted in the WP_HTML_Token class that was introduced in version 6.4 to improve HTML parsing in the block editor. A threat actor with the ability to exploit a PHP object injection vulnerability present in any other plugin or theme to chain the two issues to execute arbitrary code and seize control of the targeted site. "If a  POP [property-oriented programming] chain  is present via an additional plugin or theme installed on the target system, it could all

The Hacker News

December 7, 2023

Google Pushes Yet Another Security Update to Its Chrome Browser Full Text

Abstract Chrome version 120 includes 10 bug fixes, with two of them being highly critical security patches. The high-ranked security vulnerabilities include "Use after free" exploits in Media Stream and Side Panel Search.

Cyware

December 7, 2023

Dangerous Vulnerability in Fleet Management Software Seemingly Ignored by Vendor Full Text

Abstract The vulnerability, which impacts the Syrus4 IoT gateway made by Digital Communications Technologies (DCT), gives hackers access to the software and commands used to manage thousands of vehicles.

Cyware

December 07, 2023

New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices Full Text

Abstract A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices. Tracked as  CVE-2023-45866 , the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim. "Multiple Bluetooth stacks have authentication bypass vulnerabilities that permit an attacker to connect to a discoverable host without user confirmation and inject keystrokes," said security researcher  Marc Newlin , who  disclosed  the flaws to the software vendors in August 2023. Specifically, the attack deceives the target device into thinking that it's connected to a Bluetooth keyboard by taking advantage of an "unauthenticated pairing mechanism" that's defined in the Bluetooth specification. Successful exploitation of the flaw could permit an adversary in close physical proximity to connect to a vulnerable device and trans

The Hacker News

December 7, 2023

Apple and Some Linux Distros are Open to Bluetooth Attack Full Text

Abstract A Bluetooth authentication bypass vulnerability, tracked as CVE-2023-45866, allows attackers to connect to Apple, Android, and Linux devices and inject keystrokes to run arbitrary commands.

Cyware

December 06, 2023

Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts Full Text

Abstract Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth  said  in a Tuesday analysis. AWS STS is a  web service  that enables users to request temporary, limited-privilege credentials for users to access AWS resources without needing to create an AWS identity. These STS tokens can be valid  anywhere from 15 minutes to 36 hours . Threat actors can steal long-term IAM tokens through a variety of methods like malware infections, publicly exposed credentials, and phishing emails, subsequently using them to determine roles and privileges associated with those tokens via API calls. "Depending on the token's permission level, adversaries may also be able to use it to create additional IAM users with long-term AKIA tokens to e

The Hacker News

December 6, 2023

Post-Exploitation Tampering Technique can be Used to Simulate Fake Lockdown Mode on iPhones Full Text

Abstract Hackers can manipulate Lockdown Mode to provide visual cues of activation without actually implementing any protections. Lockdown Mode should not be relied upon as a comprehensive security measure and users should be aware of its limitations.

Cyware

December 06, 2023

Sierra:21 - Flaws in Sierra Wireless Routers Expose Critical Sectors to Cyber Attacks Full Text

Abstract A collection of 21 security flaws have been discovered in Sierra Wireless AirLink cellular routers and open-source software components like  TinyXML  and  OpenNDS . Collectively tracked as  Sierra:21 , the issues expose over 86,000 devices across critical sectors like energy, healthcare, waste management, retail, emergency services, and vehicle tracking to cyber threats, according to Forescout Vedere Labs. A majority of these devices are located in the U.S., Canada, Australia, France, and Thailand. "These vulnerabilities may allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device and use it as an initial access point into critical networks," the industrial cybersecurity company  said  in a new analysis. Of the 21 vulnerabilities, one is rated critical, nine are rated high, and 11 are rated medium in severity. This includes remote code execution (RCE), cross-site scripting (XSS), denial-of-service (DoS), unauthori

The Hacker News

December 06, 2023

Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution Full Text

Abstract Atlassian has released software fixes to address  four critical flaws  in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below - CVE-2022-1471  (CVSS score: 9.8) - Deserialization vulnerability in  SnakeYAML library  that can lead to remote code execution in multiple products CVE-2023-22522  (CVSS score: 9.0) - Remote code execution vulnerability in Confluence Data Center and Confluence Server (affects all versions including and after 4.0.0) CVE-2023-22523  (CVSS score: 9.8) - Remote code execution vulnerability in Assets Discovery for Jira Service Management Cloud, Server, and Data Center (affects all versions up to but not including 3.2.0-cloud / 6.2.0 data center and server) CVE-2023-22524  (CVSS score: 9.6) - Remote code execution vulnerability in Atlassian Companion app for macOS (affects all versions up to but not including 2.0.0) Atlassian described CVE-2023-22522 as a template injection flaw that allo

The Hacker News

December 05, 2023

Warning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode Attack Full Text

Abstract A new "post-exploitation tampering technique" can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when it's actually not and carry out covert attacks. The novel method, detailed by Jamf Threat Labs in a  report  shared with The Hacker News, "shows that if a hacker has already infiltrated your device, they can cause Lockdown Mode to be 'bypassed' when you trigger its activation." In other words, the goal is to implement Fake Lockdown Mode on a device that's compromised by an attacker through other means, such as  unpatched security flaws  that can trigger execution of arbitrary code. Lockdown Mode , introduced by Apple last year with iOS 16, is an  enhanced security measure  that aims to safeguard high-risk individuals from sophisticated digital threats such as mercenary spyware by  minimizing the attack surface . What it doesn't do is prevent the execution of mali

The Hacker News

December 05, 2023

15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack Full Text

Abstract New research has found that over 15,000 Go module repositories on GitHub are vulnerable to an attack called repojacking. "More than 9,000 repositories are vulnerable to repojacking due to GitHub username changes," Jacob Baines, chief technology officer at VulnCheck,  said  in a report shared with The Hacker News. "More than 6,000 repositories were vulnerable to repojacking due to account deletion." Collectively, these repositories account for no less than 800,000 Go module-versions. Repojacking , a portmanteau of "repository" and "hijacking," is an attack technique that allows a bad actor to take advantage of account username changes and deletions to create a repository with the same name and the pre-existing username to stage open-source software supply chain attacks. Earlier this June, cloud security firm Aqua  revealed  that millions of software repositories on GitHub are likely vulnerable to the threat, urging organizations that undergo

The Hacker News

December 04, 2023

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks Full Text

Abstract New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers. The issues, collectively named  BLUFFS , impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier  CVE-2023-24023  (CVSS score: 6.8) and were responsibly disclosed in October 2022. The attacks "enable device impersonation and machine-in-the-middle across sessions by only compromising one session key," EURECOM researcher Daniele Antonioli said in a study published late last month. This is made possible by leveraging two new flaws in the Bluetooth standard's session key derivation mechanism that allow the derivation of the same key across sessions. While forward secrecy in key-agreement cryptographic protocols ensures that past communications are not revealed, even if the private keys to a particular exchange are re

The Hacker News

December 04, 2023

LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks Full Text

Abstract The Unified Extensible Firmware Interface ( UEFI ) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled  LogoFAIL  by Binarly, "can be used by threat actors to deliver a malicious payload and bypass Secure Boot, Intel Boot Guard, and other security technologies by design." Furthermore, they can be weaponized to bypass security solutions and deliver persistent malware to compromised systems during the boot phase by injecting a malicious logo image file into the  EFI system partition . While the issues are not silicon-specific, meaning they impact both x86 and ARM-based devices, they are also UEFI and IBV-specific. The vulnerabilities comprise a heap-based buffer overflow flaw and an out-of-bounds read, details of which are expected to be made public later this week at the  Black Hat Europe conference .

The Hacker News

December 1, 2023

Simple Hacking Technique can Extract ChatGPT Training Data Full Text

Abstract Researchers from Google DeepMind, Cornell University, and other institutions have discovered that the popular AI chatbot ChatGPT is susceptible to leaking data when prompted to repeat certain words.

Cyware

November 30, 2023

Claiming Zoom Rooms Service Accounts to Gain Access to Tenants Full Text

Abstract The finding highlights the potential misuse of service accounts to gain unauthorized access to SaaS systems. Abusing the bug enabled attackers to predict service account email addresses, hijack the accounts, and collect sensitive information.

Cyware

November 30, 2023

Zyxel Security Advisory for Authentication Bypass and Command Injection Vulnerabilities in NAS products Full Text

Abstract Three Command injection vulnerabilities have been discovered in Zyxel NAS (Network Attached Storage) products, which could allow a threat actor to execute system commands on successful exploitation of these vulnerabilities.

Cyware

November 29, 2023

PoCs for Critical Arcserve UDP Vulnerabilities Released Full Text

Abstract Arcserve UDP is a popular enterprise data protection, backup and disaster recovery solution. The flaws were unearthed by Tenable researchers and privately disclosed to Arcserve in late August 2023.

Cyware

November 28, 2023

Critical Vulnerability Found in Ray AI Framework Full Text

Abstract CVE-2023-48023 is rooted in the fact that, in its default configuration, Ray does not enforce authentication, and does not appear to support any type of authorization model.

Cyware

November 28, 2023

Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access Full Text

Abstract Cybersecurity researchers have detailed a "severe design flaw" in Google Workspace's domain-wide delegation ( DWD ) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges. "Such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all of the identities in the target domain," cybersecurity firm Hunters  said  in a technical report shared with The Hacker News. The design weakness – which remains active to this date – has been codenamed  DeleFriend  for its ability to manipulate existing delegations in the Google Cloud Platform (GCP) and Google Workspace without possessing super admin privileges. Domain-wide delegation, per Google, is a "powerful feature" that allows third-party and internal apps to access users' data across an organizatio

The Hacker News

November 28, 2023

DeleFriend: Severe Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable to Takeover Full Text

Abstract The vulnerability is rooted in the fact that a domain delegation configuration is determined by the service account resource identifier (OAuth ID), and not the specific private keys associated with the service account identity object.

Cyware

November 28, 2023

Hackers Can Exploit ‘Forced Authentication’ to Steal Windows NTLM Tokens Full Text

Abstract Cybersecurity researchers have discovered a case of "forced authentication" that could be exploited to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking a victim into opening a specially crafted Microsoft Access file. The attack takes advantage of a legitimate feature in the database management system solution that allows users to  link to external data sources , such as a remote SQL Server table. "This feature can be abused by attackers to automatically leak the Windows user's NTLM tokens to any attacker-controlled server, via any TCP port, such as port 80," Check Point security researcher Haifei Li  said . "The attack can be launched as long as the victim opens an .accdb or .mdb file. In fact, any more-common Office file type (such as a .rtf ) can work as well." NTLM, an authentication protocol introduced by Microsoft in 1993, is a challenge-response protocol that's used to authenticate users during sign-in. Over the years,

The Hacker News

November 27, 2023

Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections Full Text

Abstract A new study has demonstrated that it's possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established. The Secure Shell (SSH) protocol is a method for securely transmitting commands and logging in to a computer over an unsecured network. Based on a client-server architecture, SSH uses cryptography to authenticate and encrypt connections between devices. A host key is a cryptographic key used for authenticating computers in the SSH protocol. Host keys are key pairs that are typically generated using public-key cryptosystems like RSA . "If a signing implementation using CRT-RSA has a fault during signature computation, an attacker who observes this signature may be able to compute the signer's private key," a group of academics from the University of California, San Diego, and Massachusetts Institute of Technology said

The Hacker News

November 25, 2023

Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches Full Text

Abstract The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files. A brief description of the vulnerabilities is as follows - Disclosure of sensitive credentials and configuration in containerized deployments impacting graphapi versions from 0.2.0 to 0.3.0. (CVSS score: 10.0) WebDAV Api Authentication Bypass using Pre-Signed URLs impacting core versions from 10.6.0 to 10.13.0 (CVSS score: 9.8) Subdomain Validation Bypass impacting oauth2 prior to version 0.6.1 (CVSS score: 9.0) "The 'graphapi' app relies on a third-party library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo)," the company  said  of the first flaw. "This information includes all the environment variables of the web server. In containerized deployments, these environment variables may include sensitiv

The Hacker News

November 22, 2023

Windows Hello Fingerprint Authentication Bypassed on Popular Laptops Full Text

Abstract Researchers from Blackwing Intelligence and Microsoft's MORSE have discovered a way to bypass fingerprint authentication on three popular laptops with Windows Hello, namely the Dell Inspiron 15, Lenovo ThinkPad T14s, and Microsoft Surface Pro X.

Cyware

November 22, 2023

New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login Full Text

Abstract A new research has uncovered multiple vulnerabilities that could be exploited to bypass  Windows Hello authentication  on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws were discovered by researchers at hardware and software product security and offensive research firm Blackwing Intelligence, who found the weaknesses in the fingerprint sensors from Goodix, Synaptics, and ELAN that are embedded into the devices. A prerequisite for fingerprint reader exploits is that the users of the targeted laptops have fingerprint authentication already set up. All the fingerprint sensors are a type of sensor called "match on chip" ( MoC ), which integrates the matching and other biometric management functions directly into the sensor's integrated circuit. "While MoC prevents replaying stored fingerprint data to the host for matching, it does not, in itself, prevent a malicious sensor from spoofing a legitimate sensor's communication w

The Hacker News

November 22, 2023

Update: Citrix Provides Additional Measures to Address Citrix Bleed Full Text

Abstract The CVE-2023-4966 vulnerability has been actively exploited by threat actors since late August, allowing them to hijack authenticated sessions and bypass strong authentication measures.

Cyware

November 20, 2023

Johnson Controls Patches Critical Vulnerability in Industrial Refrigeration Products Full Text

Abstract Johnson Controls has released patches for a critical vulnerability found in some of its industrial refrigeration products. The flaw, known as CVE-2023-4804, could allow unauthorized access to debug features.

Cyware

November 20, 2023

Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking Full Text

Abstract Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called  Randstorm  that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms. "Randstorm() is a term we coined to describe a collection of bugs, design decisions, and API changes that, when brought in contact with each other, combine to dramatically reduce the quality of random numbers produced by web browsers of a certain era (2011-2015)," Unciphered  disclosed  in a report published last week. It's estimated that approximately 1.4 million bitcoins are parked in wallets that were generated with potentially weak cryptographic keys. Customers can check whether their wallets are vulnerable at www.keybleed[.]com. The cryptocurrency recovery company said it re-discovered the problem in January 2022 while it was  working for an unnamed customer  who had been locked out of its Blockchain.com wallet. The issue

The Hacker News

November 18, 2023

Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools Full Text

Abstract The Huntr bug bounty platform has discovered multiple vulnerabilities in popular AI/ML tools, including H2O-3, MLflow, and Ray, which could lead to system takeover and data theft.

Cyware

November 16, 2023

Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups Full Text

Abstract A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. "Most of this activity occurred after the initial fix became public on GitHub," Google Threat Analysis Group (TAG)  said  in a report shared with The Hacker News. The flaw, tracked as  CVE-2023-37580  (CVSS score: 6.1), is a  reflected cross-site scripting  (XSS) vulnerability impacting versions before 8.8.15 Patch 41. It was  addressed  by Zimbra as part of patches released on July 25, 2023. Successful exploitation of the shortcoming could allow execution of malicious scripts on the victims' web browser simply by tricking them into clicking on a specially crafted URL, effectively initiating the XSS request to Zimbra and reflecting the attack back to the user. Google TAG, whose researcher Clément Lecigne was credited with discovering and reporting the bug, said it discovered multipl

The Hacker News

November 16, 2023

21 Vulnerabilities Discovered in Crucial IT-OT Connective Routers Full Text

Abstract These vulnerabilities, including critical and high-severity bugs, can enable attackers to compromise networks, deploy malware, and disrupt services, highlighting the need for improved security measures in OT and IoT devices.

Cyware

November 16, 2023

Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks Full Text

Abstract A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks. "Starting from a single compromised machine, threat actors could progress in several ways: they could move to other cloned machines with  GCPW  installed, gain access to the cloud platform with custom permissions, or decrypt locally stored passwords to continue their attack beyond the Google ecosystem," Martin Zugec, technical solutions director at Bitdefender,  said  in a new report. A prerequisite for these attacks is that the bad actor has already gained access to a local machine through other means, prompting Google to mark the bug as  not eligible for fixing  "since it's outside of our threat model and the behavior is in line with Chrome's practices of storing local data." However, the Romanian cybersecurity firm has wa

The Hacker News

November 15, 2023

Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments Full Text

Abstract Intel has released fixes to close out a high-severity flaw codenamed  Reptar  that impacts its desktop, mobile, and server CPUs. Tracked as  CVE-2023-23583  (CVSS score: 8.8), the  issue  has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local access." Successful exploitation of the vulnerability could also permit a bypass of the CPU's security boundaries, according to Google Cloud, which described it as an issue stemming from how redundant prefixes are interpreted by the processor. "The impact of this vulnerability is demonstrated when exploited by an attacker in a multi-tenant virtualized environment, as the exploit on a guest machine causes the host machine to crash resulting in a Denial of Service to other guest machines running on the same host," Google Cloud's Phil Venables  said . "Additionally, the vulnerability could potentially lead to information disclosure or privilege escala

The Hacker News

November 15, 2023

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities Full Text

Abstract Microsoft has released fixes to address  63 security bugs  in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release. The updates are in addition to  more than 35 security shortcomings  addressed in its Chromium-based Edge browser since the release of Patch Tuesday updates for October 2023. The five zero-days that are of note are as follows - CVE-2023-36025  (CVSS score: 8.8) - Windows SmartScreen Security Feature Bypass Vulnerability CVE-2023-36033  (CVSS score: 7.8) - Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36036  (CVSS score: 7.8) - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2023-36038  (CVSS score: 8.2) - ASP.NET Core Denial of Service Vulnerability CV

The Hacker News

November 15, 2023

Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability Full Text

Abstract VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as  CVE-2023-34060  (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. "On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console)," the company  said  in an alert. "This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present." The virtualization services company further noted that the impact is due to the fact that it utilizes a version of sssd from the underlying Photon OS that is affected by  CVE-2023-34060 . Dustin Hartle from IT solutions provider Idea

The Hacker News

November 14, 2023

CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs Full Text

Abstract A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization ( SEV ) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The attack has been codenamed  CacheWarp  (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security. It impacts AMD CPUs supporting all variants of SEV. "For this research, we specifically looked at AMD's newest TEE, AMD SEV-SNP, relying on the experience from previous attacks on Intel's TEE," security researcher Ruiyi Zhang told The Hacker News. "We found the 'INVD' instruction [flush a processor's cache contents] could be abused under the threat model of AMD SEV." SEV, an  extension  to the AMD-V architecture and introduced in 2016, is designed to isolate VMs from the hypervisor by encrypting the memory contents of the VM with a unique

The Hacker News

November 10, 2023

Alert: ‘Effluence’ Backdoor Persists Despite Patching Atlassian Confluence Servers Full Text

Abstract Cybersecurity researchers have discovered a stealthy backdoor named  Effluence  that's deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a persistent backdoor and is not remediated by applying patches to Confluence," Aon's Stroz Friedberg Incident Response Services  said  in an analysis published earlier this week. "The backdoor provides capability for lateral movement to other network resources in addition to exfiltration of data from Confluence. Importantly, attackers can access the backdoor remotely without authenticating to Confluence." The attack chain documented by the cybersecurity entity entailed the exploitation of  CVE-2023-22515  (CVSS score: 10.0), a critical bug in Atlassian that could be abused to create unauthorized Confluence administrator accounts and access Confluence servers. Atlassian has since disclosed a second flaw known as  CV

The Hacker News

November 9, 2023

SysAid Zero-Day Vulnerability Exploited by Ransomware Group Full Text

Abstract The vulnerability, tracked as CVE-2023-47246, allows for arbitrary code execution and has been exploited by a threat actor known as Lace Tempest, who is associated with the deployment of Cl0p ransomware.

Cyware

November 8, 2023

Royal Mail Jeopardizes Users With Open Redirect Flaw Full Text

Abstract “The vulnerability can be exploited by attackers to trick users into visiting malicious websites or phishing pages by disguising the malicious URL as a legitimate one,” Cybernews researchers explained.

Cyware

November 7, 2023

37 Vulnerabilities Patched in Android With November 2023 Security Updates Full Text

Abstract The November 2023 Android security update addresses high-severity vulnerabilities in the System component, with additional fixes for Arm, MediaTek, and Qualcomm components.

Cyware

November 07, 2023

Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now Full Text

Abstract Veeam has released  security updates  to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity. The list of vulnerabilities is as follows - CVE-2023-38547  (CVSS score: 9.9) - An unspecified flaw that can be leveraged by an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database, resulting in remote code execution on the SQL server. CVE-2023-38548  (CVSS score: 9.8) - A flaw in Veeam ONE that allows an unprivileged user with access to the Veeam ONE Web Client to obtain the NTLM hash of the account used by the Veeam ONE Reporting Service. CVE-2023-38549  (CVSS score: 4.5) - A cross-site scripting (XSS) vulnerability that allows a user with the Veeam ONE Power User role to obtain the access token of a user with the Veeam ONE Administrator role. CVE-2023-41723  (CVSS score: 4.3) - A vulnerability in Veeam ONE that permits a user with the Veeam ONE Rea

The Hacker News

November 06, 2023

QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices Full Text

Abstract QNAP has released security updates to address two critical security flaws impacting its operating system that could result in arbitrary code execution. Tracked as  CVE-2023-23368  (CVSS score: 9.8), the vulnerability is described as a command injection bug affecting QTS, QuTS hero, and QuTScloud. "If exploited, the vulnerability could allow remote attackers to execute commands via a network," the company said in an advisory published over the weekend. The shortcoming spans the below versions - QTS 5.0.x (Fixed in QTS 5.0.1.2376 build 20230421 and later) QTS 4.5.x (Fixed in QTS 4.5.4.2374 build 20230416 and later) QuTS hero h5.0.x (Fixed in QuTS hero h5.0.1.2376 build 20230421 and later) QuTS hero h4.5.x (Fixed in QuTS hero h4.5.4.2374 build 20230417 and later) QuTScloud c5.0.x (Fixed in QuTScloud c5.0.1.2374 and later) Also fixed by QNAP is another command injection flaw in QTS, Multimedia Console, and Media Streaming add-on ( CVE-2023-23369 , CVSS score: 9.0) th

The Hacker News

November 06, 2023

Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel Full Text

Abstract Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure. The tool, called Google Calendar RAT (GCR) , employs Google Calendar Events for C2 using a Gmail account. It was first published to GitHub in June 2023. "The script creates a 'Covert Channel' by exploiting the event descriptions in Google Calendar," according to its developer and researcher, who goes by the online alias MrSaighnal. "The target will connect directly to Google." The tech giant, in its eighth Threat Horizons report , said it has not observed the use of the tool in the wild, but noted its Mandiant threat intelligence unit has detected several threat actors sharing the PoC on underground forums. "GCR, running on a compromised machine, periodically polls the Calendar event description for new commands, executes those commands on the target device, and then upda

The Hacker News

November 4, 2023

Four Zero-Day Flaws Disclosed in Microsoft Exchange Full Text

Abstract Researchers have disclosed four zero-day vulnerabilities in Microsoft Exchange that can be exploited remotely, potentially allowing attackers to execute arbitrary code or access sensitive information.

Cyware

November 2, 2023

Researchers Discover 117 Vulnerabilities in Microsoft 365 Apps via the SketchUp 3D Library Full Text

Abstract By developing a SketchUp fuzzing harness and using a dumb file format fuzzer, 20 unique vulnerabilities, including use-after-free and stack buffer overflow, were discovered in just one month.

Cyware

November 02, 2023

Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover Full Text

Abstract As many as 34 unique vulnerable Windows Driver Model ( WDM ) and Windows Driver Frameworks ( WDF ) drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems. "By exploiting the drivers, an attacker without privilege may erase/alter firmware, and/or elevate [operating system] privileges," Takahiro Haruyama, a senior threat researcher at VMware Carbon Black,  said . The  research  expands on previous studies, such as  ScrewedDrivers  and  POPKORN  that utilized  symbolic execution  for automating the discovery of vulnerable drivers. It specifically focuses on drivers that contain firmware access through port I/O and memory-mapped I/O. The names of some of the vulnerable drivers include AODDriver.sys, ComputerZ.sys, dellbios.sys, GEDevDrv.sys, GtcKmdfBs.sys, IoAccess.sys, kerneld.amd64, ngiodriver.sys, nvoclock.sys, PDFWKRNL.sys ( CVE-2023-20598 ), RadHwMgr.sys, rtif.sys, rtport.sys, s

The Hacker News

November 02, 2023

FIRST Announces CVSS 4.0 - New Vulnerability Scoring System Full Text

Abstract The Forum of Incident Response and Security Teams (FIRST) has officially announced  CVSS v4.0 , the next generation of the Common Vulnerability Scoring System standard, more than eight years after the release of CVSS v3.0 in June 2015. "This latest version of  CVSS 4.0  seeks to provide the highest fidelity of vulnerability assessment for both industry and the public," FIRST  said  in a statement. CVSS essentially provides a way to capture the principal technical characteristics of a security vulnerability and produce a numerical score denoting its severity. The score can be translated into various levels, such as low, medium, high, and critical, to help organizations prioritize their vulnerability management processes. One of the core updates to CVSS v3.1,  released  in July 2019, was to  emphasize and clarify  that "CVSS is designed to measure the severity of a vulnerability and should not be used alone to assess risk." CVSS v3.1 has also  attracted criticis

The Hacker News

November 02, 2023

HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability Full Text

Abstract Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. "In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations," cybersecurity firm Rapid7  disclosed  in a report published Wednesday. "Based on the ransom note and available evidence, we attribute the activity to the HelloKitty ransomware family, whose source code was leaked on a forum in early October." The intrusions are said to involve the exploitation of  CVE-2023-46604 , a remote code execution vulnerability in Apache ActiveMQ that allows a threat actor to run arbitrary shell commands. It's worth noting that the  vulnerability  carries a CVSS score of 10.0, indicating maximum severity. It has been  addressed  in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3

The Hacker News

November 1, 2023

Chrome 119 Patches 15 Vulnerabilities Full Text

Abstract Out of the 15 vulnerabilities patched, 13 of which were reported by external researchers. Three of the bugs are rated as high severity, while the remaining ones are medium and low severity.

Cyware

November 1, 2023

Latest RAT Attack Surge Bypasses Microsoft’s XLL Block Full Text

Abstract Microsoft's block on Visual Basic for Applications (VBA) macros has led attackers to experiment with different file types, with XLL files now being used as a means to distribute malware.

Cyware

November 01, 2023

Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability Full Text

Abstract F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure, resulting in the execution of arbitrary system commands as part of an exploit chain. Tracked as  CVE-2023-46747  (CVSS score: 9.8), the  vulnerability  allows an unauthenticated attacker with network access to the BIG-IP system through the management port to achieve code execution. A proof-of-concept (PoC)  exploit  has since been made  available  by ProjectDiscovery. It impacts the following versions of the software - 17.1.0 (Fixed in 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG) 16.1.0 - 16.1.4 (Fixed in 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG) 15.1.0 - 15.1.10 (Fixed in 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG) 14.1.0 - 14.1.5 (Fixed in 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG) 13.1.0 - 13.1.5 (Fixed in 13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG) Now the company is  alerting  that it has "observed threat actors using this vulnerability to expl

The Hacker News

October 31, 2023

Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss Full Text

Abstract Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in "significant data loss if exploited by an unauthenticated attacker." Tracked as  CVE-2023-22518 , the vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring system. It has been described as an instance of "improper authorization vulnerability." All versions of Confluence Data Center and Server are susceptible to the bug, and it has been addressed in the following versions - 7.19.16 or later 8.3.4 or later 8.4.4 or later 8.5.3 or later, and 8.6.1 or later That said, the Australian company emphasized that "there is no impact to confidentiality as an attacker cannot exfiltrate any instance data." No other details about the flaw and the exact method by which an adversary can take advantage of it have been made available, likely owing to the fact that doing so could enable threat actors to devise an exploit. Atlassian is also u

The Hacker News

October 30, 2023

Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes Full Text

Abstract Three unpatched high-severity security flaws have been disclosed in the  NGINX Ingress controller  for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows -  CVE-2022-4886  (CVSS score: 8.8) -  Ingress-nginx  path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller CVE-2023-5043  (CVSS score: 7.6) - Ingress-nginx annotation injection causes arbitrary command execution CVE-2023-5044  (CVSS score: 7.6) - Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation "These vulnerabilities enable an attacker who can control the configuration of the Ingress object to steal secret credentials from the cluster," Ben Hirschberg, CTO and co-founder of Kubernetes security platform ARMO, said of CVE-2023-5043 and CVE-2023-5044. Successful exploitation of the flaws could allow an adversary to inject arbitrary code into the ingress controller proce

The Hacker News

October 27, 2023

F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution Full Text

Abstract F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component, has been assigned the CVE identifier  CVE-2023-46747 , and carries a CVSS score of 9.8 out of a maximum of 10. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands," F5  said  in an advisory released Thursday. "There is no data plane exposure; this is a control plane issue only." The following versions of BIG-IP have been found to be vulnerable - 17.1.0 (Fixed in 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG) 16.1.0 - 16.1.4 (Fixed in 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG) 15.1.0 - 15.1.10 (Fixed in 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG) 14.1.0 - 14.1.5 (Fixed in 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG) 13.1.0 -

The Hacker News

October 26, 2023

Firefox, Chrome Updates Patch High-Severity Vulnerabilities Full Text

Abstract The updates patch multiple flaws, including an insufficient activation-delay bug in Firefox and a use-after-free issue in Chrome, but there is no evidence of these vulnerabilities being exploited in the wild.

Cyware

October 26, 2023

Nine Vulnerabilities Found in VPN Software, Including One Critical RCE Issue Full Text

Abstract Cisco Talos has disclosed multiple vulnerabilities in popular VPN software, including a critical heap-based buffer overflow vulnerability, posing a significant risk to users' connections and allowing for arbitrary code execution.

Cyware

October 26, 2023

Critical Flaw in NextGen’s Mirth Connect Could Expose Healthcare Data Full Text

Abstract Users of  Mirth Connect , an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as  CVE-2023-43208 , the vulnerability has been addressed in  version 4.4.1  released on October 6, 2023. "This is an easily exploitable, unauthenticated remote code execution vulnerability," Horizon3.ai's Naveen Sunkavally  said  in a Wednesday report. "Attackers would most likely exploit this vulnerability for initial access or to compromise sensitive healthcare data." Called the "Swiss Army knife of healthcare integration," Mirth Connect is a cross-platform interface engine used in the healthcare industry to communicate and exchange data between disparate systems in a  standardized manner . Additional technical details about the flaw have been withheld in light of the fact that Mirth Connect versions going as far bac

The Hacker News

October 25, 2023

Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms Full Text

Abstract Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio, and Bukalapak, building upon previous shortcomings uncovered in  Booking[.]com and Expo . The weaknesses, now addressed by the respective companies following responsible disclosure between February and April 2023, could have allowed malicious actors to obtain access tokens and potentially hijack user accounts. OAuth is a  standard  that's commonly used as a mechanism for cross-application access, granting websites or applications access to their information on other websites, such as Facebook, but without giving them the passwords. "When OAuth is used to provide service authentication, any security breach in it can lead to identity theft, financial fraud, and access to various personal information including credit card numbers, private messages, health records, and more, depending on the specific service being attacked," Sa

The Hacker News

October 24, 2023

OAuth Implementation Issues Allows Full Online Account Takeover for Millions of Users Full Text

Abstract Flaws in the implementation of OAuth across various online services, including Grammarly, Vidio, and Bukalapak, could have exposed hundreds of millions of user accounts to credential theft and other cybercriminal activities.

Cyware

October 21, 2023

Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices Full Text

Abstract Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a  malicious Lua-based implant  on susceptible devices. Tracked as  CVE-2023-20273  (CVSS score: 7.2), the issue relates to a privilege escalation flaw in the web UI feature and is said to have been used alongside CVE-2023-20198 as part of an exploit chain. "The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination," Cisco  said  in an updated advisory published Friday. "This allowed the user to log in with normal user access." "The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system," a shortcoming that has been assigned the identifier CVE-2023-20273. A Cisco spokesperson told The Hacker News that a fix that covers both vulnerabili

The Hacker News

October 19, 2023

Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw Full Text

Abstract A number of state-back threat actors from Russia and China have been observed exploiting a recent security flaw in the WinRAR archiver tool for Windows as part of their operations. The vulnerability in question is  CVE-2023-38831  (CVSS score: 7.8), which allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The shortcoming has been actively exploited since at least April 2023. Google Threat Analysis Group (TAG), which  detected  the activities in recent weeks, attributed them to three different clusters it tracks under the geological monikers  FROZENBARENTS  (aka Sandworm),  FROZENLAKE  (aka APT28), and  ISLANDDREAMS  (aka APT40). The phishing attack linked to Sandworm impersonated a Ukrainian drone warfare training school in early September and distributed a malicious ZIP file exploiting CVE-2023-38831 to deliver Rhadamanthys, a commodity stealer malware which is offered for sale for $250 for a monthly subscription. APT28,

The Hacker News

October 18, 2023

Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms Full Text

Abstract Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as  CVE-2023-4966  (CVSS score: 9.4), the vulnerability impacts the following supported versions - NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15 NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19 NetScaler ADC and NetScaler Gateway 12.1 (currently end-of-life) NetScaler ADC 13.1-FIPS before 13.1-37.164 NetScaler ADC 12.1-FIPS before 12.1-55.300, and NetScaler ADC 12.1-NDcPP before 12.1-55.300 However, for exploitation to occur, it requires the device to be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or authorization and accounting (AAA) virtual server. While patches for the flaw were released on October 10, 2023, Citrix has now revised the advisory to note that "exploits of CVE-20

The Hacker News

October 17, 2023

Critical Vulnerabilities Expose Weintek HMIs to Attacks Full Text

Abstract The US cybersecurity agency, CISA, has warned organizations about critical vulnerabilities found in a human-machine interface (HMI) product made by the Taiwan-based Weintek. The impacted product is used globally, including in critical manufacturing.

Cyware

October 17, 2023

Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software Full Text

Abstract Two critical security flaws discovered in the open-source  CasaOS  personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems. The vulnerabilities, tracked as  CVE-2023-37265  and  CVE-2023-37266 , both carry a CVSS score of 9.8 out of a maximum of 10. Sonar security researcher Thomas Chauchefoin, who discovered the bugs,  said  they "allow attackers to get around authentication requirements and gain full access to the CasaOS dashboard." Even more troublingly, CasaOS' support for third-party applications could be weaponized to run arbitrary commands on the system to gain persistent access to the device or pivot into internal networks. Following responsible disclosure on July 3, 2023, the flaws were addressed in  version 0.4.4  released by its maintainers IceWhale on July 14, 2023. A brief description of the two flaws is as follows - CVE-2023-37265  - Incorrect identification of the s

The Hacker News

October 17, 2023

Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers Full Text

Abstract A severity flaw impacting industrial cellular routers from Milesight may have been actively exploited in real-world attacks, new findings from VulnCheck reveal. Tracked as  CVE-2023-43261  (CVSS score: 7.5), the vulnerability has been described as a case of information disclosure that affects UR5X, UR32L, UR32, UR35, and UR41 routers before version 35.3.0.7 that could enable attackers to access logs such as httpd.log as well as other sensitive credentials. As a result, this could permit remote and unauthenticated attackers to gain unauthorized access to the web interface, thereby making it possible to configure VPN servers and even drop firewall protections. "This  vulnerability  becomes even more severe as some routers allow the sending and receiving of SMS messages," security researcher Bipin Jitiya, who discovered the issue,  said  earlier this month. "An attacker could exploit this functionality for fraudulent activities, potentially causing financial harm to the

The Hacker News

October 17, 2023

Multiple Vulnerabilities in South River Technologies’ Titan MFT and Titan SFTP Servers Fixed Full Text

Abstract These include authenticated remote code execution via "zip slip" and WebDAV path traversal, session fixation on the remote administration server, information disclosure via path traversal on FTP, and information disclosure in the admin interface.

Cyware

October 17, 2023

Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild Full Text

Abstract Cisco has warned of a critical, unpatched security flaw impacting IOS XE software that's under active exploitation in the wild. Rooted in the web UI feature, the zero-day vulnerability is tracked as  CVE-2023-20198  and has been assigned the maximum severity rating of 10.0 on the CVSS scoring system. It's worth pointing out that the shortcoming only affects enterprise networking gear that have the Web UI feature enabled and when it's exposed to the internet or to untrusted networks. "This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege  level 15 access ," Cisco  said  in a Monday advisory. "The attacker can then use that account to gain control of the affected system." The problem impacts both physical and virtual devices running Cisco IOS XE software that also have the HTTP or HTTPS server feature enabled. As a mitigation, it's recommended to disable the HTTP server feature on internet-facing systems. The network

The Hacker News

October 16, 2023

Dozens of Squid Proxy Vulnerabilities Remain Unpatched Two Years After Disclosure Full Text

Abstract Dozens of vulnerabilities in the Squid caching and forwarding web proxy, a widely used open-source proxy, remain unpatched two years after being discovered by researcher Joshua Rogers.

Cyware

October 16, 2023

Milesight Industrial Router Vulnerability Possibly Exploited in Attacks Full Text

Abstract The vulnerability exposes system log files containing passwords, which can be used by attackers to gain unauthorized access. Security firm VulnCheck discovered evidence of small-scale exploitation of the vulnerability.

Cyware

October 16, 2023

Signal Debunks Zero-Day Vulnerability Reports, Finds No Evidence Full Text

Abstract Encrypted messaging app Signal has pushed back against "viral reports" of an alleged zero-day flaw in its software, stating it found no evidence to support the claim. "After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels," it  said  in a series of messages posted in X (formerly Twitter). Signal said it also checked with the U.S. government and that it found no information to suggest "this is a valid claim." It's also urging those with legitimate information to send reports to security@signal[.]org. The development comes as  reports   circulated  over the  weekend  about a zero-day vulnerability in Signal that could be exploited to gain complete access to a targeted mobile device. As a security precaution, it's been advised to turn off  link previews  in the app. The feature can be disabled by going to Signal Settings > Chats

The Hacker News

October 13, 2023

Juniper Networks Patches Over 30 Vulnerabilities in Junos OS Full Text

Abstract Six high-severity vulnerabilities, including five that can be exploited remotely, have been addressed by the patches, which could potentially lead to denial of service (DoS) attacks.

Cyware

October 13, 2023

Indian State Government Fixes Website Bug That Revealed Aadhaar Numbers and Fingerprints Full Text

Abstract The website bug allowed unauthorized access to land deed records by guessing sequential application numbers, highlighting the lack of robust security measures on the website.

Cyware

October 12, 2023

Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk Full Text

Abstract Organizations using cURL and libcurl are urged to apply the patches in cURL 8.4.0 to mitigate the vulnerability that potentially impacts all software projects relying on libcurl.

Cyware

October 12, 2023

Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released Full Text

Abstract Patches have been released for  two security flaws  impacting the Curl data transfer library, the most severe of which could potentially result in code execution. The list of vulnerabilities is as follows - CVE-2023-38545  (CVSS score: 7.5) - SOCKS5 heap-based buffer overflow vulnerability CVE-2023-38546  (CVSS score: 5.0) - Cookie injection with none file CVE-2023-38545 is the more severe of the two, and has been  described  by the project's lead developer, Daniel Stenberg, as "probably the worst Curl security flaw in a long time." It affects libcurl versions 7.69.0 to and including 8.3.0. "This flaw makes Curl overflow a heap-based buffer in the  SOCKS5  proxy handshake," the maintainers said in an advisory. "When Curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by Curl itself, the maximum length that hostname can be is 255 bytes." "If the hostname is detected

The Hacker News

October 11, 2023

Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits Full Text

Abstract Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of  103 flaws  in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from  18 security vulnerabilities  addressed in its Chromium-based Edge browser since the second Tuesday of September. The two vulnerabilities that been weaponized as zero-days are as follows - CVE-2023-36563  (CVSS score: 6.5) - An information disclosure vulnerability in Microsoft WordPad that could result in the leak of NTLM hashes CVE-2023-41763  (CVSS score: 5.3) - A privilege escalation vulnerability in Skype for Business that could lead to exposure of sensitive information such as IP addresses or port numbers (or both), enabling threat actors to gain access to internal networks "To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a special

The Hacker News

October 11, 2023

Chrome 118 Patches 20 Vulnerabilities Full Text

Abstract Google has released Chrome 118 with fixes for 20 vulnerabilities, including a critical bug in Site Isolation that could allow for sandbox escape and arbitrary code execution.

Cyware

October 11, 2023

Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability Full Text

Abstract Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as  Storm-0062  (aka DarkShadow or Oro0lxy). The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023. "CVE-2023-22515 is a critical privilege escalation vulnerability in Atlassian Confluence Data Center and Server," the company  noted  in a series of posts on X (formerly Twitter). "Any device with a network connection to a vulnerable application can exploit CVE-2023-22515 to create a Confluence administrator account within the application." CVE-2023-22515 , rated 10.0 on the CVSS severity rating system, allows  remote attackers  to create unauthorized Confluence administrator accounts and access Confluence servers. The flaw has been addressed in the following versions - 8.3.3 or later 8.4.3 or later, and 8.5.2 (Long Term Support rel

The Hacker News

October 10, 2023

libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks Full Text

Abstract A new security flaw has been disclosed in the libcue library impacting GNOME Linux systems that could be exploited to achieve remote code execution (RCE) on affected hosts. Tracked as  CVE-2023-43641  (CVSS score: 8.8), the  issue  is described as a case of memory corruption in libcue, a library designed for parsing  cue sheet files . It impacts versions 2.2.1 and prior. libcue is incorporated into Tracker Miners , a search engine tool that's included by default in GNOME and indexes files in the system for easy access. The problem is rooted in an out-of-bounds array access in the track_set_index function that allows for achieving code execution on the machine simply by tricking a victim into clicking a malicious link and downloading a .cue file. "A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage," according to a  description  of the vulnerability in the National Vulnerability Database (NVD). "Because t

The Hacker News

October 10, 2023

Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials Full Text

Abstract A recently disclosed critical flaw in Citrix NetScaler ADC and Gateway devices is being exploited by threat actors to conduct a credential harvesting campaign. IBM X-Force, which uncovered the activity last month,  said  adversaries exploited "CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials." CVE-2023-3519  (CVSS score: 9.8), addressed by Citrix in July 2023, is a critical code injection vulnerability that could lead to unauthenticated remote code execution. Over the past few months, it has been  heavily   exploited  to  infiltrate vulnerable devices  and gain persistent access for follow-on attacks. In the latest attack chain discovered by IBM X-Force, the operators sent a specially crafted web request to trigger the exploitation of CVE-2023-3519 and deploy a PHP-based web shell. The access afforded by the web shell is subsequently leveraged to append cust

The Hacker News

October 7, 2023

Balada Injector Targets Unpatched tagDiv Plugin, Themes on WordPress Sites Full Text

Abstract The Balada Injector gang is actively exploiting vulnerabilities in tagDiv premium themes, such as the recently disclosed Unauthenticated Stored XSS vulnerability, to inject malware into websites.

Cyware

October 06, 2023

Supermicro’s BMC Firmware Found Vulnerable to Multiple Critical Vulnerabilities Full Text

Abstract Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface ( IPMI ) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems. The seven flaws, tracked from CVE-2023-40284 through CVE-2023-40290, vary in severity from High to Critical, according to Binarly, enabling unauthenticated actors to gain root access to the BMC system. Supermicro has  shipped  a BMC firmware update to patch the bugs. BMCs are special processors on server motherboards that support remote management, enabling administrators to monitor hardware indicators such as temperature, set fan speed, and update the UEFI system firmware. What's more, BMC chips remain operational even if the host operating system is offline, making them lucrative attack vectors to deploy  persistent malware . A brief explainer of each of the vulnerabilities is below - CVE-2023-40284, CVE-20

The Hacker News

October 05, 2023

Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems Full Text

Abstract Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded credentials. The vulnerability, tracked as  CVE-2023-20101  (CVSS score: 9.8), is due to the presence of static user credentials for the root account that the company said is usually reserved for use during development. "An attacker could exploit this vulnerability by using the account to log in to an affected system," Cisco  said  in an advisory. "A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user." The issue impacts Cisco Emergency Responder Release 12.5(1)SU4 and has been addressed in version 12.5(1)SU5. Other releases of the product are not impacted. The networking equipment major said it discovered the problem during internal security testing and that it's not aware of any malicious use of the vulnerability in the

The Hacker News

October 05, 2023

Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw Full Text

Abstract Apple on Wednesday rolled out security patches to address a new zero-day flaw in iOS and iPadOS that it said has come under active exploitation in the wild. Tracked as  CVE-2023-42824 , the kernel vulnerability could be abused by a local attacker to elevate their privileges. The iPhone maker said it addressed the problem with improved checks. "Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6," the company  noted  in a terse advisory. While additional details about the nature of the attacks and the identity of the threat actors perpetrating them are currently unknown, successful exploitation likely hinges on an attacker already obtaining an initial foothold by some other means. Apple's latest update also resolves  CVE-2023-5217  impacting the WebRTC component, which Google last week described as a heap-based buffer overflow in the VP8 compression format in libvpx. The patches, iOS 17.0.3 and iPadOS 1

The Hacker News

October 05, 2023

Atlassian Confluence Hit by New Actively Exploited Zero-Day – Patch Now Full Text

Abstract Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as  CVE-2023-22515 , is remotely exploitable and allows external attackers to create unauthorized Confluence administrator accounts and access Confluence servers. It does not impact Confluence versions prior to 8.0.0. Confluence sites accessed via an atlassian.net domain are also not vulnerable to this issue. The enterprise software services provider  said  it was made aware of the issue by "a handful of customers." It has been addressed in the following versions of Confluence Data Center and Server - 8.3.3 or later 8.4.3 or later, and 8.5.2 (Long Term Support release) or later The company, however, did not disclose any further specifics about the nature and scale of the exploitation, or the root cause of the vulnerability. Customers who are unable to apply the updates are advised

The Hacker News

October 4, 2023

Dead Grandma Locket Request Tricks Bing Chat’s AI Into Solving Security Puzzle Full Text

Abstract This incident highlights a new type of vulnerability, similar to prompt injection, where users can bypass the constraints of the AI model. Microsoft is likely to address this issue in future versions of Bing Chat.

Cyware

October 04, 2023

Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions Full Text

Abstract A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges. Tracked as  CVE-2023-4911  (CVSS score: 7.8), the issue is a buffer overflow that resides in the dynamic loader's processing of the  GLIBC_TUNABLES environment variable . Cybersecurity firm Qualys, which  disclosed  details of the bug, said it was introduced as part of a code commit made in April 2021. The GNU C library, also called  glibc , is a core library in Linux-based systems that offers foundational features such as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, and exit. glibc's  dynamic loader  is a crucial component that's responsible for preparing and running programs, including finding the necessarily shared object dependencies required as well as loading them into memory

The Hacker News

October 03, 2023

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation Full Text

Abstract Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. "There are indications from Google Threat Analysis Group and Google Project Zero that CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063 may be under limited, targeted exploitation," the semiconductor company  said  in an advisory. "Patches for the issues affecting Adreno GPU and Compute DSP drivers have been made available, and OEMs have been notified with a strong recommendation to deploy security updates as soon as possible." CVE-2022-22071  (CVSS score: 8.4), described as a use-after-free in Automotive OS Platform, was originally patched by the company as part of its May 2022 updates. While additional specifics about the remaining other flaws are expected to be made

The Hacker News

October 03, 2023

Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch Full Text

Abstract Cybersecurity researchers have disclosed multiple critical security flaws in the  TorchServe tool  for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, has coined the vulnerabilities  ShellTorch . "These vulnerabilities [...] can lead to a full chain Remote Code Execution (RCE), leaving countless thousands of services and end-users — including some of the world's largest companies — open to unauthorized access and insertion of malicious AI models, and potentially a full server takeover," security researchers Idan Levcovich, Guy Kaplan, and Gal Elbaz  said . The list of flaws, which have been addressed in  version 0.8.2 , is as follows - No CVE - Unauthenticated Management Interface API Misconfiguration (0.0.0.0) CVE-2023-43654  (CVSS score: 7.2) - A remote server-side request forgery ( SSRF ) that leads to remote code exe

The Hacker News

October 3, 2023

Hackers Seen Exploiting Bugs in Browsers and Popular File Transfer Tool Full Text

Abstract The Cybersecurity and Infrastructure Security Agency (CISA) warned on Monday that hackers are exploiting CVE-2023-5217 — a vulnerability affecting Google Chrome, Mozilla Firefox, and more.

Cyware

October 3, 2023

Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities Full Text

Abstract Google on Monday announced the release of patches for 51 vulnerabilities as part of the October 2023 security updates for Android, including fixes for two zero-day flaws exploited in malicious attacks.

Cyware

October 03, 2023

Researcher Reveals New Techniques to Bypass Cloudflare’s Firewall and DDoS Protection Full Text

Abstract Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of these safeguards, it has emerged. "Attackers can utilize their own Cloudflare accounts to abuse the per-design trust-relationship between Cloudflare and the customers' websites, rendering the protection mechanism ineffective," Certitude researcher Stefan Proksch  said  in a report published last week. The problem, per the Austrian consulting firm, is the result of shared infrastructure available to all tenants within Cloudflare, regardless of whether they are legitimate or otherwise, thereby making it easy for malicious actors to abuse the implicit trust associated with service and defeat the guardrails. The first issue stems from opting for a shared Cloudflare certificate to authenticate HTTP(S) requests between the service's reverse proxies and the customer's origi

The Hacker News

October 03, 2023

Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation Full Text

Abstract Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild. Tracked as  CVE-2023-4211 , the shortcoming impacts the following driver versions - Midgard GPU Kernel Driver: All versions from r12p0 - r32p0 Bifrost GPU Kernel Driver: All versions from r0p0 - r42p0 Valhall GPU Kernel Driver: All versions from r19p0 - r42p0 Arm 5th Gen GPU Architecture Kernel Driver: All versions from r41p0 - r42p0 "A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory," Arm  said  in a Monday advisory. "There is evidence that this vulnerability may be under limited, targeted exploitation." The issue, credited to Maddie Stone of Google's Threat Analysis Group (TAG) and Jann Horn of Google Project Zero, has been addressed in Bifrost, Valhall and Arm 5th Gen GPU Architecture Kernel Driver r43p0. Google, in its own monthly  Androi

The Hacker News

October 2, 2023

Logic Flaws Let Attackers Bypass Cloudflare’s Firewall and DDoS Protection Full Text

Abstract Cloudflare has been found to have vulnerabilities in its Firewall and DDoS prevention system. Hackers can exploit these flaws by creating a free Cloudflare account and knowing the IP address of a targeted web server.

Cyware

October 02, 2023

OpenRefine’s Zip Slip Vulnerability Could Let Attackers Execute Malicious Code Full Text

Abstract A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as  CVE-2023-37476  (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below. "Although OpenRefine is designed to only run locally on a user's machine, an attacker can trick a user into importing a malicious project file," Sonar security researcher Stefan Schiller  said  in a report published last week. "Once this file is imported, the attacker can execute arbitrary code on the user's machine." Software prone to  Zip Slip vulnerabilities  can pave the way for code execution by taking advantage of a directory traversal bug that an attacker can exploit to gain access to parts of the file system that should be out of reach otherwise. The attack is built on tw

The Hacker News

October 2, 2023

Update: Mass Exploitation Attempts Against WS_FTP Have Begun Full Text

Abstract Progress Software released fixes for eight vulnerabilities in WS_FTP, including one with a maximum severity score, but evidence of exploitation was discovered shortly after.

Cyware

September 30, 2023

Researchers Extract Sounds From Still Images on Smartphone Cameras Full Text

Abstract A group of academic researchers has devised a technique to extract sounds from still images captured using smartphone cameras with rolling shutters and movable lens structures.

Cyware

September 30, 2023

New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks Full Text

Abstract Multiple security vulnerabilities have been disclosed in the  Exim mail transfer agent  that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114  (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability CVE-2023-42115  (CVSS score: 9.8) - Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2023-42116  (CVSS score: 8.1) - Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability CVE-2023-42117  (CVSS score: 8.1) - Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability CVE-2023-42118  (CVSS score: 7.5) - Exim libspf2 Integer Underflow Remote Code Execution Vulnerability CVE-2023-42119  (CVSS score: 3.1) - Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability The most severe of the vulnerabilities is CVE-2023-

The Hacker News

September 29, 2023

Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server Full Text

Abstract Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. Tracked as  CVE-2023-40044 , the flaw has a CVSS score of 10.0, indicating maximum severity. All versions of the software are impacted by the flaw. "In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system," the company  said  in an advisory. Assetnote security researchers Shubham Shah and Sean Yeoh have been credited with discovering and reporting the vulnerability. The list of remaining flaws, impacting WS_FTP Server versions prior to 8.8.2, is as follows - CVE-2023-42657  (CVSS score: 9.9) - A directory traversal vulnerability that could be exploited to perform file operations. CVE-2023-40045

The Hacker News

September 29, 2023

Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts Full Text

Abstract Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as  CVE-2023-20109 , and has a CVSS score of 6.6. It impacts all versions of the software that have the GDOI or G-IKEv2 protocol enabled. The company  said  the shortcoming "could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash." It further noted that the issue is the result of insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature and it could be weaponized by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker.

The Hacker News

September 28, 2023

Misconfigured TeslaMate Instances Put Tesla Car Owners at Risk Full Text

Abstract Improper configuration of third-party software like TeslaMate can result in privacy breaches, compromising the owner's daily routine and posing risks such as planned robberies.

Cyware

September 28, 2023

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability Full Text

Abstract Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as  CVE-2023-5217 , the high-severity vulnerability has been described as a  heap-based buffer overflow  in the VP8 compression format in  libvpx , a free software  video codec  library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can result in program crashes or execution of arbitrary code, impacting its availability and integrity. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on September 25, 2023, with fellow researcher Maddie Stone  noting  on X (formerly Twitter) that it has been abused by a commercial spyware vendor to target high-risk individuals. No additional details have been disclosed by the tech giant other than to acknowledge that it's "aware that an exploit for CVE-2023-5217 exists in the wild." The latest discovery b

The Hacker News

September 27, 2023

Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data Full Text

Abstract A novel side-channel attack called  GPU.zip  renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. "This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression," a group of academics from the University of Texas at Austin, Carnegie Mellon University, University of Washington, and the University of Illinois Urbana-Champaign  said . Graphical data compression  is a feature in integrated GPUs (iGPUs) that allows for saving memory bandwidth and improving performance when rendering frames, compressing visual data losslessly even when it's not requested by software. The study found that the compression, which happens in various vendor-specific and undocumented ways, induces data-dependent  DRAM  traffic and cache occupancy that can be measured using a side-channel. "An attacker can exploit the iGPU-based compression channel to perform cro

The Hacker News

September 27, 2023

Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score Full Text

Abstract Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the  WebP format  that has come under active exploitation in the wild. Tracked as  CVE-2023-5129 , the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the  Huffman coding algorithm  - With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap. The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use. The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized ar

The Hacker News

September 26, 2023

Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers Full Text

Abstract A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as  CVE-2023-42793 , carries a CVSS score of 9.8 and has been addressed in  TeamCity version 2023.05.4  following responsible disclosure on September 6, 2023. "Attackers could leverage this access to steal source code, service secrets, and private keys, take control over attached build agents, and poison build artifacts," Sonar security researcher Stefan Schiller  said  in a report last week. Successful exploitation of the bug could also permit threat actors to access the build pipelines and inject arbitrary code, leading to an integrity breach and supply chain compromise. Additional details of the bug have been withheld due to the fact that it's trivial to exploit, with Sonar noting that it's likely to be weaponized in

The Hacker News

September 25, 2023

Incomplete Disclosures by Apple and Google Create “Huge Blindspot” for Zero-Day Hunters Full Text

Abstract Google's limited disclosure and the separate CVE designations for the vulnerability by Apple, Google, and Citizen Lab have hindered the detection and patching of the critical vulnerability in other software relying on libwebp.

Cyware

September 22, 2023

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server Full Text

Abstract Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution. The Australian software services provider  said  that the four high-severity flaws were fixed in new versions shipped last month. This includes - CVE-2022-25647  (CVSS score: 7.5) - A deserialization flaw in the Google Gson package impacting Patch Management in Jira Service Management Data Center and Server CVE-2023-22512  (CVSS score: 7.5) - A DoS flaw in Confluence Data Center and Server CVE-2023-22513  (CVSS score: 8.5) - A RCE flaw in Bitbucket Data Center and Server CVE-2023-28709  (CVSS score: 7.5) - A DoS flaw in Apache Tomcat server impacting Bamboo Data Center and Server The flaws have been addressed in the following versions - Jira Service Management Server and Data Center (versions 4.20.25, 5.4.9, 5.9.2, 5.10.1, 5.11.0, or later) Confluence Server and Data Center (v

The Hacker News

September 22, 2023

Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable Full Text

Abstract Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991  - A certificate validation issue in the Security framework that could allow a malicious app to bypass signature validation. CVE-2023-41992  - A security flaw in Kernel that could allow a local attacker to elevate their privileges. CVE-2023-41993  - A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content. Apple did not provide additional specifics barring an acknowledgement that the "issue may have been actively exploited against versions of iOS before iOS 16.7." The updates are available for the following devices and operating systems - iOS 16.7 and iPadOS 16.7  - iPhone 8 and later, iPad Pro (all models), iP

The Hacker News

September 21, 2023

Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis Full Text

Abstract Japanese electronics giant Omron recently patched programmable logic controller (PLC) and engineering software vulnerabilities that were discovered by industrial cybersecurity firm Dragos during the analysis of a sophisticated piece of malware.

Cyware

September 21, 2023

Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with Venom RAT Full Text

Abstract A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware. "The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited a SQL injection vulnerability in an application called GeoServer, which is tracked as  CVE-2023-25157 ," Palo Alto Networks Unit 42 researcher Robert Falcone  said . While  bogus PoCs  have become a  well-documented gambit  for targeting the  research community , the cybersecurity firm suspected that the threat actors are opportunistically targeting other crooks who may be adopting the latest vulnerabilities into their arsenal. whalersplonk, the  GitHub account  that hosted the repository, is no longer accessible. The PoC is said to have been committed on August 21, 2023, four days after the vulnerability was publicly announced. CVE-2023-40477 relates to an  imp

The Hacker News

September 20, 2023

Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems Full Text

Abstract The flaws were found in the unified communications and collaboration solution by researchers at SEC Consult, an Austria-based cybersecurity consulting firm that is part of the Atos Group’s Eviden business.

Cyware

September 20, 2023

Critical Security Flaws Exposed in Nagios XI Network Monitoring Software Full Text

Abstract Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure. The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, They have been  patched  as of September 11, 2023, with the release of version 5.11.2. "Three of these vulnerabilities (CVE-2023-40931, CVE-2023-40933 and CVE-2023-40934) allow users, with various levels of privileges, to access database fields via SQL Injections," Outpost24 researcher Astrid Tedenbrant  said . "The data obtained from these vulnerabilities may be used to further escalate privileges in the product and obtain sensitive user data such as password hashes and API tokens." CVE-2023-40932, on the other hand, relates to a cross-site scripting (XSS) flaw in the Custom Logo component that could be used to read sensiti

The Hacker News

September 20, 2023

GitLab Releases Urgent Security Patches for Critical Vulnerability Full Text

Abstract GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as  CVE-2023-5009  (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and before 16.3.4. "It was possible for an attacker to  run pipelines  as an arbitrary user via scheduled security scan policies," GitLab  said  in an advisory. "This was a bypass of  CVE-2023-3932  showing additional impact." Successful exploitation of CVE-2023-5009 could allow a threat actor to access sensitive information or leverage the elevated permissions of the impersonated user to modify source code or run arbitrary code on the system, leading to severe consequences. Security researcher Johan Carlsson (aka joaxcar) has been credited with discovering and reporting the flaw. CVE-2023-3932 was addressed by GitLab in early August 2023. The vulnerability has been addre

The Hacker News

September 20, 2023

Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability Full Text

Abstract Cybersecurity company Trend Micro has  released  patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as  CVE-2023-41179  (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that's bundled along with the software. The complete list of impacted products is as follows - Apex One - version 2019 (on-premise), fixed in SP1 Patch 1 (B12380) Apex One as a Service - fixed in SP1 Patch 1 (B12380) and Agent version 14.0.12637 Worry-Free Business Security - version 10.0 SP1, fixed in 10.0 SP1 Patch 2495 Worry-Free Business Security Services - fixed in July 31, 2023, Monthly Maintenance Release Trend Micro said that a successful exploitation of the flaw could allow an attacker to manipulate the component to execute arbitrary commands on an affected installation. However, it requires that the adversary already has administrative

The Hacker News

September 19, 2023

Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability Full Text

Abstract New research has found that close to 12,000 internet-exposed Juniper firewall devices are vulnerable to a recently disclosed remote code execution flaw. VulnCheck, which  discovered  a new exploit for CVE-2023-36845, said it could be  exploited  by an "unauthenticated and remote attacker to execute arbitrary code on Juniper firewalls without creating a file on the system." CVE-2023-36845 refers to a  medium-severity flaw  in the J-Web component of Junos OS that could be weaponized by a threat actor to control certain, important environment variables. It was patched by Juniper Networks last month alongside CVE-2023-36844, CVE-2023-36846, and CVE-2023-36847 in an out-of-cycle update. A subsequent proof-of-concept (PoC) exploit devised by watchTowr combined CVE-2023-36846 and CVE-2023-36845 to upload a PHP file containing malicious shellcode and achieve code execution. The latest exploit, on the other hand, impacts older systems and can be written using a single cURL comma

The Hacker News

September 18, 2023

Fortinet Patches High-Severity Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products Full Text

Abstract Fortinet has released patches for a high-severity cross-site scripting (XSS) vulnerability impacting multiple FortiOS and FortiProxy versions. It is tracked as CVE-2023-29183 and has a CVSS score of 7.3.

Cyware

September 14, 2023

Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems Full Text

Abstract A set of memory corruption flaws have been discovered in the  ncurses  (short for  new curses ) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. "Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program's context or perform other malicious actions," Microsoft Threat Intelligence researchers Jonathan Bar Or, Emanuele Cozzi, and Michael Pearse  said  in a technical report published today. The vulnerabilities, collectively tracked as  CVE-2023-29491  (CVSS score of 7.8), have been  addressed  as of April 2023. Microsoft said it also worked with Apple on addressing the macOS-specific issues related to these flaws. Environment variables are user-defined values that can be used by multiple programs on a system and can affect the manner in which they behave on the system. Manipulating the variables can cause application

The Hacker News

September 14, 2023

N-Able’s Take Control Agent Vulnerability Exposes Windows Systems to Privilege Escalation Full Text

Abstract A high-severity security flaw has been disclosed in N-Able's Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges. Tracked as  CVE-2023-27470  (CVSS score: 8.8), the  issue  relates to a Time-of-Check to Time-of-Use ( TOCTOU ) race condition vulnerability, which, when successfully exploited, could be leveraged to delete arbitrary files on a Windows system. The security shortcoming, which impacts versions 7.0.41.1141 and prior, has been addressed in version 7.0.43 released on March 15, 2023, following responsible disclosure by Mandiant on February 27, 2023. Time-of-Check to Time-of-Use falls under a category of software flaws wherein a program checks the state of a resource for a specific value, but that value changes before it's actually used, effectively invalidating the results of the check. An exploitation of such a flaw can result in a loss of integrity and trick the program into performing actions that it shouldn't

The Hacker News

September 13, 2023

Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints Full Text

Abstract Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The  issues , tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities were  released  on August 23, 2023, following responsible disclosure by Akamai on July 13, 2023. "The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster," Akamai security researcher Tomer Peled said in a technical write-up shared with The Hacker News. "To exploit this vulnerability, the attacker needs to apply a malicious YAML file on the cluster." Amazon Web Services  (AWS),  Google Cloud , and  Microsoft Azure  have all released advisories for the bugs, which affect the following versions of Kubelet - kubelet < v1.28

The Hacker News

September 13, 2023

High-Profile CVEs Turn up in Vulnerability Exploit Sales Full Text

Abstract Three reported purchases of vulnerability exploits on the dark web during the first half of the year included high-profile, actively exploited CVEs, according to research by Flashpoint.

Cyware

September 13, 2023

Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service Full Text

Abstract More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the  Microsoft Azure HDInsight  open-source analytics service that could be weaponized by a threat actor to carry out malicious activities. "The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of which could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads," Orca security researcher Lidor Ben Shitrit  said  in a report shared with The Hacker News. The issues were addressed by Microsoft as part of its  Patch Tuesday updates  for August 2023. The disclosure comes three months after similar shortcomings were reported in the  Azure Bastion and Azure Container Registry  that could have been exploited for unauthorized data access and modifications. The list of flaws is as follows - CVE-2023-35393  (CVSS score: 4.5) - Azure Apache Hive Spoofing Vulnerability CV

The Hacker News

September 13, 2023

Microsoft Patches a Pair of Actively Exploited Zero-Days Full Text

Abstract In total, Microsoft released 59 new patches addressing bugs across its product gamut. They affect Microsoft Windows, Exchange Server, Office, .NET and Visual Studio, Azure, Microsoft Dynamics, and Windows Defender.

Cyware

September 13, 2023

Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws Full Text

Abstract Microsoft has released software fixes to  remediate 59 bugs  spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors. Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity. The update is in addition to  35 flaws  patched in the Chromium-based Edge browser since last month's Patch Tuesday edition, which also encompasses a fix for  CVE-2023-4863 , a critical heap buffer overflow flaw in the WebP image format. The two Microsoft vulnerabilities that have come under active exploitation in real-world attacks are listed below - CVE-2023-36761  (CVSS score: 6.2) - Microsoft Word Information Disclosure Vulnerability CVE-2023-36802  (CVSS score: 7.8) - Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability "Exploiting this vulnerability could allow the disclosure of  NTLM hashes ," the Windows maker said in an advisory about CVE-2023-3

The Hacker News

September 13, 2023

Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability Full Text

Abstract Adobe's  Patch Tuesday update  for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the CVSS scoring system and impacts both Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020. Described as an out-of-bounds write, successful exploitation of the bug could lead to code execution by opening a specially crafted PDF document. Adobe did not disclose any additional details about the issue or the targeting involved. "Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader," the company  acknowledged  in an advisory. CVE-2023-26369 affects the below versions - Acrobat DC (23.003.20284 and earlier versions) - Fixed in 23.006.20320 Acrobat Reader DC (23.003.

The Hacker News

September 13, 2023

Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird Full Text

Abstract Mozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser. The shortcoming, assigned the identifier  CVE-2023-4863 , is a heap buffer overflow flaw in the WebP image format that could result in arbitrary code execution when processing a specially crafted image. "Opening a malicious WebP image could lead to a heap buffer overflow in the content process," Mozilla  said  in an advisory. "We are aware of this issue being exploited in other products in the wild." According to the description on the National Vulnerability Database (NVD), the flaw could allow a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at the University of Toronto's Munk School have been credited with reporting the s

The Hacker News

September 12, 2023

Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack Full Text

Abstract A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show. The flaw "could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations," Checkmarx security researcher Elad Rapoport  said  in a technical report shared with The Hacker News. "Successful exploitation of this vulnerability impacts the open-source community by enabling the hijacking of over 4,000 code packages in languages such as Go, PHP, and Swift, as well as GitHub actions." Following responsible disclosure on March 1, 2023, the Microsoft-owned code hosting platform has addressed the issue as of September 1, 2023. Repojacking , short for  repository hijacking , is a technique where a threat actor is able to bypass a security mechanism called popular repository namespace retirement and ultimately control of a repository. What the protection measure does is preven

The Hacker News

September 12, 2023

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now Full Text

Abstract Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as  CVE-2023-4863 , the issue has been described as a case of  heap buffer overflow  that resides in the  WebP image format  that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at The University of Toronto's Munk School have been credited with discovering and reporting the flaw on September 6, 2023. The tech giant has yet to disclose additional details about the nature of the attacks, but noted that it's "aware that an exploit for CVE-2023-4863 exists in the wild." With the latest fix, Google has addressed a total of four zero-day vulnerabilities in Chrome since the start of the year - CVE-2023-2033  (CVSS score: 8.8) - Type Confusion in V8 CVE-2023-2136  (CVSS score: 9.6) - Integer overflow in Skia CVE-2023-3079

The Hacker News

September 11, 2023

Vulnerabilities Allow Hackers to Hijack, Disrupt Socomec UPS Devices Full Text

Abstract Aaron Flecha Menendez, an ICS security consultant at Spain-based cybersecurity firm S21sec, discovered that some Socomec UPS devices, specifically MODULYS GP (MOD3GP-SY-120K), are affected by seven vulnerabilities.

Cyware

September 08, 2023

Cisco Issues Urgent Fix for Authentication Bypass Bug Affecting BroadWorks Platform Full Text

Abstract Cisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition. The most severe of the issues is CVE-2023-20238, which has the maximum CVSS severity rating of 10.0. It's described as an authentication bypass flaw in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform. Successful exploitation of the vulnerability -- a weakness in the single sign-on (SSO) implementation and discovered during internal testing -- could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. "This vulnerability is due to the method used to validate SSO tokens," Cisco  said . "An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to e

The Hacker News

September 8, 2023

Hackers Exploit Multiple Bugs in Hotel Booking Platform Full Text

Abstract Financially motivated hackers developed custom malware to exploit a likely zero-day flaw in popular property management software used by resorts and hotels, said security researchers.

Cyware

September 8, 2023

Cisco Patches Critical Vulnerability in BroadWorks Platform Full Text

Abstract Tracked as CVE-2023-20238, the vulnerability affecting the BroadWorks platform was identified in the SSO implementation and could be exploited by remote, unauthenticated attackers to forge credentials and access affected systems.

Cyware

September 8, 2023

Google Addressed an Actively Exploited Zero-Day in Android Full Text

Abstract In total, Google has fixed 6 flaws in the Framework module, 14 in the Kernel componet, 3 issues in the Qualcomm components, and 9 issues in the Qualcomm closed-source components.

Cyware

September 8, 2023

Dozens of Unpatched Flaws Expose Security Cameras Made by Defunct Company Zavio Full Text

Abstract Zavio is a defunct Chinese company, but its security cameras are reportedly still deployed in the United States and Europe, which is why it’s important to raise awareness about the vulnerabilities.

Cyware

September 08, 2023

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones Full Text

Abstract Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061  - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064  - A buffer overflow issue in the  Image I/O component  that could result in arbitrary code execution when processing a maliciously crafted image. While CVE-2023-41064 was found by the Citizen Lab at the University of Torontoʼs Munk School, CVE-2023-41061 was discovered internally by Apple, with "assistance" from the Citizen Lab. The updates are available for the following devices and operating systems - iOS 16.6.1 and iPadOS 16.6.1  - iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generati

The Hacker News

September 7, 2023

NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild Full Text

Abstract Last week, while checking the device of an individual employed by a Washington DC-based civil society organization with international offices, Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware.

Citizen Lab

September 07, 2023

Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attacks Full Text

Abstract Patches have been released to address two new security vulnerabilities in Apache Superset  that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs  CVE-2023-39265  and  CVE-2023-37941 , which make it possible to conduct nefarious actions once a bad actor is able to gain control of Superset's metadata database. Outside of these weaknesses, the latest version of Superset also remediates a separate improper REST API permission issue ( CVE-2023-36388 ) that allows for low-privilege users to carry out server-side request forgery ( SSRF ) attacks. "Superset by design allows privileged users to connect to arbitrary databases and execute arbitrary SQL queries against those databases using the powerful SQLLab interface," Horizon3.ai's Naveen Sunkavally  said  in a technical write-up. "If Superset can be tricked into connecting to its own metadata database, an attacker can directly read or write application configuration thr

The Hacker News

September 06, 2023

Zero-Day Alert: Latest Android Patch Update Includes Fix for Newly Actively Exploited Flaw Full Text

Abstract Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that it said may have been exploited in the wild. Tracked as  CVE-2023-35674 , the high-severity vulnerability is described as a case of privilege escalation impacting the  Android Framework . "There are indications that CVE-2023-35674 may be under limited, targeted exploitation," the company  said  in its Android Security Bulletin for September 2023 without delving into additional specifics. The update also addresses three other privilege escalation flaws in Framework, with the search giant noting that the most severe of these issues "could lead to local escalation of privilege with no additional execution privileges needed" sans any user interaction. Google said it has further plugged a critical security vulnerability in the System component that could lead to remote code execution without requiring interaction on the part of the victim. "The severity assessment is

The Hacker News

September 6, 2023

Researchers Discover Critical Vulnerability in PHPFusion CMS Full Text

Abstract The authenticated local file inclusion flaw, identified as CVE-2023-2453, allows for remote code execution if an attacker can upload a maliciously crafted ".php" file to a known path on a target system.

Cyware

September 06, 2023

9 Alarming Vulnerabilities Uncovered in SEL’s Power Management Products Full Text

Abstract Nine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories (SEL). "The most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution (RCE) on an engineering workstation," Nozomi Networks  said  in a report published last week. The issues, tracked as CVE-2023-34392 and from CVE-2023-31168 through CVE-2023-31175, have CVSS severity scores ranging from 4.8 to 8.8 and impact SEL-5030 acSELeratorQuickSet and SEL-5037 GridConfigurator, which are used to commission, configure, and monitor the devices. Exploitation of CVE-2023-31171 could be achieved by sending a phishing email that tricks a victim engineer into importing a specially crafted configuration file to achieve arbitrary code execution on the engineering workstation running the SEL software. What's more, the shortcoming can be chained with CVE-2023-31175 to obtain administrative privileges on the target workstation. CVE-202

The Hacker News

September 6, 2023

ASUS Routers are Affected by Three Critical Remote Code Execution Flaws Full Text

Abstract ASUS routers RT-AX55, RT-AX56U_V2, and RT-AC86U are affected by three critical remote code execution vulnerabilities (CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240) that can potentially allow threat actors to take over the devices.

Cyware

September 03, 2023

PoC Exploit Released for Critical VMware Aria’s SSH Auth Bypass Vulnerability Full Text

Abstract Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as  CVE-2023-34039 , is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation. "A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI," VMware said earlier this week. Summoning Team's Sina Kheirkhah, who published the PoC following an analyzing the patch by VMware, said the root cause can be traced back to a bash script containing a method named refresh_ssh_keys(), which is responsible for overwriting the current SSH keys for the support and ubuntu users in the authorized_keys file. "There is SSH authentication in place; however, VMware forgot to regenerate the keys," Kh

The Hacker News

September 1, 2023 – Breach

Data Breach Could Affect More Than 100,000 in Pima County Full Text

Abstract More than 100,000 Pima County residents could be affected by a nationwide data breach that affected the company that handled COVID-19 case investigations and contact tracing here, officials say.

Cyware

August 31, 2023

Netgear Releases Patches for Two High-Severity Vulnerabilities Full Text

Abstract The network hardware giant Netgear has discovered two vulnerabilities affecting one of its router models and its network management software. One of the flaws, tracked as CVE-2023-41183, allows hackers to exploit Netgear’s Orbi 760 routers.

Cyware

August 30, 2023

Hackers Can Exploit Windows Container Isolation Framework to Bypass Endpoint Security Full Text

Abstract New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework. The findings were presented by Deep Instinct security researcher Daniel Avinoam at the  DEF CON security conference  held earlier this month. Microsoft's  container architecture  (and by extension,  Windows Sandbox ) uses what's called a  dynamically generated image  to separate the file system from each container to the host and at the same time avoid duplication of system files. It's nothing but an "operating system image that has clean copies of files that can change, but links to files that cannot change that are in the Windows image that already exists on the host," thereby bringing down the overall size for a full OS. "The result is images that contain 'ghost files,' which store no actual data but point to a different volume on the system,"

The Hacker News

August 30, 2023

Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits Full Text

Abstract Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild, according to multiple reports. The Shadowserver Foundation  said  that it's "seeing exploitation attempts from multiple IPs for Juniper J-Web CVE-2023-36844 (& friends) targeting /webauth_operation.php endpoint," the same day a proof-of-concept (PoC) became available. The  issues , tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847, reside in the J-Web component of Junos OS on Juniper SRX and EX Series. They could be chained by an unauthenticated, network-based attacker to execute arbitrary code on susceptible installations. Patches for the flaw were released on August 17, 2023, a week after which watchTowr Labs published a proof-of-concept (PoC) by combining CVE-2023-36846 and CVE-2023-36845 to execute a PHP file containing malicious shellcode. Currently, there are  more than 8,200 Junip

The Hacker News

August 30, 2023

Critical Vulnerability Alert: VMware Aria Operations Networks at Risk from Remote Attacks Full Text

Abstract VMware has released software updates to correct two security vulnerabilities in Aria Operations for Networks that could be potentially exploited to bypass authentication and gain remote code execution. The most severe of the flaws is CVE-2023-34039 (CVSS score: 9.8), which relates to a case of authentication bypass arising as a result of a lack of unique cryptographic key generation. "A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI," the company  said  in an advisory. ProjectDiscovery researchers Harsh Jaiswal and Rahul Maini have been credited with discovering and reporting the issue. The second weakness, CVE-2023-20890 (CVSS score: 7.2), is an arbitrary file write vulnerability impacting Aria Operations for Networks that could be abused by an adversary with administrative access to write files to arbitrary locations and achieve remote code execution. Credited

The Hacker News

August 29, 2023

Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability Full Text

Abstract Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what's suspected to be a ransomware attack. Cybersecurity company Sophos is  tracking  the activity cluster under the moniker  STAC4663 . Attack chains involve the exploitation of  CVE-2023-3519 , a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could facilitate unauthenticated remote code execution. In one intrusion detected in mid-August 2023, the security flaw is said to have been used to conduct a domain-wide attack, including injecting payloads into legitimate executables such as the Windows Update Agent (wuauclt.exe) and the Windows Management Instrumentation Provider Service (wmiprvse.exe). An analysis of the payload is underway. Other notable aspects include the distribution of obfuscated PowerShell scripts, PHP web shells, and the use of an Estonian service called BlueVPS for malware staging. Sophos said the modus operandi

The Hacker News

August 28, 2023

Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege Full Text

Abstract Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. "An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens," Secureworks Counter Threat Unit (CTU)  said  in a technical report published last week. "The threat actor could then call Power Platform API via a middle-tier service and obtain elevated privileges." Following responsible disclosure on April 5, 2023, the issue was addressed by Microsoft via an update released a day later. Secureworks has also made available an  open-source tool  that other organizations can use to scan for abandoned reply URLs. Reply URL , also called redirect URI, refers to the location where the authorization server sends the user once the app has been successfully authorized and grant

The Hacker News

August 28, 2023

PoC for Unauthenticated RCE on Juniper Networks Firewalls Released Full Text

Abstract Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit.

Cyware

August 28, 2023

Exploit released for Juniper firewall bugs allowing RCE attacks Full Text

Abstract Proof-of-concept exploit code has been publicly released for vulnerabilities in Juniper SRX firewalls that, when chained, can allow unauthenticated attackers to gain remote code execution in Juniper's JunOS on unpatched devices.

BleepingComputer

August 25, 2023

Cisco NX-OS Software TACACS+ or RADIUS Remote Authentication Directed Request Denial of Service Vulnerability Full Text

Abstract This vulnerability can only be exploited over Telnet, which is disabled by default, or over the console management connection. This vulnerability cannot be exploited over SSH connections to the device.

Cyware

August 25, 2023

Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches Full Text

Abstract The U.S. Federal Bureau of Investigation (FBI) is warning that Barracuda Networks Email Security Gateway (ESG) appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups. It also  deemed  the fixes as "ineffective" and that it "continues to observe active intrusions and considers all affected Barracuda ESG appliances to be compromised and vulnerable to this exploit." Tracked as  CVE-2023-2868  (CVSS score: 9.8), the zero-day bug is said to have been weaponized as early as October 2022, more than seven months before the security hole was plugged. Google-owned Mandiant is tracking the China-nexus activity cluster under the name  UNC4841 . The remote command injection vulnerability, impacting versions 5.1.3.001 through 9.2.0.006, allows for unauthorized execution of system commands with administrator privileges on the ESG product. In the attacks observed so far, a successful b

The Hacker News

August 24, 2023

Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035 Full Text

Abstract Proof-of-concept exploit code for critical Ivanti Sentry authentication bypass flaw CVE-2023-38035 has been released. Researchers released a proof-of-concept (PoC) exploit code for critical Ivanti Sentry authentication bypass vulnerability CVE-2023-38035...

Security Affairs

August 24, 2023

More than 3,000 Openfire servers exposed to attacks using a new exploit Full Text

Abstract Researchers warn that more than 3,000 unpatched Openfire servers are exposed to attacks using an exploit for a recent flaw. Vulncheck researchers discovered more than 3,000 Openfire servers vulnerable to the CVE-2023-32315 flaw that are exposed to attacks...

Security Affairs

August 24, 2023

Bugs in NVIDIA Graphics Driver Leads to Memory Corruption Full Text

Abstract An attacker could exploit these vulnerabilities from guest machines running virtualization environments to perform a guest-to-host escape, as we’ve illustrated with previous vulnerabilities in NVIDIA graphics drivers.

Cyware

August 24, 2023

Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw Full Text

Abstract Thousands of  Openfire XMPP servers  are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a  new report  from VulnCheck. Tracked as  CVE-2023-32315  (CVSS score: 7.5), the vulnerability relates to a path traversal vulnerability in Openfire's administrative console that could permit an unauthenticated attacker to access otherwise restricted pages reserved for privileged users. It affects all versions of the software released since April 2015, starting with version 3.10.0. It was remediated by its developer, Ignite Realtime, earlier this May with the release of versions 4.6.8, 4.7.5, and 4.8.0. "Path traversal protections were already in place to protect against exactly this kind of attack, but didn't defend against certain non-standard URL encoding for UTF-16 characters that were not supported by the embedded web server that was in use at the time," the maintainers  said  in a detailed advisory. "A

The Hacker News

August 23, 2023

3,000 Openfire Servers Exposed to Attacks Targeting Recent Vulnerability Full Text

Abstract Tracked as CVE-2023-32315, the high-severity flaw was discovered in Openfire’s administration console and is described as a path traversal bug via the setup environment that allows unauthenticated attackers to access restricted pages.

Cyware

August 23, 2023

TP-Link Tapo L530E smart bulb flaws allow hackers to steal user passwords Full Text

Abstract Four vulnerabilities in the TP-Link Tapo L530E smart bulb and impacting the mobile app used to control them expose users to hack. Researchers from the University of Catania (Italy) and the University of London (UK) have discovered four vulnerabilities...

Security Affairs

August 23, 2023

First Weekly Chrome Security Update Patches High-Severity Vulnerabilities Full Text

Abstract Google this week announced a Chrome 116 security update that patches five memory safety vulnerabilities reported by external researchers, including four issues rated ‘high severity’.

Cyware

August 22, 2023

Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software Full Text

Abstract Software services provider Ivanti is  warning  of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as  CVE-2023-38035  (CVSS score: 9.8), the issue has been described as a case of authentication bypass impacting versions 9.18 and prior due to what it called an due to an insufficiently restrictive Apache HTTPD configuration. "If exploited, this vulnerability enables an unauthenticated actor to access some sensitive APIs that are used to configure the Ivanti Sentry on the administrator portal (port 8443, commonly MICS)," the company  said . "While the issue has a high CVSS score, there is a low risk of exploitation for customers who do not expose port 8443 to the internet." Successful exploitation of the bug could allow an attacker to change configuration, run system commands, or write files onto the system. It's recommen

The Hacker News

August 22, 2023

Critical Adobe ColdFusion Flaw Added to CISA’s Exploited Vulnerability Catalog Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  added  a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability, cataloged as  CVE-2023-26359  (CVSS score: 9.8), relates to a deserialization flaw present in Adobe ColdFusion 2018 (Update 15 and earlier) and ColdFusion 2021 (Update 5 and earlier) that could result in arbitrary code execution in the context of the current user without requiring any interaction. Deserialization  (aka unmarshaling) refers to the process of reconstructing a data structure or an object from a byte stream. But when it's performed without validating its source or sanitizing its contents, it can lead to  unexpected consequences  such as code execution or denial-of-service (DoS). It was  patched  by Adobe as part of updates issued in March 2023. As of writing, it's immediately not clear how the flaw is being  abused in the wil

The Hacker News

August 22, 2023

Ivanti fixed a new critical Sentry API authentication bypass flaw Full Text

Abstract Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035. The software company Ivanti released urgent security patches to address a critical-severity vulnerability, tracked as CVE-2023-38035...

Security Affairs

August 21, 2023

New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC Full Text

Abstract A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Tracked as  CVE-2023-40477  (CVSS score: 7.8), the vulnerability has been described as a case of improper validation while processing recovery volumes. "The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer," the Zero Day Initiative (ZDI)  said  in an advisory. "An attacker can leverage this vulnerability to execute code in the context of the current process." Successful exploitation of the flaw requires user interaction in that the target must be lured into visiting a malicious page or by simply opening a booby-trapped archive file. A security researcher, who goes by the alias goodbyeselene, has been credited with discovering and reporting the flaw on June 8, 2023. The issue has been address

The Hacker News

August 21, 2023

Spoofing an Apple device and tricking users into sharing sensitive data Full Text

Abstract White hat hackers at the recent hacking conference Def Con demonstrated how to spoof an Apple device and trick users into sharing their sensitive data. At the recent Def Con hacking conference, white hat hackers demonstrated how to spoof an Apple...

Security Affairs

August 20, 2023

Four Juniper Junos OS flaws can be chained to remotely hack devices Full Text

Abstract Juniper Networks addressed multiple flaws in the J-Web component of Junos OS that could be chained to achieve remote code execution. Juniper Networks has released an "out-of-cycle" security update to address four vulnerabilities in the J-Web component...

Security Affairs

August 19, 2023

New Juniper Junos OS Flaws Expose Devices to Remote Attacks - Patch Now Full Text

Abstract Networking hardware company Juniper Networks has released an "out-of-cycle" security update to address multiple flaws in the J-Web component of Junos OS that could be combined to achieve remote code execution on susceptible installations. The four vulnerabilities have a cumulative CVSS rating of 9.8, making them Critical in severity. They affect all versions of Junos OS on SRX and EX Series. "By chaining exploitation of these vulnerabilities, an unauthenticated, network-based attacker may be able to remotely execute code on the devices," the company  said  in an advisory released on August 17, 2023. The J-Web interface allows users to configure, manage, and monitor Junos OS devices. A brief description of the flaws is as follows - CVE-2023-36844  and  CVE-2023-36845  (CVSS scores: 5.3) - Two PHP external variable modification vulnerabilities in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to

The Hacker News

August 19, 2023

Update: Companies Respond to ‘Downfall’ Intel CPU Vulnerability Full Text

Abstract AWS said its customers’ data and cloud instances are not affected by Downfall and no action is required. The cloud giant did note that it has “designed and implemented its infrastructure with protections against this class of issues”.

Cyware

August 18, 2023

WinRAR flaw enables remote code execution of arbitrary code Full Text

Abstract A flaw impacting the file archiver utility for Windows WinRAR can allow the execution of commands on a computer by opening an archive. WinRAR is a popular file compression and archival utility for Windows operating systems. The utility is affected...

Security Affairs

August 17, 2023

New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities Full Text

Abstract A new, financially motivated operation dubbed  LABRAT  has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign. "The attacker utilized undetected signature-based tools, sophisticated and stealthy cross-platform malware, command-and-control (C2) tools which bypassed firewalls, and kernel-based rootkits to hide their presence," Sysdig  said  in a report shared with The Hacker News. "Furthermore, the attacker abused a legitimate service,  TryCloudflare , to obfuscate their C2 network." Proxyjacking  allows the attacker to rent the compromised host out to a proxy network, making it possible to monetize the unused bandwidth. Cryptojacking, on the other hand, refers to the abuse of the system resources to mine cryptocurrency. A notable aspect of the campaign is the use of compiled binaries written in Go and .NET to fly under the radar, with LABRAT also providing backdoor access to the infected systems.

The Hacker News

August 17, 2023

NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security Full Text

Abstract A previously undetected attack method called  NoFilter  has been found to abuse the Windows Filtering Platform ( WFP ) to achieve privilege escalation in the Windows operating system. "If an attacker has the ability to execute code with admin privilege and the target is to perform  LSASS Shtinkering , these privileges are not enough," Ron Ben Yizhak, a security researcher at Deep Instinct, told The Hacker News. "Running as "NT AUTHORITY\SYSTEM" is required. The techniques described in this research can escalate from admin to SYSTEM." The  findings  were presented at the DEF CON security conference over the weekend. The starting point of the  research  is an in-house tool called RPC Mapper the cybersecurity company used to map remote procedure call ( RPC ) methods, specifically those that invoke  WinAPI , leading to the discovery of a method named "BfeRpcOpenToken," which is part of WFP. WFP is a  set of API and system services  that's

The Hacker News

August 17, 2023

New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode Full Text

Abstract Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and main access to an Apple device even when the victim believes it is offline. The method "tricks the victim into thinking their device's Airplane Mode works when in reality the attacker (following successful device exploit) has planted an artificial Airplane Mode which edits the UI to display Airplane Mode icon and cuts internet connection to all apps except the attacker application," Jamf Threat Labs researchers Hu Ke and Nir Avraham said in a report shared with The Hacker News. Airplane Mode , as the name implies, allows users to turn off wireless features in their devices, effectively preventing them from connecting to Wi-Fi networks, cellular data, and Bluetooth as well as sending or receiving calls and text messages. The approach devised by Jamf, in a nutshell, provides an illusion to the user that the Airplane Mode is on

The Hacker News

August 17, 2023

Experts devise an exploit for Apple iOS 16 that relies on fake Airplane Mode Full Text

Abstract Researchers detailed a new exploit for Apple iOS 16 that can allow attackers to gain access to a device even when the victim believes it is in Airplane Mode. Jamf Threat Labs researchers developed a post-exploit persistence technique on iOS 16 that...

Security Affairs

August 16, 2023

Chrome 116 Patches 26 Vulnerabilities Full Text

Abstract Google on Tuesday announced the release of Chrome 116 to the stable channel with patches for 26 vulnerabilities, including 21 reported by external researchers. Of the externally reported bugs, eight have a severity rating of ‘high.’

Cyware

August 16, 2023

Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks Full Text

Abstract Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry's users. "These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package," Aqua security researchers Mor Weinberger, Yakir Kadkoda, and Ilay Goldman said in a report shared with The Hacker News. Maintained by Microsoft,  PowerShell Gallery  is a  central repository  for sharing and acquiring PowerShell code, including PowerShell modules, scripts, and Desired State Configuration (DSC) resources. The registry boasts 11,829 unique packages and 244,615 packages in total. The issues identified by the cloud security firm have to do with the service's lax policy surrounding package names, lacking protections against typosquatting attacks, as a result enabling attackers to upload malicious PowerShell modules that appear genuine to unsuspecting users

The Hacker News

August 16, 2023

Two unauthenticated stack buffer overflows found in Ivanti Avalanche EMM Full Text

Abstract Ivanti Avalanche EMM product is impacted by two buffer overflows collectively tracked as CVE-2023-32560. Tenable researchers discovered two stack-based buffer overflows, collectively tracked as CVE-2023-32560 (CVSS v3: 9.8), impacting the Ivanti...

Security Affairs

August 16, 2023

Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations Full Text

Abstract Multiple critical security flaws have been reported in  Ivanti Avalanche , an enterprise mobile device management solution that's used by 30,000 organizations. The vulnerabilities, collectively tracked as  CVE-2023-32560  (CVSS score: 9.8), are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0. Cybersecurity company Tenable  said  the shortcomings are the result of buffer overflows arising as a consequence of processing specific data types. An unauthenticated remote attacker can specify a long hex string or long type 9 item to overflow the buffer, it noted. Successful exploitation of both issues could be exploited by a remote adversary to achieve code execution or a system crash. Stack-based buffer overflow vulnerabilities  occur when  the buffer being overwritten is in the stack, leading to a scenario where program execution can be altered to run arbitrary code with elevated privileges. Ivanti has released  Avalanche version 6.4.1  to remediate the

The Hacker News

August 15, 2023

Multiple Flaws Found in ScrutisWeb Software Exposes ATMs to Remote Hacking Full Text

Abstract Four security vulnerabilities in the ScrutisWeb ATM fleet monitoring software made by Iagona could be exploited to remotely break into ATMs, upload arbitrary files, and even reboot the terminals. The shortcomings were  discovered  by the Synack Red Team (SRT) following a client engagement. The issues have been addressed in ScrutisWeb version 2.1.38. "Successful exploitation of these vulnerabilities could allow an attacker to upload and execute arbitrary files," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said  in an advisory published last month. ScrutisWeb  is a web browser-based solution for monitoring banking and retail ATM fleets, including gleaning information system status, detecting low paper alerts, shutting down or restarting a terminal, and remotely modifying data. Details of the four flaws are as follows - CVE-2023-33871  (CVSS score: 7.5) - A directory traversal vulnerability that could allow an unauthenticated user to directly access

The Hacker News

August 15, 2023

Hacking ATMs by exploiting flaws in ScrutisWeb ATM fleet software Full Text

Abstract Researchers found several flaws in the ScrutisWeb ATM fleet monitoring software that can expose ATMs to hack.  Researchers from the Synack Red Team found multi flaws (CVE-2023-33871, CVE-2023-38257, CVE-2023-35763 and CVE-2023-35189) in the ScrutisWeb...

Security Affairs

August 14, 2023

Ford Says Wi-Fi Vulnerability Not a Safety Risk to Vehicles Full Text

Abstract The issue is described as a buffer overflow that could lead to remote code execution. An attacker within the wireless range of an impacted device can trigger the flaw using a specially crafted frame.

Cyware

August 14, 2023

Nine Flaws in CyberPower and Dataprobe Solutions Expose Data Centers to Hacking Full Text

Abstract Researchers from Trellix Advanced Research Center discovered multiple vulnerabilities impacting CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU).

Cyware

August 14, 2023

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability Full Text

Abstract E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed  Xurum  by Akamai, leverage a now-patched critical security flaw ( CVE-2022-24086 , CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution. "The attacker seems to be interested in payment stats from the orders in the victim's Magento store placed in the past 10 days," Akamai researchers  said  in an analysis published last week, attributing the campaign to actors of Russian origin. Some of the websites have also been observed to be infected with simple JavaScript-based skimmers that's designed to collect credit card information and transmit it to a remote server. The exact scale of the campaign remains unclear. In the attack chains observed by the company, CVE-2022-24086 is weaponized for initial access, subsequently exploiting

The Hacker News

August 14, 2023

Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking Full Text

Abstract Several vulnerabilities in the ScrutisWeb ATM could be exploited to remotely hack ATMs. The security holes were discovered by Synack Red Team members and they were patched by the vendor in July 2023 with the release of ScrutisWeb version 2.1.38.

Cyware

August 14, 2023

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) Full Text

Abstract Multiple flaws in AudioCodes desk phones and Zoom's Zero Touch Provisioning (ZTP) can expose to several attacks. Researchers from security firm SySS discovered multiple vulnerabilities in AudioCodes desk phones and Zoom's Zero Touch Provisioning (ZTP)...

Security Affairs

August 14, 2023

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking Full Text

Abstract Multiple vulnerabilities in CyberPower PowerPanel Enterprise DCIM platform and Dataprobe PDU could expose data centers to hacking. Researchers from Trellix Advanced Research Center discovered multiple vulnerabilities impacting CyberPower's PowerPanel...

Security Affairs

August 13, 2023

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS Full Text

Abstract 16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. Microsoft Threat Intelligence researchers discovered 16 high-severity vulnerabilities, collectively tracked as CoDe16,...

Security Affairs

August 12, 2023

Multiple Flaws in CyberPower and Dataprobe Products Put Data Centers at Risk Full Text

Abstract Multiple security vulnerabilities impacting CyberPower's PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe's iBoot Power Distribution Unit (PDU) could be potentially exploited to gain unauthenticated access to these systems and inflict catastrophic damage in target environments. The nine vulnerabilities, from CVE-2023-3259 through CVE-2023-3267, carry severity scores ranging from 6.7 to 9.8, enabling threat actors to shut down entire data centers and compromise data center deployments to steal data or launch massive attacks at a massive scale. "An attacker could chain these vulnerabilities together to gain full access to these systems," Trellix security researchers Sam Quinn, Jesse Chick, and Philippe Laulheret  said  in a report shared with The Hacker News. "Furthermore, both products are vulnerable to remote code injection that could be leveraged to create a backdoor or an entry point to the broader network of connect

The Hacker News

August 12, 2023

Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping Full Text

Abstract Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom's Zero Touch Provisioning ( ZTP ) that could be potentially exploited by a malicious attacker to conduct remote attacks. "An external attacker who leverages the vulnerabilities discovered in AudioCodes Ltd.'s desk phones and Zoom's Zero Touch Provisioning feature can gain full remote control of the devices," SySS security researcher Moritz Abrell  said  in an analysis published Friday. The unfettered access could then be weaponized to eavesdrop on rooms or phone calls, pivot through the devices and attack corporate networks, and even build a botnet of infected devices. The research was  presented  at the Black Hat USA security conference earlier this week. The problems are rooted in Zoom's ZTP, which allows IT administrators to configure VoIP devices in a centralized manner such that it makes it easy for organizations to monitor, troubleshoot and update the devices as

The Hacker News

August 12, 2023

New Python URL Parsing Flaw Could Enable Command Execution Attacks Full Text

Abstract A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution. "urlparse has a parsing problem when the entire URL starts with blank characters," the CERT Coordination Center (CERT/CC) said in a Friday advisory. "This problem affects both the parsing of hostname and scheme, and eventually causes any blocklisting methods to fail." The flaw has been assigned the identifier  CVE-2023-24329  and carries a CVSS score of 7.5. Security researcher Yebo Cao has been credited with discovering and reporting the issue in August 2022. It has been addressed in the following versions - >= 3.12 3.11.x >= 3.11.4 3.10.x >= 3.10.12 3.9.x >= 3.9.17 3.8.x >= 3.8.17, and  3.7.x >= 3.7.17 urllib.parse  is a widely used parsing function that makes it possible to break dow

The Hacker News

August 12, 2023

Python URL parsing function flaw can enable command execution Full Text

Abstract A severe vulnerability in the Python URL parsing function can be exploited to gain arbitrary file reads and command execution. Researchers warn of a high-severity security vulnerability, tracked as CVE-2023-24329 (CVSS score of 7.5), has been disclosed...

Security Affairs

August 11, 2023

16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks Full Text

Abstract A set of 16 high-severity security flaws have been disclosed in the  CODESYS V3  software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments. The flaws, tracked from CVE-2022-47378 through CVE-2022-47393 and dubbed  CoDe16 , carry a CVSS score of 8.8 with the exception of CVE-2022-47391, which has a severity rating of 7.5. Twelve of the flaws are buffer overflow vulnerabilities. "Exploitation of the discovered vulnerabilities, which affect all versions of CODESYS V3 prior to version 3.5.19.0, could put operational technology (OT) infrastructure at risk of attacks, such as remote code execution (RCE) and denial-of-service (DoS)," Vladimir Tokarev of the Microsoft Threat Intelligence Community  said  in a report. While a successful weaponization of the flaws requires user authentication as well as an in-depth knowledge of the proprietary protocol of CODESY

The Hacker News

August 10, 2023

Fourty Vulnerabilities Patched in Android With August 2023 Security Updates Full Text

Abstract “Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible,” Google noted in its security bulletin.

Cyware

August 10, 2023

Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization Full Text

Abstract Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality to achieve their objective. The attacker group Nobelium, linked with the SolarWinds attacks, has been documented using native functionality like the creation of Federated Trusts  [1]  to enable persistent access to a Microsoft tenant. This article demonstrates an additional native functionality that when leveraged by an attacker enables persistent access to a Microsoft cloud tenant and lateral movement capabilities to another tenant. This attack vector enables an attacker operating in a compromised tenant to abuse a misconfigured Cross-Tenant Synchronization (CTS) configuration and gain access to other connected tenants or deploy a rogue CTS configuration to maintain persistence within the te

The Hacker News

August 10, 2023

Adobe Patches 30 Acrobat, Reader Vulnerabilities on Patch Tuesday Full Text

Abstract Adobe on Tuesday rolled out a big batch of security updates for its flagship Acrobat and Reader software, patching at least 30 vulnerabilities affecting Windows and macOS installations.

Cyware

August 10, 2023

Encryption Flaws in Popular Chinese Language App Put Users’ Typed Data at Risk Full Text

Abstract A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users. The findings from the University of Toronto's Citizen Lab, which carried out an analysis of the encryption mechanism used in Tencent's Sogou Input Method , an app that has over 455 million monthly active users across Windows, Android, and iOS. The vulnerabilities are rooted in EncryptWall, the service's custom encryption system, allowing network eavesdroppers to extract the textual content and access sensitive data. "The Windows and Android versions of Sogou Input Method contain vulnerabilities in this encryption system, including a vulnerability to a CBC  padding oracle attack , which allow network eavesdroppers to recover the plaintext of encrypted network transmissions, revealing sensitive information including what users have typed," the researchers  said . CBC, s

The Hacker News

August 09, 2023

Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs Full Text

Abstract Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from modern CPUs. Called  Collide+Power  ( CVE-2023-20583 ),  Downfall  ( CVE-2022-40982 ), and  Inception  ( CVE-2023-20569 ), the novel methods follow the disclosure of another newly discovered security vulnerability affecting AMD's Zen 2 architecture-based processors known as  Zenbleed  (CVE-2023-20593). "Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers,"  Daniel Moghimi , senior research scientist at Google,  said . "This vulnerability [...] enables a user to access and steal data from other users who share the same computer." In a hypothetical attack scenario, a malicious app installed on a device could weaponize the method to steal sensitive information like passwords and encryption keys, effectively undermining Intel's Software Guard eXtensions ( SGX

The Hacker News

August 9, 2023

Downfall Intel CPU side-channel attack exposes sensitive data Full Text

Abstract Google researcher Daniel Moghimi devised a new side-channel attack technique, named Downfall, against Intel CPU. Google researcher Daniel Moghimi devised a new side-channel attack technique Intel CPU, named Downfall, that relies on a flaw tracked...

Security Affairs

August 09, 2023

Microsoft Releases Patches for 74 New Vulnerabilities in August Update Full Text

Abstract Microsoft has patched a total of  74 flaws  in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical, 67 Important, and one Moderate severity vulnerabilities. Released along with the security improvements are two defense-in-depth updates for Microsoft Office ( ADV230003 ) and the Memory Integrity System Readiness Scan Tool ( ADV230004 ). The updates are also in addition to 30 issues addressed by Microsoft in its Chromium-based Edge browser since last month's Patch Tuesday edition and one side-channel flaw impacting certain processor models offered by AMD ( CVE-2023-20569  or  Inception ). ADV230003 concerns an already known security flaw tracked as  CVE-2023-36884 , a remote code execution vulnerability in Office and Windows HTML that has been actively exploited by the Russia-linked RomCom threat actor in attacks targeting Ukraine as well as pro-Ukr

The Hacker News

August 8, 2023

Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws Full Text

Abstract Microsoft Patch Tuesday security updates for August 2023 addressed 74 vulnerabilities, including two actively exploited flaws. Microsoft Patch Tuesday security updates for August 2023 addressed 74 new vulnerabilities in multiple products including...

Security Affairs

August 8, 2023

43 Android apps in Google Play with 2.5M installs loaded ads when a phone screen was off Full Text

Abstract Experts found 43 Android apps in Google Play with 2.5 million installs that displayed advertisements while a phone's screen was off. Recently, researchers from McAfee’s Mobile Research Team discovered 43 Android apps in Google Play with 2.5 million...

Security Affairs

August 6, 2023

Microsoft fixed a flaw in Power Platform after being criticized Full Text

Abstract Microsoft announced it has addressed a critical flaw in its Power Platform after it was criticized for the delay in fixing the issue. Microsoft this week addressed a critical vulnerability in its Power Platform, after it was criticized for the delay...

Security Affairs

August 5, 2023

CISA, Five Eyes cyber advisory lists common vulnerabilities among 2022’s top exploits Full Text

Abstract This guidance is the latest released by the Five Eyes organization, which consists of government cybersecurity organizations from the U.S., New Zealand, the U.K., Australia and Canada.

Cyware

August 05, 2023

Microsoft Addresses Critical Power Platform Flaw After Delays and Criticism Full Text

Abstract Microsoft on Friday disclosed that it has addressed a critical security flaw impacting Power Platform , but not before it came under criticism for its failure to swiftly act on it. "The vulnerability could lead to unauthorized access to Custom Code functions used for Power Platform custom connectors," the tech giant  said . "The potential impact could be unintended information disclosure if secrets or other sensitive information were embedded in the Custom Code function." The company further noted that no customer action is required and that it found no evidence of active exploitation of the vulnerability in the wild. Tenable, which initially discovered and reported the shortcoming to Redmond on March 30, 2023,  said  the problem could enable limited, unauthorized access to cross-tenant applications and sensitive data. The cybersecurity firm said the flaw arises as a result of insufficient access control to Azure Function hosts, leading to a scenario where a t

The Hacker News

August 05, 2023

Researchers Uncover New High-Severity Vulnerability in PaperCut Software Full Text

Abstract Cybersecurity researchers have discovered a new high-severity security flaw in PaperCut print management software for Windows that could result in remote code execution under specific circumstances. Tracked as  CVE-2023-39143  (CVSS score: 8.4), the flaw impacts PaperCut NG/MF prior to version 22.1.3. It has been described as a combination of a path traversal and file upload vulnerability. "CVE-2023-39143 enables unauthenticated attackers to potentially read, delete, and upload arbitrary files to the PaperCut MF/NG application server, resulting in remote code execution in certain configurations," Horizon3.ai's Naveen Sunkavally  said . The cybersecurity firm said that file upload leading to remote code execution is possible when the external device integration setting is enabled, which is on by default in some installations of PaperCut. Earlier this April, another remote code execution vulnerability in the same product (CVE-2023-27350, CVSS score: 9.8) and an infor

The Hacker News

August 5, 2023

New PaperCut flaw in print management software exposes servers to RCE attacks Full Text

Abstract Researchers discovered a vulnerability in PaperCut NG/MF print management software that can lead to remote code execution. Cybersecurity researchers at Horizon3 discovered a high-severity vulnerability, tracked as CVE-2023-39143 (CVSS score: 8.4),...

Security Affairs

August 3, 2023

Google Chrome 115 Update Patches V8 JavaScript and WebAssembly Engine Vulnerabilities Full Text

Abstract The browser update resolves three high-severity type confusion bugs in the V8 JavaScript and WebAssembly engine that earned the reporting researchers over $60,000 in bug bounties, Google notes in its advisory.

Cyware

August 3, 2023

Decommissioned medical infusion pumps sold on secondary market could reveal Wi-Fi configuration settings Full Text

Abstract Experts warn that decommissioned medical infusion pumps sold via the secondary market could expose Wi-Fi configuration settings. The sale of decommissioned medical infusion pumps through the secondary market may lead to the potential exposure of Wi-Fi...

Security Affairs

August 3, 2023

Rapid7 found a bypass for the recently patched actively exploited Ivanti EPMM bug Full Text

Abstract Researchers discovered a bypass for a recently fixed actively exploited vulnerability in Ivanti Endpoint Manager Mobile (EPMM). Rapid7 cybersecurity researchers have discovered a bypass for the recently patched actively exploited vulnerability in Ivanti...

Security Affairs

August 03, 2023

Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability Full Text

Abstract Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile (EPMM), prompting Ivanti to urge users to update to the latest version of the software. Tracked as  CVE-2023-35082  (CVSS score: 10.0) and discovered by Rapid7, the issue "allows unauthenticated attackers to access the API in older unsupported versions of MobileIron Core (11.2 and below)." "If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users' personally identifiable information and make limited changes to the server," Ivanti  said  in an advisory released on August 2, 2023. Rapid7 security researcher Stephen Fewer  said , "CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application's security filter chain." With the latest disclosure, Ivanti has

The Hacker News

August 2, 2023

Firefox Fixes a Flurry of Flaws in the First of Two Releases This Month Full Text

Abstract Mozilla has released a new version of Firefox, marking the first of two upgrades for the month. The patched flaws are tracked as CVE-2023-4045, CVE-2023-4047, CVE-2023-4048, CVE-2023-4050, CVE-2023-4051, CVE-2023-4057, and CVE-2023-4058.

Cyware

August 02, 2023

Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan Full Text

Abstract Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments "The SSM agent, a legitimate tool used by admins to manage their instances, can be re-purposed by an attacker who has achieved high privilege access on an endpoint with SSM agent installed, to carry out malicious activities on an ongoing basis," Mitiga researchers Ariel Szarf and Or Aspir  said  in a report shared with The Hacker News. "This allows an attacker who has compromised a machine, hosted on AWS or anywhere else, to maintain access to it and perform various malicious activities." SSM Agent is a  software  installed on Amazon Elastic Compute Cloud (Amazon EC2) instances that makes it possible for administrators to update, manage, and configure their AWS resources through a unified interface. The advantages of using an SSM Agent

The Hacker News

August 1, 2023

Stremio Vulnerability Exposes Millions to Attack Full Text

Abstract CyFox researchers have discovered a DLL planting/hijacking vulnerability in popular media center application Stremio, which could be exploited by attackers to execute code on the victim’s system, steal information, and more.

Cyware

August 1, 2023

Be aware of exposure of sensitive data on Wi-Fi settings for Canon inkjet printers Full Text

Abstract Canon warns that sensitive data on the Wi-Fi connection settings stored in the memories of inkjet printers may not be deleted during initialization. Canon warns that sensitive information on the Wi-Fi connection settings stored in the memories of home...

Security Affairs

July 31, 2023

Three flaws in Ninja Forms plugin for WordPress impact 900K sites Full Text

Abstract Experts warn of vulnerabilities impacting the Ninja Forms plugin for WordPress that could be exploited for escalating privileges and data theft. The Ninja Forms plugin for WordPress is affected by multiple vulnerabilities (tracked as CVE-2023-37979,...

Security Affairs

July 31, 2023

Experts warn attackers started exploiting Citrix ShareFile RCE flaw CVE-2023-24489 Full Text

Abstract Researchers warn that threat actors started exploiting Citrix ShareFile RCE vulnerability CVE-2023-24489 in the wild. Citrix ShareFile is a widely used cloud-based file-sharing application, which is affected by the critical remote code execution (RCE)...

Security Affairs

July 31, 2023

Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable Full Text

Abstract Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data. The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, Patchstack  said  in a report last week. Ninja Forms is installed on over 800,000 sites. A brief description of each of the vulnerabilities is below - CVE-2023-37979  (CVSS score: 7.1) - A POST-based reflected cross-site scripting (XSS) flaw that could allow any unauthenticated user to achieve privilege escalation on a target WordPress site by tricking privileged users to visit a specially crafted website. CVE-2023-38386  and  CVE-2023-38393  - Broken access control flaws in the form submissions export feature that could enable a bad actor with Subscriber and Contributor roles to export all Ninja Forms submissions on a WordPress site. Users of the plugin are recommended to update to version

The Hacker News

July 30, 2023

New flaw in Ivanti Endpoint Manager Mobile actively exploited in the wild Full Text

Abstract Software firm Ivanti disclosed another security vulnerability impacting Endpoint Manager Mobile (EPMM), that it said actively exploited. Ivanti disclosed a new security vulnerability impacting Endpoint Manager Mobile (EPMM), tracked as CVE-2023-35081 (CVSS...

Security Affairs

July 29, 2023

Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins Full Text

Abstract The vulnerability, tracked as CVE-2023-24489 (CVSS score of 9.1), was the result of errors leading to unauthenticated file upload, which could then be exploited to obtain RCE, says security firm Assetnote, which identified and reported the bug.

Cyware

July 29, 2023

Weintek Weincloud Vulnerabilities Allowed Manipulation, Damaging of ICS Devices Full Text

Abstract Several vulnerabilities discovered by a researcher from industrial cybersecurity firm TXOne Networks in a Weintek product could have been exploited to manipulate and damage industrial control systems (ICS).

Cyware

July 29, 2023

Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack Full Text

Abstract Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as  CVE-2023-35081  (CVSS score: 7.8), impacts supported versions 11.10, 11.9, and 11.8, as well as those that are currently end-of-life (EoL). "CVE-2023-35081 enables an authenticated administrator to perform arbitrary file writes to the EPMM server," the company  said  in an advisory. "This vulnerability can be used in conjunction with  CVE-2023-35078 , bypassing administrator authentication and ACLs restrictions (if applicable)." A successful exploit could allow a threat actor to write arbitrary files on the appliance, thereby enabling the malicious party to execute OS commands on the appliance as the tomcat user. "As of now we are only aware of the same limited number of customers impacted by CVE-2023-35078

The Hacker News

July 28, 2023

Innovative Attack Methodology Leverages the “search-ms” URI Protocol Handler Full Text

Abstract A legitimate Windows search feature could be exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.

Cyware

July 28, 2023

Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required Full Text

Abstract Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an "extremely severe" flaw that could result in pre-authenticated remote code execution on affected installations. Tracked as CVE-2023-38646 , the issue impacts open-source editions prior to 0.46.6.1 and Metabase Enterprise versions before 1.46.6.1. "An unauthenticated attacker can run arbitrary commands with the same privileges as the Metabase server on the server you are running Metabase on," Metabase said in an advisory released last week. The issue has also been addressed in the following older versions - 0.45.4.1 and 1.45.4.1 0.44.7.1 and 1.44.7.1, and 0.43.7.2 and 1.43.7.2 While there is no evidence that the issue has been exploited in the wild, data gathered by the Shadowserver Foundation shows that 5,488 out of the total 6,936 Metabase instances are vulnerable as of July 26, 202

The Hacker News

July 27, 2023

GameOver(lay): Two Severe Linux Vulnerabilities Impact 40% of Ubuntu Users Full Text

Abstract Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a  report  shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users. "The impacted Ubuntu versions are prevalent in the cloud as they serve as the default operating systems for multiple [cloud service providers]," security researchers Sagi Tzadik and Shir Tamari said. The  vulnerabilities  – tracked as CVE-2023-32629 and 2023-2640 (CVSS scores: 7.8) and dubbed  GameOver(lay)  – are present in a module called  OverlayFS  and arise as a result of inadequate permissions checks in certain scenarios, enabling a local attacker to gain elevated privileges. Overlay Filesystem refers to a union mount file system that makes it possible to combine multiple directory trees or file systems into a single, unified filesystem. A brief descrip

The Hacker News

July 27, 2023

Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS Full Text

Abstract Zimbra addressed a zero-day vulnerability exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers. Two weeks ago Zimbra urged customers to manually install updates to fix a zero-day vulnerability, now tracked as CVE-2023-38750,...

Security Affairs

July 26, 2023

Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw Full Text

Abstract Experts warn of a severe privilege escalation, tracked as CVE-2023-30799, in MikroTik RouterOS that can be exploited to hack vulnerable devices. VulnCheck researchers warn of a critical vulnerability, tracked as CVE-2023-30799 (CVSS score:...

Security Affairs

July 26, 2023

Critical MikroTik RouterOS Vulnerability Exposes Over Half a Million Devices to Hacking Full Text

Abstract A severe privilege escalation issue impacting MikroTik RouterOS could be weaponized by remote malicious actors to execute arbitrary code and seize full control of vulnerable devices. Cataloged as  CVE-2023-30799  (CVSS score: 9.1), the shortcoming is expected to put approximately 500,000 and 900,000 RouterOS systems at risk of exploitation via their web and/or Winbox interfaces, respectively, VulnCheck disclosed in a Tuesday report. "CVE-2023-30799 does require authentication," security researcher Jacob Baines  said . "In fact, the vulnerability itself is a simple privilege escalation from admin to 'super-admin' which results in access to an arbitrary function. Acquiring credentials to RouterOS systems is easier than one might expect." This is because the Mikrotik RouterOS operating system does not offer any protection against password brute-force attacks and ships with a well-known default "admin" user, with its password being an empty string

The Hacker News

July 25, 2023

Atlassian addressed 3 flaws in Confluence and Bamboo products Full Text

Abstract Atlassian addressed three vulnerabilities in its Confluence Server, Data Center, and Bamboo Data Center products that can lead to remote code execution. Atlassian has addressed three critical and high severity vulnerabilities impacting...

Security Affairs

July 25, 2023

VMware addressed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment Full Text

Abstract VMware fixed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment that exposed CF API admin credentials in audit logs. VMware has addressed an information disclosure vulnerability, tracked as CVE-2023-20891...

Security Affairs

July 25, 2023

Apple addressed a new actively exploited zero-day tracked as CVE-2023-38606 Full Text

Abstract Apple released security updates to address an actively exploited zero-day flaw in iOS, iPadOS, macOS, tvOS, watchOS, and Safari. Apple released urgent security updates to address multiple flaws in iOS, iPadOS, macOS, tvOS, watchOS, and Safari, including...

Security Affairs

July 25, 2023

TETRA:BURST — 5 New Vulnerabilities Exposed in Widely Used Radio Communication System Full Text

Abstract A set of five security vulnerabilities have been disclosed in the Terrestrial Trunked Radio ( TETRA ) standard for radio communication used widely by government entities and critical infrastructure sectors, including what's believed to be an intentional backdoor that could have potentially exposed sensitive information. The issues, discovered by Midnight Blue in 2021 and held back until now, have been collectively called  TETRA:BURST . There is no conclusive evidence to determine that the vulnerabilities have been exploited in the wild to date. "Depending on infrastructure and device configurations, these vulnerabilities allow for real time decryption, harvest-now-decrypt-later attacks, message injection, user deanonymization, or session key pinning," the Netherlands-based cybersecurity company  said . Standardized by the European Telecommunications Standards Institute (ETSI) in 1995, TETRA is used in more than 100 countries and as a police radio communication system

The Hacker News

July 25, 2023

Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk Full Text

Abstract A new security vulnerability has been discovered in AMD's Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords. Discovered by Google Project Zero researcher Tavis Ormandy, the flaw – codenamed  Zenbleed  and tracked as  CVE-2023-20593  (CVSS score: 6.5) – allows data exfiltration at the rate of 30 kb per core, per second. The issue is part of a broader category of weaknesses called  speculative execution attacks , in which the optimization technique widely used in modern CPUs is abused to access cryptographic keys from CPU registers. "Under specific microarchitectural circumstances, a register in 'Zen 2' CPUs may not be written to 0 correctly," AMD  explained  in an advisory. "This may cause data from another process and/or thread to be stored in the YMM register , which may allow an attacker to potentially access sensitive information." Web infrastructure company Cloudflare note

The Hacker News

July 25, 2023

Atlassian Releases Patches for Critical Flaws in Confluence and Bamboo Full Text

Abstract Atlassian has  released  updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems. The list of the flaws is below - CVE-2023-22505  (CVSS score: 8.0) - RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 8.3.2 and 8.4.0) CVE-2023-22508  (CVSS score: 8.5) - RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 7.19.8 and 8.2.0) CVE-2023-22506  (CVSS score: 7.5) - Injection, RCE (Remote Code Execution) in Bamboo (Fixed in versions 9.2.3 and 9.3.1) CVE-2023-22505 and CVE-2023-22508 allow an "authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction," the company said. While the first bug was introduced in version 8.0.0, CVE-2023-22508 was introduc

The Hacker News

July 25, 2023

Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation Full Text

Abstract Ivanti is warning users to update their Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core) to the latest version that fixes an actively exploited zero-day vulnerability. Dubbed  CVE-2023-35078 , the issue has been described as a remote unauthenticated API access vulnerability that impacts currently supported version 11.4 releases 11.10, 11.9, and 11.8 as well as older releases. It has the maximum severity rating of 10 on the CVSS scale. "An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication," the company  said  in a terse advisory. "If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users' personally identifiable information and make limited changes to the server." The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said an

The Hacker News

July 25, 2023

Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs Full Text

Abstract Apple has  rolled out security updates  to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild. Tracked as  CVE-2023-38606 , the shortcoming resides in the kernel and permits a malicious app to modify sensitive kernel state potentially. The company said it was addressed with improved state management. "Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1," the tech giant noted in its advisory. It's worth noting that CVE-2023-38606 is the third security vulnerability discovered in connection with  Operation Triangulation , a sophisticated mobile cyber espionage campaign targeting iOS devices since 2019 using a zero-click exploit chain. The other two zero-days,  CVE-2023-32434 and CVE-2023-32435 , were patched by Apple last month. Kaspersky researchers Valentin Pashkov, Mikhail Vinogradov, Georgy Kuc

The Hacker News

July 24, 2023

Atlassian Patches Remote Code Execution Vulnerabilities in Confluence, Bamboo Full Text

Abstract The most severe of these issues, tracked as CVE-2023-22508 (CVSS score of 8.5), was introduced in Confluence version 7.4.0. The second bug, tracked as CVE-2023-22505 (CVSS score of 8.0), was introduced in Confluence version 8.0.0.

Cyware

July 24, 2023

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks Full Text

Abstract Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers  CVE-2023-26077  and  CVE-2023-26078 , with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and June 26, 2023, respectively. "The ability to initiate an operation from a NT AUTHORITY\SYSTEM context can present potential security risks if not properly managed," security researcher Andrew Oliveau  said . "For instance, misconfigured  Custom Actions  running as NT AUTHORITY\SYSTEM can be exploited by attackers to execute local privilege escalation attacks." Successful exploitation of such weaknesses could pave the way for the execution of arbitrary code with elevated privileges. Both the flaws reside in the MSI installer's repair functionality, potentially crea

The Hacker News

July 24, 2023

A flaw in OpenSSH forwarded ssh-agent allows remote code execution Full Text

Abstract A new flaw in OpenSSH could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. Researchers from the Qualys Threat Research Unit (TRU) have discovered a remote code execution vulnerability in OpenSSH’s...

Security Affairs

July 24, 2023

Over 20,000 Citrix Appliances Vulnerable to New Exploit Full Text

Abstract A new exploit technique targeting a recent Citrix Application Delivery Controller (ADC) and Gateway vulnerability can be used against thousands of unpatched devices, cybersecurity firm Bishop Fox claims.

Cyware

July 24, 2023

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection Full Text

Abstract Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys,  said  in an analysis last week. The vulnerability is being tracked under the CVE identifier  CVE-2023-38408  (CVSS score: N/A). It impacts all versions of OpenSSH before  9.3p2 . OpenSSH is a popular connectivity tool for remote login with the SSH protocol that's used for encrypting all traffic to eliminate eavesdropping, connection hijacking, and other attacks. Successful exploitation requires the presence of certain libraries on the victim system and that the SSH authentication agent is  forwarded  to an attacker-controlled system. SSH agent is a  background program  that maintains users' keys

The Hacker News

July 24, 2023

Perimeter81 Vulnerability Disclosed After Botched Disclosure Process Full Text

Abstract Cybersecurity researcher Erhad Husovic published a blog post in late June to disclose the details of a local privilege escalation vulnerability discovered in Perimeter81’s macOS application.

Cyware

July 23, 2023

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519 Full Text

Abstract Researchers reported that more than 15000 Citrix servers exposed online are likely vulnerable to attacks exploiting the vulnerability CVE-2023-3519. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week warned of cyber attacks...

Security Affairs

July 20, 2023

Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks Full Text

Abstract Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware. "These new vulnerabilities range in severity from High to Critical, including unauthenticated remote code execution and unauthorized device access with superuser permissions," Eclypsium researchers Vlad Babkin and Scott Scheferman said in a report shared with The Hacker News. "They can be exploited by remote attackers having access to Redfish remote management interfaces, or from a compromised host operating system." To make matters worse, the shortcomings could also be weaponized to drop persistent firmware implants that are immune to operating system reinstalls and hard drive replacements, brick motherboard components, cause physical damage through overvolting attacks, and induce indefinite reboot loops. "As attackers shift their

The Hacker News

July 20, 2023

Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities Full Text

Abstract Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. "Attackers can bring the application into an unexpected state, which allows them to take over any user account, including the admin account," Sonar vulnerability researcher Stefan Schiller  said  in a report shared with The Hacker News. "The acquired admin privileges can further be leveraged to exploit another vulnerability allowing attackers to execute arbitrary code on the Apache OpenMeetings server." Following responsible disclosure on March 20, 2023, the vulnerabilities were addressed with the release of  Openmeetings version 7.1.0  that was released on May 9, 2023. The list of three flaws is as follows - CVE-2023-28936  (CVSS score: 5.3) - Insufficient check of invitation hash CVE-2023-29032  (CVSS score: 8.1) - An authenti

The Hacker News

July 20, 2023

Adobe out-of-band update addresses an actively exploited ColdFusion zero-day Full Text

Abstract Adobe released an emergency update to address critical vulnerabilities in ColdFusion, including an actively exploited zero-day. Adobe released an out-of-band update to address critical and moderate vulnerabilities in ColdFusion, including a zero-day...

Security Affairs

July 20, 2023

Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability Full Text

Abstract Adobe has released a fresh round of updates to address an incomplete fix for a recently disclosed ColdFusion flaw that has come under active exploitation in the wild. The critical shortcoming, tracked as  CVE-2023-38205  (CVSS score: 7.5), has been described as an instance of improper access control that could result in a security bypass. It impacts the following versions: ColdFusion 2023 (Update 2 and earlier versions) ColdFusion 2021 (Update 8 and earlier versions), and ColdFusion 2018 (Update 18 and earlier versions) "Adobe is aware that CVE-2023-38205 has been exploited in the wild in limited attacks targeting Adobe ColdFusion," the company  said . The update also addresses two other flaws, including a critical deserialization bug ( CVE-2023-38204 , CVSS score: 9.8) that could lead to remote code execution and a second improper access control flaw that could also pave the way for a security bypass ( CVE-2023-38206 , CVSS score: 5.3). The disclosure arrives days

The Hacker News

July 19, 2023

Citrix warns of actively exploited zero-day in ADC and Gateway Full Text

Abstract Citrix is warning customers of an actively exploited critical vulnerability in NetScaler Application Delivery Controller (ADC) and Gateway. Citrix is warning customers of a critical vulnerability, tracked as CVE-2023-3519 (CVSS score: 9.8), in NetScaler...

Security Affairs

July 19, 2023

Bad.Build Flaw in Google Cloud Build Raises Concerns of Privilege Escalation Full Text

Abstract Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with application images and infect users, leading to supply chain attacks. The issue, dubbed  Bad.Build , is rooted in the  Google Cloud Build service , according to cloud security firm Orca, which discovered and reported the issue. "By abusing the flaw and enabling an impersonation of the default Cloud Build service, attackers can manipulate images in the Google Artifact Registry and inject malicious code," the company  said  in a statement shared with The Hacker News. "Any applications built from the manipulated images are then affected and, if the malformed applications are meant to be deployed on customer's environments, the risk crosses from the supplying organization's environment to their customers' environments, constituting a major supply chain risk." Following responsible disclosure, Google has  issued  a

The Hacker News

July 19, 2023

Zero-Day Attacks Exploited Critical Vulnerability in Citrix ADC and Gateway Full Text

Abstract Citrix is  alerting  users of a critical security flaw in NetScaler Application Delivery Controller (ADC) and Gateway that it said is being actively exploited in the wild. Tracked as  CVE-2023-3519  (CVSS score: 9.8), the issue relates to a case of  code injection  that could result in unauthenticated remote code execution. It impacts the following versions - NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13 NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13 NetScaler ADC and NetScaler Gateway version 12.1 (currently end-of-life) NetScaler ADC 13.1-FIPS before 13.1-37.159 NetScaler ADC 12.1-FIPS before 12.1-55.297, and NetScaler ADC 12.1-NDcPP before 12.1-55.297 The company did not give further details on the flaw tied to CVE-2023-3519 other than to say that exploits for the flaw have been observed on "unmitigated appliances." However, successful exploitation requires the device to be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RD

The Hacker News

July 17, 2023

Adobe warns customers of a critical ColdFusion RCE exploited in attacks Full Text

Abstract Adobe is warning customers of a critical ColdFusion pre-authentication RCE bug, tracked as CVE-2023-29300, which is actively exploited. Adobe warns customers of a critical ColdFusion pre-authentication remote code execution vulnerability, tracked...

Security Affairs

July 17, 2023

Exploitation of ColdFusion Vulnerability Reported as Adobe Patches Another Critical Flaw Full Text

Abstract Tracked as CVE-2023-38203 (CVSS score of 9.8), the flaw is described as “deserialization of untrusted data” in ColdFusion versions 2023, 2021, and?2018. This allows an attacker to use specially crafted data to trigger the execution of arbitrary code.

Cyware

July 17, 2023

Cisco fixed a critical flaw in SD-WAN vManage Full Text

Abstract Cisco warns of a critical unauthenticated REST API access vulnerability, tracked as CVE-2023-20214, impacting its SD-WAN vManage. Cisco addressed a critical unauthenticated REST API access vulnerability, tracked as CVE-2023-20214 (CVSS Score 9.1),...

Security Affairs

July 14, 2023

Popular WordPress Security Plugin Caught Logging Plaintext Passwords Full Text

Abstract It was discovered that AIOS version 5.1.9 writes plaintext passwords from login attempts to the database, which essentially provides any privileged user with access to the login credentials of all other administrator users.

Cyware

July 14, 2023

Critical Security Flaws Uncovered in Honeywell Experion DCS and QuickBlox Services Full Text

Abstract Multiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system (DCS) and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems. Dubbed Crit.IX, the nine flaws in the Honeywell Experion DCS platform allow for "unauthorized remote code execution, which means an attacker would have the power to take over the devices and alter the operation of the DCS controller, whilst also hiding the alterations from the engineering workstation that manages the controller," Armis said in a statement shared with The Hacker News. Put differently, the issues relate to lack of encryption and adequate authentication mechanisms in a proprietary protocol called Control Data Access (CDA) that's used to communicate between Experion Servers and C300 controllers, effectively enabling a threat actor to take over the devices and alter the operation of the DCS controller. "As a

The Hacker News

July 14, 2023

Indexing Over 15 Million WordPress Websites with PWNPress Full Text

Abstract Sicuranex's PWNPress platform indexed over 15 million WordPress websites, it collects data related to vulnerabilities and misconfigurations Leveraging the extensive Common Crawl dataset and pushing the boundaries of data analysis, cybersecurity firm...

Security Affairs

July 14, 2023

Hardcoded Accounts Allow Full Takeover of Technicolor Routers Full Text

Abstract Multiple hardcoded credentials found on the Technicolor TG670 DSL gateway router allow attackers to completely take over devices, the CERT Coordination Center (CERT/CC) warns.

Cyware

July 14, 2023

Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation Full Text

Abstract Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. "A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced," the company  said  in an advisory. It also said that the issue has been addressed and that it's expected to be delivered in the July patch release. Additional details about the flaw are currently unavailable. In the interim, it is urging customers to  apply a manual fix  to eliminate the attack vector - Take a backup of the file /opt/zimbra/jetty/webapps/zimbra/m/momoveto Edit this file and go to line number 40 Update the parameter value as: Before the update, the line appeared as: Whi

The Hacker News

July 13, 2023

Juniper Networks Patches High-Severity Vulnerabilities in Junos OS Full Text

Abstract The company published 17 advisories detailing roughly a dozen Junos OS-specific security defects, and nearly three times as many issues in third-party components used in its products.

Cyware

July 13, 2023

Apple re-released Rapid Security Response to fix recently disclosed zero-day Full Text

Abstract Apple re-released its Rapid Security Response updates for iOS and macOS after fixing browsing issues on certain websites caused by the first RSR. Apple has re-released its Rapid Security Response updates to address the CVE-2023-37450 flaw in iOS and macOS...

Security Affairs

July 13, 2023

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG Full Text

Abstract Zimbra has released updates to address a zero-day vulnerability actively exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers. Zimbra urges customers to manually install updates to fix a zero-day vulnerability that is actively...

Security Affairs

July 13, 2023

Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware Full Text

Abstract In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method. "In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi  said . "Operating as a downloader, it silently dumps and executes a Linux bash script, all the while disguising its operations as a kernel-level process." The  repository  masquerades as a PoC for  CVE-2023-35829 , a recently disclosed high-severity flaw in the Linux kernel. It has since been taken down, but not before it was forked 25 times.  Another PoC  shared by the same account, ChriSanders22, for  CVE-2023-20871 , a privilege escalation bug impacting VMware Fusion, was forked twice. Uptypcs also identified a  second GitHub profile  containing a bogus PoC f

The Hacker News

July 13, 2023

Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and denial-of-service (DoS). "The results and impact of exploiting these vulnerabilities vary depending on the ControlLogix system configuration, but they could lead to denial or loss of control, denial or loss of view, theft of operational data, or manipulation of control for disruptive or destructive consequences on the industrial process for which the ControlLogix system is responsible," Draogos  said . The list of flaws is as follows - CVE-2023-3595  (CVSS score: 9.8) - An out-of-bounds write flaw impacting 1756 EN2* and 1756 EN3* products that could result in arbitrary code execution with persistence on the target system through maliciously crafted common industrial protocol ( CIP ) messages. CVE-2023-3596  (CVSS score: 7.5

The Hacker News

July 13, 2023

SonicWall urges organizations to fix critical flaws in GMS/Analytics products Full Text

Abstract SonicWall fixed multiple critical vulnerabilities impacting its GMS firewall management and Analytics management and reporting engine. SonicWall addressed multiple critical vulnerabilities in its Global Management System (GMS) firewall management...

Security Affairs

July 13, 2023

APT Exploit Targeting Rockwell Automation Flaws Threatens Critical Infrastructure Full Text

Abstract The 1756 EN2 and 1756 EN3 products are impacted by CVE-2023-3595, a critical flaw that can allow attackers to achieve remote code execution with persistence on targeted systems by using specially crafted Common Industrial Protocol (CIP) messages.

Cyware

July 13, 2023

New Vulnerabilities Disclosed in SonicWall and Fortinet Network Security Products Full Text

Abstract SonicWall on Wednesday urged customers of Global Management System (GMS) firewall management and Analytics network reporting engine software to apply the latest fixes to secure against a set of 15 security flaws that could be exploited by a threat actor to circumvent authentication and access sensitive information. Of the 15 shortcomings (tracked from CVE-2023-34123 through CVE-2023-34137), four are rated Critical, four are rated High, and seven are rated Medium in severity. The vulnerabilities were disclosed by NCC Group. The flaws impact on-premise versions of GMS 9.3.2-SP1 and before and Analytics 2.5.0.4-R7 and before. Fixes are available in versions GMS 9.3.3 and Analytics 2.5.2. "The suite of vulnerabilities allows an attacker to view data that they are not normally able to retrieve," SonicWall  said . "This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or dele

The Hacker News

July 12, 2023

Citrix fixed a critical flaw in Secure Access Client for Ubuntu Full Text

Abstract Citrix fixed a critical flaw affecting the Secure Access client for Ubuntu that could be exploited to achieve remote code execution. Citrix addressed a critical vulnerability, tracked as CVE-2023-24492 (CVSS score of 9.6), affecting the Secure Access...

Security Affairs

July 12, 2023

Fortinet fixed a critical flaw in FortiOS and FortiProxy Full Text

Abstract Fortinet warns of a critical vulnerability impacting FortiOS and FortiProxy that can allow remote attackers to perform arbitrary code execution. Fortinet has disclosed a critical vulnerability, tracked as CVE-2023-33308 (CVSS score 9.8), that impacts...

Security Affairs

July 12, 2023

Fortinet Patches Critical FortiOS Vulnerability Leading to Remote Code Execution Full Text

Abstract The vulnerability impacts FortiOS and FortiProxy versions 7.2.x and 7.0.x and was resolved in FortiOS versions 7.4.0, 7.2.4, and 7.0.11, and FortiProxy versions 7.2.3 and 7.0.10.

Cyware

July 12, 2023

SAP Patches Critical Vulnerability in ECC and S/4HANA Products Full Text

Abstract German enterprise software maker SAP on Tuesday announced the release of 16 new security notes as part of its July 2023 Security Patch Day. In addition, updates were announced for two previously released notes.

Cyware

July 12, 2023

Update: Apple’s Rapid Security Response Patches Causing Website Access Issues Full Text

Abstract Apple has pulled its latest Rapid Security Response updates for iOS and macOS after users complained that they were getting errors when accessing some websites through Safari.

Cyware

July 12, 2023

Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack Full Text

Abstract Microsoft on Tuesday released updates to address a total  of 132 new security flaws  spanning its software, including six zero-day flaws that it said have been actively exploited in the wild. Of the 132 vulnerabilities, nine are rated Critical, 122 are rated Important in severity, and one has been assigned a severity rating of "None." This is in addition to  eight flaws  the tech giant patched in its Chromium-based Edge browser towards the end of last month. The list of issues that have come under active exploitation is as follows - CVE-2023-32046  (CVSS score: 7.8) - Windows MSHTML Platform Elevation of Privilege Vulnerability CVE-2023-32049  (CVSS score: 8.8) - Windows SmartScreen Security Feature Bypass Vulnerability CVE-2023-35311  (CVSS score: 8.8) - Microsoft Outlook Security Feature Bypass Vulnerability CVE-2023-36874  (CVSS score: 7.8) - Windows Error Reporting Service Elevation of Privilege Vulnerability CVE-2023-36884  (CVSS score: 8.3) - Office and Windows

The Hacker News

July 11, 2023

Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures Full Text

Abstract A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. "Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates," Cisco Talos said in an  exhaustive two-part report  shared with The Hacker News. "This is a major threat, as access to the kernel provides complete access to a system, and therefore total compromise." Following responsible disclosure, Microsoft  said  it has taken steps to block all certificates to mitigate the threat. It further stated that its investigation found "the activity was limited to the abuse of several developer program accounts and that no Microsoft account compromise has been identified." The tech giant, besides suspending developer program accounts involved in the incident, emphasized that the threat a

The Hacker News

July 11, 2023

Apple issued Rapid Security Response updates to fix a zero-day but pulled them due to a Safari bug Full Text

Abstract Apple released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address an actively exploited zero-day. Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a...

Security Affairs

July 11, 2023

VMware warns customers of exploit available for critical vRealize RCE flaw CVE-2023-20864 Full Text

Abstract VMware warns customers of the public availability of an exploit code for the RCE vulnerability CVE-2023-20864 affecting vRealize. VMware warned customers of the availability of an exploit code for the critical RCE vulnerability CVE-2023-20864 in the VMware...

Security Affairs

July 11, 2023

Owncast, EaseProbe Security Vulnerabilities Revealed Full Text

Abstract Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go.

Cyware

July 11, 2023

Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari Full Text

Abstract Apple has released  Rapid Security Response  updates for iOS, iPadOS, macOS, and Safari web browser to  address  a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as  CVE-2023-37450 , could allow threat actors to achieve arbitrary code execution when processing specially crafted web content. The iPhone maker said it addressed the issue with improved checks. Credited with discovering and reporting the flaw is an anonymous researcher. As with most cases like this, there are scant details about the nature and the scale of the attacks and the identity of the threat actor behind them. But Apple noted in a terse advisory that it's "aware of a report that this issue may have been actively exploited." The updates, iOS 16.5.1 (a), iPadOS 16.5.1 (a), macOS Ventura 13.4.1 (a), and Safari 16.5.2, are available for devices running the following operating system versions: iOS 16.5.1 and iPadOS 16.5.1 macOS Ventura 13.4.1 macOS Big

The Hacker News

July 10, 2023

Experts released PoC exploit for Ubiquiti EdgeRouter flaw Full Text

Abstract A Proof-of-Concept (PoC) exploit for the CVE-2023-31998 vulnerability in the Ubiquiti EdgeRouter has been publicly released. The CVE-2023-31998 flaw (CVSS v3 5.9) is a heap overflow issue impacting Ubiquiti EdgeRouters and Aircubes, an attacker can exploit...

Security Affairs

July 10, 2023

PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability Full Text

Abstract A recently patched vulnerability in Ubiquiti EdgeRouter and AirCube devices could be exploited to execute arbitrary code, vulnerability reporting firm SSD Secure Disclosure warns.

Cyware

July 10, 2023

Apple releases emergency update to fix zero-day exploited in attacks Full Text

Abstract Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads.

BleepingComputer

July 8, 2023

Google addressed 3 actively exploited flaws in Android Full Text

Abstract Google released July security updates for Android that addressed tens of vulnerabilities, including three actively exploited flaws. July security updates for Android addressed more than 40 vulnerabilities, including three flaws that were actively...

Security Affairs

July 07, 2023

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software Full Text

Abstract Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability, tagged as CVE-2023-36934 , could potentially allow unauthenticated attackers to gain unauthorized access to the MOVEit Transfer database. SQL injection vulnerabilities are a well-known and dangerous security flaw that allows attackers to manipulate databases and run any code they want. Attackers can send specifically designed payloads to certain endpoints of the affected application, which could change or expose sensitive data in the database. The reason CVE-2023-36934 is so critical is that it can be exploited without having to be logged in. This means that even attackers without valid credentials can potentially exploit the vulnerability. However, as of now, there have been no reports of

The Hacker News

July 07, 2023

Mastodon Social Network Patches Critical Flaws Allowing Server Takeover Full Text

Abstract Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks. Mastodon is known for its federated model, consisting of thousands of separate servers called "instances," and it has over 14 million users across more than 20,000 instances. The most critical vulnerability, CVE-2023-36460 , allows hackers to exploit a flaw in the media attachments feature, creating and overwriting files in any location the software could access on an instance. This software vulnerability could be used for DoS and arbitrary remote code execution attacks, posing a significant threat to users and the broader Internet ecosystem. If an attacker gains control over multiple instances, they could cause harm by instructing users to download malicious applications or even bring down the entire Mastodon infrastructure. Fortunately, there is no evidence of this vulnerability being exploited so fa

The Hacker News

July 7, 2023

Progress warns customers of a new critical flaw in MOVEit Transfer software Full Text

Abstract Progress released security patches for a new critical SQL injection vulnerability affecting its MOVEit Transfer software. Progress is informing customers of a new critical SQL injection vulnerability, tracked as CVE-2023-36934, in its MOVEit Transfer...

Security Affairs

July 7, 2023

CISA, FBI, MS-ISAC, and CCCS Warn of Truebot Infecting US and Canadian Organizations Full Text

Abstract The threat actors behind the attacks compromised target networks by exploiting a critical remote code execution (RCE) vulnerability in the Netwrix Auditor software tracked as CVE-2022-31199.

Cyware

July 07, 2023

Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities Full Text

Abstract Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks. One of the vulnerabilities tracked as CVE-2023-26083 is a memory leak flaw affecting the Arm Mali GPU driver for Bifrost, Avalon, and Valhall chips. This particular vulnerability was exploited in a previous attack that enabled spyware infiltration on Samsung devices in December 2022. This vulnerability was regarded as serious enough to prompt the Cybersecurity and Infrastructure Security Agency (CISA) to issue a patching order for federal agencies in April 2023. Another significant vulnerability, identified as CVE-2021-29256, is a high-severity issue that affects specific versions of the Bifrost and Midgard Arm Mali GPU kernel drivers. This flaw permits an unprivileged user to gain unauthorized access to sensitive data and escalate privileges to the root lev

The Hacker News

July 6, 2023

Cisco warns of a flaw in Nexus 9000 series switches that allows modifying encrypted traffic Full Text

Abstract Cisco warns of a high-severity vulnerability in Nexus 9000 series switches that can allow attackers to read or modify encrypted traffic. Cisco disclosed a high-severity vulnerability, tracked as CVE-2023-20185 (CVSS Score 7.4), in the Cisco ACI Multi-Site...

Security Affairs

July 6, 2023

StackRot, a new Linux Kernel privilege escalation vulnerability Full Text

Abstract StackRot is s new security vulnerability in the Linux kernel that could be exploited to gain elevated privileges on a target system. A security vulnerability, dubbed StackRot was found impacting Linux versions 6.1 through 6.4. The issue, tracked...

Security Affairs

July 06, 2023

Researchers Uncover New Linux Kernel ‘StackRot’ Privilege Escalation Vulnerability Full Text

Abstract Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed  StackRot  ( CVE-2023-3269 , CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date. "As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger," Peking University security researcher Ruihan Li  said . "However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging." Following  responsible disclosure  on June 15, 2023, it has been  addressed  in stable versions 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023, after a two-week effort led by Linus Tor

The Hacker News

July 6, 2023

CVE-2022-29303 flaw in SolarView product can be exploited in attacks against the energy sector Full Text

Abstract A vulnerability in SolarView product can be exploited in attacks targeting organizations in the energy sector. Researchers from the cybersecurity firm VulnCheck reported that the vulnerability CVE-2022-29303 in the solar power monitoring Contec SolarView...

Security Affairs

July 5, 2023

Ghostscript Bug Could Allow Rogue Documents to Run System Commands Full Text

Abstract Ghostscript reads in PostScript program code, which describes how to construct the pages in a document, and converts it, or renders it, into a format more suitable for displaying or printing, such as raw pixel data or a PNG graphics file.

Cyware

July 04, 2023

Alert: 330,000 FortiGate Firewalls Still Unpatched to CVE-2023-27997 RCE Flaw Full Text

Abstract No less than 330,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that has come under active exploitation in the wild. Cybersecurity firm Bishop Fox, in a  report  published last week, said that out of nearly 490,000 Fortinet SSL-VPN interfaces exposed on the internet, about 69 percent remain unpatched. CVE-2023-27997  (CVSS score: 9.8), also called XORtigate, is a critical vulnerability impacting Fortinet FortiOS and FortiProxy SSL-VPN appliances that could allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. Patches were released by Fortinet last month in versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5, although the company  acknowledged  that the flaw may have been "exploited in a limited number of cases" in attacks targeting government, manufacturing, and critical infrastructure sectors. Bishop Fox's analysis further found that 153,414

The Hacker News

July 4, 2023

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997 Full Text

Abstract Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. In Mid-June Fortinet addressed a critical flaw, tracked as CVE-2023-27997...

Security Affairs

July 1, 2023

200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin Full Text

Abstract Tracked as CVE-2023-3460 (CVSS score of 9.8), the recently identified security defect in Ultimate Member plugin allows attackers to add a new user account to the administrators group.

Cyware

July 01, 2023

Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts Full Text

Abstract As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), impacts all versions of the Ultimate Member plugin, including the latest version (2.6.6) that was released on June 29, 2023. Ultimate Member is a  popular plugin  that facilitates the creation of user-profiles and communities on WordPress sites. It also provides account management features. "This is a very serious issue: unauthenticated attackers may exploit this vulnerability to create new user accounts with administrative privileges, giving them the power to take complete control of affected sites," WordPress security firm WPScan  said  in an alert. Although details about the flaw have been withheld due to active abuse, it stems from an inadequate blocklist logic put in place to alter the wp_capabilities user meta value of a new user to that of an administrator a

The Hacker News

June 30, 2023

miniOrange’s WordPress Social Login and Register plugin was affected by a critical auth bypass bug Full Text

Abstract A critical authentication bypass flaw in miniOrange’s WordPress Social Login and Register plugin, can allow gaining access to any account on a site. Wordfence researchers discovered an authentication bypass vulnerability in miniOrange’s WordPress...

Security Affairs

June 29, 2023

Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain Full Text

Abstract The vulnerabilities are tracked as CVE-2021-27610, CVE-2021-33677, CVE-2021-33684, and CVE-2023-0014, and they impact products that use the SAP Application Server for ABAP component.

Cyware

June 29, 2023

Experts published PoC exploits for Arcserve UDP authentication bypass issue Full Text

Abstract Data protection firm Arcserve addressed an authentication bypass vulnerability in its Unified Data Protection (UDP) backup software. Data protection vendor Arcserve addressed a high-severity bypass authentication flaw, tracked as CVE-2023-26258, in its Unified...

Security Affairs

June 29, 2023

Critical Security Flaw in Social Login Plugin for WordPress Exposes Users’ Accounts Full Text

Abstract A critical security flaw has been disclosed in miniOrange's  Social Login and Register plugin  for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982 (CVSS score: 9.8), the authentication bypass flaw impacts all versions of the plugin, including and prior to 7.6.4. It was addressed on June 14, 2023, with the release of version 7.6.5 following responsible disclosure on June 2, 2023. "The vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site including accounts used to administer the site, if the attacker knows, or can find, the associated email address," Wordfence researcher István Márton  said . The issue is rooted in the fact that the encryption key used to secure the information during login using social media accounts is hard-coded, thus leading to a scenario where attackers could create a valid request with a properl

The Hacker News

June 28, 2023

Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control Full Text

Abstract Drones that don't have any known security weaknesses could be the target of electromagnetic fault injection (EMFI) attacks, potentially enabling a threat actor to achieve arbitrary code execution and compromise their functionality and safety. The research comes from IOActive, which  found  that it is "feasible to compromise the targeted device by injecting a specific EM glitch at the right time during a firmware update." "This would allow an attacker to gain code execution on the main processor, gaining access to the Android OS that implements the core functionality of the drone," Gabriel Gonzalez, director of hardware security at the company, said in a report published this month. The  study , which was undertaken to determine the current security posture of Unmanned Aerial Vehicles (UAVs), was carried out on  Mavic Pro , a popular quadcopter drone manufactured by DJI that employs various security features like signed and encrypted firmware, Trusted Executi

The Hacker News

June 28, 2023

Exploit released for new Arcserve UDP auth bypass vulnerability Full Text

Abstract Data protection vendor Arcserve has addressed a high-severity security flaw in its Unified Data Protection (UDP) backup software that can let attackers bypass authentication and gain admin privileges.

BleepingComputer

June 28, 2023

Numerous Devices Discovered Violating CISA’s BOD Full Text

Abstract Censys has recently analyzed the attack surfaces of over 50 FCEB organizations and detected several hundred devices to be publicly exposed to a variety of cybersecurity threats. They are not secured according to CISA’s latest Binding Operational Directive (BOD). Moreover, software programs suc ... Read More

Cyware

June 28, 2023

Critical SQL Injection flaws in Gentoo Soko can lead to Remote Code Execution Full Text

Abstract SQL injection vulnerabilities in Gentoo Soko could lead to remote code execution (RCE) on impacted systems. SonarSource researchers discovered two SQL injection vulnerabilities in Gentoo Soko, collectively tracked as CVE-2023-28424 (CVSS score: 9.1)...

Security Affairs

June 28, 2023

NPM Registry Found to be Vulnerable to ‘Manifest Confusion’ Abuse Full Text

Abstract The npm Public Registry, a database of JavaScript packages, fails to compare npm package manifest data with the archive of files that data describes, creating an opportunity for the installation and execution of malicious files.

Cyware

June 28, 2023

NPM ecosystem at risk from “Manifest Confusion” attacks Full Text

Abstract The NPM (Node Package Manager) registry suffers from a security lapse called "manifest confusion," which undermines the trustworthiness of packages and makes it possible for attackers to hide malware in dependencies or perform malicious script execution during installation.

BleepingComputer

June 28, 2023

Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution Full Text

Abstract Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems. "These SQL injections happened despite the use of an Object-Relational Mapping (ORM) library and prepared statements," SonarSource researcher Thomas Chauchefoin  said , adding they could result in RCE on Soko because of a "misconfiguration of the database." The  two   issues , which were discovered in the search feature of Soko, have been collectively tracked as CVE-2023-28424 (CVSS score: 9.1). They were addressed within 24 hours of responsible disclosure on March 17, 2023. Soko is a Go software module that powers  packages.gentoo.org , offering users an easy way to search through different Portage packages that are available for Gentoo Linux distribution. But the shortcomings identified in the service meant that it could have been possible for a malicious actor to  inject specially crafted code , resulting in the expo

The Hacker News

June 27, 2023

Experts found hundreds of devices within federal networks having internet-exposed management interfaces Full Text

Abstract Researchers at Censys have analyzed the attack surfaces of more than 50 Federal Civilian Executive Branch (FCEB) organizations and sub-organizations and discovered more than 13,000 distinct hosts across 100 autonomous systems.

Cyware

June 27, 2023

New Fortinet’s FortiNAC Vulnerability Exposes Networks to Code Execution Attacks Full Text

Abstract Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could lead to the execution of arbitrary code. Tracked as  CVE-2023-33299 , the flaw is rated 9.6 out of 10 for severity on the CVSS scoring system. It has been described as a case of Java untrusted object deserialization. "A  deserialization  of untrusted data vulnerability [ CWE-502 ] in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the tcp/1050 service," Fortinet  said  in an advisory published last week. The shortcoming impacts the following products, with patches available in FortiNAC versions 7.2.2, 9.1.10, 9.2.8, and 9.4.3 or later - FortiNAC version 9.4.0 through 9.4.2 FortiNAC version 9.2.0 through 9.2.7 FortiNAC version 9.1.0 through 9.1.9 FortiNAC version 7.2.0 through 7.2.1 FortiNAC 8.8 all versions FortiNAC 8.7 all versions FortiNAC 8.6 all v

The Hacker News

June 27, 2023

Chrome 114 Update Patches High-Severity Vulnerabilities Full Text

Abstract Google this week announced a new Chrome 114 update that patches a total of four vulnerabilities, including three high-severity bugs reported by external security researchers.

Cyware

June 26, 2023

Internet Systems Consortium (ISC) fixed three DoS flaw in BIND Full Text

Abstract The Internet Systems Consortium (ISC) addressed three denial-of-service (DoS) vulnerabilities in the DNS software suite BIND. The Internet Systems Consortium (ISC) released security updates to address three denial-of-service (DoS) vulnerabilities...

Security Affairs

June 24, 2023

US Military Personnel Targeted by Unsolicited Smartwatches Linked to Data Breaches Full Text

Abstract Recent reports indicate that these seemingly innocuous devices, once activated, automatically connect to Wi-Fi networks and establish unauthorized connections with users’ cell phones, potentially exposing sensitive personal data.

Cyware

June 23, 2023

VMware fixed five memory corruption issues in vCenter Server Full Text

Abstract VMware addressed multiple memory corruption vulnerabilities in vCenter Server that can be exploited to achieve remote code execution. VMware released security updates to five memory corruption vulnerabilities (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894,...

Security Affairs

June 23, 2023

Fortinet fixes critical FortiNAC RCE, install updates asap Full Text

Abstract Fortinet addressed a critical remote command execution vulnerability, tracked as CVE-2023-33299, affecting FortiNAC solution. FortiNAC is a network access control (NAC) solution designed by Fortinet that is used by organizations to secure and control...

Security Affairs

June 23, 2023

More than a million GitHub repositories potentially vulnerable to RepoJacking Full Text

Abstract Researchers reported that millions of GitHub repositories are likely vulnerable to an attack called RepoJacking. A study conducted by Aqua researchers revealed that millions of GitHub repositories are potentially vulnerable to RepoJacking. In...

Security Affairs

June 22, 2023

GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking Full Text

Abstract RepoJacking is a security vulnerability that may lead to code execution on organizations' internal or customer environments. Millions of GitHub repositories are potentially vulnerable to it, including popular organizations such as Google and Lyft.

Cyware

June 22, 2023

Apple addressed actively exploited zero-day flaws in iOS, macOS, and Safari Full Text

Abstract Apple rolled out security updates to address actively exploited zero-day flaws in iOS, iPadOS, macOS, watchOS, and Safari. Apple addressed a set of vulnerabilities in iOS, iPadOS, macOS, watchOS, and the Safari browser that were actively exploited...

Security Affairs

June 22, 2023

Critical Flaw Found in WordPress Plugin for WooCommerce Used by 30,000 Websites Full Text

Abstract A critical security flaw has been disclosed in the WordPress "Abandoned Cart Lite for WooCommerce" plugin that's  installed  on more than 30,000 websites. "This vulnerability makes it possible for an attacker to gain access to the accounts of users who have abandoned their carts, who are typically customers but can extend to other high-level users when the right conditions are met," Defiant's Wordfence  said  in an advisory. Tracked as CVE-2023-2986, the shortcoming has been rated 9.8 out of 10 for severity on the CVSS scoring system. It impacts all versions of the plugin, including and prior to versions 5.14.2. The problem, at its core, is a case of authentication bypass that arises as a result of insufficient encryption protections that are applied when customers are notified when they have abandoned their shopping carts on e-commerce sites without completing the purchase. Specifically, the encryption key is hard-coded in the plugin, thereby allowing

The Hacker News

June 22, 2023 <br {:=”” .fs-4=”” .fw-700=”” .lh-0=”” }=”” <p=”” style=”font-weight:500; margin:0px” markdown=”1”> Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari Full Text

Abstract Apple on Wednesday released a  slew of updates  for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called  Operation Triangulation  that has been active since 2019. The exact threat actor behind the activity is not known. CVE-2023-32434  - An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges. CVE-2023-32435  - A memory corruption vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content. The iPhone maker said it's aware that the two issues "may have been actively exploited against versions of iOS released before iOS 15.7," crediting Kaspersky researchers Georgy Kucherin, Leonid Bezvershenko, and Boris Larin for reporting them. The advisory comes as the Russia

The Hacker News

June 21, 2023

Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites Full Text

Abstract The first security defect, tracked as CVE-2023-2986 (CVSS score 9.8/10), impacts the Abandoned Cart Lite for WooCommerce, a plugin that notifies customers who did not complete the purchase process, and which has more than 30,000 active installations.

Cyware

June 21, 2023

Critical RCE flaw CVE-2023-20887 in VMware vRealize exploited in the wild Full Text

Abstract VMware is warning customers that critical remote code execution vulnerability CVE-2023-20887 is being actively exploited in attacks. VMware is warning customers that a critical remote code execution vulnerability in Aria Operations for Networks (Formerly...

Security Affairs

June 21, 2023

Critical ‘nOAuth’ Flaw in Microsoft Azure AD Enabled Complete Account Takeover Full Text

Abstract A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization ( OAuth ) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubbed it  nOAuth . "nOAuth is an authentication implementation flaw that can affect Microsoft Azure AD multi-tenant OAuth applications," Omer Cohen, chief security officer at Descope,  said . The misconfiguration has to do with how a malicious actor can modify email attributes under "Contact Information" in the Azure AD account and exploit the "Log in with Microsoft" feature to hijack a victim account. To pull off the attack, all an adversary has to do is to create and access an Azure AD admin account and modify their email address to that of a victim and take advantage of the single sign-on scheme on a vulnerable app or website. "If the app merges u

The Hacker News

June 21, 2023

Alert! Hackers Exploiting Critical Vulnerability in VMware’s Aria Operations Networks Full Text

Abstract VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight) has come under active exploitation in the wild. The flaw, tracked as  CVE-2023-20887 , could  allow  a malicious actor with network access to the product to perform a command injection attack, resulting in remote code execution. It impacts VMware Aria Operations Networks versions 6.x, with fixes released in versions 6.2, 6.3, 6.4, 6.5.1, 6.6, 6.7, 6.8, 6.9, and 6.10 on June 7, 2023. Now according to an update shared by the virtualization services provider on June 20, 2023, the flaw has been weaponized in real-world attacks, although the exact specifics are unknown as yet. "VMware has confirmed that exploitation of CVE-2023-20887 has occurred in the wild," the company  noted . Data gathered by threat intelligence firm GreyNoise  shows  active exploitation of the flaw from two different IP addresses located in the Netherl

The Hacker News

June 20, 2023

OT:Icefall: Vulnerabilities Identified in Wago Controllers Full Text

Abstract The flaws were identified as part of the OT:Icefall research that has led to the public disclosure of 61 vulnerabilities impacting more than 100 OT products from 13 vendors.

Cyware

June 20, 2023

Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products Full Text

Abstract Three security vulnerabilities have been disclosed in operational technology (OT) products from Wago and Schneider Electric. The flaws, per Forescout, are part of a  broader   set  of  shortcomings  collectively called  OT:ICEFALL , which now comprises a total of 61 issues spanning 13 different vendors. "OT:ICEFALL demonstrates the need for tighter scrutiny of, and improvements to, processes related to secure design, patching and testing in OT device vendors," the company  said  in a report shared with The Hacker News. The most severe of the flaws is  CVE-2022-46680  (CVSS score: 8.8), which concerns the plaintext transmission of credentials in the ION/TCP protocol used by power meters from Schneider Electric. Successful exploitation of the bug could enable threat actors to gain control of vulnerable devices. It's worth noting that CVE-2022-46680 is one among the 56 flaws  originally unearthed  by Forescout in June 2022. The other two new security holes ( CVE-2023

The Hacker News

June 20, 2023

Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices Full Text

Abstract Zyxel has rolled out security updates to address a critical security flaw in its network-attached storage (NAS) devices that could result in the execution of arbitrary commands on affected systems. Tracked as  CVE-2023-27992  (CVSS score: 9.8), the issue has been described as a pre-authentication command injection vulnerability. "The pre-authentication command injection vulnerability in some Zyxel NAS devices could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request," Zyxel  said  in an advisory published today. Andrej Zaujec, NCSC-FI, and Maxim Suslov have been credited with discovering and reporting the flaw. The following versions are impacted by CVE-2023-27992 - NAS326 (V5.21(AAZF.13)C0 and earlier, patched in V5.21(AAZF.14)C0), NAS540 (V5.21(AATB.10)C0 and earlier, patched in V5.21(AATB.11)C0), and NAS542 (V5.21(ABAG.10)C0 and earlier, patched in V5.21(ABAG.11)C0) The alert comes two weeks

The Hacker News

June 20, 2023

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices Full Text

Abstract Zyxel released security updates to address a critical vulnerability affecting its network-attached storage (NAS) devices. Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting...

Security Affairs

June 20, 2023

Western Digital Blocks Unpatched Devices From Cloud Services Full Text

Abstract The move, which began on June 15, comes one month after the company released firmware updates for its My Cloud product line to address multiple security defects, including a critical path traversal bug that leads to remote code execution (RCE).

Cyware

June 20, 2023

ASUS Releases Patches to Fix Critical Security Bugs Impacting Multiple Router Models Full Text

Abstract Taiwanese company ASUS on Monday  released firmware updates  to address, among other issues, nine security bugs impacting a wide range of router models. Of the nine security flaws, two are rated Critical and six are rated High in severity. One vulnerability is currently awaiting analysis. The list of impacted products are GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400. Topping the list of fixes are  CVE-2018-1160  and  CVE-2022-26376 , both of which are rated 9.8 out of a maximum of 10 on the CVSS scoring system. CVE-2018-1160 concerns a nearly five-year-old out-of-bounds write bug in Netatalk versions before 3.1.12 that could allow a remote unauthenticated attacker to achieve arbitrary code execution. CVE-2022-26376 has been described as a memory corruption vulnerability in the Asuswrt firmware that could be triggered by mean

The Hacker News

June 20, 2023

ASUS addressed critical flaws in some router models Full Text

Abstract ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. The...

Security Affairs

June 19, 2023

Third Bug in MOVEit Transfer Found Full Text

Abstract Progress Software has reported a third vulnerability in its MOVEit Transfer application. The bug, which still awaits a CVE identifier, is an SQL injection vulnerability. The company strongly advised customers to disable all HTTP and HTTPS traffic to MOVEit Transfer on ports 80 and 443. This precaut ... Read More

Cyware

June 17, 2023

A simple bug exposed access to thousands of smart security alarm systems Full Text

Abstract U.S. power and electronics giant Eaton has fixed a security vulnerability that allowed a security researcher to remotely access thousands of smart security alarm systems.

Cyware

June 17, 2023

Third MOVEit bug fixed a day after PoC exploit made public Full Text

Abstract Details of the latest vulnerability, tracked as CVE-2023-35708, were made public Thursday; proof-of-concept (PoC) exploit for the flaw, now fixed today, also emerged on Thursday. Progress Software issued a fix for it on Friday.

Cyware

June 16, 2023

Progress fixed a third flaw in MOVEit Transfer software Full Text

Abstract Progress Software addressed a third vulnerability impacting its MOVEit Transfer application that could lead to privilege escalation and information disclosure. Progress Software disclosed a new SQL injection vulnerability impacting its MOVEit Transfer...

Security Affairs

June 16, 2023

Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack Full Text

Abstract Progress Software on Thursday  disclosed  a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The  new flaw , which is being tracked as CVE-2023-35708 , also concerns an SQL injection vulnerability that "could lead to escalated privileges and potential unauthorized access to the environment." The company is urging its customers to disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 to safeguard their environments while a fix is being prepared to address the weakness. The cloud managed file transfer solution has been fully patched. The revelation comes a week after Progress  divulged  another set of SQL injection vulnerabilities ( CVE-2023-35036 ) that it said could be weaponized to access the application's database content. The vulnerabilities join  CVE-2023-34362 , which was  exploited  as a zero-day by the Clop ransomware gang in data theft attacks

The Hacker News

June 15, 2023

Chrome 114 Update Patches Critical Vulnerability Full Text

Abstract The new Chrome 114 update that resolves five vulnerabilities, including four critical- and high-severity bugs reported by external researchers. The most important of these is CVE-2023-3214, a critical use-after-free flaw in Autofill payments.

Cyware

June 14, 2023

ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities Full Text

Abstract Siemens has released a dozen new advisories covering roughly 200 vulnerabilities, with a majority of these flaws impacting third-party components. Schneider Electric has released four advisories covering five vulnerabilities.

Cyware

June 14, 2023

Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry Full Text

Abstract Two "dangerous" security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting (XSS) attacks. "The vulnerabilities allowed unauthorized access to the victim's session within the compromised Azure service iframe, which can lead to severe consequences, including unauthorized data access, unauthorized modifications, and disruption of the Azure services iframes," Orca security researcher Lidor Ben Shitrit  said  in a report shared with The Hacker News. XSS attacks  take place when threat actors inject arbitrary code into an otherwise trusted website, which then gets executed every time when unsuspecting users visit the site. The two flaws identified by Orca leverage a weakness in the postMessage iframe, which enables cross-origin communication between Window objects. This meant that the shortcoming could be abused to embed endpoints within remote servers usin

The Hacker News

June 14, 2023

Critical flaw found in WooCommerce Stripe Gateway Plugin used by +900K sites Full Text

Abstract Hundreds of thousands of online stores are potentially exposed to hacking due to a critical vulnerability in the WooCommerce Stripe Payment Gateway plugin. The WooCommerce Stripe Payment Gateway plugin is affected by a critical vulnerability tracked...

Security Affairs

June 14, 2023

Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin Full Text

Abstract A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as  CVE-2023-34000 , impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which shipped on May 30, 2023. WooCommerce Stripe Gateway  allows  e-commerce websites to directly accept various payment methods through Stripe's payment processing API. It boasts of over 900,000 active installations. According to Patch security researcher Rafie Muhammad, the plugin suffers from what's called an unauthenticated Insecure direct object references ( IDOR ) vulnerability, which allows a bad actor to bypass authorization and access resources. Specially, the problem stems from the insecure handling of order objects and a lack of adequate access control mechanism in the plugin's 'javascript_params' and 'payment_fields' functions of the plugin. "Thi

The Hacker News

June 14, 2023a

Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software Full Text

Abstract Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of  Patch Tuesday updates  for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderate, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser. It's worth noting that Microsoft also closed out  26 other flaws  in Edge – all of them rooted in Chromium itself – since the release of May Patch Tuesday updates. This comprises  CVE-2023-3079 , a zero-day bug that Google disclosed as being actively exploited in the wild last week. The June 2023 updates also mark the first time in several months that doesn't feature any zero-day flaw in Microsoft products that's publicly known or under active attack at the time of release. Topping the list of fixes is  CVE-2023-29357  (CVSS score: 9.8), a privilege escalation flaw in ShareP

The Hacker News

June 13, 2023

Microsoft Patch Tuesday for June 2023 fixes 6 critical flaws Full Text

Abstract Microsoft Patch Tuesday security updates for June 2023 fixed 69 flaws in its products, including six critical issues. Microsoft Patch Tuesday security updates for June 2023 fixed 69 vulnerabilities in multiple products, including Microsoft Windows...

Security Affairs

June 13, 2023

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls Full Text

Abstract Fortinet addressed a new critical flaw, tracked as CVE-2023-27997, in FortiOS and FortiProxy that is likely exploited in a limited number of attacks. Fortinet has finally published an official advisory about the critical vulnerability, tracked as CVE-2023-27997 (CVSS...

Security Affairs

June 13, 2023

Critical FortiOS and FortiProxy Vulnerability Likely Exploited - Patch Now! Full Text

Abstract Fortinet on Monday disclosed that a  newly patched critical flaw  impacting FortiOS and FortiProxy may have been "exploited in a limited number of cases" in attacks targeting government, manufacturing, and critical infrastructure sectors. The  vulnerability , tracked as  CVE-2023-27997  (CVSS score: 9.2), concerns a  heap-based buffer overflow  vulnerability in FortiOS and FortiProxy SSL-VPN that could allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. LEXFO security researchers Charles Fol and Dany Bach have been credited with discovering and reporting the flaw. It was addressed by Fortinet on June 9, 2023 in the following versions - FortiOS-6K7K version 7.0.12 or above FortiOS-6K7K version 6.4.13 or above FortiOS-6K7K version 6.2.15 or above FortiOS-6K7K version 6.0.17 or above FortiProxy version 7.2.4 or above FortiProxy version 7.0.10 or above FortiProxy version 2.0.13 or above FortiOS version 7.4.0 or above Fort

The Hacker News

June 13, 2023

Experts released PoC exploit for MOVEit Transfer CVE-2023-34362 flaw Full Text

Abstract Security firm Horizon3 released proof-of-concept (PoC) exploit code for the remote code execution (RCE) flaw CVE-2023-34362 in the MOVEit Transfer MFT. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files...

Security Affairs

June 12, 2023

Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer Full Text

Abstract Security researchers have warned about an "easily exploitable" flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions. "A threat actor could impersonate a popular publisher and issue a malicious extension to compromise a targeted system," Varonis researcher Dolev Taler  said . "Malicious extensions have been used to steal sensitive information, silently access and change code, or take full control of a system." The vulnerability, which is tracked as  CVE-2023-28299  (CVSS score: 5.5), was addressed by Microsoft as part of its  Patch Tuesday updates  for April 2023, describing it as a spoofing flaw. The bug discovered by Varonis has to do with the Visual Studio user interface, which allows for spoofed publisher digital signatures. Specifically, it trivially bypasses a restriction that prevents users from entering information in the "product

The Hacker News

June 12, 2023

Fortinet urges to patch a critical RCE flaw in Fortigate firewalls Full Text

Abstract Fortinet released security updates to fix a critical security flaw in its FortiGate firewalls that lead to remote code execution. Fortinet has released security patches to address a critical security vulnerability, tracked as CVE-2023-27997,...

Security Affairs

June 12, 2023

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls - Patch Now! Full Text

Abstract Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution. The vulnerability, tracked as  CVE-2023-27997 , is "reachable pre-authentication, on every SSL VPN appliance," Lexfo Security researcher Charles Fol, who discovered and reported the flaw alongside Dany Bach,  said  in a tweet over the weekend. Details about the security flaw are currently withheld and Fortinet is yet to release an advisory, although the network security company is expected to publish more details in the coming days. French cybersecurity company Olympe Cyberdefense, in an independent alert,  said  the issue has been patched in versions 6.2.15, 6.4.13, 7.0.12, and 7.2.5. "The flaw would allow a hostile agent to interfere via the VPN, even if the MFA is activated," the firm noted. With Fortinet flaws  emerging  as a  lucrative   attack vector  for threat actors in recent years, it&#

The Hacker News

June 10, 2023

Experts found new MOVEit Transfer SQL Injection flaws Full Text

Abstract Progress Software released security updates to fix several new SQL injection vulnerabilities in the MOVEit Transfer application. Progress Software has released security updates to address new SQL injection vulnerabilities in the MOVEit Transfer application. An...

Security Affairs

June 10, 2023

Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover Full Text

Abstract Security researchers are warning about a bug in the Microsoft Visual Studio installer that gives cyberattackers a way to create and distribute malicious extensions to application developers, under the guise of being a legitimate software publisher.

Cyware

June 10, 2023

New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered - Patch Now! Full Text

Abstract Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information. "Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database," the company  said  in an advisory released on June 9, 2023. "An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content." The flaws, which impact all versions of the service, have been addressed in MOVEit Transfer versions 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2). All  MOVEit Cloud instances  have been fully patched. Cybersecurity firm Huntress has been  credited  with d

The Hacker News

June 08, 2023

Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation Full Text

Abstract Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as  CVE-2023-29336 , is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft  disclosed  in an advisory issued last month as part of Patch Tuesday updates. Avast researchers Jan Vojtěšek, Milánek, and Luigino Camastra were credited with discovering and reporting the flaw. Win32k.sys is a kernel-mode driver and an integral part of the Windows architecture, being responsible for graphical device interface (GUI) and window management. While the exact specifics surrounding in-the-wild abuse of the flaw is presently not known, Numen Cyber has deconstructed the patch released by Microsoft to craft a proof-of-concept ( PoC ) exploit

The Hacker News

June 8, 2023

Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue Full Text

Abstract Researchers published an exploit for an actively exploited Microsoft Windows vulnerability tracked as CVE-2023-29336. The Microsoft Windows vulnerability CVE-2023-29336 (CVSS score 7.8) is an elevation of privilege issue that resides in the Win32k...

Security Affairs

June 8, 2023

Security professional’s tweet forces big change to Google email authentication Full Text

Abstract Less than a month after BIMI’s roll-out, scammers found a way around its controls and were able to successfully impersonate brands, sending emails to Google users that impersonated the logistics giant UPS.

Cyware

June 08, 2023

Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities Full Text

Abstract VMware has  released  security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as  CVE-2023-20887  (CVSS score: 9.8) that could allow a malicious actor with network access to achieve remote code execution. Also patched by VMware is another  deserialization vulnerability  ( CVE-2023-20888 ) that's rated 9.1 out of a maximum of 10 on the CVSS scoring system. "A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution," the company said in an advisory. The third security defect is a high-severity information disclosure bug ( CVE-2023-20889 , CVSS score: 8.8) that could permit an actor with network access to perform a command injection attack and obtain

The Hacker News

June 8, 2023

Cisco fixes privilege escalation bug in Cisco Secure Client Full Text

Abstract Cisco addressed a high-severity flaw in Cisco Secure Client that can allow attackers to escalate privileges to the SYSTEM account. Cisco has fixed a high-severity vulnerability, tracked as CVE-2023-20178 (CVSS Score 7.8), found in Cisco Secure Client...

Security Affairs

June 8, 2023

Barracuda ESG appliances impacted by CVE-2023-2868 must be immediately replaced Full Text

Abstract Barracuda warns customers to immediately replace Email Security Gateway (ESG) appliances impacted by the flaw CVE-2023-2868. At the end of May, the network security solutions provider Barracuda warned customers that some of its Email Security Gateway...

Security Affairs

June 08, 2023

Barracuda Urges Immediate Replacement of Hacked ESG Appliances Full Text

Abstract Enterprise security company Barracuda is now urging customers who were impacted by a recently disclosed zero-day flaw in its Email Security Gateway (ESG) appliances to immediately replace them. "Impacted ESG appliances must be immediately replaced regardless of patch version level," the company  said  in an update, adding its "remediation recommendation at this time is full replacement of the impacted ESG." The latest development comes as Barracuda  disclosed  that a critical flaw in the devices (CVE-2023-2868, CVSS score: 9.8) has been exploited as a zero-day for at least seven months since October 2022 to deliver bespoke malware and steal data. The  vulnerability  concerns a case of remote code injection affecting versions 5.1.3.001 through 9.2.0.006 that stems from an incomplete validation of attachments contained within incoming emails. It was addressed on May 20 and May 21, 2023. The three different malware families discovered to date come with capabiliti

The Hacker News

June 8, 2023

Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions Full Text

Abstract Cisco on Wednesday announced patches for a critical vulnerability in its Expressway series and TelePresence Video Communication Server (VCS) enterprise collaboration and video communication solutions.

Cyware

June 7, 2023

VMware fixes a command injection flaw CVE-2023-20887 in VMware Aria Operations for Networks Full Text

Abstract Virtualization giant VMware addressed critical and high-severity vulnerabilities in VMware Aria Operations for Networks. Virtualization technology giant VMware released security patches to address three critical and high-severity vulnerabilities,...

Security Affairs

June 7, 2023

June 2023 Security Update for Android fixed Arm Mali GPU bug used by spyware Full Text

Abstract June 2023 security update for Android released by Google fixes about fifty flaws, including an Arm Mali GPU bug exploited by surveillance firms in their spyware. The June 2023 Android Security Bulletin provides details about the fix for more than...

Security Affairs

June 6, 2023

NASA website flaw jeopardizes astrobiology fans Full Text

Abstract A flaw in NASA website dedicated to astrobiology could have tricked users into visiting malicious websites by disguising a dangerous URL with NASA’s name. Space travel is undoubtedly dangerous. And, apparently, so is visiting NASA ’s legitimate...

Security Affairs

June 6, 2023

Google fixed the third Chrome zero-day of 2023 Full Text

Abstract Google released security updates to address a high-severity zero-day flaw in the Chrome web browser that it actively exploited in the wild. Google released security updates to address a high-severity vulnerability, tracked as CVE-2023-3079, in its Chrome...

Security Affairs

June 06, 2023

Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now! Full Text

Abstract Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild. Tracked as  CVE-2023-3079 , the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on June 1, 2023. "Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,"  according  to the NIST's National Vulnerability Database (NVD). The tech giant, as is typically the case, did not disclose details of the nature of the attacks, but  noted  it's "aware that an exploit for CVE-2023-3079 exists in the wild." With the latest development, Google has addressed a total of three actively exploited zero-days in Chrome since the start of the year - CVE-2023-2033  (CVSS score: 8.8) - Type Co

The Hacker News

June 06, 2023

Zyxel Firewalls Under Attack! Urgent Patching Required Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday  placed  two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerabilities, tracked as  CVE-2023-33009 and CVE-2023-33010 , are buffer overflow vulnerabilities that could enable an unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution. Patches to plug the security holes were released by Zyxel on May 24, 2023. The following list of devices are affected - ATP (versions ZLD V4.32 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2) USG FLEX (versions ZLD V4.50 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2) USG FLEX50(W) / USG20(W)-VPN (versions ZLD V4.25 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2) VPN (versions ZLD V4.30 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2), and ZyWALL/USG (versions ZLD V4.25 to V4.73 Patch 1, patched in ZLD V4.73 Patch 2) While the exa

The Hacker News

June 5, 2023

KeePass fixed the bug that allows the extraction of the cleartext master password Full Text

Abstract KeePass addressed the CVE-2023-32784 bug that allows the extraction of the cleartext master password from the memory of the client. KeePass has addressed the CVE-2023-32784 vulnerability, which allowed the retrieval of the clear-text master password...

Security Affairs

June 5, 2023

Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards Full Text

Abstract The issue, disclosed last week by firmware and hardware security company Eclypsium, is that the firmware of more than 270 Gigabyte motherboards drops a Windows binary that is executed at boot-up to fetch and execute a payload from Gigabyte’s servers.

Cyware

June 4, 2023

Zyxel published guidance for protecting devices from ongoing attacks Full Text

Abstract Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting  CVE-2023-28771, CVE-2023-33009,...

Security Affairs

June 3, 2023

Threat actors can exfiltrate data from Google Drive without leaving a trace Full Text

Abstract Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say.

Cyware

June 2, 2023

High-Severity Vulnerabilities Patched in Splunk Enterprise Full Text

Abstract The most severe of these is CVE-2023-32707, a privilege escalation issue that allows low-privileged users with the ‘edit_user’ capability to escalate privileges to administrator, via a specially crafted web request.

Cyware

June 2, 2023

MOVEit Transfer software zero-day actively exploited in the wild Full Text

Abstract Threat actors are exploiting a zero-day flaw in Progress Software’s MOVEit Transfer product to steal data from organizations. Threat actors are actively exploiting a zero-day vulnerability in the Progress MOVEit Transfer file transfer product to steal...

Security Affairs

June 02, 2023

MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited Full Text

Abstract A critical flaw in Progress Software's in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems. The shortcoming, which is yet to be assigned a CVE identifier, relates to a severe SQL injection vulnerability that could lead to escalated privileges and potential unauthorized access to the environment. "An SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database," the company  said . "Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements." Patches for the bug have been made available by the Massachusetts-based company, which also owns Telerik, in t

The Hacker News

June 01, 2023

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites Full Text

Abstract WordPress has issued an automatic update to address a critical flaw in the  Jetpack plugin  that's installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since  version 2.0 , which was released in November 2012. "This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation," Jetpack  said  in an advisory. 102 new versions of Jetpack have been released to remediate the bug. While there is no evidence the issue has been exploited in the wild, it's not uncommon for flaws in popular WordPress plugins to be leveraged by threat actors looking to take over the sites for malicious ends. This is not the first time severe security weaknesses in Jetpack have prompted WordPress to force install the patches. In November 2019, Jetpack released  version 7.9.1  to fix a defect in the way the plugin handled embed code that had existed since July 2017 (ve

The Hacker News

May 31, 2023

Experts warn of backdoor-like behavior within Gigabyte systems Full Text

Abstract Researchers discovered a suspected backdoor-like behavior within Gigabyte systems that exposes devices to compromise. Researchers from firmware security firm Eclypsium have discovered a suspected backdoor-like behavior within Gigabyte systems. The...

Security Affairs

May 31, 2023

Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices Full Text

Abstract Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the  UEFI firmware  of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium  said  it first detected the anomaly in April 2023. Gigabyte has since acknowledged and addressed the issue. "Most Gigabyte firmware includes a Windows Native Binary executable embedded inside of the UEFI firmware," John Loucaides, senior vice president of strategy at Eclypsium, told The Hacker News. "The detected Windows executable is dropped to disk and executed as part of the Windows startup process, similar to the  LoJack double agent attack . This executable then downloads and runs additional binaries via insecure methods." "Only the intention of the author can distinguish this sort of vulnerability from a malicious backdoor," Loucaides added. The executable, per Eclypsium, is embedded in

The Hacker News

May 31, 2023

Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities Full Text

Abstract Improperly deactivated and abandoned Salesforce  Sites  and  Communities  (aka Experience Cloud) could pose severe risks to organizations, leading to unauthorized access to sensitive data. Data security firm Varonis dubbed the abandoned, unprotected, and unmonitored resources " ghost sites ." "When these Communities are no longer needed, though, they are often set aside but not deactivated," Varonis Threat Labs researchers  said  in a new report shared with The Hacker News. "Because these unused sites are not maintained, they aren't tested against vulnerabilities, and Admins fail to update the site's security measures according to newer guidelines." Varonis said it found many of these deactivated (but still active) sites still fetching new data, thereby allowing threat actors to extract data by manipulating the  host header  in the HTTP request. Identifying the complete internal URLs associated with the sites is challenging but not impossible, as an adversary could leverage too

The Hacker News

May 31, 2023

Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass Full Text

Abstract Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. Specifically, the flaw – dubbed  Migraine  and tracked as CVE-2023-32369 – could be abused to get around a key security measure called System Integrity Protection ( SIP ), or "rootless," which limits the actions the root user can perform on protected files and folders. "The most straight-forward implication of a SIP bypass is that [...] an attacker can create files that are protected by SIP and therefore undeletable by ordinary means," Microsoft researchers Jonathan Bar Or, Michael Pearse, and Anurag Bohra  said . Even worse, it could be exploited to gain arbitrary kernel code execution and even access sensitive data by replacing databases that manage Transparency, Consent, and Control (TCC) policies. The bypass is made possible by leveraging a built-in macOS tool called  Migrat

The Hacker News

May 31, 2023

Microsoft found a new bug that allows bypassing SIP root restrictions in macOS Full Text

Abstract Apple fixed a vulnerability discovered by Microsoft researchers that lets attackers with root privileges bypass System Integrity Protection (SIP). Researchers from Microsoft discovered a vulnerability, tracked as CVE-2023-32369 and dubbed Migraine,...

Security Affairs

May 29, 2023

New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force Full Text

Abstract Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices. The approach, dubbed  BrutePrint , bypasses limits put in place to counter failed biometric authentication attempts by weaponizing two zero-day vulnerabilities in the smartphone fingerprint authentication (SFA) framework. The flaws, Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), leverage logical defects in the authentication framework, which arises due to insufficient protection of fingerprint data on the Serial Peripheral Interface (SPI) of fingerprint sensors. The result is a "hardware approach to do man-in-the-middle (MitM) attacks for fingerprint image hijacking," researchers Yu Chen and Yiling He  said  in a research paper. "BrutePrint acts as a middleman between fingerprint sensor and  TEE  [Trusted Execution Environment]." The goal, at its core, is to be

The Hacker News

May 28, 2023

CISA adds recently patched Barracuda zero-day to its Known Exploited Vulnerabilities catalog Full Text

Abstract US CISA added recently patched Barracuda zero-day vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a recently patched Barracuda zero-day vulnerability to its Known Exploited...

Security Affairs

May 27, 2023

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking Full Text

Abstract A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier  CVE-2023-28131 , has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs  said  the issue rendered services using the framework susceptible to credential leakage, which could then be used to hijack accounts and siphon sensitive data. Under certain circumstances, a threat actor could have taken advantage of the flaw to perform arbitrary actions on behalf of a compromised user on various platforms such as Facebook, Google, or Twitter. Expo, similar to Electron, is an open source platform for developing universal native apps that run on Android, iOS, and the web. It's worth noting that for the attack to be successful, sites and applications using Expo should have configured the AuthSession Proxy setting for single sign-on (SSO) using a third-party provider

The Hacker News

May 26, 2023

Severe Flaw in Google Cloud’s Cloud SQL Service Exposed Confidential Data Full Text

Abstract A new security flaw has been disclosed in the Google Cloud Platform's (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data. "The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition to customer data," Israeli cloud security firm Dig  said . Cloud SQL  is a fully-managed solution to build MySQL, PostgreSQL, and SQL Server databases for cloud-based applications. The multi-stage attack chain identified by Dig, in a nutshell, leveraged a gap in the cloud platform's security layer associated with SQL Server to escalate the privileges of a user to that of an administrator role. The elevated permissions subsequently made it possible to abuse another critical misconfiguration to obtain system administrator rights and take full control of the database server.

The Hacker News

May 26, 2023

Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances Full Text

Abstract Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway (ESG) appliances. The zero-day is being tracked as  CVE-2023-2868  and has been described as a remote code injection vulnerability affecting versions 5.1.3.001 through 9.2.0.006. The California-headquartered firm  said  the issue is rooted in a component that screens the attachments of incoming emails. "The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives)," according to an  advisory  from the NIST's national vulnerability database. "The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely exe

The Hacker News

May 25, 2023

D-Link fixes two critical flaws in D-View 8 network management suite Full Text

Abstract D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. D-Link has addressed two critical vulnerabilities (CVSS score: 9.8) in its D-View 8 network management...

Security Affairs

May 25, 2023

Zyxel Issues Critical Security Patches for Firewall and VPN Products Full Text

Abstract Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws –  CVE-2023-33009 and CVE-2023-33010  – are  buffer overflow vulnerabilities  and are rated 9.8 out of 10 on the CVSS scoring system. A brief description of the two issues is below - CVE-2023-33009  - A buffer overflow vulnerability in the notification function that could enable an unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution. CVE-2023-33010  - A buffer overflow vulnerability in the ID processing function that could enable an unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution. The following devices are impacted - ATP (versions ZLD V4.32 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2) USG FLEX (versions ZLD V4.50 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2) USG FLEX50(W) / USG20(W

The Hacker News

May 25, 2023

Zyxel firewall and VPN devices affected by critical flaws Full Text

Abstract Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, that...

Security Affairs

May 24, 2023

OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers Full Text

Abstract OAuth-related vulnerabilities found in the widely used application development framework Expo could have been exploited to take control of user accounts, according to API security firm Salt Security.

Cyware

May 24, 2023

Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own Full Text

Abstract Latvian network equipment manufacturer MikroTik has shipped a patch for a major security defect in its RouterOS product and confirmed the vulnerability was exploited five months ago at the Pwn2Own Toronto hacking contest.

Cyware

May 23, 2023

Google announced its Mobile VRP (vulnerability rewards program) Full Text

Abstract Google introduced Mobile VRP (vulnerability rewards program), a new bug bounty program for reporting vulnerabilities in its mobile applications. Google announced a new bug bounty program, named Mobile VRP (vulnerability rewards program), that covers...

Security Affairs

May 23, 2023

AT&T resolves issue that would allow account takeover through ZIP code and phone number Full Text

Abstract The issue allowed security researcher Joseph Harris to effectively merge his own account with anyone else’s, giving him the ability to update that account’s password and take control of it.

Cyware

May 23, 2023

Samsung Patches Memory Address Randomization Bypass Flaw Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency on Friday gave federal agencies until June 9 to patch affected Samsung-made Android devices and added the flaw to its Known Exploited Vulnerabilities Catalog.

Cyware

May 23, 2023

Vulnerability in Zyxel firewalls may soon be widely exploited Full Text

Abstract The command injection vulnerability (CVE-2023-28771) affects Zyxel APT, USG FLEX, and VPN firewalls running versions v4.60 to v5.35 of the ZDL firmware, and Zyxel ZyWALL/USG gateways/firewalls running ZLD v4.60 to v4.73.

Cyware

May 21, 2023

Android phones are vulnerable to fingerprint brute-force attacks Full Text

Abstract Researchers at Tencent Labs and Zhejiang University have presented a new attack called 'BrutePrint,' which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device.

BleepingComputer

May 20, 2023

Warning: Samsung Devices Under Attack! New Security Flaw Exposed Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a medium-severity flaw affecting Samsung devices. The issue, tracked as  CVE-2023-21492  (CVSS score: 4.4), impacts select Samsung devices running Android versions 11, 12, and 13. The South Korean electronics giant described the issue as an information disclosure flaw that could be exploited by a privileged attacker to bypass address space layout randomization ( ASLR ) protections. ASLR is a  security technique  that's designed to thwart memory corruption and code execution flaws by obscuring the location of an executable in a device's memory. Samsung, in an  advisory  released this month, said it was "notified that an exploit for this issue had existed in the wild," adding it was privately disclosed to the company on January 17, 2023. Other details about how the flaw is being exploited are currently not known, but vulnerabilities in Samsung phones have been weapon

The Hacker News

May 20, 2023

Pimcore Platform Flaws Exposed Users to Code Execution Full Text

Abstract Security researchers are warning that vulnerabilities patched in the open-source Pimcore platform could have led to the execution of arbitrary code when clicking on a link.

Cyware

May 19, 2023

Dr. Active Directory vs. Mr. Exposed Attack Surface: Who’ll Win This Fight? Full Text

Abstract Active Directory (AD) is among the oldest pieces of software still used in the production environment and can be found in most organizations today. This is despite the fact that its historical security gaps have never been amended. For example, because of its inability to apply any security measures beyond checking for a password and username match, AD (as well the resources it manages) is dangerously exposed to the use of compromised credentials. Furthermore, this exposure is not confined to the on-prem environment. The common practice of syncing passwords between AD and the cloud identity provider means any AD breach is a potential risk to the SaaS environment as well. In this article, we'll explore AD's inherent security weaknesses and examine their scope and potential impact. We'll then learn how Silverfort's Unified Identity Protection platform can address these weaknesses at their root and provide organizations using AD with the resiliency they need to thwart identity threa

The Hacker News

May 19, 2023

WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities Full Text

Abstract Apple on Thursday  rolled out security updates  to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address dozens of flaws, including three new zero-days that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409  - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with improved bounds checks. CVE-2023-28204  - An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. It was addressed with improved input validation. CVE-2023-32373  - A use-after free bug in WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. It was addressed with improved memory management. The iPhone maker credited Clément Lecigne of Google's Threat Analysis Group (TAG) and Donncha Ó Cearbhaill of Amnesty International's Security Lab for reporting C

The Hacker News

May 18, 2023

Apple fixed three new actively exploited zero-day vulnerabilities Full Text

Abstract Apple released security updates to address three zero-day vulnerabilities in iPhones, Macs, and iPads that are actively exploited in attacks. Apple has addressed three new zero-day vulnerabilities that are actively exploited in attacks in the wild...

Security Affairs

May 18, 2023

KeePass 2.X Master Password Dumper allows retrieving the KeePass master password Full Text

Abstract A researcher published a PoC tool to retrieve the master password from KeePass by exploiting the CVE-2023-32784 vulnerability. Security researcher Vdohney released a PoC tool called KeePass 2.X Master Password Dumper that allows retrieving the master...

Security Affairs

May 18, 2023

Critical fixed critical flaws in Cisco Small Business Switches Full Text

Abstract Cisco fixed nine flaws in its Small Business Series Switches that could be exploited to execute arbitrary code or cause a DoS condition. Cisco has released security updates to address nine security vulnerabilities in the web-based user interface of certain...

Security Affairs

May 18, 2023

Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks Full Text

Abstract Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service (DoS) condition. "These vulnerabilities are due to improper validation of requests that are sent to the web interface," Cisco  said , crediting an unnamed external researcher for reporting the issues. Four of the nine vulnerabilities are rated 9.8 out of 10 on the CVSS scoring system, making them critical in nature. The nine flaws affect the following product lines - 250 Series Smart Switches (Fixed in firmware version 2.5.9.16) 350 Series Managed Switches (Fixed in firmware version 2.5.9.16) 350X Series Stackable Managed Switches (Fixed in firmware version 2.5.9.16) 550X Series Stackable Managed Switches (Fixed in firmware version 2.5.9.16) Business 250 Series Smart Switches (Fixed in firmware version 3.3.0.16) Business 350 Series Managed Switches (F

The Hacker News

May 17, 2023

Cisco warns of critical switch bugs with public exploit code Full Text

Abstract Cisco warned customers today of four critical remote code execution vulnerabilities with public exploit code affecting multiple Small Business Series Switches.

BleepingComputer

May 17, 2023

Microsoft pulls Defender update fixing Windows LSA Protection bug Full Text

Abstract Microsoft has pulled a recent Microsoft Defender update that was supposed to fix a known issue triggering persistent restart alerts and Windows Security warnings that Local Security Authority (LSA) Protection is off.

BleepingComputer

May 17, 2023

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack Full Text

Abstract Experts found multiple vulnerabilities in Teltonika industrial cellular routers that could expose OT networks to cyber attacks. A joint analysis conducted by industrial cybersecurity firms Claroty and Otorio discovered multiple flaws in Teltonika...

Security Affairs

May 17, 2023

Chrome 113 Security Update Patches Critical Vulnerability Full Text

Abstract Google this week announced the release of a Chrome 113 security update that resolves a total of 12 vulnerabilities, including one rated ‘critical’. Six of the flaws were reported by external researchers.

Cyware

May 17, 2023

Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs Full Text

Abstract The second generation version of Belkin's Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely. The issue, assigned the identifier  CVE-2023-27217 , was discovered and reported to Belkin on January 9, 2023, by Israeli IoT security company Sternum , which reverse-engineered the device and gained firmware access. Wemo Mini Smart Plug V2 ( F7C063 ) offers convenient remote control, allowing users to turn electronic devices on or off using a companion app installed on a smartphone or tablet. The heart of the problem lies in a feature that makes it possible to rename the smart plug to a more " FriendlyName ." The default name assigned is " Wemo mini 6E9 ." "The name length is limited to 30 characters or less, but this rule is only enforced by the app itself," security researchers Amit Serper and Reuven Yakar  said  in a report shared with The Hac

The Hacker News

May 16, 2023

New ZIP domains spark debate among cybersecurity experts Full Text

Abstract Cybersecurity researchers and IT admins have raised concerns over Google's new ZIP and MOV Internet domains, warning that threat actors could use them for phishing attacks and malware delivery.

BleepingComputer

May 16, 2023

Parental control app with 5 million downloads vulnerable to attacks Full Text

Abstract Kiddowares 'Parental Control - Kids Place' app for Android is impacted by multiple vulnerabilities that could enable attackers to upload arbitrary files on protected devices, steal user credentials, and allow children to bypass restrictions without the parents noticing.

BleepingComputer

May 15, 2023

Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks Full Text

Abstract Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology (OT) networks to external attacks. The findings were  presented  by Israeli industrial cybersecurity firm OTORIO at the Black Hat Asia 2023 conference last week. The 11 vulnerabilities allow "remote code execution and full control over hundreds of thousands of devices and OT networks - in some cases, even those not actively configured to use the cloud." Specifically, the shortcomings reside in the cloud-based management solutions offered by Sierra Wireless, Teltonika Networks, and InHand Networks to remotely manage and operate devices. Successful exploitation of the vulnerabilities could pose severe risks to industrial environments, allowing adversaries to sidestep security layers as well as exfiltrate sensitive information and achieve code execution remotely on the internal networks. Even w

The Hacker News

May 13, 2023

WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers Full Text

Abstract Security researchers noticed that the ‘media.ferrari.com’ domain is powered by WordPress and it was running a very old version of W3 Total Cache, a plugin installed on more than a million websites.

Cyware

May 12, 2023

Organizations Informed of Over a Dozen Vulnerabilities in Rockwell Automation Products Full Text

Abstract Rockwell Automation published six new security advisories this week and four of them have also been distributed by the US Cybersecurity and Infrastructure Security Agency (CISA). The advisories describe a total of more than a dozen vulnerabilities.

Cyware

May 12, 2023

Netgear Routers’ Flaws Expose Users to Malware, Remote Attacks, and Surveillance Full Text

Abstract As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution. "Successful exploits could allow attackers to monitor users' internet activity, hijack internet connections, and redirect traffic to malicious websites or inject malware into network traffic," Claroty security researcher Uri Katz  said  in a report. Additionally, a network-adjacent threat actor could also weaponize the flaws to access and control networked smart devices like security cameras, thermostats, smart locks; tamper with router settings, and even use a compromised network to launch attacks against other devices or networks. The list of flaws, which were  demonstrated  at the Pwn2Own hacking competition held at Toronto in December 2022, is as follows - CVE-2023-27357 (CVSS score: 6.5) - Missing Authentication Information Disclosure Vulnerability CVE-2023-27368 (CVSS score: 8.8) - Stack-based Buffer

The Hacker News

May 12, 2023

A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking Full Text

Abstract Experts warn of an unauthenticated privilege escalation flaw in the popular Essential 'Addons for Elementor' WordPress plugin. Essential 'Addons for Elementor' WordPress plugin is a collection of 90+ creative elements and extensions Enhance that allow...

Security Affairs

May 12, 2023

One Million WordPress Sites Impacted by Exploited Plugin Vulnerability Full Text

Abstract The exploitation of a critical vulnerability in the Essential Addons for Elementor WordPress plugin began immediately after a patch was released, WordPress security firm Defiant warns.

Cyware

May 12, 2023

New Flaw in WordPress Plugin Used by Over a Million Sites Under Active Exploitation Full Text

Abstract A security vulnerability has been disclosed in the popular WordPress plugin  Essential Addons for Elementor  that could be potentially exploited to achieve elevated privileges on affected sites. The issue, tracked as CVE-2023-32243, has been addressed by the plugin maintainers in version 5.7.2 that was shipped on May 11, 2023. Essential Addons for Elementor has over one million active installations. "This plugin suffers from an unauthenticated privilege escalation vulnerability and allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site," Patchstack researcher Rafie Muhammad  said . Successful exploitation of the flaw could permit a threat actor to reset the password of any arbitrary user as long as the malicious party is aware of their username. The shortcoming is believed to have existed since version 5.4.0. This can have serious ramifications as the flaw could be weaponized to reset the password associated with an administ

The Hacker News

May 11, 2023

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers Full Text

Abstract Researchers disclosed the details of five vulnerabilities that can be chained to take over some Netgear router models. Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some...

Security Affairs

May 10, 2023

Researchers Find Bypass for a Fixed Bug; MSFT Patches Again Full Text

Abstract Microsoft patched the modified attack - tracked as CVE-2023-29324 - during this month's dump of fixes, rating the bug as "important" but not "critical." Researchers from Akamai, which found and disclosed the bug, say it merits a critical rating.

Cyware

May 10, 2023

Siemens, Schneider Electric Address Few Dozen ICS Vulnerabilities Full Text

Abstract Siemens has published six new advisories describing 26 vulnerabilities in Siveillance Video products, Cloud Connect 7, and more. Schneider Electric has published four new advisories that describe half a dozen vulnerabilities.

Cyware

May 10, 2023

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft Full Text

Abstract Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines. The vulnerability, tracked as  CVE-2023-29324  (CVSS score: 6.5), has been described as a security feature bypass. It was  addressed  by Microsoft as part of its Patch Tuesday updates for May 2023. Akamai security researcher Ben Barnea, who discovered and reported the bug, noted that all Windows versions are affected, but pointed out Microsoft, Exchange  servers with the March update omit the vulnerable feature. "An unauthenticated attacker on the internet could use the vulnerability to coerce an Outlook client to connect to an attacker-controlled server," Barnea  said  in a report shared with The Hacker News. "This results in NTLM credentials theft. It is a zero-click vulnerability, meaning it can be triggered with no user interaction." It's also worth noting that CVE-2023-

The Hacker News

May 10, 2023

Adobe Patches 14 Vulnerabilities in Substance 3D Painter Full Text

Abstract Adobe has announced security updates for its Substance 3D Painter product to address more than a dozen vulnerabilities. This is the only product for which the software giant released updates this Patch Tuesday.

Cyware

May 10, 2023

Microsoft Patch Tuesday for May 2023 fixed 2 actively exploited zero-day flaws Full Text

Abstract Microsoft Patch Tuesday Security updates for May 2023 address a total of 40 vulnerabilities, including two zero-day actively exploited in attacks. Microsoft’s May 2023 security updates address 40 vulnerabilities, including two zero-day flaws actively...

Security Affairs

May 10, 2023

Intel, AMD Address Over 100 Vulnerabilities on Patch Tuesday Full Text

Abstract Intel has released 38 advisories covering over 80 vulnerabilities. The company has addressed nearly two dozen issues rated ‘high severity’ — the remaining bugs have been rated ‘medium severity’ and one is ‘low severity’.

Cyware

May 10, 2023

Microsoft’s May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug Full Text

Abstract Microsoft has rolled out  Patch Tuesday updates  for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro's Zero Day Initiative (ZDI)  said  the volume is the lowest since August 2021, although it pointed out that "this number is expected to rise in the coming months." Of the 38 vulnerabilities, six are rated Critical and 32 are rated Important in severity. Eight of the flaws have been tagged with "Exploitation More Likely" assessment by Microsoft. This is aside from  18 flaws  – including 11 bugs since the start of May – the Windows maker resolved in its Chromium-based Edge browser following the release of April Patch Tuesday updates. Topping the list is  CVE-2023-29336  (CVSS score: 7.8), a privilege escalation flaw in Win32k that has come under active exploitation. It's not immediately clear how widespread the attacks are. "An attacker who successfully exploited thi

The Hacker News

May 9, 2023

A Linux NetFilter kernel flaw allows escalating privileges to ‘root’ Full Text

Abstract A Linux NetFilter kernel flaw, tracked as CVE-2023-32233, can be exploited by unprivileged local users to escalate their privileges to root. Netfilter is a framework provided by the Linux kernel that allows various networking-related operations...

Security Affairs

May 6, 2023

WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Full Text

Abstract A reflected cross-site scripting vulnerability is the Advanced Custom Fields plugin for WordPress exposed over 2 million sites to hacking. Assetnote researchers discovered a reflected cross-site scripting vulnerability, tracked as CVE-2023-29489 (CVSS...

Security Affairs

May 06, 2023

New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks Full Text

Abstract Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites. The plugin, which is available both as a free and pro version, has over  two million active installations . The issue was discovered and reported to the maintainers on May 2, 2023. "This vulnerability allows any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by tricking a privileged user to visit the crafted URL path," Patchstack researcher Rafie Muhammad  said . Reflected XSS  attacks usually occur when victims are tricked into clicking on a bogus link sent via email or another route, causing the malicious code to be sent to the vulnerable website, which reflects the

The Hacker News

May 5, 2023

Fortinet fixed two severe issues in FortiADC and FortiOS Full Text

Abstract Fortinet has addressed a couple of high-severity vulnerabilities impacting FortiADC, FortiOS, and FortiProxy. Fortinet addressed nine security vulnerabilities affecting multiple products, including two high-severity issues, tracked as CVE-2023-27999...

Security Affairs

May 05, 2023

New Android updates fix kernel bug exploited in spyware attacks Full Text

Abstract Android security updates released this month patch a high-severity vulnerability exploited as a zero-day to install commercial spyware on compromised devices.

BleepingComputer

May 5, 2023

Azure API Management Vulnerabilities Allowed Unauthorized Access Full Text

Abstract Three security vulnerabilities in the Azure API Management service could be exploited to perform various types of malicious actions, cloud security company Ermetic reveals.

Cyware

May 5, 2023

Fortinet Patches High-Severity Vulnerabilities in FortiADC, FortiOS Full Text

Abstract Fortinet this week announced its monthly set of security updates that address nine vulnerabilities in multiple products, including two high-severity bugs in FortiADC, FortiOS, and FortiProxy.

Cyware

May 05, 2023

WordPress custom field plugin bug exposes over 1M sites to XSS attacks Full Text

Abstract Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS).

BleepingComputer

May 5, 2023

Vulnerability Could Have Been Exploited for ‘Unlimited’ Free Credit on OpenAI Accounts Full Text

Abstract A vulnerability in OpenAI’s account validation process allowed anyone to obtain virtually unlimited free credit for the company’s services by registering new accounts using the same phone number, application security firm Checkmarx says.

Cyware

May 05, 2023

Cisco Warns of Vulnerability in Popular Phone Adapter, Urges Migration to Newer Model Full Text

Abstract Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices. The issue, tracked as  CVE-2023-20126 , is rated 9.8 out of a maximum of 10 on the CVSS scoring system. The company credited Catalpa of DBappSecurity for reporting the shortcoming. The  product in question  makes it possible to connect analog phones and fax machines to a VoIP service provider without requiring an upgrade. "This vulnerability is due to a missing authentication process within the firmware upgrade function," the company  said  in a bulletin. "An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges." Despite the severity of the flaw, the networking equipment maker said it does not intend to release fixes

The Hacker News

May 04, 2023

Cisco phone adapters vulnerable to RCE attacks, no fix available Full Text

Abstract Cisco has disclosed a vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters, allowing an unauthenticated, remote attacker to execute arbitrary code on the devices.

BleepingComputer

May 04, 2023

Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service Full Text

Abstract Three new security flaws have been disclosed in Microsoft Azure API Management service that could be abused by malicious actors to gain access to sensitive information or backend services. This includes two server-side request forgery (SSRF) flaws and one instance of unrestricted file upload functionality in the API Management developer portal, according to Israeli cloud security firm Ermetic. "By abusing the SSRF vulnerabilities, attackers could send requests from the service's CORS Proxy and the hosting proxy itself, access internal Azure assets, deny service and bypass web application firewalls," security researcher Liv Matan said in a report shared with The Hacker News. "With the file upload path traversal, attackers could upload malicious files to Azure's hosted internal workload." Azure API Management is a  multicloud management platform  that allows organizations to securely expose their APIs to external and internal customers and enable a wide

The Hacker News

May 4, 2023

Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE Full Text

Abstract Cisco is warning customers of a critical remote code execution vulnerability affecting its EoL SPA112 2-Port Phone Adapters. Cisco is warning of a critical remote code execution (RCE) vulnerability, tracked as CVE-2023-20126 (CVSS score of 9.8), impacting...

Security Affairs

May 04, 2023

Researchers Uncover New Exploit for PaperCut Vulnerability That Can Bypass Detection Full Text

Abstract Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections. Tracked as  CVE-2023-27350  (CVSS score: 9.8), the issue affects PaperCut MF and NG installations that could be exploited by an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. While the flaw was  patched  by the Australian company on March 8, 2023, the first signs of active exploitation emerged on April 13, 2023. Since then, the vulnerability has been  weaponized  by multiple threat groups, including  ransomware actors , with post-exploitation activity resulting in the execution of PowerShell commands designed to drop additional payloads. Now, VulnCheck has  published  a proof-of-concept (PoC) exploit that sidesteps existing detection signatures by leveraging the fact that "PaperCut NG and MF offer multiple paths to code execution." It's worth noting that public exploits for the fla

The Hacker News

May 4, 2023

Now-Patched Vulnerability in TikTok Could Have Revealed User Activity and Information Full Text

Abstract The vulnerability, which has now been fixed, was caused by a window message event handler that does not properly validate the message origin, providing attackers access to sensitive user information.

Cyware

May 3, 2023

KEV Catalog Adds Vulnerabilities Affecting TP-Link, Apache, and Oracle WebLogic Server Full Text

Abstract Watch out for bugs in TP-Link, Apache Log4j2, and Oracle WebLogic Server that are under active exploitation by different cybercriminal groups, warns CISA. FCEB agencies are required to apply vendor-provided fixes by May 22, 2023.

Cyware

May 3, 2023

Researchers found DoS flaws in popular BGP implementation Full Text

Abstract Vulnerabilities in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to trigger a DoS condition on BGP peers. Forescout Vedere Labs researchers discovered multiple vulnerabilities in the software implementation...

Security Affairs

May 3, 2023

Chrome 113 Released With 15 Security Patches Full Text

Abstract Released roughly two weeks after Google resolved two zero-day vulnerabilities in the popular browser, the latest Chrome update only resolves medium- and low-severity flaws, despite the major version change.

Cyware

May 03, 2023

Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices Full Text

Abstract Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording (DVR) devices, according to an advisory issued by Fortinet FortiGuard Labs. The vulnerability in question is  CVE-2018-9995  (CVSS score: 9.8), a critical authentication bypass issue that could be exploited by remote actors to gain elevated permissions. "The 5-year-old vulnerability (CVE-2018-9995) is due to an error when handling a maliciously crafted HTTP cookie," Fortinet  said  in an outbreak alert on May 1, 2023. "A remote attacker may be able to exploit this flaw to bypass authentication and obtain administrative privileges eventually leading access to camera video feeds." The network security company said it observed over 50,000 attempts to exploit TBK DVR devices using the flaw in the month of April 2023. Despite the availability of a proof-of-concept ( PoC ) exploit, there are no fixes that address the vulnerability. The flaw impacts TBK DVR4104

The Hacker News

May 02, 2023

Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software Full Text

Abstract Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers. The three vulnerabilities reside in version 8.4 of  FRRouting , a popular open source internet routing protocol suite for Linux and Unix platforms. It's currently used by several vendors like  NVIDIA Cumulus ,  DENT , and  SONiC , posing supply chain risks. The discovery is the result of an analysis of seven different implementations of BGP carried out by Forescout Vedere Labs: FRRouting, BIRD, OpenBGPd, Mikrotik RouterOS, Juniper JunOS, Cisco IOS, and Arista EOS. BGP is a  gateway protocol  that's designed to exchange routing and reachability information between autonomous systems. It's used to find the most efficient routes for delivering internet traffic. The list of three flaws is as follows - CVE-2022-40302  (CVSS score: 6.5) - Out-of-bounds read whe

The Hacker News

May 2, 2023

The first iPhone Rapid Security Response update released by Apple fails to install Full Text

Abstract Apple has released its first Rapid Security Response update, but many iPhone users reported problems during the installation of the iOS Security Response. On June 2022, Apple announced that the Rapid Security Response feature would be available starting...

Security Affairs

May 2, 2023

Fortinet warns of a spike in attacks against TBK DVR devices Full Text

Abstract FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices. FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat...

Security Affairs

April 28, 2023

Cisco discloses a bug in the Prime Collaboration Deployment solution Full Text

Abstract Cisco is working on a patch for a bug in the Prime Collaboration Deployment solution that was reported by a member of NATO’s Cyber Security Centre (NCSC). Cisco informed its customers that it’s working on a patch for cross-site scripting (XSS)...

Security Affairs

April 28, 2023

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches Full Text

Abstract A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771...

Security Affairs

April 28, 2023

Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now Full Text

Abstract Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems. The issue, tracked as  CVE-2023-28771 , is rated 9.8 on the CVSS scoring system. Researchers from TRAPA Security have been credited with reporting the flaw. "Improper error message handling in some firewall versions could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device," Zyxel  said  in an advisory on April 25, 2023. Products impacted by the flaw are - ATP (versions ZLD V4.60 to V5.35, patched in ZLD V5.36) USG FLEX (versions ZLD V4.60 to V5.35, patched in ZLD V5.36) VPN (versions ZLD V4.60 to V5.35, patched in ZLD V5.36), and ZyWALL/USG (versions ZLD V4.60 to V4.73, patched in ZLD V4.73 Patch 1) Zyxel has also  addressed  a high-severity post-authentication command injection vulnerability affecting select firewa

The Hacker News

April 27, 2023

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware Full Text

Abstract Microsoft has confirmed that the  active exploitation of PaperCut servers  is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the name  Lace Tempest  (formerly DEV-0950), which overlaps with other hacking groups like FIN11, TA505, and Evil Corp. "In observed attacks, Lace Tempest ran multiple PowerShell commands to deliver a TrueBot DLL, which connected to a C2 server, attempted to steal LSASS credentials, and injected the  TrueBot payload  into the conhost.exe service," Microsoft  said  in a series of tweets. The next phase of the attack entailed the deployment of Cobalt Strike Beacon implant to conduct reconnaissance, move laterally across the network using WMI, and exfiltrate files of interest via the file-sharing service MegaSync. Lace Tempest is a Cl0p ransomware affiliate that's said to hav

The Hacker News

April 26, 2023

Google Cloud Platform Flaw ‘GhostToken’ Offers Ghost Entry to Attackers Full Text

Abstract Google patched a security hole dubbed GhostToken that affects all the users of Google Cloud Platform (GCP). This flaw enables attackers to gain access to user accounts through the installation of malicious OAuth applications obtained from either the Google Marketplace or third-party providers. Crim ... Read More

Cyware

April 26, 2023

A component in Huawei network appliances could be used to take down Germany’s telecoms networks Full Text

Abstract German government warns that technology to regulate power consumption in Huawei network appliances could be used for sabotage purposes.  In March, the interior ministry announced it was conducting an audit on the network appliance from Chinese telecoms...

Security Affairs

April 26, 2023

Thousands of publicly-exposed Apache Superset installs exposed to RCE attacks Full Text

Abstract Apache Superset open-source data visualization platform is affected by an insecure default configuration that could lead to remote code execution. Apache Superset is an open-source data visualization and data exploration platform. The maintainers...

Security Affairs

April 26, 2023
Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks Full Text

Abstract The maintainers of the  Apache Superset  open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as  CVE-2023-27524  (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access unauthorized resources on internet-exposed installations. Naveen Sunkavally, the chief architect at Horizon3.ai, described the issue as "a dangerous default configuration in Apache Superset that allows an unauth attacker to gain remote code execution, harvest credentials, and compromise data." It's worth noting that the flaw does not affect Superset instances that have changed the default value for the SECRET_KEY config to a more cryptographically secure random string. The cybersecurity firm, which found that the SECRET_KEY is defaulted to the value "\x02\x01thisismy

The Hacker News

April 26, 2023

VMware Releases Critical Patches for Workstation and Fusion Software Full Text

Abstract VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the virtual machine. "A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host," the company  said . Also patched by VMware is an out-of-bounds read vulnerability affecting the same feature (CVE-2023-20870, CVSS score: 7.1), that could be abused by a local adversary with admin privileges to read sensitive information contained in hypervisor memory from a virtual machine. Both vulnerabilities were  demonstrated  by researchers from STAR Labs on the third day of the Pwn2O

The Hacker News

April 25, 2023

SLP flaw allows DDoS attacks with an amplification factor as high as 2200 times Full Text

Abstract A flaw in the Service Location Protocol (SLP), tracked as CVE-2023-29552, can allow to carry out powerful DDoS attacks. A high-severity security vulnerability (CVE-2023-29552, CVSS score: 8.6) impacting the Service Location Protocol (SLP) can be exploited...

Security Affairs

April 25, 2023

VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023 Full Text

Abstract VMware addressed zero-day flaws that can be chained to achieve arbitrary code execution on Workstation and Fusion software hypervisors. VMware released security updates to address two zero-day vulnerabilities (CVE-2023-20869, CVE-2023-20870) that...

Security Affairs

April 25, 2023

New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks Full Text

Abstract Details have emerged about a high-severity security vulnerability impacting Service Location Protocol ( SLP ) that could be weaponized to launch volumetric denial-of-service attacks against targets. "Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2,200 times, potentially making it one of the largest amplification attacks ever reported," Bitsight and Curesec researchers Pedro Umbelino and Marco Lux  said  in a report shared with The Hacker News. The vulnerability, which has been assigned the identifier  CVE-2023-29552  (CVSS score: 8.6), is said to impact more than 2,000 global organizations and over 54,000 SLP instances that are accessible over the internet. This includes VMWare ESXi Hypervisor, Konica Minolta printers, Planex Routers, IBM Integrated Management Module (IMM), SMC IPMI, and 665 other product types. The top 10 countries with the most organi

The Hacker News

April 25, 2023

Google researchers found multiple security issues in Intel TDX Full Text

Abstract Google Cloud Security and Project Zero researchers found multiple vulnerabilities in the Intel Trust Domain Extensions (TDX). Google Cloud Security and Project Zero researchers, working with Intel experts, discovered multiple vulnerabilities in the Intel...

Security Affairs

April 24, 2023

Experts released PoC Exploit code for actively exploited PaperCut flaw Full Text

Abstract Threat actors are exploiting PaperCut MF/NG print management software flaws in attacks in the wild, while researchers released PoC exploit code. Hackers are actively exploiting PaperCut MF/NG print management software flaws (tracked as CVE-2023-27350 and CVE-2023-27351)...

Security Affairs

April 21, 2023

GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform Full Text

Abstract Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform (GCP) that could have enabled threat actors to conceal an unremovable, malicious application inside a victim's Google account. Dubbed GhostToken by Israeli cybersecurity startup Astrix Security, the shortcoming impacts all Google accounts, including enterprise-focused Workspace accounts. It was discovered and reported to Google on June 19, 2022. The company deployed a global-patch more than nine months later on April 7, 2023. "The vulnerability [...] allows attackers to gain permanent and unremovable access to a victim's Google account by converting an already authorized third-party application into a malicious trojan app, leaving the victim's personal data exposed forever," Astrix  said  in a report. In a nutshell, the flaw makes it possible for an attacker to hide their malicious app from a victim's Google account  application management page , the

The Hacker News

April 21, 2023

VMware Patches Pre-Auth Code Execution Flaw in Logging Product Full Text

Abstract The company shipped urgent patches on Thursday to cover critical security defects in the VMware Aria Operations for Logs (formerly vRealize Log Insight) product line and warned of the risk of pre-authentication remote root exploits.

Cyware

April 21, 2023

Cisco fixed critical flaws in the Industrial Network Director and Modeling Labs solutions Full Text

Abstract Cisco released security updates to address critical security flaws in its Industrial Network Director and Modeling Labs solutions. Cisco released security updates to address critical security vulnerabilities in the Industrial Network Director and Modeling...

Security Affairs

April 21, 2023

Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products Full Text

Abstract Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw  in Cisco Industrial Network Director  (CVE-2023-20036, CVSS score: 9.9), which resides in the web UI component and arises as a result of improper input validation when  uploading a Device Pack . "A successful exploit could allow the attacker to execute arbitrary commands as NT AUTHORITY\SYSTEM on the underlying operating system of an affected device," Cisco  said  in an advisory released on April 19, 2023. The networking equipment major also resolved a medium-severity file permissions vulnerability in the same product (CVE-2023-20039, CVSS score: 5.5) that an authenticated, local attacker could abuse to view sensitive information. Patches have been made available in  version 1.11.3 , with Cisco crediting an unnamed

The Hacker News

April 20, 2023

Two Critical Flaws Found in Alibaba Cloud’s PostgreSQL Databases Full Text

Abstract A chain of two critical flaws has been disclosed in Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers. "The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers' PostgreSQL databases and the ability to perform a supply chain attack on both Alibaba database services, leading to an RCE on Alibaba database services," cloud security firm Wiz  said  in a new report shared with The Hacker News. The  issues , dubbed  BrokenSesame , were reported to Alibaba Cloud in December 2022, following mitigations were deployed by the company on April 12, 2023. There is no evidence to suggest that the weaknesses were exploited in the wild. In a nutshell, the vulnerabilities – a privilege escalation flaw in AnalyticDB and a remote code execution bug in ApsaraDB RDS – made it possible to elevate privileges to root w

The Hacker News

April 20, 2023

VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root Full Text

Abstract VMware fixed two severe flaws, tracked as CVE-2023-20864 and CVE-2023-20865, impacting the VMware Aria Operations for Logs product. The virtualization giant VMware released security updates to address two critical vulnerabilities, tracked as CVE-2023-20864...

Security Affairs

April 20, 2023

Experts disclosed two critical flaws in Alibaba cloud database services Full Text

Abstract Researchers disclosed two critical flaws in Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL. Researchers from cloud security firm Wiz discovered two critical flaws, collectively dubbed BrokenSesame, in Alibaba Cloud's ApsaraDB...

Security Affairs

April 19, 2023

Google fixed the second actively exploited Chrome zero-day of 2023 Full Text

Abstract Google rolled out emergency security patches to address another actively exploited high-severity zero-day flaw in the Chrome browser. Google rolled out emergency fixes to address another actively exploited high-severity zero-day flaw, tracked as CVE-2023-2136,...

Security Affairs

April 19, 2023

Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released Full Text

Abstract Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as  CVE-2023-2136 , is  described  as a case of  integer overflow  in  Skia , an open source 2D graphics library. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on April 12, 2023. "Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page,"  according  to the NIST's National Vulnerability Database (NVD). The tech giant, which also fixed seven other security issues with the latest update, said it's aware of active exploitation of the flaw, but did not disclose additional details to prevent further abuse. The development marks the second Chrome zero-day vulnerability to be exploited by malicious actors th

The Hacker News

April 19, 2023

Oracle Releases 433 New Security Patches With April 2023 CPU Full Text

Abstract Oracle on Tuesday announced the release of 433 new patches as part of its quarterly set of security updates, including more than 70 fixes for critical-severity vulnerabilities.

Cyware

April 19, 2023

Discarded, not destroyed: Old routers reveal corporate secrets Full Text

Abstract In the wrong hands, the data gleaned from the devices – including customer data, router-to-router authentication keys, application lists, and much more – is enough to launch a cyberattack.

Cyware

April 19, 2023

Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution Full Text

Abstract A fresh round of patches has been made available for the vm2 JavaScript library to address two critical flaws that could be exploited to break out of the sandbox protections. Both the flaws –  CVE-2023-29199  and  CVE-2023-30547  – are rated 9.8 out of 10 on the CVSS scoring system and have been addressed in versions 3.9.16 and 3.9.17, respectively. Successful  exploitation  of the  bugs , which allow an attacker to raise an unsanitized host exception, could be weaponized to escape the sandbox and run arbitrary code in the host context. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," the maintainers of the vm2 library said in an alert. Credited with discovering and reporting the vulnerabilities is security researcher  SeungHyun Lee , who has also  released   proof-of-concept  (PoC) exploits for the two issues in question. The disclosure comes a little over a week after vm2 remediated another sand

The Hacker News

April 15, 2023

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability Full Text

Abstract Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as  CVE-2023-2033 , the high-severity vulnerability has been described as a  type confusion issue  in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on April 11, 2023. "Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,"  according  to the NIST's National Vulnerability Database (NVD). The tech giant  acknowledged  that "an exploit for CVE-2023-2033 exists in the wild," but stopped short of sharing additional technical specifics or indicators of compromise (IoCs) to prevent further exploitation by threat actors. CVE-2023-2033 also appears to share similarities with  CVE-2022-1096

The Hacker News

April 14, 2023

Researchers Disclosure Cisco ISE Broken Access Control Issue Full Text

Abstract A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files.

Cyware

April 14, 2023

Juniper Networks Patches Critical Third-Party Component Vulnerabilities Full Text

Abstract Networking, cloud, and cybersecurity solutions provider Juniper Networks this week published advisories detailing tens of vulnerabilities found across its product portfolio, including critical bugs in third-party components of Junos OS and STRM.

Cyware

April 14, 2023

Google fixed the first Chrome zero-day of 2023 Full Text

Abstract Google released an emergency security update to address a zero-day vulnerability in Chrome which is actively exploited in the wild. Google released an emergency security update to address the first Chrome zero-day vulnerability (CVE-2023-2033)...

Security Affairs

April 14, 2023

Severe Android and Novi Survey Vulnerabilities Under Active Exploitation Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  added  two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963  (CVSS score: 7.8) - Android Framework Privilege Escalation Vulnerability CVE-2023-29492  (CVSS score: TBD) - Novi Survey Insecure Deserialization Vulnerability "Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed," CISA  said  in an advisory for CVE-2023-20963. Google, in its monthly Android Security Bulletin for March 2023,  acknowledged  "there are indications that CVE-2023-20963 may be under limited, targeted exploitation." The development comes as tech news site Ars Technica  disclosed  late last month that Android apps digitally signed by China's e-commerce company Pinduoduo weap

The Hacker News

April 14, 2023

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products Full Text

Abstract Chinese video surveillance giant Hikvision addressed a critical vulnerability in its Hybrid SAN and cluster storage products. Chinese video surveillance giant Hikvision addressed an access control vulnerability, tracked as CVE-2023-28808, affecting...

Security Affairs

April 13, 2023

A flaw in the Kyocera Android printing app can be abused to drop malware Full Text

Abstract Security experts warn that a Kyocera Android printing app is vulnerable to improper intent handling and can be abused to drop malware. An improper intent handling issue affecting the Kyocera Android printing app can allow malicious applications...

Security Affairs

April 13, 2023

Fortinet fixed a critical vulnerability in its Data Analytics product Full Text

Abstract Fortinet addressed a critical vulnerability that can lead to remote, unauthenticated access to Redis and MongoDB instances. Fortinet has addressed a critical vulnerability, tracked as CVE-2022-41331 (CVSS score of 9.3), in its Fortinet FortiPresence...

Security Affairs

April 13, 2023

Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data Full Text

Abstract The vulnerability, tracked as CVE-2023-28808, has been described by the vendor as an access control issue that can be exploited to obtain administrator permissions by sending specially crafted messages to the targeted device.

Cyware

April 12, 2023

Fortinet Patches Critical Vulnerability in Data Analytics Solution Full Text

Abstract Cybersecurity solutions provider Fortinet this week announced the release of security updates across multiple products, including patches for a critical vulnerability in FortiPresence.

Cyware

April 12, 2023

Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit Full Text

Abstract It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix  a total of 97 flaws  impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20 elevation of privilege vulnerabilities. The updates also follow fixes for 26 vulnerabilities in its Edge browser that were released over the past month. The security flaw that's come under active exploitation is  CVE-2023-28252  (CVSS score: 7.8), a privilege escalation bug in the Windows Common Log File System (CLFS) Driver. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft said in an advisory, crediting researchers Boris Larin, Genwei Jiang, and Quan Jin for reporting the issue. CVE-2023-28252 is the fourth privilege escalation

The Hacker News

April 12, 2023

SAP April 2023 security updates fix critical vulnerabilities Full Text

Abstract SAP fixed two critical bugs that affect the Diagnostics Agent and the BusinessObjects Business Intelligence Platform. SAP April 2023 security updates include a total of 24 notes, 19 of which are new vulnerabilities. The most critical vulnerabilities...

Security Affairs

April 11, 2023

Newly Discovered “By-Design” Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers Full Text

Abstract A "by-design flaw" uncovered in Microsoft Azure could be exploited by attackers to gain access to storage accounts, move laterally in the environment, and even execute remote code. "It is possible to abuse and leverage Microsoft Storage Accounts by manipulating Azure Functions to steal access-tokens of higher privilege identities, move laterally, potentially access critical business assets, and execute remote code (RCE)," Orca said in a new  report  shared with The Hacker News. The exploitation path that underpins this attack is a mechanism called  Shared Key authorization , which is enabled by default on storage accounts. According to Microsoft, Azure generates two 512-bit storage account access keys when creating a storage account. These keys can be used to authorize access to data via Shared Key authorization, or via SAS tokens that are signed with the shared key. "Storage account access keys provide full access to the configuration of a storage accoun

The Hacker News

April 11, 2023

A “By-Design” flaw in Microsoft Azure can allow storage accounts takeover Full Text

Abstract A flaw in Microsoft Azure could be exploited by attackers to gain access to storage accounts, perform lateral movements, and even execute remote code. Researchers from the security firm Orca demonstrated how to abuse Microsoft Azure Shared Key authorization...

Security Affairs

April 11, 2023

Siemens, Schneider Electric Address Dozens of ICS Vulnerabilities Full Text

Abstract The total number of vulnerabilities patched this month is significantly smaller than in February and March, when the industrial giants addressed roughly 100 security issues.

Cyware

April 11, 2023

Apple released emergency updates to fix recently disclosed zero-day bugs on older devices Full Text

Abstract Apple released updates to backport patches addressing two actively exploited zero-day vulnerabilities in older iPhones, iPads, and Macs. Apple has released emergency updates to backport security patches that address two actively exploited zero-day...

Security Affairs

April 11, 2023

Miscreants could use Azure access keys as backdoors Full Text

Abstract A design flaw in Microsoft Azure – that shared key authorization is enabled by default when creating storage accounts – could give attackers full access to your environment, according to Orca Security researchers.

Cyware

April 10, 2023

Sophos patches three issues in the Sophos Web Security appliance, one of them rated as critical Full Text

Abstract Sophos addressed three vulnerabilities in Sophos Web Appliance, including a critical flaw that can lead to code execution. Cybersecurity vendor Sophos addressed three vulnerabilities in Sophos Web Appliance, including a critical flaw, tracked as CVE-2023-1671...

Security Affairs

April 9, 2023

Researchers disclose critical sandbox escape bug in vm2 sandbox library Full Text

Abstract The development team behind the vm2 JavaScript sandbox library addressed a critical Remote Code Execution vulnerability. The developers behind the vm2 JavaScript sandbox module have addressed a critical vulnerability, tracked as CVE-2023-29017 (CVSS...

Security Affairs

April 8, 2023

Tesla Retail Tool Vulnerability Led to Account Takeover Full Text

Abstract The application allows both internal and external account logins and uses for authentication a JSON Web Token (JWT) that specifies an email address cleared for manually defined user accounts, security researcher Evan Connelly explains.

Cyware

April 08, 2023

Apple Releases Updates to Address Zero-Day Flaws in iOS, iPadOS, macOS, and Safari Full Text

Abstract Apple on Friday released security updates for  iOS, iPadOS ,  macOS , and  Safari web browser  to address a pair of zero-day flaws that are being exploited in the wild. The two vulnerabilities are as follows - CVE-2023-28205  - A  use after free issue  in WebKit that could lead to arbitrary code execution when processing specially crafted web content. CVE-2023-28206  - An  out-of-bounds write issue  in IOSurfaceAccelerator that could enable an app to execute arbitrary code with kernel privileges. Apple said it addressed CVE-2023-28205 with improved memory management and the second with better input validation, adding it's aware the bugs "may have been actively exploited." Credited with discovering and reporting the flaws are Clément Lecigne of Google's Threat Analysis Group (TAG) and Donncha Ó Cearbhaill of Amnesty International's Security Lab. Details about the two vulnerabilities have been withheld in light of active exploitation and to prevent more

The Hacker News

April 08, 2023

Researchers Discover Critical Remote Code Execution Flaw in vm2 Sandbox Library Full Text

Abstract The maintainers of the vm2 JavaScript sandbox module have shipped a patch to address a critical flaw that could be abused to break out of security boundaries and execute arbitrary shellcode. The flaw, which affects all versions, including and prior to 3.9.14, was  reported  by researchers from South Korea-based  KAIST WSP Lab  on April 6, 2023, prompting vm2 to release a fix with  version 3.9.15  on Friday. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," vm2  disclosed  in an advisory. The vulnerability has been assigned the identified  CVE-2023-29017  and is rated 9.8 on the CVSS scoring system. The issue stems from the fact that it does not properly handle errors that occur in asynchronous functions. vm2 is a  popular library  that's used to run untrusted code in an isolated environment on Node.js. It has nearly four million weekly downloads and is used in 721 packages . KAIST security res

The Hacker News

April 7, 2023

Apple addressed two actively exploited zero-day flaws Full Text

Abstract Apple released emergency security updates to address two actively exploited zero-day vulnerabilities impacting iPhones, Macs, and iPads. Apple has released emergency security updates to address two actively exploited zero-day vulnerabilities, tracked...

Security Affairs

April 7, 2023

Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance Full Text

Abstract The critical issue, tracked as CVE-2023-1671 (CVSS score of 9.8), was identified in the warning page handler of the appliance and it could be exploited without authentication.

Cyware

April 7, 2023

Default static key in ThingsBoard IoT platform can give attackers admin access Full Text

Abstract The flaw was fixed in ThingsBoard version 3.4.2 by generating a random key for every new installation or upgrade to version 3.4.2 or later. If admins can't upgrade immediately, they can manually change the default signing key for older versions.

Cyware

April 6, 2023

Researchers Uncover Method to Steal Cars Using Vehicle CAN Bus Full Text

Abstract Automotive security experts say they have uncovered a method of car theft relying on direct access to the vehicle's Controller Area Network (CAN) bus via a smart headlamp's wiring.

Cyware

April 6, 2023

Vulnerabilities in popular Japanese word processing software could lead to arbitrary code execution, other issues Full Text

Abstract Cisco Talos recently discovered four vulnerabilities in Ichitaro, a popular word processing software in Japan produced by JustSystems that could lead to arbitrary code execution.

Cyware

April 5, 2023

Nexx bugs allow to open garage doors, and take control of alarms and plugs Full Text

Abstract A series of vulnerabilities in multiple smart devices manufactured by Nexx can be exploited to remotely open garage doors, and take control of alarms and plugs. In late 2022, the researcher Sam Sabetan discovered a series of critical vulnerabilities...

Security Affairs

April 5, 2023

HP would take up to 90 days to fix a critical bug in some business-grade printers Full Text

Abstract HP would take up to 90 days to address a critical flaw, tracked as CVE-2023-1707, that resides in the firmware of some business-grade printers. HP is aware of a critical vulnerability, tracked as CVE-2023-1707 (CVSS v3.1 score 9.1), that affects tens...

Security Affairs

April 3, 2023

Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover Full Text

Abstract Microsoft addressed a misconfiguration flaw in the Azure Active Directory (AAD) identity and access management service. Microsoft has addressed a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service...

Security Affairs

April 01, 2023

Microsoft Fixes New Azure AD Vulnerability Impacting Bing Search and Major Apps Full Text

Abstract Microsoft has patched a misconfiguration issue impacting the Azure Active Directory ( AAD ) identity and access management service that exposed several "high-impact" applications to unauthorized access. "One of these apps is a content management system (CMS) that powers Bing.com and allowed us to not only modify search results, but also launch high-impact XSS attacks on Bing users," cloud security firm Wiz  said  in a report. "Those attacks could compromise users' personal data, including Outlook emails and SharePoint documents." The issues were reported to Microsoft in January and February 2022, following which the tech giant applied fixes and awarded Wiz a $40,000 bug bounty. Redmond  said  it found no evidence that the misconfigurations were exploited in the wild. The crux of the vulnerability stems from what's called "Shared Responsibility confusion," wherein an Azure app can be incorrectly configured to allow users from any Micro

The Hacker News

April 01, 2023

Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation Full Text

Abstract Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of  CVE-2022-46169  (CVSS score: 9.8) and  CVE-2021-35394  (CVSS score: 9.8) to deliver  MooBot  and  ShellBot  (aka PerlBot), Fortinet FortiGuard Labs  said  in a report published this week. CVE-2022-46169  relates to a critical authentication bypass and command injection flaw in Cacti servers that allows an unauthenticated user to execute arbitrary code.  CVE-2021-35394  also concerns an arbitrary command injection vulnerability impacting the Realtek Jungle SDK that was patched in 2021. While the latter has been previously exploited to distribute botnets like Mirai, Gafgyt, Mozi, and RedGoBot, the development marks the first time it has been utilized to deploy MooBot, a Mirai variant known to be active since 2019. The Cacti flaw, besides being leveraged for MooBot attacks, has also been observed serving ShellB

The Hacker News

March 31, 2023

Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin Full Text

Abstract Threat actors are actively exploiting a high-severity flaw in the Elementor Pro WordPress plugin used by more than eleven million websites WordPress security firm PatchStack warns of a high-severity vulnerability in the Elementor Pro WordPress...

Security Affairs

March 31, 2023

Here’s how attackers could have changed Bing search results Full Text

Abstract An Azure Active Directory (AAD) misconfiguration by Microsoft in one of its own cloud-hosted applications could have allowed miscreants to subvert the IT giant's Bing search engine – even changing search results.

Cyware

March 30, 2023

Researchers Detail Severe “Super FabriXss” Vulnerability in Microsoft Azure SFX Full Text

Abstract Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer ( SFX ) that could lead to unauthenticated remote code execution. Tracked as  CVE-2023-23383  (CVSS score: 8.2), the issue has been dubbed "Super FabriXss" by Orca Security, a nod to the  FabriXss flaw  (CVE-2022-35829, CVSS score: 6.2) that was fixed by Microsoft in October 2022. "The Super FabriXss vulnerability enables remote attackers to leverage an XSS vulnerability to achieve remote code execution on a container hosted on a Service Fabric node without the need for authentication," security researcher Lidor Ben Shitrit  said  in a report shared with The Hacker News. XSS refers to a kind of  client-side code injection  attack that makes it possible to upload malicious scripts into otherwise trusted websites. The scripts then get executed every time a victim visits the compromised website, thereby leading to unintended consequences. While both FabriXss and Super FabriXss

The Hacker News

March 30, 2023

Super FabriXss vulnerability in Microsoft Azure SFX could lead to RCE Full Text

Abstract Researchers shared details about a flaw, dubbed Super FabriXss, in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution. Researchers from Orca Security shared details about a new vulnerability, dubbed Super...

Security Affairs

March 30, 2023

New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices Full Text

Abstract A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS. Successful exploitation of the shortcoming could be abused to hijack TCP connections or intercept client and web traffic, researchers Domien Schepers, Aanjhan Ranganathan, and Mathy Vanhoef said in a paper published this week. The  approach  exploits  power-save mechanisms  in endpoint devices to trick access points into leaking  data frames  in plaintext, or encrypt them using  an all-zero key . "The unprotected nature of the power-save bit in a frame's header [...] also allows an adversary to force queue frames intended for a specific client resulting in its disconnection and trivially executing a denial-of-service attack," the researchers noted. In other words, the goal is to leak frames from the access point destined to a victim client station

The Hacker News

March 30, 2023

Azure Pipelines vulnerability spotlights supply chain threats Full Text

Abstract The Azure Pipelines flaw affected both the SaaS version of Azure DevOps Server and the self-hosted, on-premises version. Customers running the on-premises version need to patch their instances to remediate the RCE vulnerability.

Cyware

March 29, 2023

QNAP fixed Sudo privilege escalation bug in NAS devices Full Text

Abstract Taiwanese vendor QNAP warns customers to patch a high-severity Sudo privilege escalation bug affecting NAS devices. Taiwanese vendor QNAP warns customers to update their network-attached storage (NAS) devices to address a high-severity Sudo privilege...

Security Affairs

March 29, 2023

QNAP warns customers to patch Linux Sudo flaw in NAS devices Full Text

Abstract Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage (NAS) devices against a high-severity Sudo privilege escalation vulnerability.

BleepingComputer

March 29, 2023

OpenAI quickly fixed account takeover bugs in ChatGPT Full Text

Abstract OpenAI addressed multiple severe vulnerabilities in the popular chatbot ChatGPT that could have been exploited to take over accounts. OpenAI addressed multiple severe vulnerabilities in ChatGPT that could have allowed attackers to take over user accounts...

Security Affairs

March 29, 2023

Microsoft Defender mistakenly tagging URLs as malicious Full Text

Abstract Microsoft Defender is mistakenly flagging legitimate links as malicious, with some customers having already received dozens of alert emails since the issues began over five hours ago.

BleepingComputer

March 28, 2023

WiFi protocol flaw allows attackers to hijack network traffic Full Text

Abstract Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form.

BleepingComputer

March 28, 2023

Apple Issues Urgent Security Update for Older iOS and iPadOS Models Full Text

Abstract Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models. The issue, tracked as  CVE-2023-23529 , concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was  originally addressed  by the tech giant with improved checks as part of updates released on February 13, 2023. An anonymous researcher has been credited with reporting the bug. "Processing maliciously crafted web content may lead to arbitrary code execution," Apple  said  in a new advisory, adding it's "aware of a report that this issue may have been actively exploited." Details surrounding the exact nature of exploitation are currently not known, but withholding technical specifics is standard procedure as it helps prevent additional in-the-wild abuse targeting susceptible devices.  The update is available in versions iOS 15.7.4 and iPadOS 15.7.4 for iPhone 6s (all models), iPhone 7 (all models), iPho

The Hacker News

March 27, 2023

Apple fixes recently disclosed CVE-2023-23529 zero-day on older devices Full Text

Abstract Apple released updates to backport security patches that address actively exploited CVE-2023-23529 WebKit zero-day for older iPhones and iPads. Apple released security updates to backport patches that address an actively exploited zero-day flaw (CVE-2023-23529)...

Security Affairs

March 27, 2023

Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools Full Text

Abstract Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The  issue , dubbed  aCropalypse , could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out. Tracked as  CVE-2023-28303 , the vulnerability is rated 3.3 on the CVSS scoring system. It affects both the Snip & Sketch app on Windows 10 and the Snipping Tool on Windows 11. "The severity of this vulnerability is Low because successful exploitation requires uncommon user interaction and several factors outside of an attacker's control," Microsoft  said  in an advisory released on March 24, 2023. Successful exploitation requires that the following two prerequisites are met - The user must take a screenshot, save it to a file, modify the file (for example, crop it), and then save the modified file to the same location. The user must open

The Hacker News

March 26, 2023

Microsoft shares guidance for investigating attacks exploiting CVE-2023-23397 Full Text

Abstract Microsoft is warning of cyber attacks exploiting a recently patched Outlook vulnerability tracked as CVE-2023-23397 (CVSS score: 9.8). Microsoft published guidance for investigating attacks exploiting recently patched Outlook vulnerability tracked...

Security Affairs

March 25, 2023

Critical flaw in AI testing framework MLflow can lead to server and data compromise Full Text

Abstract The vulnerability found by Dan McInerney is tracked as CVE-2023-1177 and is rated 10 (critical) on the CVSS scale. It is described as a local and remote file inclusion (LFI/RFI) via the API.

Cyware

March 25, 2023

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers Full Text

Abstract Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the  critical flaw  relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a  relay attack  without requiring any user interaction. "External attackers could send specially crafted emails that will cause a connection from the victim to an untrusted location of attackers' control," the company  noted  in an advisory released this month. "This will leak the  Net-NTLMv2 hash  of the victim to the untrusted network which an attacker can then relay to another service and authenticate as the victim." The vulnerability was resolved by Microsoft as part of its  Patch Tuesday updates  for March 2023, but not before Russia-based threat actors weaponized the flaw in attacks targeting government, transportation, ene

The Hacker News

March 24, 2023

Critical flaw in WooCommerce Payments plugin allows site takeover Full Text

Abstract A patch for a critical vulnerability in the WooCommerce Payments plugin for WordPress has been released for over 500,000 websites. On March 23, 2023, researchers from Wordfence observed that the “WooCommerce Payments – Fully Integrated Solution...

Security Affairs

March 24, 2023

Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites Full Text

Abstract Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It impacts versions 4.8.0 through 5.6.1. Put differently, the issue could permit an "unauthenticated attacker to impersonate an administrator and completely take over a website without any user interaction or social engineering required," WordPress security company Wordfence  said . The vulnerability appears to reside in a PHP file called "class-platform-checkout-session.php," Sucuri researcher Ben Martin  noted . Credited with discovering and reporting the vulnerability is Michael Mazzolini of Swiss penetration testing company GoldNetwork. WooCommerce also  said  it worked with WordPress to auto-update sites using affected versions of the softwar

The Hacker News

March 24, 2023

High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian Full Text

Abstract Cisco’s Talos threat intelligence and research unit this week disclosed the details of two high-severity vulnerabilities discovered last year in WellinTech’s KingHistorian industrial data historian software.

Cyware

March 23, 2023

Cisco fixed multiple severe vulnerabilities in its IOS and IOS XE software Full Text

Abstract Cisco addressed tens of vulnerabilities in its IOS and IOS XE software, six of these issues have been rated ‘high severity’. Cisco published the March 2023 Semiannual IOS and IOS XE Software Security Advisory that addresses several vulnerabilities...

Security Affairs

March 23, 2023

Cisco Patches High-Severity Vulnerabilities in IOS Software Full Text

Abstract Cisco published its semiannual IOS and IOS XE software security advisory bundle, which addresses ten vulnerabilities, including six 'high-severity’ ones. The most important three security bugs can be exploited remotely to cause a DoS condition.

Cyware

March 22, 2023

Netgear Orbi router vulnerable to arbitrary command execution Full Text

Abstract Cisco Talos recently discovered four vulnerabilities in the Netgear Orbi mesh wireless system, including the main hub router and satellite routers that extend the network’s range.

Cyware

March 21, 2023

Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products Full Text

Abstract Organizations that use human-machine interface (HMI) and supervisory control and data acquisition (SCADA) products from UK-based industrial software maker Aveva have been informed about the existence of several potentially serious vulnerabilities.

Cyware

March 20, 2023

Acropalypse flaw in Google Pixel’s Markup tool allowed the recovery of edited images Full Text

Abstract The Acropalypse flaw in the Markup tool of Google Pixel allowed the partial recovery of edited or redacted screenshots and images. Security researchers Simon Aarons and David Buchanan have discovered a vulnerability, named 'Acropalypse,' in the Markup...

Security Affairs

March 18, 2023

Actively Exploited Microsoft Outlook Vulnerability Imperils Microsoft 365 Apps Full Text

Abstract Discovered in or around the beginning of March, the Microsoft Outlook vulnerability was found to affect several applications from the Microsoft 365 Apps Enterprise stack, including MS Office 2019, 2016, 2013, and LTSC.

Cyware

March 17, 2023

New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks Full Text

Abstract A new Golang-based botnet dubbed  HinataBot  has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks. "The malware binaries appear to have been named by the malware author after a character from the popular anime series, Naruto, with file name structures such as 'Hinata--,'" Akamai  said  in a technical report. Among the methods used to distribute the malware are the exploitation of exposed Hadoop YARN servers and security flaws in Realtek SDK devices ( CVE-2014-8361 )and Huawei HG532 routers ( CVE-2017-17215 , CVSS score: 8.8). Unpatched vulnerabilities and weak credentials have been a low-hanging fruit for attackers, representing an easy, well-documented entry point that does not require sophisticated social engineering tactics or other methods. The threat actors behind HinataBot are said to have been active since at least December 2022, with the

The Hacker News

March 17, 2023

Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips Full Text

Abstract Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction. The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123 chipset. Four of the 18 flaws make it possible for a threat actor to achieve internet-to-Samsung, Vivo, and Google, as well as wearables using the Exynos W920 chipset and vehicleses in late 2022 and early 2023, said. "[The] four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number," Tim Willis, head of Google Project Zero,  said . In doing so, a threat actor could gain entrenched access to cellular information passing in and out of the targeted devi

The Hacker News

March 16, 2023

Baseband RCE flaws in Samsung’s Exynos chipsets expose devices to remote hack Full Text

Abstract Google’s Project Zero hackers found multiple flaws in Samsung ’s Exynos chipsets that expose devices to remote hack with no user interaction. White hat hackers at Google's Project Zero unit discovered multiple vulnerabilities Samsung ’s Exynos...

Security Affairs

March 16, 2023

Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111 Full Text

Abstract Mozilla announced this week the release of Firefox 111, which patches over a dozen vulnerabilities, including potentially serious issues. Of the 13 CVEs, seven have been assigned a ‘high’ severity rating.

Cyware

March 15, 2023

Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack Full Text

Abstract Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of  80 security flaws , two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in  addition to 29 flaws  the tech giant fixed in its Chromium-based Edge browser in recent weeks. The two vulnerabilities that have come under active attack include a Microsoft Outlook privilege escalation flaw ( CVE-2023-23397 , CVSS score: 9.8) and a Windows SmartScreen security feature bypass ( CVE-2023-24880 , CVSS score: 5.1). CVE-2023-23397 is "triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server," Microsoft  said  in a standalone advisory. A threat actor could leverage this flaw by sending a specially crafted email, activating it automatically when it is retrieved and pr

The Hacker News

March 14, 2023

Siemens Addresses Over 90 Vulnerabilities for ICS Patch Tuesday Full Text

Abstract Siemens has released only seven new advisories, but they describe a total of 92 vulnerabilities. However, a vast majority are introduced by the use of third-party components rather than being specific to Siemens products.

Cyware

March 14, 2023

Microsoft Patch Tuesday fix Outlook zero-day actively exploited Full Text

Abstract Microsoft Patch Tuesday updates for March 2023 addressed 74 vulnerabilities, including a Windows zero-day exploited in ransomware attacks. Microsoft Patch Tuesday security updates for March 2023 addressed 74 new vulnerabilities in Microsoft Windows...

Security Affairs

March 14, 2023

Adobe fixed ColdFusion flaw listed as under active exploit Full Text

Abstract Adobe is warning that a critical zero-day flaw in ColdFusion web app development platform was exploited in very limited attacks. Software giant Adobe released security updates for ColdFusion versions 2021 and 2018 to resolve a critical flaw, tracked...

Security Affairs

March 14, 2023

Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities Full Text

Abstract Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers Guillaume Lovet and Alex Kong said in an advisory last week. The zero-day flaw in question is CVE-2022-41328 (CVSS score: 6.5), a medium security path traversal bug in FortiOS that could lead to arbitrary code execution. "An improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands," the company noted. The shortcoming impacts FortiOS versions 6.0, 6.2, 6.4.0 through 6.4.11, 7.0.0 through 7.0.9, and 7.2.0 through 7.2.3. Fixes are available in versions 6.4.1

The Hacker News

March 13, 2023

Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom Full Text

Abstract More than a dozen security flaws have been disclosed in E11, a smart intercom product made by Chinese company Akuvox . "The vulnerabilities could allow attackers to execute code remotely in order to activate and control the device's camera and microphone, steal video and images, or gain a network foothold," Claroty security researcher Vera Mens  said  in a technical write-up. Akuvox E11 is described by the company on its website as a " SIP  [Session Initiation Protocol] video doorphone specially designed for villas, houses, and apartments." The  product listing , however, has been taken down from the website, displaying an error message: "Page does not exist." A  snapshot  captured by Google shows that the page was live as recently as March 12, 2023, 05:59:51 GMT. The attacks can manifest either through remote code execution within the local area network (LAN) or remote activation of the E11's camera and microphone, allowing the adversary to c

The Hacker News

March 12, 2023

Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers Full Text

Abstract Cisco fixed a high-severity DoS vulnerability (CVE-2023-20049) in IOS XR software that impacts several enterprise routers. Cisco has released security updates to address a high-severity DoS vulnerability, tracked as CVE-2023-20049 (CVSS score of 8.6),...

Security Affairs

March 11, 2023

Unpatched Akuvox Smart Intercom Vulnerabilities Can Be Exploited for Spying Full Text

Abstract A smart intercom product made by Chinese company Akuvox is affected by more than a dozen vulnerabilities, including potentially serious flaws that can be exploited for spying.

Cyware

March 9, 2023

SonicWall SMA appliance infected by a custom malware allegedly developed by Chinese hackers Full Text

Abstract Alleged China-linked threat actors infected unpatched SonicWall Secure Mobile Access (SMA) appliances with a custom backdoor. Mandiant researchers reported that alleged China-linked threat actors, tracked as UNC4540, deployed custom malware on a SonicWall...

Security Affairs

March 9, 2023

CloudBees flaws in Jenkins server can lead to code execution Full Text

Abstract CloudBees vulnerabilities in the Jenkins open-source automation server can be exploited to achieve code execution on targeted systems. Researchers from cloud security firm Aqua discovered a chain of two vulnerabilities in the Jenkins open-source automation...

Security Affairs

March 09, 2023

New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access Full Text

Abstract Fortinet has released fixes to  address 15 security flaws , including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as  CVE-2023-25610 , is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams. "A buffer underwrite ('buffer underflow') vulnerability in FortiOS and FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests," Fortinet  said  in an advisory. Underflow bugs , also called  buffer underruns , occur when the input data is shorter than the reserved space, causing unpredictable behavior or leakage of sensitive data from memory. Other possible consequences include memory corruption that could either be weaponized to induce a crash or execute arbitrary code. Fortinet said it's not

The Hacker News

March 08, 2023

Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks Full Text

Abstract A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems. The flaws, tracked as  CVE-2023-27898  and  CVE-2023-27905 , impact the Jenkins server and Update Center, and have been collectively christened  CorePlague  by cloud security firm Aqua. All versions of Jenkins versions prior to 2.319.2 are vulnerable and exploitable. "Exploiting these vulnerabilities could allow an unauthenticated attacker to execute arbitrary code on the victim's Jenkins server, potentially leading to a complete compromise of the Jenkins server," the company said in a report shared with The Hacker News. The shortcomings are the result of how Jenkins processes plugins available from the  Update Center , thereby potentially enabling a threat actor to upload a plugin with a malicious payload and trigger a cross-site scripting (XSS) attack. "Once the victim opens the ' Available Plug

The Hacker News

March 8, 2023

A critical flaw affects Fortinet FortiOS and FortiProxy, patch it now! Full Text

Abstract Fortinet addressed a critical heap buffer underflow vulnerability affecting FortiOS and FortiProxy, which can lead to arbitrary code execution. Fortinet addressed a critical buffer underwrite ('buffer underflow') vulnerability, tracked as CVE-2023-25610...

Security Affairs

March 8, 2023

Veeam warns to install patches to fix a bug in its Backup & Replication product Full Text

Abstract Veeam addressed a high-severity vulnerability in the Backup Service that impacts Backup & Replication software. Veeam addressed a high-severity vulnerability in the Backup Service, tracked as CVE-2023-27532 (CVSS v3 score: 7.5), that impacts...

Security Affairs

March 8, 2023

VMware NSX Manager bugs actively exploited in the wild since December Full Text

Abstract Security researchers warn of hacking attempts in the wild exploiting critical vulnerabilities in VMware NSX Manager. Cyber security firm Wallarm is warning of ongoing attacks exploiting the critical flaws, tracked as CVE-2021-39144 (CVSS score of 9.8)...

Security Affairs

March 8, 2023

Chrome 111 Patches 40 Vulnerabilities Full Text

Abstract A total of 24 of the addressed security defects were reported by external researchers. These include eight high-severity flaws, 11 medium-severity bugs, and five low-severity issues.

Cyware

March 8, 2023

Vulnerability in Toyota Management Platform Provided Access to Customer Data Full Text

Abstract A severe vulnerability in the Toyota Customer 360 customer relationship management (CRM) platform allowed a security researcher to access the personal information of the car maker’s customers in Mexico.

Cyware

March 7, 2023

Android’s March 2023 Updates Patch Over 50 Vulnerabilities Full Text

Abstract The most severe of the patched vulnerabilities are two remote code execution (RCE) flaws in the System component, both of which were addressed as part of the 2023-03-01 security patch level.

Cyware

March 6, 2023

RIG EK Achieves Lifetime High Success Rate with Old IE Bugs Full Text

Abstract RIG EK continues to make its mark as a successful exploit kit as it attempted to make roughly 2,000 intrusions daily, with the highest attack success rate of its lifetime of 30%. By exploiting relatively old Internet Explorer vulnerabilities, the exploit kit has been seen distributing various types ... Read More

Cyware

March 03, 2023

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices Full Text

Abstract A pair of serious security defects has been disclosed in the Trusted Platform Module ( TPM ) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities,  CVE-2023-1017 , concerns an out-of-bounds write, while the other,  CVE-2023-1018 , is described as an out-of-bounds read. Credited with discovering and reporting the issues in November 2022 is cybersecurity company Quarkslab. "These vulnerabilities can be triggered from user-mode applications by sending malicious commands to a TPM 2.0 whose firmware is based on an affected TCG reference implementation," the Trusted Computing Group (TCG)  said  in an advisory. Large tech vendors, organizations using enterprise computers, servers, IoT devices, and embedded systems that include a TPM can be impacted by the flaws, Quarkslab  noted , adding they "could affect billions of devices." TPM is a hardware-based solution (i.e., a crypto-pro

The Hacker News

March 3, 2023

Trusted Platform Module (TPM) 2.0 flaws could impact billions of devices Full Text

Abstract Two vulnerabilities affecting the Trusted Platform Module (TPM) 2.0 library could potentially lead to information disclosure or privilege escalation. The Trusted Computing Group (TCG) is warning of two vulnerabilities affecting the implementations...

Security Affairs

March 02, 2023

2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots Full Text

Abstract As a primary working interface, the browser plays a significant role in today's corporate environment. The browser is constantly used by employees to access websites, SaaS applications and internal applications, from both managed and unmanaged devices. A new report published by LayerX, a browser security vendor, finds that attackers are exploiting this reality and are targeting it in increasing numbers ( download report here ). The key report findings  Over half of all the browsers in the enterprise environment are misconfigured.  While a configured browser is nearly impossible to compromise, stealing data from misconfigured browsers is like taking candy from a baby. The Leading misconfigurations are improper use of personal browser profiles on work devices (29%), poor patching routine (50%), and the use of corporate browser profiles on unmanaged devices. 3 of every 10 SaaS applications are non-corporate shadow SaaS,  and no SaaS discovery/security solution can address its ris

The Hacker News

March 2, 2023

Cisco fixed a critical command injection bug in IP Phone Series Full Text

Abstract Cisco addressed a critical vulnerability, tracked as CVE-2023-20078, impacting its IP Phone 6800, 7800, 7900, and 8800 Series products. Cisco released security updates to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800...

Security Affairs

March 02, 2023

Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack Full Text

Abstract Cisco on Wednesday rolled out  security updates  to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Series products. The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is described as a command injection bug in the web-based management interface arising due to insufficient validation of user-supplied input. Successful exploitation of the bug could allow an unauthenticated, remote attacker to inject arbitrary commands that are executed with the highest privileges on the underlying operating system. "An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface," Cisco  said  in an alert published on March 1, 2023. Also patched by the company is a high-severity denial-of-service (DoS) vulnerability affecting the same set of devices, as well as the Cisco Unified IP Conference Phone 8831 and Unified IP Phone 7900 Series. CVE-2023-20079 (CVSS score: 7

The Hacker News

March 1, 2023

Critical Vulnerabilities Patched in ThingWorx, Kepware IIoT Products Full Text

Abstract Several industrial IoT (IIoT) software products made by PTC are affected by two critical vulnerabilities that can be exploited for denial-of-service (DoS) attacks and remote code execution.

Cyware

February 28, 2023

Vulnerability in Popular Real Estate Theme Exploited to Hack WordPress Websites Full Text

Abstract The vulnerability is tracked as CVE-2023-26009 in the Houzez plugin and CVE-2023-26540 in the theme. The vendor was informed about the security hole and patched it with the release of versions 2.6.4 (plugin) and 2.7.2 (theme).

Cyware

February 27, 2023

Chromium bug allowed SameSite cookie bypass on Android devices Full Text

Abstract A recently patched bug in the open-source Chromium browser project could allow malicious actors to bypass a security feature that protects sensitive cookies on Android browsers.

Cyware

February 27, 2023

Microsoft recommending you scan more Exchange server files Full Text

Abstract In particular, the software giant said this week that sysadmins should now include the Temporary ASP.NET files, Inetsrv folders, and the PowerShell and w3wp processes on the list of files and folders to be run through antivirus systems.

Cyware

February 24, 2023

Hackers are actively exploiting CVE-2022-47966 flaw in Zoho ManageEngine Full Text

Abstract Experts warn of threat actors actively exploiting the critical CVE-2022-47966 (CVSS score: 9.8) flaw in Zoho ManageEngine. Multiple threat actors are actively exploiting the Zoho ManageEngine CVE-2022-47966 (CVSS score: 9.8) in attacks in the wild,...

Security Affairs

February 23, 2023

Cisco Patches High-Severity Vulnerabilities in ACI Components Full Text

Abstract Cisco on Wednesday informed customers about the availability of patches for two high-severity vulnerabilities affecting components of its Application Centric Infrastructure (ACI) software-defined networking solution.

Cyware

February 23, 2023

Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products Full Text

Abstract Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as  CVE-2022-47966  (CVSS score: 9.8), the  remote code execution flaw  allows a complete takeover of the susceptible systems by unauthenticated attackers. As many as  24 different products , including Access Manager Plus, ADManager Plus, ADSelfService Plus, Password Manager Pro, Remote Access Plus, and Remote Monitoring and Management (RMM), are affected by the issue. The shortcoming "allows unauthenticated remote code execution due to usage of an outdated third-party dependency for XML signature validation, Apache Santuario," Bitdefender's Martin Zugec  said  in a technical advisory shared with The Hacker News. According to the Romanian cybersecurity firm, the exploitation efforts are said to have commenced the day after penetration testing firm Horizon3.ai released a proo

The Hacker News

February 23, 2023

Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after the release of PoC exploit Full Text

Abstract Threat actors are actively exploiting the Fortinet FortiNAC vulnerability CVE-2022-39952 a few hours after the publication of the PoC exploit code. This week, researchers at Horizon3 cybersecurity firm have released a proof-of-concept exploit for a critical-severity...

Security Affairs

February 22, 2023

Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices Full Text

Abstract Apple has revised the  security advisories  it released last month to include three new vulnerabilities impacting  iOS, iPadOS , and  macOS . The first flaw is a  race condition  in the Crash Reporter component (CVE-2023-23520) that could enable a malicious actor to read arbitrary files as root. The iPhone maker said it addressed the issue with additional validation. The two other vulnerabilities, credited to Trellix researcher Austin Emmitt, reside in the  Foundation framework  (CVE-2023-23530 and CVE-2023-23531) and could be weaponized to achieve code execution. "An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges," Apple said, adding it patched the issues with "improved memory handling." The medium to high-severity vulnerabilities have been patched in iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2 that were shipped on January 23, 2023. Trellix, in its own report on Tuesday,  classified  the two flaws as a &qu

The Hacker News

February 22, 2023

Experts found a large new class of bugs ‘class’ in Apple devices Full Text

Abstract Tech giant Apple discloses three new vulnerabilities affecting its iOS, iPadOS, and macOS operating systems. Apple updated its advisories by adding three new vulnerabilities, tracked as CVE-2023-23520, CVE-2023-23530 and CVE-2023-23531,...

Security Affairs

February 22, 2023

R1Soft Server Backup Manager Vulnerability Exploited to Deploy Backdoor Full Text

Abstract During a recent incident response case, Fox-IT found evidence that the R1Soft vulnerability was exploited to gain initial access to a server. The attackers then deployed a malicious database driver that gave them backdoor access.

Cyware

February 22, 2023

VMware addressed a critical bug in Carbon Black App Control Full Text

Abstract VMware released security updates to address a critical vulnerability, tracked as CVE-2023-20858, in the Carbon Black App Control product. VMware addressed a critical injection vulnerability, tracked as (CVSSv3 score 9.1), Carbon Black App Control....

Security Affairs

February 22, 2023

VMware Patches Critical Vulnerability in Carbon Black App Control Product Full Text

Abstract VMware on Tuesday released patches to address a critical security vulnerability affecting its Carbon Black App Control product. Tracked as  CVE-2023-20858 , the shortcoming carries a CVSS score of 9.1 out of a maximum of 10 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x. The virtualization services provider describes the issue as an injection vulnerability. Security researcher Jari Jääskelä has been credited with discovering and reporting the bug. "A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system," the company  said  in an advisory. VMware said there are no workarounds that resolve the flaw, necessitating that customers update to versions 8.7.8, 8.8.6, and 8.9.4 to mitigate potential risks. It's worth pointing out that Jääskelä was also credited with reporting two critical vulnerabilities in the same product ( CVE-2022-229

The Hacker News

February 22, 2023

Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding Header Full Text

Abstract During a recent customer pilot, Praetorian researchers identified an interesting method to bypass the cross-site scripting (XSS) filtering functionality within the Akamai Web Application Firewall (WAF) solution.

Cyware

February 21, 2023

Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities Full Text

Abstract Trellix published a blog post on Tuesday to describe these flaws, which the firm says are part of a new class of bugs that can allow attackers to bypass code signing on macOS and iOS systems.

Cyware

February 19, 2023

Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy Full Text

Abstract Fortinet has released security updates to  address 40 vulnerabilities  in its software lineup, including FortiWeb, FortiOS, FortiNAC, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity. Top of the list is a severe bug residing in the FortiNAC network access control solution (CVE-2022-39952, CVSS score: 9.8) that could lead to arbitrary code execution. "An external control of file name or path vulnerability [CWE-73] in FortiNAC web server may allow an unauthenticated attacker to perform arbitrary write on the system," Fortinet  said  in an advisory earlier this week. The products impacted by the vulnerability are as follows - FortiNAC version 9.4.0 FortiNAC version 9.2.0 through 9.2.5 FortiNAC version 9.1.0 through 9.1.7 FortiNAC 8.8 all versions FortiNAC 8.7 all versions FortiNAC 8.6 all versions FortiNAC 8.5 all versions, and FortiNAC 8.3 all versions Patches have bee

The Hacker News

February 18, 2023

SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities Full Text

Abstract Out of a total of seven security defects, five are described as deserialization of untrusted data issues that could be exploited to achieve command execution. Four of them have a CVSS score of 8.8.

Cyware

February 18, 2023

New Variant of Mirai Targets 13 Known IoT Device Vulnerabilities Full Text

Abstract Researchers at Unit42 laid bare a Mirai botnet variant dubbed V3G4 that compromised hosts by abusing several vulnerabilities in products from DrayTek, Geutebruck, FreePBX, Atlassian, and others. The botnet infected exposed servers and networking devices running on Linux OS. Successful exploitation ... Read More

Cyware

February 17, 2023

Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb Full Text

Abstract Cybersecurity vendor Fortinet has addressed two critical vulnerabilities impacting its FortiNAC and FortiWeb products. Cybersecurity firm Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions....

Security Affairs

February 17, 2023

Cisco fixed critical RCE bug in ClamAV Open-Source Antivirus engine Full Text

Abstract Cisco addressed a critical vulnerability in the ClamAV open source antivirus engine that can lead to remote code execution on vulnerable devices. Cisco fixed a critical flaw, tracked as CVE-2023-20032 (CVSS score: 9.8), in the ClamAV open source...

Security Affairs

February 17, 2023

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software Full Text

Abstract Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as  CVE-2023-20032  (CVSS score: 9.8), the issue relates to a case of remote code execution residing in the HFS+ file parser component. The flaw affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Google security engineer Simon Scannell has been credited with discovering and reporting the bug. "This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write," Cisco Talos  said  in an advisory. "An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device." Successful exploitation of the weakness could enable an adversary to run arbitrary code with the same privileges as that of the ClamAV scanning process, or crash the process, resu

The Hacker News

February 16, 2023

ESXiArgs Ransomware Mayhem in Europe and More Full Text

Abstract Skipping patching VMware ESXi bugs? Beware! Hundreds of systems in Europe were found infected with the ESXiArgs ransomware. Hackers reportedly abused a two-year-old RCE bug (CVE-2021-21974) and compromised thousands of servers across the world.

Cyware

February 16, 2023

Researchers Hijack Popular NPM Package with Millions of Downloads Full Text

Abstract A popular npm package with more than 3.5 million weekly downloads has been found vulnerable to an account takeover attack. "The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password," software supply chain security company Illustria  said  in a report. While npm's security protections limit users to have only one active email address per account, the Israeli firm said it was able to reset the GitHub password using the recovered domain. The attack, in a nutshell, grants a threat actor access to the package's associated GitHub account, effectively making it possible to publish trojanized versions to the npm registry that can be weaponized to conduct supply chain attacks at scale. This is achieved by taking advantage of a GitHub Action that's configured in the repository to automatically publish the packages when new code changes are pushed. "Even though the maintainer's npm user account i

The Hacker News

February 16, 2023

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs Full Text

Abstract Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers (PLCs) that could allow for authentication bypass and remote code execution. The flaws, tracked as  CVE-2022-45788  (CVSS score: 7.5) and  CVE-2022-45789  (CVSS score: 8.1), are part of a  broader collection  of  security defects  tracked by Forescout as OT:ICEFALL. Successful exploitation of the bugs could enable an adversary to execute unauthorized code, denial-of-service, or disclosure of sensitive information. The cybersecurity company said the shortcomings can be chained by a threat actor with known flaws from other vendors (e.g.,  CVE-2021-31886 ) to achieve deep lateral movement in operational technology (OT) networks. "Deep lateral movement lets attackers gain deep access to industrial control systems and cross often overlooked security perimeters, allowing them to perform highly granular and stealthy manipulations as well as override funct

The Hacker News

February 16, 2023

Hyundai and Kia to patch a flaw that allows the theft of the cars with a USB cable Full Text

Abstract Hyundai and Kia car makers are releasing an emergency software update to fix a flaw that can allow stealing a car with a USB cable. Carmakers Hyundai and KIA are rolling out an emergency update for the software shipped with several car models. The update...

Security Affairs

February 16, 2023

Critical Vulnerability Patched in Cisco Security Products Full Text

Abstract Cisco on Wednesday announced updates for endpoint, cloud, and web security products to address a critical vulnerability in the third-party open-source scanning library ClamAV.

Cyware

February 15, 2023

Citrix released security updates for multiple High-Severity flaws in its products Full Text

Abstract Citrix released security updates for multiple High-Severity flaws in Virtual Apps and Desktops, and Workspace apps for Windows and Linux. Citrix released security patches to fix multiple vulnerabilities in Virtual Apps and Desktops, and Workspace...

Security Affairs

February 15, 2023

Recently Patched IBM Aspera Faspex Vulnerability Exploited in the Wild Full Text

Abstract The security hole, tracked as CVE-2022-47986 and classified as ‘high severity’, is a YAML deserialization flaw that can be exploited by a remote attacker for arbitrary code execution using specially crafted API calls.

Cyware

February 15, 2023

Adobe addressed critical bugs in Illustrator, After Effects Software Full Text

Abstract Adobe Patch Tuesday addressed at least a half dozen vulnerabilities, including critical issues that expose Windows and macOS to hack. Adobe released security updates to address at least a half dozen vulnerabilities impacting Photoshop, Illustrator...

Security Affairs

February 15, 2023

SAP’s February 2023 Security Updates Patch High-Severity Vulnerabilities Full Text

Abstract The most severe of the new security notes delivers updates to the Chromium browser in the SAP Business Client, to resolve a total of 54 vulnerabilities, including 22 high-severity issues.

Cyware

February 15, 2023

Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities Full Text

Abstract Microsoft on Tuesday released  security updates  to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild. The updates are in addition to 22 flaws the Windows maker  patched  in its Chromium-based Edge browser over the past month. Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are classified as remote code execution (RCE) flaws. The three zero-days of note that have been exploited are as follows - CVE-2023-21715  (CVSS score: 7.3) - Microsoft Office Security Feature Bypass Vulnerability CVE-2023-21823  (CVSS score: 7.8) - Windows Graphics Component Elevation of Privilege Vulnerability CVE-2023-23376  (CVSS score: 7.8) - Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability "The attack itself is carried out locally by a user with authentication to the targeted system," Microsoft said in advisory for CVE-2023-21715. "

The Hacker News

February 15, 2023

Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps Full Text

Abstract Tracked as CVE-2023-24483, the Virtual Apps and Desktops vulnerability is described as a privilege escalation issue that allows an attacker with access to a Windows VDA as a standard Windows user to elevate privileges to System.

Cyware

February 14, 2023

Microsoft Patch Tuesday for February 2023 fixed actively exploited zero-days Full Text

Abstract Microsoft Patch Tuesday security updates for February 2023 addressed 75 flaws, including three actively exploited zero-day bugs. Microsoft Patch Tuesday security updates for February 2023 fixed 75 vulnerabilities in multiple products, including Microsoft...

Security Affairs

February 14, 2023

Apple fixes the first zero-day in iPhones and Macs this year Full Text

Abstract Apple has released emergency security updates to fix a new actively exploited zero-day vulnerability that impacts iPhones, iPads, and Macs. Apple has released emergency security updates to address a new actively exploited zero-day vulnerability, tracked...

Security Affairs

February 14, 2023

Patch Now: Apple’s iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw Full Text

Abstract Apple on Monday rolled out security updates for  iOS, iPadOS ,  macOS , and  Safari  to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as  CVE-2023-23529 , the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution. The iPhone maker said the bug was addressed with improved checks, adding it's "aware of a report that this issue may have been actively exploited." An anonymous researcher has been credited with reporting the flaw. It's not immediately clear as to how the vulnerability is being exploited in real-world attacks, but it's the second actively abused type confusion flaw in WebKit to be patched by Apple after  CVE-2022-42856  in as many months, which was closed in December 2022.  WebKit flaws are also notable for the fact that they impact every third-party web browser that's available fo

The Hacker News

February 13, 2023

Vulnerabilities open Korenix JetWave industrial networking devices to attack Full Text

Abstract Three vulnerabilities found in a variety of Korenix JetWave industrial access points and LTE cellular gateways may allow attackers to either disrupt their operation or to use them as a foothold for further attacks, CyberDanube researchers have found.

Cyware

February 13, 2023

Radio silence from DMS vendor quartet over XSS zero-days Full Text

Abstract The most severe issue belongs to ONLYOFFICE’s Workspace enterprise app platform. Tracked as CVE-2022-47412, the stored cross-site scripting (XSS) vulnerability is believed to impact versions from 0 through 12.1.0.1760.

Cyware

February 11, 2023

Dota 2 Under Attack: Threat Actors Exploit a Chrome Flaw to Infect Gamers Full Text

Abstract Security experts at Avast Threat Labs uncovered four malicious Dota 2 game mods that cyber adversaries are using to backdoor players' systems. The game mods were named Overdog no annoying heroes (id 2776998052), Custom Hero Brawl (id 2780728794), and Overthrow RTZ Edition X10 XP (id 2780559339). Th ... Read More

Cyware

February 10, 2023

February 2023 Patch Tuesday forecast: A Valentine’s date Full Text

Abstract For many, CVSS from FIRST has been the driving force in that process. One of the major objectives behind the calculation of the actual CVSS number is to ensure standardization so all CVEs are scored consistently and can be accurately compared.

Cyware

February 10, 2023

Apple says watchdog tweaks would make iOS an Android ‘clone’ Full Text

Abstract Apple said in its response that it was "particularly concerned by some of the remedy options that the CMA is now considering in relation to cloud gaming, which appear to fall outside the underlying basis for the market investigation."

Cyware

February 09, 2023

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices Full Text

Abstract A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. "Threat actors can exploit vulnerabilities in Wireless IIoT devices to gain initial access to internal OT networks," Israeli industrial cybersecurity company Otorio  said . "They can use these vulnerabilities to bypass security layers and infiltrate target networks, putting critical infrastructure at risk or interrupting manufacturing." The flaws, in a nutshell, offer a remote entry point for attack, enabling unauthenticated adversaries to gain a foothold and subsequently use it as leverage to spread to other hosts, thereby causing significant damage. Some of the identified shortcomings could be chained to give an external actor direct access to thousands of internal OT networks over the internet, secu

The Hacker News

February 09, 2023

OpenSSL Fixes Multiple New Security Flaws with Latest Update Full Text

Abstract The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as  CVE-2023-0286 , the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a denial-of-service," the maintainers said in an advisory. The vulnerability is rooted in the way the  popular cryptographic library  handles X.509 certificates, and is likely to impact only those applications that have a custom implementation for retrieving a certificate revocation list ( CRL ) over a network. "In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature," OpenSSL  said . "If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon."

The Hacker News

February 8, 2023

GoAnywhere MFT Zero-Day Exploited in the Wild; Patch and Exploit Out Full Text

Abstract A security researcher from Code White issued a POC exploit code against vulnerable GoAnywhere MFT servers. The exploitation of the bug allows an attacker to perform unauthenticated RCE on compromised systems. The administrative console of the application is needed for this exploit's attack vector. ... Read More

Cyware

February 08, 2023

Unpatched Security Flaws Disclosed in Multiple Document Management Systems Full Text

Abstract Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System (DMS) offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM. Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which "an attacker can convince a human operator to save a malicious document on the platform and, once the document is indexed and triggered by the user, giving the attacker multiple paths to control the organization." The list of eight cross-site scripting ( XSS ) flaws, discovered by Rapid7 researcher Matthew Kienow, is as follows - CVE-2022-47412  - ONLYOFFICE Workspace Search Stored XSS CVE-2022-47413 and CVE-2022-47414  - OpenKM Document and Application XSS CVE-2022-47415, CVE-2022-47416, CVE-2022-47417, and CVE-2022-47418  - LogicalDOC Multiple Stored XSS CVE-2022-47419  - Mayan EDMS Tag Stored XSS Stored XSS, also known as persistent XSS, occurs when a malicious script is injected directly into

The Hacker News

February 07, 2023

Hackers Exploit Vulnerabilities in Sunlogin to Deploy Sliver C2 Framework Full Text

Abstract Threat actors are leveraging known flaws in Sunlogin software to deploy the Sliver command-and-control (C2) framework for carrying out post-exploitation activities. The findings come from AhnLab Security Emergency response Center (ASEC), which found that security vulnerabilities in Sunlogin, a remote desktop program developed in China, are being abused to deploy a wide range of payloads. "Not only did threat actors use the Sliver backdoor, but they also used the  BYOVD  (Bring Your Own Vulnerable Driver) malware to incapacitate security products and install reverse shells," the researchers  said . Attack chains commence with the exploitation of two remote code execution bugs in Sunlogin versions prior to v11.0.0.33 (CNVD-2022-03672 and CNVD-2022-10270), followed by delivering Sliver or other malware such as  Gh0st RAT  and XMRig crypto coin miner. In one instance, the threat actor is said to have weaponized the Sunlogin flaws to install a PowerShell script that, in turn

The Hacker News

February 7, 2023

OpenSSH addressed a new pre-auth double free vulnerability Full Text

Abstract The maintainers of OpenSSH address multiple security issues, including a memory safety bug in the OpenSSH server (sshd). The maintainers of OpenSSH have addressed a number of security vulnerabilities with the release of version 9.2. One of the issues...

Security Affairs

February 06, 2023

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability Full Text

Abstract The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd). Tracked as  CVE-2023-25136 , the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1. "This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms," OpenSSH disclosed in its  release notes  on February 2, 2023. Credited with  reporting  the flaw to OpenSSH in July 2022 is security researcher Mantas Mikulenas. OpenSSH is the open source implementation of the secure shell ( SSH ) protocol that offers a suite of services for encrypted communications over an unsecured network in a client-server architecture. "The exposure occurs in the chunk of memory freed twice, the 'options.kex_algorithms,'" Qualys researcher Saeed Abbasi s

The Hacker News

February 04, 2023

Warning: Hackers Actively Exploiting Zero-Day in Fortra’s GoAnywhere MFT Full Text

Abstract A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first  publicly shared  by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra. The vulnerability is a case of remote code injection that requires access to the administrative console of the application, making it imperative that the systems are not exposed to the public internet. According to security researcher Kevin Beaumont, there are over 1,000 on-premise instances that are publicly accessible over the internet, a majority of which are located in the U.S. "The Fortra advisory Krebs quoted advises GoAnywhere MFT customers to review all administrative users and monitor for unrecognized usernames, especially those created by system," Rapid7 researcher Caitlin Condon  said . "The logical deduction is that Fortra is likely seeing follow-on attacker behavior that inc

The Hacker News

February 4, 2023

GoAnywhere MFT zero-day flaw actively exploited Full Text

Abstract Threat actors are actively exploiting a zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application. Experts warn that threat actors are actively exploiting a zero-day vulnerability in Fortra's GoAnywhere MFT managed...

Security Affairs

February 03, 2023

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered Full Text

Abstract Two new security weaknesses discovered in several electric vehicle (EV) charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft. The findings, which come from Israel-based SaiFlow, once again demonstrate the  potential risks  facing the EV charging infrastructure. The issues have been identified in version 1.6J of the Open Charge Point Protocol ( OCPP ) standard that uses WebSockets for communication between EV charging stations and the Charging Station Management System (CSMS) providers. The current version of OCPP is 2.0.1. "The OCPP standard doesn't define how a CSMS should accept new connections from a charge point when there is already an active connection," SaiFlow researchers Lionel Richard Saposnik and Doron Porat  said . "The lack of a clear guideline for multiple active connections can be exploited by attackers to disrupt and hijack the connection between the charge point and the CSMS.&q

The Hacker News

February 3, 2023

Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release Full Text

Abstract Threat actors started exploiting a critical Oracle E-Business Suite flaw, tracked as CVE-2022-21587, shortly after a PoC was published. Shadowserver researchers warn that threat actors have started attempting to exploit critical Oracle E-Business...

Security Affairs

February 3, 2023

GoAnywhere MFT Users Warned of Zero-Day Exploit Full Text

Abstract Users of the GoAnywhere secure managed file transfer (MFT) software have been warned about a zero-day exploit that malicious actors can target directly from the internet.

Cyware

February 3, 2023

VMware Workstation update fixes an arbitrary file deletion bug Full Text

Abstract VMware addressed a high-severity privilege escalation vulnerability, tracked as CVE-2023-20854, in VMware Workstation. VMware fixed a high-severity privilege escalation flaw, tracked as CVE-2023-20854, that impacts Workstation. An attacker can exploit...

Security Affairs

February 3, 2023

Atlassian fixed critical authentication vulnerability in Jira Software Full Text

Abstract Atlassian fixed a critical flaw in Jira Service Management Server and Data Center that can allow an attacker to impersonate another user and gain access to a Jira Service Management instance. Atlassian has released security updates to address a critical...

Security Affairs

February 03, 2023

Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability Full Text

Abstract Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The  vulnerability  is tracked as  CVE-2023-22501  (CVSS score: 9.4) and has been described as a case of broken authentication with low attack complexity. "An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances," Atlassian  said . "With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into." The tokens, Atlassian noted, can be obtained in either of the two scenarios - If the attacker is included on Jira i

The Hacker News

February 3, 2023

Cisco fixed command injection bug in IOx Application Hosting Environment Full Text

Abstract Cisco fixed a high-severity flaw in the IOx application hosting environment that can be exploited in command injection attacks. Cisco has released security updates to address a command injection vulnerability, tracked as CVE-2023-20076, in the Cisco...

Security Affairs

February 03, 2023

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products Full Text

Abstract F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol ( SOAP ) interface and affects the following versions of BIG-IP - 13.1.5 14.1.4.6 - 14.1.5 15.1.5.1 - 15.1.8 16.1.2.2 - 16.1.3, and 17.0.0 "A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code," the company  said  in an advisory. "In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary." Tracked as CVE-2023-22374 (CVSS score: 7.5/8.5), security researcher Ron Bowes of Rapid7 has been credited with discovering and reporting the flaw on December 6, 2022. Given that the iCOntrol SOAP interface runs as root, a successful exploit could permit a threat actor to remotely trigger co

The Hacker News

February 2, 2023

EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft Full Text

Abstract Researchers warn that many electric vehicle (EV) charging management systems are affected by vulnerabilities that could allow hackers to cause disruption, steal energy, or obtain driver information.

Cyware

February 2, 2023

A High-severity bug in F5 BIG-IP can lead to code execution and DoS Full Text

Abstract Experts warn of a high-severity vulnerability that affects F5 BIG-IP that can lead to arbitrary code execution or DoS condition. A high-severity vulnerability in F5 BIG-IP, tracked as CVE-2023-22374, can be exploited to cause a DoS condition and potentially...

Security Affairs

February 2, 2023

Experts warn of two flaws in popular open-source software ImageMagick Full Text

Abstract Experts disclosed details of two security flaws in the open-source software ImageMagick that could potentially lead to information disclosure or trigger a DoS condition. Researchers at Metabase Q discovered a couple of security vulnerabilities in the open-source...

Security Affairs

February 2, 2023

Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076) Full Text

Abstract CVE-2023-20076 was discovered by the researchers in a Cisco ISR 4431 router – more specifically, in the Cisco IOx application hosting environment, which allows admins to deploy application containers or virtual machines directly on Cisco devices.

Cyware

February 2, 2023

Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw Full Text

Abstract Censys found 30,000 internet-facing QNAP appliances potentially impacted by a recently disclosed critical code injection flaw. On January 30, Taiwanese vendor QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked...

Security Affairs

February 01, 2023

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility Full Text

Abstract Cybersecurity researchers have disclosed details of two security flaws in the open source  ImageMagick software  that could potentially lead to a denial-of-service (DoS) and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version 7.1.0-49, were  addressed  in ImageMagick  version 7.1.0-52 , released in November 2022. A brief description of the flaws is as follows - CVE-2022-44267  - A DoS vulnerability that arises when parsing a PNG image with a filename that's a single dash ("-") CVE-2022-44268  - An information disclosure vulnerability that could be exploited to read arbitrary files from a server when parsing an image That said, an attacker must be able to upload a malicious image to a website using ImageMagick so as to weaponize the flaws remotely. The specially crafted image, for its part, can be created by inserting a  text chunk  that specifies some metadata of the attacker's choice (e.g.,

The Hacker News

February 1, 2023

Update: POC exploit released for VMware vRealize Log Insight vulnerabilities Full Text

Abstract Updates for the vulnerabilities are available for VMware vRealize Log Insight in the form of version 8.10.2. VMware also published workarounds as an alternative for affected customers.

Cyware

February 1, 2023

Microsoft’s Verified Publisher Status Abused in Email Theft Campaign Full Text

Abstract The campaign mainly targeted Microsoft customers in Ireland and the UK. The tech giant has taken steps to disrupt the operation and it has published an article on how users can protect against these threats, which the company calls consent phishing.

Cyware

February 01, 2023

Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software Full Text

Abstract Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software, nearly two months after  three security vulnerabilities  were brought to light in the same product. Firmware security firm Eclypsium  said  the two shortcomings were held back until now to provide AMI additional time to engineer appropriate mitigations. The issues, collectively tracked as  BMC&C , could act as springboard for cyber attacks, enabling threat actors to obtain remote code execution and unauthorized device access with superuser permissions. The two new flaws in question are as follows - CVE-2022-26872  (CVSS score: 8.3) - ​​Password reset interception via API CVE-2022-40258  (CVSS score: 5.3) - Weak password hashes for Redfish and API Specifically, MegaRAC has been found to use the MD5 hashing algorithm with a global salt for older devices, or  SHA-512 with per user salts  on newer appliances, potentially allowing a threat actor to crack the

The Hacker News

January 31, 2023

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates Full Text

Abstract Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices that could lead to arbitrary code injection. Tracked as  CVE-2022-27596 , the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects QTS 5.0.1 and QuTS hero h5.0.1. "If exploited, this vulnerability allows remote attackers to inject malicious code," QNAP  said  in an advisory released Monday. The exact technical specifics surrounding the flaw are unclear, but the NIST National Vulnerability Database (NVD) has categorized it as an SQL injection vulnerability. This means an attacker could send specially crafted SQL queries such that they could be weaponized to bypass security controls and access or alter valuable information. "Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL injection attack," according to  MI

The Hacker News

January 30, 2023

QNAP addresses a critical flaw impacting its NAS devices Full Text

Abstract Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596...

Security Affairs

January 30, 2023

Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices Full Text

Abstract Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months. Close to 50% of the attacks originated from the U.S. (48.3%), followed by Vietnam (17.8%), Russia (14.6%), The Netherlands (7.4%), France (6.4%), Germany (2.3%0, and Luxembourg (1.6%). What's more, 95% of the attacks leveraging the security shortcoming that emanated from Russia singled out organizations in Australia. "Many of the attacks we observed tried to deliver malware to infect vulnerable IoT devices," Unit 42 researchers  said  in a report, adding "threat groups are using this vulnerability to carry out large-scale attacks on smart devices around the world." The vulnerability in question is

The Hacker News

January 30, 2023

Researcher received a $27,000 bounty for 2FA bypass bug in Facebook and Instagram Full Text

Abstract A researcher disclosed technical details of a two-factor authentication bypass vulnerability affecting Instagram and Facebook. The researcher Gtm Manoz received a $27,000 bug bounty for having reported a two-factor authentication bypass vulnerability...

Security Affairs

January 30, 2023

Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability Full Text

Abstract Security researcher Gtm Manoz from Nepal discovered in September 2022 that a system designed by Meta for confirming a phone number and email address did not have any rate-limiting protection.

Cyware

January 28, 2023

ISC fixed high-severity flaws in DNS software suite BIND Full Text

Abstract The latest BIND updates patch multiple remotely exploitable vulnerabilities that could lead to denial-of-service (DoS). BIND is a suite of software for interacting with the Domain Name System (DNS) maintained by the Internet Systems Consortium (ISC). The...

Security Affairs

January 28,2023

Microsoft Urges Customers to Secure On-Premises Exchange Servers Full Text

Abstract Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling  Windows Extended Protection  and configuring  certificate-based signing  of PowerShell serialization payloads. "Attackers looking to exploit unpatched Exchange servers are not going to go away," the tech giant's Exchange Team  said  in a post. "There are too many aspects of unpatched on-premises Exchange environments that are valuable to bad actors looking to exfiltrate data or commit other malicious acts." Microsoft also emphasized mitigations issued by the company are only a stopgap solution and that they can "become insufficient to protect against all variations of an attack," necessitating that users install necessary security updates to secure the servers. Exchange Server has been proven to be a lucrative attack vector in recent years, what with a number of security flaws in the software weaponized as zero-d

The Hacker News

January 28,2023

ISC Releases Security Patches for New BIND DNS Software Vulnerabilities Full Text

Abstract The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. "A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said  in an advisory released Friday. The open source software is used by major financial firms, national and international carriers, internet service providers (ISPs), retailers, manufacturers, educational institutions, and government entities, according to its  website . All four flaws reside in  named , a  BIND9 service  that functions as an authoritative nameserver for a fixed set of DNS zones or as a recursive resolver for clients on a local network. The list of the bugs, which are rated 7.5 on the CVSS scoring system, is as follows -

The Hacker News

January 27, 2023

Patch management is crucial to protect Exchange servers, Microsoft warns Full Text

Abstract Microsoft warns customers to patch their Exchange servers because attackers always look to exploit unpatched installs. Microsoft published a post to urge its customers to protect their Exchange servers because threat actors actively attempt to exploit...

Security Affairs

January 27, 2023

CVE-2023-23560 flaw exposes 100 Lexmark printer models to hack Full Text

Abstract Lexmark released a security firmware update to fix a remote code execution flaw, tracked as CVE-2023-23560, that impacts more than 100 printer models. Lexmark has released a security firmware update to address a remote code execution vulnerability,...

Security Affairs

January 26,2023

Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSA Full Text

Abstract Proof-of-concept (Poc) code signing as the targeted certificate," Microsoft  said  in an advisory released at the time. The  Windows CryptoAPI  offers an interface for developers to add cryptographic services such as encryption/decryption of data and authentication using digital certificates to their applications. Web security company Akamai, which  released  the PoC,  said  CVE-2022-

The Hacker News

January 26, 2023

Experts warn of a surge of attacks exploiting a Realtek Jungle SDK RCE (CVE-2021-35394) Full Text

Abstract Experts warn of a spike in the attacks that between August and October 2022 attempted to exploit a Realtek Jungle SDK RCE (CVE-2021-35394). Palo Alto Networks researchers reported that between August and October 2022 the number of attacks that attempted...

Security Affairs

January 25, 2023

Google Chrome 109 update addresses six security vulnerabilities Full Text

Abstract Google addressed six security vulnerabilities in its web browser Chrome, none of them actively exploited in the wild. Google released Chrome version 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows to address a total of six vulnerabilities....

Security Affairs

January 25, 2023

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats Full Text

Abstract As of December 2022, Unit 42 researchers observed 134 million exploit attempts in total leveraging this vulnerability, and about 97% of these attacks occurred after the start of August 2022. At the time of writing, the attack is still ongoing.

Cyware

January 25,2023

VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities Full Text

Abstract VMware on Tuesday released software to remediate four security vulnerabilities affecting  vRealize Log Insight  (aka Aria Operations for Logs) that could expose users to remote code execution attacks. Two of the flaws are critical, carrying a severity rating of 9.8 out of a maximum of 10, the virtualization services provider noted in its first security bulletin for 2023. Tracked as CVE-2022-31706 and CVE-2022-31704, the directory traversal and broken access control issues could be exploited by a threat actor to achieve remote code execution irrespective of the difference in the attack pathway. "An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution," the company  said  of the two shortcomings. A third vulnerability relates to a deserialization flaw (CVE-2022-31710, CVSS score: 7.5) that could be weaponized by an unauthenticated attacker to trigger a denial-of-service (DoS) conditi

The Hacker News

January 24, 2023

VMware warns of critical code execution bugs in vRealize Log Insight Full Text

Abstract A critical vulnerability in VMware vRealize Log Insight appliance can allow an unauthenticated attacker to take full control of a target system. VMware addressed multiple vulnerabilities, tracked as CVE-2022-31706, CVE-2022-31704, CVE-2022-31710,...

Security Affairs

January 24,2023

Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium Full Text

Abstract Vulnerability analysis results in  Orange Cyberdefenses' Security Navigator  show that some vulnerabilities first discovered in 1999 are still found in networks today. This is concerning. Age of VOC findings Our Vulnerability Scans are performed on a recurring basis, which provides us the opportunity to examine the difference between when a scan was performed on an Asset, and when a given finding on that Asset was reported. We can call that the finding 'Age'. If the findings first reported are not addressed, they will occur in more scans over time with increasing Age, and so we can track how the Age of reported findings changes over time. As the chart below clearly illustrates, the majority of real findings in our dataset, across all Severity levels, are between 75 and 225 days old. There is a second 'peak' at around 300 days, which we suspect has more to do with the age of the data in the dataset and can therefore be ignored. Finally, there is a fascinating 

The Hacker News

January 23,2023

Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud Full Text

Abstract Two security flaws have been disclosed in Samsung's Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web. The issues, tracked as  CVE-2023-21433 and CVE-2023-21434 , were  discovered  by NCC Group and notified to the South Korean chaebol in November and December 2022. Samsung  classified  the bugs as moderate risk and released fixes in version 4.5.49.8 shipped earlier this month. Samsung Galaxy Store, previously known as Samsung Apps and Galaxy Apps, is a dedicated app store used for Android devices manufactured by Samsung. It was launched in September 2009. The first of the two vulnerabilities is CVE-2023-21433, which could enable an already installed rogue Android app on a Samsung device to install any application available on the Galaxy Store. Samsung described it as a case of improper access control that it said has been patched with proper permiss

The Hacker News

January 23, 2023

Apple backported patches for CVE-2022-42856 zero-day on older iPhones, iPads Full Text

Abstract Apple has backported the security updates for the zero-day vulnerability CVE-2022-42856 to older iPhones and iPads. On December 2022, Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856, that is actively...

Security Affairs

January 23, 2023

Two flaws in Samsung Galaxy Store can allow to install Apps and execute JS code Full Text

Abstract Researchers found two flaws in Samsung Galaxy Store that could be exploited to install applications or achieve code execution on the devices. Researchers from cybersecurity firm NCC Group published technical details on two vulnerabilities, tracked...

Security Affairs

January 22, 2023

Expert found critical flaws in OpenText Enterprise Content Management System Full Text

Abstract The OpenText enterprise content management (ECM) system is affected by multiple vulnerabilities, including a critical RCE. Armin Stock (Atos), researcher at cybersecurity firm Sec Consult, discovered multiple vulnerabilities in the OpenText enterprise...

Security Affairs

January 21, 2023

Around 19,500 end-of-life Cisco routers are exposed to hack Full Text

Abstract Researchers warn of about 19,500 end-of-life Cisco VPN routers on the Internet that are exposed to the recently disclosed RCE exploit chain. Cisco recently warned of a critical vulnerability, tracked as CVE-2023-20025 (CVSS score of 9.0),...

Security Affairs

January 21, 2023

Critical Manufacturing Sector in the Bull’s-eye Full Text

Abstract More than three-quarters of manufacturing organizations harbor unpatched high-severity vulnerabilities in their systems. New telemetry from SecurityScorecard shows a year-over-year increase in high-severity vulnerabilities in those organizations.

Cyware

January 20, 2023

Critical Vulnerabilities Patched in OpenText Enterprise Content Management System Full Text

Abstract Several vulnerabilities described as having a critical and high impact, including ones allowing unauthenticated remote code execution, have been found and patched in OpenText’s enterprise content management (ECM) product.

Cyware

January 20,2023

Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware Full Text

Abstract A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October 2022, at least nearly two months before fixes were released. "This incident continues China's pattern of exploiting internet facing devices, specifically those used for managed security purposes (e.g., firewalls, IPS\IDS appliances etc.)," Mandiant researchers  said  in a technical report. The attacks entailed the use of a sophisticated backdoor dubbed  BOLDMOVE , a Linux variant of which is specifically designed to run on Fortinet's FortiGate firewalls. The intrusion vector in question relates to the exploitation of  CVE-2022-42475 , a heap-based buffer overflow vulnerability in FortiOS SSL-VPN that could result in unauthenti

The Hacker News

January 20, 2023

Cisco fixes SQL Injection flaw in Unified CM Full Text

Abstract A high-severity flaw (CVE-2023-20010) was found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition. Cisco fixed a high-severity SQL injection flaw, tracked as CVE-2023-20010 (CVSS score of 8.1), in Unified...

Security Affairs

January 20, 2023

Researchers claim XSS vulnerability in Ghost CMS Full Text

Abstract The vulnerabilities can be triggered when a higher-level user simply previews or visits any post by the malicious user, as these social links seem to be included in all of a user's posts.

Cyware

January 19,2023

New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks Full Text

Abstract A new critical remote code execution (RCE) flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application. "The vulnerability is achieved through  CSRF  (cross-site request forgery) on the ubiquitous SCM service Kudu," Ermetic researcher Liv Matan  said  in a report shared with The Hacker News. "By abusing the vulnerability, attackers can deploy malicious ZIP files containing a payload to the victim's Azure application." The Israeli cloud infrastructure security firm, which dubbed the shortcoming  EmojiDeploy , said it could further enable the theft of sensitive data and lateral movement to other Azure services. Microsoft has since fixed the vulnerability as of December 6, 2022, following responsible disclosure on October 26, 2022, in addition to awarding a bug bounty of $30,000. The Windows maker  describes  Kudu as the "engine behind a number of feat

The Hacker News

January 19, 2023

Experts released PoC exploit for critical Zoho ManageEngine RCE flaw Full Text

Abstract Researchers released Proof-of-concept exploit code for remote code execution flaw CVE-2022-47966 impacting multiple Zoho ManageEngine products. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple...

Security Affairs

January 19, 2023

CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services Full Text

Abstract A web-based Git repository manager, Kudu is the engine behind several Azure App Service features, supporting the deployment and management of code in Azure. The service is used by Functions, App Service, Logic Apps, and other Azure services.

Cyware

January 18, 2023

Two critical flaws discovered in Git source code version control system Full Text

Abstract The maintainers of the Git source code version control system urge to update the software to fix two critical vulnerabilities. The maintainers of the Git source code version control system announced to have fixed a couple of critical vulnerabilities,...

Security Affairs

January 18, 2023

WAGO fixes config export flaw threatening data leak from industrial devices Full Text

Abstract Tracked as CVE-2022-3738, the vulnerability is described as a PHP error in the WAGO web admin interface file download.php, as some lines are commented on using a multi-line comment.

Cyware

January 18, 2023

A couple of bugs can be chained to hack Netcomm routers Full Text

Abstract A couple of critical vulnerabilities have been discovered in Netcomm rourers, experts warn of their potential exploitation in the wild. The vulnerabilities discovered in the Netcomm routers are a a stack based buffer overflow and an authentication...

Security Affairs

January 18,2023

Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers Full Text

Abstract Security vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution. The flaws, tracked as  CVE-2022-4873  and  CVE-2022-4874 , concern a case of stack-based buffer overflow and authentication bypass and impact Netcomm router models NF20MESH, NF20, and NL1902 running firmware versions earlier than R6B035 . "The two vulnerabilities, when chained together, permit a remote, unauthenticated attacker to execute arbitrary code," the CERT Coordination Center (CERT/CC)  said  in an advisory published Tuesday. "The attacker can first gain unauthorized access to affected devices, and then use those entry points to gain access to other networks or compromise the availability, integrity, or confidentiality of data being transmitted from the internal network." Security researcher  Brendan Scarvell  has been credited with discovering and reporting the issues in October 2022. In a related developme

The Hacker News

January 18, 2023

Experts found SSRF flaws in four different Microsoft Azure services Full Text

Abstract SSRF vulnerabilities in four Microsoft Azure services could be exploited to gain unauthorized access to cloud resources. Researchers at the security firm Orca discovered that four different Microsoft Azure services were vulnerable to server-side request...

Security Affairs

January 18, 2023

Oracle’s First Security Update for 2023 Includes 327 New Patches Full Text

Abstract Among the 327 new patches, more than 70 fixes address critical-severity vulnerabilities. Over 200 of the patches resolve security defects that can be exploited remotely without authentication. Some of the resolved bugs impact multiple products.

Cyware

January 18,2023

Git Users Urged to Update Software to Prevent Remote Code Execution Attacks Full Text

Abstract The maintainers of the  Git  source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution. The flaws, tracked as  CVE-2022-23521  and  CVE-2022-41903 , impacts the following versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0. Patched versions include v2.30.7, v2.31.6, v2.32.5, v2.33.6, v2.34.6, v2.35.6, v2.36.4, v2.37.5, v2.38.3, and v2.39.1. X41 D-Sec security researchers Markus Vervier and Eric Sesterhenn as well as GitLab's Joern Schneeweisz have been credited with reporting the bugs. "The most severe issue discovered allows an attacker to trigger a heap-based memory corruption during clone or pull operations, which might result in code execution," the German cybersecurity company  said  of CVE-2022-23521. CVE-2022-41903, also a critical vulnerability, is triggered during an archive operatio

The Hacker News

January 17,2023

Microsoft Azure Services Flaws Could’ve Exposed Cloud Resources to Unauthorized Access Full Text

Abstract Four different Microsoft Azure services have been found vulnerable to server-side request forgery ( SSRF ) attacks that could be exploited to gain unauthorized access to cloud resources. The security issues, which were discovered by Orca between October 8, 2022 and December 2, 2022 in Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins, have since been addressed by Microsoft. "The discovered Azure SSRF vulnerabilities allowed an attacker to scan local ports, find new services, endpoints, and sensitive files - providing valuable information on possibly vulnerable servers and services to exploit for initial entry and the location of sensitive information to target," Orca researcher By Lidor Ben Shitrit  said  in a report shared with The Hacker News. Two of the vulnerabilities affecting Azure Functions and Azure Digital Twins could be abused without requiring any authentication, enabling a threat actor to seize control of a server without

The Hacker News

January 17, 2023

How to abuse GitHub Codespaces to deliver malicious content Full Text

Abstract Researchers demonstrated how to abuse a feature in GitHub Codespaces to deliver malware to victim systems. Trend Micro researchers reported that it is possible to abuse a legitimate feature in the development environment GitHub Codespaces to deliver...

Security Affairs

January 17, 2023

Patch your Zoho ManageEngine instance immediately! PoC Exploit for CVE-2022-47966 will be released soon Full Text

Abstract A PoC exploit code for the unauthenticated remote code execution vulnerability CVE-2022-47966 in Zoho ManageEngine will be released soon. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho...

Security Affairs

January 16, 2023

T95 Android TV Box sold on Amazon hides sophisticated malware Full Text

Abstract Expert discovered that the T95 Android TV box, available for sale on Amazon and AliExpress, came with sophisticated pre-installed malware. Security researcher, Daniel Milisic, discovered that the T95 Android TV box he purchased on Amazon was infected...

Security Affairs

January 14,2023

Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability Full Text

Abstract A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which  found  only 26 out of a total of 6,427 servers to be running a  patched version  of Cacti (1.2.23 and 1.3.0). The  issue  in question relates to  CVE-2022-46169  (CVSS score: 9.8), a combination of authentication bypass and command injection that enables an unauthenticated user to execute arbitrary code on an affected version of the open-source, web-based monitoring solution. Details about the flaw, which impacts versions 1.2.22 and below, were first revealed by SonarSource. The flaw was reported to the project maintainers on December 2, 2022. "A hostname-based authorization check is not implemented safely for most installations of Cacti," SonarSource researcher Stefan Schiller  noted  earlier this month, adding "uns

The Hacker News

January 14, 2023

Most internet-exposed Cacti servers exposed to hacking Full Text

Abstract Most internet-exposed Cacti servers are vulnerable to the critical vulnerability CVE-2022-46169 which is actively exploited in the wild. Cacti is an open-source platform that provides a robust and extensible operational monitoring and fault management...

Security Affairs

January 14, 2023

Most Cacti Installations Unpatched Against Exploited Vulnerability Full Text

Abstract In December 2022, the tool’s maintainers announced patches for CVE-2022-46169, a critical-severity command injection flaw that could allow unauthenticated attackers to execute code on the server running Cacti, if a specific data source was used.

Cyware

January 14,2023

Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers Full Text

Abstract Cisco has warned of two security vulnerabilities affecting end-of-life (EoL) Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept (PoC) exploit. The  issues  are rooted in the router's web-based management interface, enabling a remote adversary to sidestep authentication or execute malicious commands on the underlying operating system. The most severe of the two is CVE-2023-20025 (CVSS score: 9.0), which is the result of improper validation of user input within incoming HTTP packets. A threat actor could exploit it remotely by sending a specially crafted HTTP request to vulnerable routers' web-based management interface to bypass authentication and obtain elevated permissions. The lack of adequate validation is also the reason behind the second flaw tracked as CVE-2023-20026 (CVSS score: 6.5), permitting an attacker with valid admin credentials to achieve root-level privi

The Hacker News

January 12, 2023

Critical bug in Cisco EoL Small Business Routers will receive no patch Full Text

Abstract Cisco warns of a critical flaw in small business RV016, RV042, RV042G, and RV082 routers, which have reached end of life (EoL). Cisco is warning of a critical vulnerability, tracked as CVE-2023-20025 (CVSS score of 9.0), that impacts small business...

Security Affairs

January 12, 2023

Asus router access, information disclosure, denial of service vulnerabilities discovered Full Text

Abstract Cisco Talos recently discovered three vulnerabilities in Asus router software. The Asus RT-AX82U router is one of the newer Wi-Fi 6 (802.11ax)-enabled routers that also support mesh networking with other Asus routers.

Cyware

January 12,2023

Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover Full Text

Abstract Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them. Discovered by Red Balloon Security , the issues are tracked as  CVE-2022-38773  (CVSS score: 4.6), with the low severity stemming from the prerequisite that exploitation requires physical tampering of the device. The flaws "could allow attackers to bypass all protected boot features, resulting in persistent arbitrary modification of operating code and data," the company  said . More than 100 models are susceptible. Put differently, the weaknesses are the result of a lack of asymmetric signature verifications for firmware at bootup, effectively permitting the attacker to load tainted bootloader and firmware while undermining integrity protections. A more severe consequence of loading such modified firmw

The Hacker News

January 12, 2023

Threat actors actively exploit Control Web Panel RCE following PoC release Full Text

Abstract Threat actors are actively exploiting a recently patched critical remote code execution (RCE) vulnerability in Control Web Panel (CWP). Threat actors are actively exploiting a recently patched critical vulnerability, tracked as CVE-2022-44877 (CVSS...

Security Affairs

January 12,2023

Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk Full Text

Abstract Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully exploited, could have made it possible to siphon files containing confidential data. "The issue arose from the way the browser interacted with  symlinks  when processing files and directories," Imperva researcher Ron Masas  said . "Specifically, the browser did not properly check if the symlink was pointing to a location that was not intended to be accessible, which allowed for the theft of sensitive files." Google characterized the medium-severity issue (CVE-2022-3656) as a case of insufficient data validation in File System,  releasing   fixes  for it in versions 107 and 108 released in October and November 2022. Dubbed SymStealer, the vulnerability, at its core, relates to a type of weakness known as symbolic link (aka symlink) following, which  occurs  when an attacker abuses the feature to bypass the file system restrictions of a progra

The Hacker News

January 12,2023

Alert: Hackers Actively Exploiting Critical “Control Web Panel” RCE Vulnerability Full Text

Abstract Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel (CWP) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers. Tracked as  CVE-2022-44877  (CVSS score: 9.8), the bug impacts all versions of the software before 0.9.8.1147 and was  patched  by its maintainers on October 25, 2022. Control Web Panel, formerly known as CentOS Web Panel, is a popular server administration tool for enterprise-based Linux systems. "login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter," according to  NIST . Gais Security researcher Numan Turle has been credited with discovering and reporting the flaw to the Control Web Panel developers. Exploitation of the flaw is said to have commenced on January 6, 2023, following the  availability  of a proof

The Hacker News

January 11, 2023

Microsoft Exchange bugs top list of exploited vulnerabilities affecting financial sector Full Text

Abstract Researchers at LookingGlass examined public internet-facing assets from over 7 million IP addresses belonging to the sector in November 2022 – finding that a seven-year-old RCE vulnerability affecting Microsoft Windows topped the list.

Cyware

January 11, 2023

Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day Full Text

Abstract Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day. Microsoft Patch Tuesday security updates for January 2023 addressed a total of 98 vulnerabilities in Microsoft Windows and Windows Components;...

Security Affairs

January 11,2023

Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit Full Text

Abstract The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of  98 security flaws , including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with one of the vulnerabilities also listed as publicly known at the time of release. Separately, the Windows maker is expected to release updates for its Chromium-based Edge browser.  The vulnerability that's under attack relates to  CVE-2023-21674  (CVSS score: 8.8), a privilege escalation flaw in Windows Advanced Local Procedure Call ( ALPC ) that could be exploited by an attacker to gain SYSTEM permissions. "This vulnerability could lead to a browser sandbox escape," Microsoft noted in an advisory, crediting Avast researchers Jan Vojtěšek, Milánek, and Przemek Gmerek for reporting the bug. While details of the vulnerability are still under wraps, a successful exploit requires an attacker to have alrea

The Hacker News

January 10, 2023

Prototype pollution-like bug variant discovered in Python Full Text

Abstract Security researcher Abdulraheem Khaled has discovered a coding scheme that can allow attackers to perform prototype pollution-like attacks on Python programs. He calls it ‘class pollution’ in a blog post documenting his findings.

Cyware

January 10,2023

Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App Full Text

Abstract A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users' private keys. The seven attacks span three different threat models,  according  to ETH Zurich researchers Kenneth G. Paterson, Matteo Scarlata, and Kien Tuong Truong, who reported the issues to Threema on October 3, 2022. The weaknesses have since been addressed as part of  updates  released by the company on November 29, 2022. Threema is an encrypted messaging app that's used by more than 11 million users as of October 2022. "Security and privacy are deeply ingrained in Threema's DNA," the company  claims  on its website. Officially used by the Swiss Government and the Swiss Army, it's also advertised as a secure alternative alongside other services such as Signal, Meta-owned WhatsApp, and Telegram. While Threema has been sub

The Hacker News

January 10, 2023

Zoom Rooms was affected by four “high” severity vulnerabilities Full Text

Abstract Zoom addressed four "high" severity vulnerabilities impacting its popular videoconferencing software Zoom Rooms. Zoom addressed four "high" severity vulnerabilities impacting its videoconferencing platform Zoom Rooms. Below are the details for the bugs...

Security Affairs

January 10, 2023

Remote code execution bug discovered in the popular JsonWebToken library Full Text

Abstract The open-source jsonwebtoken (JWT) library is affected by a high-severity security flaw that could lead to remote code execution. The open-source JsonWebToken (JWT) library is affected by a high-severity security flaw, tracked as CVE-2022-23529 (CVSS...

Security Affairs

January 10,2023

Severe Security Flaw Found in “jsonwebtoken” Library Used by 22,000+ Projects Full Text

Abstract A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server. "By exploiting this  vulnerability , attackers could achieve remote code execution (RCE) on a server verifying a maliciously crafted JSON web token (JWT) request," Palo Alto Networks Unit 42 researcher Artur Oleyarsh  said  in a Monday report. Tracked as  CVE-2022-23529  (CVSS score: 7.6), the issue impacts all versions of the library, including and below 8.5.1, and has been addressed in  version 9.0.0  shipped on December 21, 2022. The flaw was reported by the cybersecurity company on July 13, 2022. jsonwebtoken, which is  developed and maintained  by Okta's Auth0, is a JavaScript module that allows users to decode, verify, and generate JSON web tokens as a means of securely transmitting information between two parties for authorization and authentication. It has over  10 million weekl

The Hacker News

January 09,2023

New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks Full Text

Abstract A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious code that could enable adversaries to glean sensitive information and stage denial-of-service (DoS) attacks. "To better interact with users, a wide range of database applications employ AI techniques that can translate human questions into SQL queries (namely  Text-to-SQL ),"  Xutan Peng , a researcher at the University of Sheffield, told The Hacker News. "We found that by asking some specially designed questions, crackers can fool Text-to-SQL models to produce malicious code. As such code is automatically executed on the database, the consequence can be pretty severe (e.g., data breaches and DoS attacks)." The  findings , which were validated against two commercial solutions  BAIDU-UNIT  and  AI2sql , mark the first empirical instance where natural language processing (NLP) models have been exploited as an attack vector in the wild. The black box attacks a

The Hacker News

January 09,2023

Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands Full Text

Abstract Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners. The  security vulnerabilities  were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, Toyota as well as in software from Reviver, SiriusXM, and Spireon. The flaws run a wide gamut, ranging from those that give access to internal company systems and user information to weaknesses that would allow an attacker to remotely send commands to achieve code execution. The research builds on earlier findings from late last year, when Yuga Labs researcher Sam Curry et al  detailed  security flaws in a connected vehicle service provided by SiriusXM that could potentially put cars at risk of remote attacks. The most serious of the issues, which concern Spireon's telematics solution, could have been exploited

The Hacker News

January 9, 2023

Qualcomm Snapdragon flaws impact Lenovo, Microsoft, Lenovo, and Samsung devices Full Text

Abstract Tens of software vulnerabilities affected Qualcomm firmware and impacted the devices of Microsoft, Lenovo, and Samsung. Qualcomm January 2023 security bulletin addressed 22 software vulnerabilities in its Snapdragon suite. Some of the flaws were reported...

Security Affairs

January 9, 2023

CISA Notifies Hitachi Energy Customers of High-Severity Vulnerabilities Full Text

Abstract The US Cybersecurity and Infrastructure Security Agency (CISA) published advisories last week to inform organizations using Hitachi Energy products about several recently addressed critical and high-severity vulnerabilities.

Cyware

January 7, 2023

Exploit drops for remote code execution bug in Control Web Panel Full Text

Abstract The Proof of Concept (PoC) was posted to GitHub and YouTube yesterday (January 5) by Numan Türle, security engineer at Turkish infosec outfit Gais Security. The flaw has now been designated as CVE-2022-44877 with a CVSS severity rating still pending.

Cyware

January 6, 2023

Qualcomm UEFI Flaws Expose Microsoft, Lenovo, Samsung Devices to Attacks Full Text

Abstract According to Binarly, the Qualcomm vulnerabilities have been confirmed to impact — in addition to Lenovo devices — Arm-based Microsoft Surface and the Windows Dev Kit 2023 (Project Volterra) computers, as well as Samsung products.

Cyware

January 5, 2023

Zoho urges fixing a critical SQL Injection flaw in ManageEngine Full Text

Abstract Zoho is warning its customers of a critical vulnerability, tracked as CVE-2022-47523, affecting multiple ManageEngine products. Zoho is urging its customers to address a critical SQL Injection vulnerability, tracked as CVE-2022-47523, that affects...

Security Affairs

January 05,2023

Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities Full Text

Abstract Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. "An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests," the company  said  in an advisory. The vulnerability, tracked as CVE-2022-39947 (CVSS score: 8.6) and internally discovered by its product security team, impacts the following versions - FortiADC version 7.0.0 through 7.0.2 FortiADC version 6.2.0 through 6.2.3 FortiADC version 6.1.0 through 6.1.6 FortiADC version 6.0.0 through 6.0.4 FortiADC version 5.4.0 through 5.4.5 Users are recommended to upgrade to FortiADC versions 6.2.4 and 7.0.2 as and when they become available. The  January 2023 patches  also address a number of command injection vulnerabilities in Fo

The Hacker News

January 4, 2023

High-Severity Command Injection Flaws Found in Fortinet’s FortiTester, FortiADC Full Text

Abstract Cybersecurity solutions provider Fortinet this week announced patches for several vulnerabilities across its product portfolio and informed customers about a high-severity command injection bug in FortiADC.

Cyware

January 04,2023

Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws Full Text

Abstract Qualcomm on Tuesday  released patches  to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption. The five vulnerabilities -- tracked from CVE-2022-40516 through CVE-2022-40520 -- also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes. The list of flaws is as follows - CVE-2022-40516, CVE-2022-40517 & CVE-2022-40520  (CVSS scores: 8.4) - Memory corruption in Core due to  stack-based buffer overflow CVE-2022-40518 & CVE-2022-40519  (CVSS scores: 6.8) - Information disclosure due to  buffer over-read  in Core Stack-based buffer overflow vulnerabilities can result in severe impacts, such as data corruption, system crashes, and arbitrary code execution. Buffer over-reads, on the other hand, can be weaponized to read out-of-bounds memory, leading to the exposure of secret data. Successful exploitation of the aforementioned flaw

The Hacker News

January 4, 2023

Critical flaws found in Ferrari, Mercedes, BMW, Porsche, and other carmakers Full Text

Abstract BMW, Mercedes, Toyota, and other popular carmakers use vulnerable APIs that could have allowed attackers to perform malicious activities. Cybersecurity researcher Sam Curry and his colleagues discovered many vulnerabilities in the vehicles manufactured...

Security Affairs

January 4, 2023

Android’s First Security Updates for 2023 Patch 60 Vulnerabilities Full Text

Abstract The first part of the security update, which arrives on devices as the 2023-01-01 security patch level, addresses 19 security defects in the Framework and System components.

Cyware

January 4, 2023

Fortinet fixed multiple command injection bugs in FortiADC and FortiTester Full Text

Abstract Fortinet addressed multiple vulnerabilities impacting its products and warned of a high-severity command injection flaw in FortiADC. Cybersecurity vendor Fortinet addressed several vulnerabilities impacting its products. The compaby also warned customers...

Security Affairs

January 04,2023

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers Full Text

Abstract Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as  CVE-2022-43931 , the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server. Successful exploitation of the issue "allows remote attackers to execute arbitrary commands via unspecified vectors," the Taiwanese company  said , adding it was internally discovered by its Product Security Incident Response Team (PSIRT). Users of VPN Plus Server for Synology Router Manager (SRM) 1.2 and VPN Plus Server for SRM 1.3 are advised to update to versions 1.4.3-0534 and 1.4.4-0635, respectively. The network-attached storage appliance maker, in a second advisory, also  warned  of several flaws in SRM that could permit remote attackers to execute arbitrary commands, conduct denial-of-service attack

The Hacker News

January 3, 2023

Synology fixes multiple critical vulnerabilities in its routers Full Text

Abstract Synology fixed several critical flaws in its routers, including flaws likely demonstrated at the Pwn2Own 2022 hacking contest. Taiwanese NAS maker Synology published two new critical advisories in December. The first advisory is related to the most...

Security Affairs

January 3, 2023

Critical Vulnerabilities Patched in Synology Routers Full Text

Abstract Taiwan-based networking and storage solutions provider Synology has informed customers about the availability of patches for several critical vulnerabilities, including flaws likely exploited recently at the Pwn2Own hacking contest.

Cyware

January 3, 2023

Nearly 300 Vulnerabilities Patched in Huawei’s HarmonyOS in 2022 Full Text

Abstract An analysis conducted by SecurityWeek shows that more than 290 vulnerabilities were patched in HarmonyOS in 2022, including nearly 100 security flaws affecting third-party libraries.

Cyware

December 30, 2022

NETGEAR fixes a severe bug in its routers. Patch it asap! Full Text

Abstract Netgear addressed a high-severity bug affecting multiple WiFi router models, including Wireless AC Nighthawk, Wireless AX Nighthawk (WiFi 6), and Wireless AC. Netgear fixed a bug affecting multiple WiFi router models, including Wireless AC Nighthawk, Wireless...

Security Affairs

December 30, 2022

CISA adds JasperReports vulnerabilities to its Known Exploited Vulnerabilities Catalog Full Text

Abstract CVE-2018-5430 resides in TIBCO JasperReports Server that may allow someone read-only access to the contents of the web application. CVE-2018-18809 in TIBCO JasperReports Library contains a directory-traversal vulnerability.

Cyware

December 29, 2022

Thousands of Citrix servers still vulnerable to CVE-2022-27510 and CVE-2022-27518 Full Text

Abstract Researchers warn of thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints are still unpatched. NCC Group's Fox-IT research team warns of thousands of Citrix ADC and Gateway endpoints remain vulnerable to two critical vulnerabilities,...

Security Affairs

December 29, 2022

WordPress Vulnerability & Patch Roundup December 2022 Full Text

Abstract To help educate website owners on emerging threats to their environments, researchers at Sucuri compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.

Cyware

December 28, 2022

Thousands of Citrix servers vulnerable to patched critical flaws Full Text

Abstract Thousands of Citrix ADC and Gateway deployments remain vulnerable to two critical-severity security issues that the vendor fixed in recent months.

BleepingComputer

December 27, 2022

Backdoor Credential Found in ZyXEL Router Full Text

Abstract Cybersecurity researcher RE-Solver claimed to have found hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. The bug he exploited is a Telnet backdoor in D-Link DWR-921 that is also present in the ZyXEL LTE3301-M209.

Cyware

December 27, 2022

XLL Files Increasingly Getting Abused by Attackers Full Text

Abstract In the wake of Microsoft's effort to phase out support for VBA macros in Office docs, cybercriminals have now turned to use XLL files to embed malicious code in docs. FIN7, an infamous cybercrime threat actor, started using XLL files as attachments in email campaigns early this year. Additiona ... Read More

Cyware

December 25, 2022

Critical Linux Kernel flaw affects SMB servers with ksmbd enabled Full Text

Abstract Experts warn of a critical Linux Kernel vulnerability (CVSS score of 10) impacting SMB servers that can lead to remote code execution. A critical Linux kernel vulnerability (CVSS score of 10) exposes SMB servers with ksmbd enabled to hack. KSMBD is a Linux...

Security Affairs

December 25, 2022

Experts warn of attacks exploiting WordPress gift card plugin Full Text

Abstract Threat actors are actively exploiting a critical flaw in the YITH WooCommerce Gift Cards Premium WordPress plugin installed by over 50,000 websites. Hackers are actively exploiting a critical vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8),...

Security Affairs

December 24, 2022

Container Verification Bug Allows Malicious Images to Cloud Up Kubernetes Full Text

Abstract A high-severity security vulnerability in the Kyverno admission controller for container images could allow malicious actors to import a raft of nefarious code into cloud production environments.

Cyware

December 24, 2022

Expert found Backdoor credentials in ZyXEL LTE3301 M209 Full Text

Abstract The cybersecurity researcher RE-Solver discovered Backdoor credentials in ZyXEL LTE3301-M209 LTE indoor routers. Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. In...

Security Affairs

December 23, 2022

Hackers exploit bug in WordPress gift card plugin with 50K installs Full Text

Abstract Hackers are actively targeting a critical flaw in YITH WooCommerce Gift Cards Premium, a WordPress plugin used on over 50,000 websites.

BleepingComputer

December 23, 2022

Zoom Whiteboard patches XSS bug Full Text

Abstract Zoom has patched a cross-site scripting (XSS) bug that worked in both the desktop and web versions of its Whiteboard app. The XSS bug in Zoom Whiteboard was discovered by security researcher Eugene Lim (aka ‘spaceraccoon’).

Cyware

December 23, 2022

Ghost CMS vulnerable to critical authentication bypass flaw Full Text

Abstract A critical vulnerability in the Ghost CMS newsletter subscription system could allow external users to create newsletters or modify existing ones so that they contain malicious JavaScript.

BleepingComputer

December 22, 2022

Microsoft gives final warning about Basic Auth deprecation in Exchange Online Full Text

Abstract Organizations will still be informed seven days before the protocol is disabled for them. Once it is turned off, affected apps will throw an HTTP error 401 for bad username/password. The only way for them to work will be to switch to Modern Auth.

Cyware

December 21, 2022

Corsair keyboard bug makes it type on its own, no malware involved Full Text

Abstract Corsair has confirmed that a bug in the firmware of K100 keyboards, and not malware, is behind previously entered text being auto-typed into applications days later.

BleepingComputer

December 21, 2022

Critical Vulnerabilities Found in Passwordstate Enterprise Password Manager Full Text

Abstract Researchers discovered that the Passwordstate enterprise password manager made by Australian company Click Studios is affected by serious vulnerabilities that could allow an unauthenticated attacker to obtain a user’s passwords.

Cyware

December 21, 2022

Critical Vulnerability in Hikvision Wireless Bridges Allows CCTV Hacking Full Text

Abstract Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV hacking, according to the researchers who found it.

Cyware

December 20, 2022

Microsoft shares details for a Gatekeeper Bypass bug in Apple macOS Full Text

Abstract Microsoft disclosed technical details of a vulnerability in Apple macOS that could be exploited by an attacker to bypass Gatekeeper. Microsoft has disclosed details of a now-fixed security vulnerability dubbed Achilles (CVE-2022-42821, CVSS score:...

Security Affairs

December 19, 2022

Microsoft finds macOS bug that lets malware bypass security checks Full Text

Abstract Apple has fixed a vulnerability that could be leveraged to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions.

BleepingComputer

December 19, 2022

Cisco Warns of Many Old Vulnerabilities Being Exploited in Attacks Full Text

Abstract Five of the updated advisories resolve critical-severity vulnerabilities that could allow remote attackers to execute arbitrary code (RCE), cause a denial-of-service (DoS) condition, or execute arbitrary commands.

Cyware

December 19, 2022

Old vulnerabilities in Cisco products actively exploited in the wild Full Text

Abstract IT giant Cisco is warning of threat actors exploiting many old vulnerabilities in attacks in the wild. Cisco has updated multiple security advisories to warn of the active exploitation of several old vulnerabilities impacting its products. The...

Security Affairs

December 17, 2022

Samba addressed multiple high-severity vulnerabilities Full Text

Abstract Samba released updates to address multiple vulnerabilities that can be exploited to take control of impacted systems. Samba released updates to address multiple vulnerabilities, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141,...

Security Affairs

December 16, 2022

Critical IP spoofing bug patched in Cacti Full Text

Abstract The vulnerability resides in a PHP file in Cacti that allows remote agents to run different actions on the server. The only safeguard this file offered was to check whether requests were coming from an authorized IP address.

Cyware

December 16, 2022

Microsoft revised CVE-2022-37958 severity due to its broader scope Full Text

Abstract Microsoft revised the severity rate for the CVE-2022-37958 flaw which was addressed with Patch Tuesday security updates for September 2022. Microsoft revised the severity rate for the CVE-2022-37958 vulnerability, the IT giant now rated it as "critical"...

Security Affairs

December 15, 2022

Mozilla Fixes Firefox Vulnerabilities That Could Have Lead to System Takeover Full Text

Abstract Multiple high-impact vulnerabilities affecting Thunderbird, Firefox ESR, and Firefox were fixed by updates from Mozilla. The bugs might have given arbitrary code execution if they were successfully exploited.

Cyware

December 15, 2022

LEGO BrickLink bugs let hackers hijack accounts, breach servers Full Text

Abstract Security analysts have discovered two API security vulnerabilities in BrickLink.com, LEGO Group's official second-hand and vintage marketplace for LEGO bricks.

BleepingComputer

December 15, 2022

Siemens Fixes 80 OpenSSL, OpenSSH Flaws in Switches Full Text

Abstract Siemens released 20 new advisories addressing roughly 140 security holes, including more than 80 OpenSSL and OpenSSH vulnerabilities affecting its Scalance X-200RNA switches.

Cyware

December 14, 2022

SAP’s December 2022 Security Updates Patch Critical Vulnerabilities Full Text

Abstract With a CVSS score of 10, the most severe of SAP’s security notes updates a note released on April 2018 Patch Day, which deals with software updates for the Chrome-based browser in SAP Business Client.

Cyware

December 14, 2022

Microsoft patches Windows zero-day used to drop ransomware Full Text

Abstract Microsoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver Magniber ransomware and Qbot malware payloads. 

BleepingComputer

December 14, 2022

VMware fixes critical ESXi and vRealize security flaws Full Text

Abstract VMware released security updates to address a critical-severity vulnerability impacting ESXi, Workstation, Fusion, and Cloud Foundation, and a critical-severity command injection flaw affecting vRealize Network Insight.

BleepingComputer

December 14, 2022

December 2022 Patch Tuesday fixed 2 zero-day flaws Full Text

Abstract Microsoft released December 2022 Patch Tuesday security updates that fix 52 vulnerabilities across its products. Microsoft December 2022 Patch Tuesday security updates addressed 52 vulnerabilities in Microsoft Windows and Windows Components; Azure;...

Security Affairs

December 14, 2022

Apple fixed the tenth actively exploited zero-day this year Full Text

Abstract Apple rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari to fix a new actively exploited zero-day (CVE-2022-42856). Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856, that is actively...

Security Affairs

December 14, 2022

VMware fixed critical VM Escape bug demonstrated at Geekpwn hacking contest Full Text

Abstract VMware fixed three flaws in multiple products, including a virtual machine escape issue exploited at the GeekPwn 2022 hacking competition. VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked...

Security Affairs

December 13, 2022

Citrix and NSA urge admins to fix actively exploited zero-day in Citrix ADC and Gateway Full Text

Abstract Citrix urges customers to update their installs to fix actively exploited zero-day (CVE-2022-27518) in Citrix ADC and Gateway. Citrix urges administrators to apply security updates for a zero-day vulnerability, tracked as CVE-2022-27518, in Citrix...

Security Affairs

December 13, 2022

Apple fixes new Webkit zero-day used in attacks against iPhones Full Text

Abstract In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones.

BleepingComputer

December 13, 2022

Microsoft December 2022 Patch Tuesday fixes 2 zero-days, 49 flaws Full Text

Abstract ​Today is Microsoft's December 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws.

BleepingComputer

December 13, 2022

Google releases dev tool to list vulnerabilities in project dependencies Full Text

Abstract Google has launched OSV Scanner, a new tool that allows developers to scan for vulnerabilities in open-source software dependencies used in their project.

BleepingComputer

December 13, 2022

Hackers exploit critical Citrix ADC and Gateway zero day, patch now Full Text

Abstract Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability (CVE-2022-27518) in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks.

BleepingComputer

December 13, 2022

Amazon ECR Public Gallery flaw could have wiped or poisoned any image Full Text

Abstract A severe security flaw in the Amazon ECR (Elastic Container Registry) Public Gallery could have allowed attackers to delete any container image or inject malicious code into the images of other AWS accounts.

BleepingComputer

December 12, 2022

Fortinet urges customers to fix actively exploited FortiOS SSL-VPN bug Full Text

Abstract Fortinet fixed an actively exploited FortiOS SSL-VPN flaw that could allow a remote, unauthenticated attacker to execute arbitrary code on devices. Fortinet urges customers to update their installs to address an actively exploited FortiOS SSL-VPN...

Security Affairs

December 12, 2022

Fortinet says SSL-VPN pre-auth RCE bug is exploited in attacks Full Text

Abstract Fortinet urges customers to patch their appliances against an actively exploited FortiOS SSL-VPN vulnerability that could allow unauthenticated remote code execution on devices.

BleepingComputer

December 12, 2022

Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet Full Text

Abstract Pulse Secure appliances are known for being the target of choice for both cybercriminals and state-sponsored threat actors, and government agencies have issued multiple alerts to warn of the continuous exploitation of unpatched vulnerabilities.

Cyware

December 12, 2022

A Year Later, That Brutal Log4j Vulnerability Is Still Lurking Full Text

Abstract Attackers are still actively exploiting Log4Shell everywhere they can, from criminal hackers looking for a way into targets' systems to Chinese and Iranian state-backed attackers deploying the exploit in their espionage campaigns.

Cyware

December 10, 2022

Air-gapped PCs vulnerable to data theft via power supply radiation Full Text

Abstract A new attack method named COVID-bit uses electromagnetic waves to transmit data from air-gapped systems isolated from the internet over a distance of at least two meters (6.5 ft), where its captured by a receiver.

BleepingComputer

December 10, 2022

At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the Internet Full Text

Abstract Censys researchers warn of more than 4,000 vulnerable Pulse Connect Secure hosts exposed to the Internet. Pulse Connect Secure is a widely-deployed SSL VPN solution for remote and mobile users, for this reason, it is a target of attacks by multiple...

Security Affairs

December 9, 2022

Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet Full Text

Abstract More than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability, attack surface management firm Censys warns. Pulse Connect Secure provides remote users with secure access to corporate resources.

Cyware

December 9, 2022

Cisco discloses high-severity flaw impacting IP Phone 7800 and 8800 Series Full Text

Abstract Cisco disclosed a high-severity flaw in its IP phones that can be exploited to gain remote code execution and conduct DoS attacks. Cisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series...

Security Affairs

December 09, 2022

Antivirus and EDR solutions tricked into acting as data wipers Full Text

Abstract A security researcher has found a way to exploit the data deletion capabilities of widely used endpoint detection and response (EDR) and antivirus (AV) software from Microsoft, SentinelOne, TrendMicro, Avast, and AVG to turn them into data wipers.

BleepingComputer

December 9, 2022

Experts devised a technique to bypass web application firewalls (WAF) of several vendors Full Text

Abstract Claroty researchers devised a technique for bypassing the web application firewalls (WAF) of several vendors. Researchers at industrial and IoT cybersecurity firm Claroty devised an attack technique for bypassing the web application firewalls (WAF)...

Security Affairs

December 09, 2022

Samsung Galaxy S22 hacked in 55 seconds on Pwn2Own Day 3 Full Text

Abstract On the third day of Pwn2Own, contestants hacked the Samsung Galaxy S22 a fourth time since the start of the competition, and this time they did it in just 55 seconds.

BleepingComputer

December 9, 2022

Vulnerabilities Allow Researcher to Turn EDR and AV Security Products Into Wipers Full Text

Abstract Dubbed Aikido, the researcher’s wiper abuses the extended privileges that EDR and AV products have on the system, relying on decoy directories containing specially crafted paths to trigger the deletion of legitimate files.

Cyware

December 08, 2022

Cisco discloses high-severity IP phone zero-day with exploit code Full Text

Abstract Cisco has disclosed today a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.

BleepingComputer

December 8, 2022

Android app with over 5m downloads leaked user browsing history Full Text

Abstract The Android app Web Explorer – Fast Internet left an open instance, exposing a trove of sensitive data that malicious actors could use to check specific users’ browsing history. Original post at https://cybernews.com/security/android-app-leaked-user-browsing-history/ A...

Security Affairs

December 08, 2022

Cisco discloses high-severity IP phone bug with exploit code Full Text

Abstract Cisco has disclosed today a high-severity vulnerability affecting the latest generation of its IP phones and exposing unpatched devices to remote code execution and denial of service (DoS) attacks.

BleepingComputer

December 08, 2022

Samsung Galaxy S22 hacked again on second day of Pwn2Own Full Text

Abstract Contestants hacked the Samsung Galaxy S22 again during the second day of the consumer-focused Pwn2Own 2022 competition in Toronto, Canada.

BleepingComputer

December 7, 2022

Pwn2Own Toronto 2022 hacking competition. Samsung S22 hacked Full Text

Abstract The Pwn2Own Toronto 2022 hacking competition has begun, this is the 10th anniversary of the consumer-focused version of the contest. The news of the Samsung Galaxy S22 hack on the first day of Pwn2Own Toronto 2022 made the headlines. White hat hackers...

Security Affairs

December 7, 2022

Sophos fixed a critical flaw in its Sophos Firewall version 19.5 Full Text

Abstract Sophos addressed several vulnerabilities affecting its Sophos Firewall version 19.5, including arbitrary code execution issues. Sophos has released security patches to address seven vulnerabilities in Sophos Firewall version 19.5, including some arbitrary...

Security Affairs

December 07, 2022

Google: State hackers still exploiting Internet Explorer zero-days Full Text

Abstract Google's Threat Analysis Group (TAG) revealed today that a group of North Korean hackers tracked as APT37 exploited a previously unknown Internet Explorer vulnerability (known as a zero-day) to infect South Korean targets with malware.

BleepingComputer

December 06, 2022

Samsung Galaxy S22 hacked twice on first day of Pwn2Own Toronto Full Text

Abstract Contestants have hacked the Samsung Galaxy S22 smartphone twice during the first day of the Pwn2Own Toronto 2022 hacking competition, the 10th edition of the consumer-focused event.

BleepingComputer

December 6, 2022

Ninth Actively Exploited Chrome Zero-day Spotted in the Wild Full Text

Abstract Google warned against a highly critical zero-day described as a type of confusion flaw in the browser’s V8 JavaScript engine. Identified as CVE-2022-4262, the flaw could let a remote attacker potentially exploit heap corruption via a specially crafted HTML page. Hackers exploiting it can execute RC ... Read More

Cyware

December 6, 2022

A flaw in the connected vehicle service SiriusXM allows remote car hacking Full Text

Abstract Researchers discovered a security flaw in the connected vehicle service SiriusXM that exposes multiple car models to remote attacks. Cybersecurity researchers discovered a security vulnerability in the connected vehicle service provided by SiriusXM...

Security Affairs

December 6, 2022

NETGEAR Router Vulnerability Allowed Access to Restricted Services Full Text

Abstract A new report from Tenable outlined an emerging threat related to NETGEAR and TP-Link routers. According to Tenable research, both TP-Link and NETGEAR had to release last-minute patches for their devices that were a part of the Pwn2Own event.

Cyware

December 6, 2022

Eufy “no cloud” security cameras streaming data to the cloud Full Text

Abstract Eufy home security cameras are currently in a spot of trouble as a result of door camera footage. This is because it turns out that data that should not have been going to the cloud was doing so anyway in certain conditions.

Cyware

December 06, 2022

Android December 2022 security updates fix 81 vulnerabilities Full Text

Abstract Google has released the December 2022 security update for Android, fixing four critical-severity vulnerabilities, including a remote code execution flaw exploitable via Bluetooth.

BleepingComputer

December 5, 2022

Attackers Target Vulnerable Redis Servers to Deliver Redigo Backdoor Full Text

Abstract AquaSec security firm spotted a new Go-based malware, dubbed Redigo, launching attacks on Redis servers. The adversaries are exploiting an already patched critical flaw, CVE-2022-0543, in Redis servers. The flaw—CVSS score 10.0—is a Lua sandbox escape flaw that impacts Debian and Debian-derived Lin ... Read More

Cyware

December 5, 2022

Critical Ping bug potentially allows remote hack of FreeBSD systems Full Text

Abstract A critical stack-based buffer overflow bug, tracked as CVE-2022-23093, in the ping service can allow to take over FreeBSD systems. The maintainers of the FreeBSD operating system released updates to address a critical flaw, tracked as CVE-2022-23093,...

Security Affairs

December 05, 2022

Severe AMI MegaRAC flaws impact servers from AMD, ARM, HPE, Dell, others Full Text

Abstract Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller (BMC) software impact server equipment used in many cloud service and data center providers.

BleepingComputer

December 5, 2022

Google Patches Ninth Chrome Zero-Day of 2022 Full Text

Abstract Patches for this vulnerability have been included in Chrome 108.0.5359.94 for Mac and Linux, and in Chrome 108.0.5359.94/.95 for Windows. Users are advised to update to a patched iteration as soon as possible.

Cyware

December 3, 2022

Three Innocuous Linux Vulnerabilities Chained to Obtain Full Root Privileges Full Text

Abstract Qualys’ Threat Research Unit has shown how a new Linux vulnerability could be chained with two other apparently harmless flaws to gain full root privileges on an affected system.

Cyware

December 3, 2022

Mitsubishi Electric PLCs Exposed to Attacks by Engineering Software Flaws Full Text

Abstract Researchers at industrial cybersecurity firm Nozomi Networks have discovered three vulnerabilities in Mitsubishi Electric’s GX Works3 engineering workstation software that could be exploited to hack safety systems.

Cyware

December 3, 2022

Google fixed the ninth actively exploited Chrome zeroday this year Full Text

Abstract Google released security updates to address a new Chrome zero-day flaw, tracked as CVE-2022-4262, actively exploited in the wild. Google rolled out an emergency security update for the Chrome web browser to address a new zero-day vulnerability, tracked...

Security Affairs

December 3, 2022

A new Linux flaw can be chained with other two bugs to gain full root privileges Full Text

Abstract Qualys researchers demonstrated how to chain a new Linux flaw with two other two issues to gain full root privileges on an impacted system. Researchers at the Qualys’ Threat Research Unit demonstrated how to chain a new Linux vulnerability, tracked...

Security Affairs

December 02, 2022

Google Chrome emergency update fixes 9th zero-day of the year Full Text

Abstract Google has released Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to address a single high-severity security flaw, the ninth Chrome zero-day exploited in the wild patched since the start of the year.

BleepingComputer

Dec 02, 2022

Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL Full Text

Abstract IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed " Hell's Keychain " by cloud security firm Wiz, has been described as a "first-of-its-kind supply-chain attack vector impacting a cloud provider's infrastructure." Successful exploitation of the bug could enable a malicious actor to remotely execute code in customers' environments and even read or modify data stored in the PostgreSQL database. "The vulnerability consists of a chain of three exposed secrets (Kubernetes service account token, private container registry password, CI/CD server credentials) coupled with overly permissive network access to internal build servers," Wiz researchers Ronen Shustin and Shir Tamari  said . Hell's Keychain commences with an SQL inject

The Hacker News

Dec 01, 2022
Kubernetes / Vulnerability Management

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework Full Text

Abstract A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as  CVE-2022-4116  (CVSS score: 9.8), the shortcoming could be trivially abused by a malicious actor without any privileges. "The vulnerability is found in the Dev UI Config Editor, which is vulnerable to drive-by localhost attacks that could lead to remote-code execution (RCE)," Contrast Security researcher Joseph Beeton, who reported the bug,  said  in a write-up. Quarkus, developed by Red Hat, is an  open source project  that's used for creating Java applications in  containerized  and serverless environments. It's worth pointing out that the  issue  only impacts developers who are running Quarkus and are tricked into visiting a specially crafted website, which is embedded with malicious JavaScript code designed to install or execute arbitrary payloads. This could take the form o

The Hacker News

December 1, 2022

Exchange Server bugs caused years of security turmoil Full Text

Abstract Nearly two years after the first series of Microsoft Exchange Server vulnerabilities became known, four collections of high-profile bugs are likely to remain a headache for enterprises for the foreseeable future.

Tech Target

December 01, 2022

Hyundai app bugs allowed hackers to remotely unlock, start cars Full Text

Abstract Vulnerabilities in mobile apps exposed Hyundai and Genesis car models after 2012 to remote attacks that allowed unlocking and even starting the vehicles.

BleepingComputer

December 1, 2022

Chrome 108 Patches High-Severity Memory Safety Bugs Full Text

Abstract Google this week announced the release of Chrome 108 in the stable channel with patches for 28 vulnerabilities, including 22 reported by external researchers. Of those 22, eight are high-severity issues and 14 are medium-severity flaws.

Security Week

November 30, 2022

Intel disputes seriousness of Data Centre Manager authentication flaw Full Text

Abstract Intel acknowledges the vulnerability – tracked as CVE-2022-33942 and assessed with a severity score of 8.8 – but disputes its seriousness. As per Intel, the issue represents only a privilege elevation flaw rather than an RCE risk.

The Daily Swig

November 30, 2022

Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection Full Text

Abstract New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool. npm CLI's  install  and  audit   commands  have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for developers by highlighting the flaws. But as JFrog established, the security advisories are not displayed when the packages follow certain version formats, creating a scenario where critical flaws could be introduced into their systems either directly or via the package's dependencies. Specifically, the problem arises only when the installed package version contains a hyphen (e.g., 1.2.3-a), which is included to denote a  pre-release version  of an npm module. While the project maintainers treat the discrepancy between regular npm package versions and pre-release version

The Hacker News

November 30, 2022

Critical RCE bugs in Android remote keyboard apps with 2M installs Full Text

Abstract Three Android applications that allow users to use devices as remote keyboards for their computers have critical vulnerabilities that could expose key presses and enable remote code execution.

BleepingComputer

November 30, 2022

Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework Full Text

Abstract Tracked as CVE-2022-4116 (CVSS score of 9.8), the security defect was identified in the Dev UI Config Editor of Quarkus framework and can be exploited via drive-by localhost attacks.

Security Week

November 30, 2022

French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm Full Text

Abstract The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements. The Commission nationale de l'informatique et des libertés (CNIL)  said  the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the  MD5 algorithm  as recently as July 2022. It's worth noting that MD5, a message digest algorithm, is considered cryptographically broken as of December 2008 owing to the risk of  collision attacks . Furthermore, the authority noted that the passwords associated with 2,414,254 customer accounts had only been hashed and not  salted , exposing the account holders to potential cyber threats. The probe also pointed fingers at EDF for failing to comply with GDPR data retention policies and for providing "inaccurate information on the origin of the data collected." "The amoun

The Hacker News

November 30, 2022

Tailscale VPN nodes vulnerable to DNS rebinding, RCE Full Text

Abstract A series of flaws in Tailscale, an open-source mesh virtual private network (VPN) software, could allow attackers to stage remote code execution (RCE) attacks against VPN nodes.

The Daily Swig

November 30, 2022

Delta Electronics Patches Serious Flaws in Industrial Networking Devices Full Text

Abstract The flaws were identified by researchers at CyberDanube, an industrial cybersecurity company based in Austria, in Delta’s DX-2100-L1-CN 3G cloud router and the DVW-W02W2-E2 industrial wireless access point.

Security Week

November 30, 2022

NVIDIA releases GPU driver update to fix 29 security flaws Full Text

Abstract NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation.

BleepingComputer

November 30, 2022

3 New Vulnerabilities Affect OT Products from German Festo and CODESYS Companies Full Text

Abstract Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS). The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name  OT:ICEFALL . "These issues exemplify either an insecure-by-design approach — which was usual at the time the products were launched – where manufacturers include dangerous functions that can be accessed with no authentication or a subpar implementation of security controls, such as cryptography," the researchers  said . The most critical of the flaws is  CVE-2022-3270  (CVSS score: 9.8), a critical vulnerability that affects Festo automation controllers using the Festo Generic Multicast (FGMC) protocol to reboot the devices without requiring any authentication and cause a denial of service (DoS) condition. Another DoS shortcoming i

The Hacker News

November 29, 2022

Hackers Actively Abuse Vulnerability in Fortinet Products Full Text

Abstract Attackers are abusing a critical authentication bypass vulnerability, tracked as CVE-2022-40684 in multiple versions of Fortinet Products, including FortiOS, FortiProxy, and FortiSwitchManager. Researchers found that there are over a hundred thousand FortiGate firewalls exposed over the internet th ... Read More

Cyware Alerts - Hacker News

November 29, 2022

New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection Full Text

Abstract Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as  CVE-2022-4020 , the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as an issue that "may allow changes to Secure Boot settings by creating NVRAM variables." Credited with  discovering  the flaw is ESET researcher Martin Smolár, who previously disclosed  similar bugs  in Lenovo computers. Disabling Secure Boot, an integrity mechanism that guarantees that only trusted software is loaded during system startup, enables a malicious actor to tamper with  boot loaders , leading to severe consequences. This includes  granting  the attacker complete control over the operating system loading process as well as "disable or bypass protections to silently deploy their

The Hacker News

November 29, 2022

Dell, HP, & Lenovo System Found Using Outdated OpenSSL Full Text

Abstract The cybersecurity researchers at Binarly recently discovered that outdated versions of the OpenSSL cryptographic library are still being used by Dell, HP, and Lenovo on their devices.

GB Hackers

November 28, 2022

Acer fixes UEFI bugs that can be used to disable Secure Boot Full Text

Abstract Acer has fixed a high-severity vulnerability affecting multiple laptop models that could enable local attackers to deactivate UEFI Secure Boot security feature.

BleepingComputer

November 28, 2022

Hackers Exploit RCE Vulnerability in Windows Internet Key Exchange Full Text

Abstract Security company Cyfirma outlined a series of exploits in the wild targeting Windows Internet Key Exchange (IKE) Protocol Extensions for CVE-2022-34721. The critical bug may have been exploited to target almost 1000 systems. Microsoft added that IKEv2 is not impacted, however, all Windows Servers a ... Read More

Cyware Alerts - Hacker News

November 28, 2022

Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services Full Text

Abstract Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to a  confused deputy problem , a type of privilege escalation where a program that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action. The shortcoming was reported by Datadog to AWS on September 1, 2022, following which a patch was shipped on September 6. "This attack abuses the AppSync service to assume [identity and access management]  roles  in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette  said  in a report published last week. In a coordinated disclosure, Amazon  said  that no customers were affected by the vulnerability and that no customer action is required. It described it as a "case-sensitivity parsing issue w

The Hacker News

November 28, 2022

A flaw in some Acer laptops can be used to bypass security features Full Text

Abstract ESET announced the discovery of a vulnerability impacting Acer laptops that can allow an attacker to deactivate UEFI Secure Boot. ESET researchers announced in a series of tweets the discovery of a vulnerability impacting Acer laptops, the issue can allow...

Security Affairs

November 28, 2022

Experts found a vulnerability in AWS AppSync Full Text

Abstract Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have...

Security Affairs

November 28, 2022

TikTok ‘Invisible Body’ challenge exploited to push malware Full Text

Abstract Hackers are capitalizing on a trending TikTok challenge named 'Invisible Challenge' to install malware on thousands of devices and steal their passwords, Discord accounts, and, potentially, cryptocurrency wallets.

BleepingComputer

November 28, 2022

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks Full Text

Abstract Over a dozen security flaws have been discovered in baseboard management controller ( BMC ) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip (SoC), that's found in server motherboards and is used for remote monitoring and management of a host system, including performing low-level system operations such as  firmware flashing  and power control. Nozomi Networks, which analyzed an Intelligent Platform Management Interface ( IPMC ) from Taiwanese vendor Lanner Electronics, said it uncovered 13 weaknesses affecting  IAC-AST2500 . All the issues affect version 1.10.0 of the standard firmware, with the exception of CVE-2021-4228, which impacts version 1.00.0. Four of the flaws (from CVE-2021-26727 to CVE-2021-26730) are rated 10 out of 10 on the CVSS scoring system. In particular, the industrial security company found that CVE-2021-44467, an ac

The Hacker News

November 28, 2022

Cisco ISE Vulnerabilities Can Be Chained in One-Click Exploit Full Text

Abstract Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow remote attackers to inject arbitrary commands, bypass existing security protections, or perform cross-site scripting (XSS) attacks.

Security Week

November 26, 2022

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions Full Text

Abstract Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic...

Security Affairs

November 25, 2022

Google fixed the eighth actively exploited #Chrome #zeroday this year Full Text

Abstract Google on Thursday released security updates to address a new zero-day vulnerability, tracked as CVE-2022-4135, impacting the Chrome web browser. Google rolled out an emergency security update for the desktop version of the Chrome web browser to address...

Security Affairs

November 25, 2022

Google pushes emergency Chrome update to fix 8th zero-day in 2022 Full Text

Abstract Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year.

BleepingComputer

November 25, 2022

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw Full Text

Abstract Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as  CVE-2022-4135 , the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be  weaponized  by threat actors to crash a program or execute arbitrary code, leading to unintended behavior. According to the NIST's National Vulnerability Database, the flaw could permit a "remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page." "Google is aware that an exploit for CVE-2022-4135 exists in the wild," the tech giant  acknowledged  in an advisory. But like other actively exploited issues, technical specifics have been withheld until a majority of the users are updated with a fix and t

The Hacker News

November 25, 2022

Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions Full Text

Abstract An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the  OpenSSL  cryptographic library, underscoring a supply chain risk. EFI Development Kit, aka  EDK , is an open source implementation of the Unified Extensible Firmware Interface ( UEFI ), which functions as an interface between the operating system and the firmware embedded in the device's hardware. The firmware development environment, which is in its second iteration (EDK II), comes with its own cryptographic package called  CryptoPkg  that, in turn, makes use of services from the OpenSSL project. Per firmware security company Binarly, the firmware image associated with Lenovo Thinkpad enterprise devices was found to use three different versions of OpenSSL: 0.9.8zb, 1.0.0a, and 1.0.2j, the last of which was released in 2018. What's more, one of the firmware modules named InfineonTpmUpdateDxe relied on OpenSSL version 0.9.8zb that was shipped on Au

The Hacker News

November 24, 2022

Millions of Android Devices Still Don’t Have Patches for Mali GPU Flaws Full Text

Abstract A set of five medium-severity security flaws in Arm's Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker. Google Project Zero, which discovered and reported the bugs, said Arm addressed the shortcomings in July and August 2022. "These fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo, and others)," Project Zero researcher Ian Beer  said  in a report. "Devices with a Mali GPU are currently vulnerable." The vulnerabilities, collectively tracked under the identifiers  CVE-2022-33917  (CVSS score: 5.5) and  CVE-2022-36449  (CVSS score: 6.5), concern a case of improper memory processing, thereby allowing a non-privileged user to gain access to freed memory. The second flaw, CVE-2022-36449, can be further weaponized to write outside of buffer bounds and disclose details of memory mappings, according to an  advisory  issued by Arm. The lis

The Hacker News

November 24, 2022

A flaw in ConnectWise Control spurred the company to make life harder for scammers Full Text

Abstract A vulnerability in popular remote access service/platform ConnectWise Control could have been leveraged by scammers to make compromising targets’ computers easier, Guardio researchers have discovered.

Help Net Security

November 23, 2022

Microsoft releases out-of-band update to fix Kerberos auth issues caused by a patch for CVE-2022-37966 Full Text

Abstract Microsoft released an out-of-band update to fix problems tied to a recent Windows security patch that caused Kerberos authentication issues. Microsoft released an out-of-band update to address issues caused by a recent Windows security patch that...

Security Affairs

November 23, 2022

Mali GPU ‘patch gap’ leaves Android users vulnerable to attacks Full Text

Abstract A set of five exploitable vulnerabilities in Arm's Mali GPU driver remain unfixed months after the chip maker patched them, leaving potentially millions of Android devices exposed to attacks.

BleepingComputer

November 23, 2022

Callback Technologies CBFS Filter denial-of-service vulnerabilities patched Full Text

Abstract Cisco Talos recently discovered three denial-of-service vulnerabilities in Callback Technologies CBFS Filter. A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger these vulnerabilities.

Cisco Talos

November 22, 2022

5 API Vulnerabilities That Get Exploited by Criminals Full Text

Abstract Let's give a look at API vulnerabilities by reading the API Security Top 10 published by the Open Web Application Security Project (OWASP). It’s no secret that cyber security has become a leading priority for most organizations — especially those...

Security Affairs

November 22, 2022

Researcher warns that Cisco Secure Email Gateways can easily be circumvented Full Text

Abstract A researcher revealed how to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails. An anonymous researcher publicly disclosed a series of techniques to bypass some of the filters in Cisco...

Security Affairs

November 22, 2022

BMC Firmware Vulnerabilities Expose OT, IoT Devices to Remote Attacks Full Text

Abstract The firmware running on the affected card is based on BMC remote management firmware from AMI, which is used by tech giants such as Asus, Dell, HP, Lenovo, Gigabyte, and Nvidia.

Security Week

November 21, 2022

Expert published PoC exploit code for macOS sandbox escape flaw Full Text

Abstract A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech Reguła (@_r3ggi) of SecuRing published technical details and proof-of-concept (PoC)...

Security Affairs

November 21, 2022

PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability Full Text

Abstract Tracked as CVE-2022-26696 (CVSS score of 7.8), the security defect was identified and reported last year, with a patch available since the release of macOS Monterey 12.4 in May.

Security Week

November 20, 2022

PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online Full Text

Abstract Proof-of-concept exploit code for two actively exploited Microsoft Exchange ProxyNotShell flaws released online. Proof-of-concept exploit code has been released online for two actively exploited vulnerabilities in Microsoft Exchange, known as ProxyNotShell. The...

Security Affairs

November 19, 2022

New attacks use Windows security bypass zero-day to drop malware Full Text

Abstract New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings.

BleepingComputer

November 19, 2022

Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products Full Text

Abstract Australian software company Atlassian has rolled out security updates to address  two critical flaws  affecting Bitbucket Server, Data Center, and Crowd products. The issues, tracked as  CVE-2022-43781  and  CVE-2022-43782 , are both rated 9 out of 10 on the CVSS vulnerability scoring system. CVE-2022-43781, which Atlassian said was introduced in version 7.0.0 of Bitbucket Server and Data Center, affects versions 7.0 to 7.21 and 8.0 to 8.4 (only if mesh.enabled is set to false in bitbucket.properties). The weakness has been described as a case of command injection using environment variables in the software, which could allow an adversary with permission to control their username to gain code execution on the affected system. As a temporary workaround, the company is recommending users turn off the "Public Signup" option (Administration > Authentication). "Disabling public signup would change the attack vector from an unauthenticated attack to an authenticated

The Hacker News

November 18, 2022

Atlassian fixed 2 critical flaws in Crowd and Bitbucket products Full Text

Abstract Atlassian addressed this week two critical vulnerabilities impacting its Crowd and Bitbucket products. Atlassian announced the release of security updates to address critical-severity vulnerabilities in its identity management platform, Crowd...

Security Affairs

November 18, 2022

Exploit released for actively abused ProxyNotShell Exchange bug Full Text

Abstract Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell.

BleepingComputer

November 18, 2022

Samba Patches Vulnerability That Can Lead to DoS, Remote Code Execution Full Text

Abstract Tracked as CVE-2022-42898 and impacting multiple Samba releases, the security defect exists in the Service for User to Proxy (S4U2proxy) handler, which provides “a service that obtains a service ticket to another service on behalf of a user.”

Security Week

November 18, 2022

Atlassian fixes critical command injection bug in Bitbucket Server Full Text

Abstract Atlassian has released updates to address critical-severity updates in its centralized identity management platform, Crowd Server and Data Center, and in Bitbucket Server and Data Center, the company's solution for Git repository management.

BleepingComputer

November 18, 2022

Omron PLC Vulnerability Exploited by Sophisticated ICS Malware Full Text

Abstract A critical vulnerability affecting Omron products has been exploited by a sophisticated piece of malware designed to target industrial control systems (ICS), but it has not received the attention it deserves.

Security Week

November 17, 2022

F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ Full Text

Abstract F5 has released hotfixes for its BIG-IP and BIG-IQ products, addressing two high-severity flaws allowing attackers to perform unauthenticated remote code execution (RCE) on vulnerable endpoints.

BleepingComputer

November 17, 2022

High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices Full Text

Abstract Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems. Cybersecurity firm Rapid7 said the  flaws  could be abused to remote access to the devices and defeat security constraints. The issues impact BIG-IP versions 13.x, 14.x, 15.x, 16.x, and 17.x, and BIG-IQ Centralized Management versions 7.x and 8.x. The two high-severity issues, which were reported to F5 on August 18, 2022, are as follows - CVE-2022-41622  (CVSS score: 8.8) - A cross-site request forgery ( CSRF ) vulnerability through iControl SOAP, leading to unauthenticated remote code execution. CVE-2022-41800  (CVSS score: 8.7) - An iControl REST vulnerability that could allow an authenticated user with an Administrator role to bypass  Appliance mode  restrictions. "By successfully exploiting the worst of the vulnerabilities (CVE-2022-41622), an attacker could gain persistent root access to the device's man

The Hacker News

November 16, 2022

Firefox 107 Patches High-Impact Vulnerabilities Full Text

Abstract The high-impact flaws include issues that could lead to information disclosure, fullscreen notification bypass that could be used for spoofing attacks, and crashes or arbitrary code execution resulting from use-after-free bugs.

Security Week

November 16, 2022

F5 fixed 2 high-severity Remote Code Execution bugs in its products Full Text

Abstract Researchers at cybersecurity firm Rapid7 have identified several vulnerabilities and other potential security issues affecting F5 products. Rapid7 researchers discovered several vulnerabilities in F5 BIG-IP and BIG-IQ devices running a customized...

Security Affairs

November 15, 2022

Organizations Warned of Critical Vulnerability in Backstage Developer Portal Platform Full Text

Abstract Backstage, an open platform for building developer portals, is affected by a critical vulnerability whose exploitation could have a serious impact on a targeted enterprise, according to security firm Oxeye.

Security Week

November 15, 2022

Critical RCE Flaw Reported in Spotify’s Backstage Software Catalog and Developer Platform Full Text

Abstract Spotify's Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability (CVSS score: 9.8), at its core, takes advantage of a critical sandbox escape in vm2, a popular JavaScript sandbox library ( CVE-2022-36067  aka Sandbreak), that came to light last month. "An unauthenticated threat actor can execute arbitrary system commands on a Backstage application by exploiting a vm2 sandbox escape in the Scaffolder core plugin," application security firm Oxeye said in a report shared with The Hacker News. Backstage  is an open source  developer portal  from Spotify that allows users to create, manage, and explore software components from a unified " front door ." It's used by  many companies  like Netflix, DoorDash, Roku, and Expedia, among others. According to Oxeye, the flaw is rooted in a tool called  software templ

The Hacker News

November 15, 2022

PCSpoof: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft Full Text

Abstract Credit: Marina Minkin A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet ( TTE ) that's used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft. Dubbed  PCspooF  by a group of academics and researchers from the University of Michigan , the University of Pennsylvania, and the NASA Johnson Space Center, the  technique  is designed to break TTE's security guarantees and induce TTE devices to lose synchronization for up to a second, a behavior that can even lead to uncontrolled maneuvers in spaceflight missions and threaten crew safety. TTE is one among the networking technologies that's part of what's called a mixed-criticality network wherein traffic with different timing and faults tolerance requirements coexist in the same physical network. This means that both critical devices, which, say, enable vehicle control, and non-critical devices, which are

The Hacker News

November 15, 2022

Experts found critical RCE in Spotify’s Backstage Full Text

Abstract Researchers discovered a critical vulnerability impacting Spotify's Backstage Software Catalog and Developer Platform. Researchers from the security firm Oxeye discovered a critical Remote Code Execution in Spotify’s Backstage (CVSS Score of 9.8)....

Security Affairs

November 15, 2022

Researchers release exploit details for Backstage pre-auth RCE bug Full Text

Abstract Older versions of the Spotify Backstage development portal builder are vulnerable to a critical (CVSS score: 9.8) unauthenticated remote code execution flaw allowing attackers to run commands on publicly exposed systems.

BleepingComputer

November 15, 2022

Mastodon users vulnerable to password-stealing attacks Full Text

Abstract Attackers could steal password credentials from Mastodon users due to a security vulnerability in Glitch, a fork of Mastodon, Gareth Heyes of PortSwigger Research has warned.

The Daily Swig

November 15, 2022

Researchers Reported Critical SQLi and Access Flaws in Zendesk Analytics Service Full Text

Abstract Cybersecurity researchers have disclosed details of now-patched flaws in Zendesk Explore that could have been exploited by an attacker to gain unauthorized access to information from customer accounts that have the feature turned on. "Before it was patched, the flaw would have allowed threat actors to access conversations, email addresses, tickets, comments, and other information from Zendesk accounts with Explore enabled," Varonis  said  in a report shared with The Hacker News. The cybersecurity firm said there was no evidence to suggest that the issues were actively exploited in real-world attacks. No action is required on the part of the customers. Zendesk Explore is a  reporting and analytics solution  that allows organizations to "view and analyze key information about your customers, and your support resources." According to the security software company, exploitation of the shortcoming first requires an attacker to register for the  ticketing service

The Hacker News

November 15, 2022

Experts revealed details of critical SQLi and access issues in Zendesk Explore Full Text

Abstract Researchers disclosed technical details of critical SQLi and access vulnerabilities in the Zendesk Explore Service. Cybersecurity researchers at Varonis disclosed technical details of critical SQLi and access vulnerabilities impacting the Zendesk...

Security Affairs

November 14, 2022

Aiphone Intercom System Vulnerability Allows Hackers to Open Doors Full Text

Abstract Last week, researchers with Norwegian application security firm Promon published information on a vulnerability identified in several Aiphone products that could allow an attacker to easily breach the entry system using an NFC tag.

Security Week

November 12, 2022

Android phone owner accidentally finds a way to bypass lock screen Full Text

Abstract Cybersecurity researcher David Schütz accidentally found a way to bypass the lock screen on his fully patched Google Pixel 6 and Pixel 5 smartphones, enabling anyone with physical access to the device to unlock it.

BleepingComputer

November 11, 2022

New Vulnerability in Popular Widget Shows Risks of Third-Party Code Full Text

Abstract Successful exploitation of this vulnerability could allow malicious actors to impersonate a user and take over a user’s account, perform any action on behalf of the user and or steal sensitive information such as cookies and session tokens.

Imperva

November 11, 2022

Researchers Find Three Vulnerabilities in OpenLiteSpeed Web Server Full Text

Abstract The Unit 42 research team discovered three different vulnerabilities in the open-source OpenLiteSpeed Web Server. These vulnerabilities also affect the enterprise version, LiteSpeed Web Server.

Palo Alto Networks

November 11, 2022

Multiple High-Severity Flaw Affect Widely Used OpenLiteSpeed Web Server Software Full Text

Abstract Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. "By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution," Palo Alto Networks Unit 42  said  in a Thursday report. OpenLiteSpeed , the open source edition of LiteSpeed Web Server, is the sixth most popular web server, accounting for 1.9 million unique servers across the world. The first of the three flaws is a directory traversal flaw ( CVE-2022-0072 , CVSS score: 5.8), which could be exploited to access forbidden files in the web root directory. The remaining two vulnerabilities ( CVE-2022-0073  and  CVE-2022-0074 , CVSS scores: 8.8) relate to a case of privilege escalation and command injection, respectively, that could be chained to achieve privileged code execution. "A threat actor who managed

The Hacker News

November 11, 2022

Researcher received a $70k award for a Google Pixel lock screen bypass Full Text

Abstract Google fixed a high-severity security bug affecting all Pixel smartphones that can allow attackers to unlock the devices. Google has addressed a high-severity security bug, tracked as CVE-2022-20465, affecting all Pixel smartphones that could be exploited...

Security Affairs

November 11, 2022

Cisco Patches 33 Vulnerabilities in Enterprise Firewall Products Full Text

Abstract Cisco this week announced the release of patches for multiple vulnerabilities impacting enterprise firewall products running Cisco Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC) software.

Security Week

November 11, 2022

Microsoft confirms gaming performance issues on Windows 11 22H2 Full Text

Abstract Microsoft is working on a fix for a new known issue behind lower-than-expected performance or stuttering in some games on systems running Windows 11 22H2.

BleepingComputer

November 11, 2022

CSRF in Plesk API enabled privilege escalation Full Text

Abstract The REST API of Plesk was vulnerable to client-side request forgery (CSRF), which could lead to multiple potential attacks, including malicious file upload and privilege escalation.

The Daily Swig

November 10, 2022

Microsoft fixes Windows zero-day bug exploited to push malware Full Text

Abstract Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers.

BleepingComputer

November 10, 2022

Apple out-of-band patches fix remote code execution bugs in iOS and macOS Full Text

Abstract Apple released out-of-band patches for iOS and macOS to fix a couple of code execution vulnerabilities in the libxml2 library. Apple released out-of-band patches for iOS and macOS to address two code execution flaws, tracked as CVE-2022-40303 and CVE-2022-40304,...

Security Affairs

November 10, 2022

Microsoft fixes MoTW zero-day used to drop malware via ISO files Full Text

Abstract Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers.

BleepingComputer

November 10, 2022

Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones’ Lock Screens Full Text

Abstract Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices. The vulnerability, tracked as  CVE-2022-20465  and reported by security researcher David Schütz in June 2022, was remediated as part of the search giant's  monthly Android update  for November 2022. "The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprint, PIN, etc.) and gain complete access to the user's device," Schütz, who was awarded $70,000 for the lock screen bypass,  said  in a write-up of the flaw. The problem, per the researcher, is rooted in the fact that lock screen protections are completely defeated when following a specific sequence of steps - Supply incorrect fingerprint three times to disable biometric authentication on the locked device Hot swap  the SIM card in the device with an attacker-controlled SIM that has a PIN code set up Enter incorrect SIM pin thric

The Hacker News

November 10, 2022

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack Full Text

Abstract A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to inject and execute arbitrary code. Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow...

Security Affairs

November 10, 2022

Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products Full Text

Abstract Citrix has released  security updates  to address a critical authentication bypass flaw in the application delivery controller (ADC) and Gateway products that could be exploited to take control of affected systems. Successful exploitation of the issues could enable an adversary to gain authorized access, perform remote desktop takeover, and even circumvent defenses against login brute-force attempts under specific configurations. CVE-2022-27510  - Unauthorized access to Gateway user capabilities CVE-2022-27513  - Remote desktop takeover via phishing CVE-2022-27516  - User login brute-force protection functionality bypass The following supported versions of Citrix ADC and Citrix Gateway are affected by the flaws - Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47  Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12  Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21 Citrix ADC 12.1-FIPS before 12.1-55.289 Citrix ADC 12.1-NDcPP before 12.1-55.289 Exploitation, howe

The Hacker News

November 10, 2022

Lenovo warns of flaws that can be used to bypass security features Full Text

Abstract Lenovo fixed two high-severity flaws impacting various laptop models that could allow an attacker to deactivate UEFI Secure Boot. Lenovo has released security updates to address a couple of high-severity vulnerabilities impacting various ThinkBook,...

Security Affairs

November 10, 2022

High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies Full Text

Abstract Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The vulnerability, tracked as  CVE-2022-0902  (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow  flow computers and remote controllers . "Attackers can exploit this flaw to gain root access on an ABB flow computer, read and write files, and remotely execute code," industrial security company Claroty  said  in a report shared with The Hacker News. ABB, a Swedish-Swiss industrial automation firm, has since released  firmware updates  as of July 14, 2022, following responsible disclosure. Flow computers are special-purpose electronic instruments used by petrochemical manufacturers to interpret data from flow meters and calculate and record the volume of substances such as natural gas, crude oils, and other hydrocarbon fluids at a specific point in time. Th

The Hacker News

November 9, 2022

SAP Patches Critical Vulnerabilities in BusinessObjects, SAPUI5 Full Text

Abstract German software maker SAP announced the release of nine new security notes on its November 2022 Security Patch Day, including two notes addressing critical bugs in BusinessObjects and SAPUI5.

Security Week

November 9, 2022

Intel, AMD Address Many Vulnerabilities With Patch Tuesday Advisories Full Text

Abstract Intel has published 24 new advisories covering more than 50 vulnerabilities affecting the chip giant’s products. AMD has published four new advisories describing a total of 10 vulnerabilities.

Security Week

November 9, 2022

Microsoft Patch Tuesday updates fix 6 actively exploited zero-days Full Text

Abstract Microsoft Patch Tuesday updates for November 2022 addressed 64 vulnerabilities, including six actively exploited zero-days. Microsoft Patch Tuesday updates for November 2022 addressed 64 new vulnerabilities in Microsoft Windows and Windows Components;...

Security Affairs

November 9, 2022

VMware fixes three critical flaws in Workspace ONE Assist Full Text

Abstract VMware address three critical bugs in the Workspace ONE Assist solution that allow remote attackers to bypass authentication and elevate privileges. VMware has released security updates to address three critical vulnerabilities impacting the Workspace...

Security Affairs

November 09, 2022

Lenovo fixes flaws that can be used to disable UEFI Secure Boot Full Text

Abstract Lenovo has fixed two high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models that could allow an attacker to deactivate UEFI Secure Boot.

BleepingComputer

November 09, 2022

VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software Full Text

Abstract VMware has patched five security flaws affecting its  Workspace ONE Assist  solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an authentication bypass flaw that could be abused by an attacker with network access to VMware Workspace ONE Assist to obtain administrative access without the need to authenticate to the application. CVE-2022-31686 has been described by the virtualization services provider as a "broken authentication method" vulnerability, and CVE-2022-31687 as a "Broken Access Control" flaw. "A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application," VMware  said  in an advisory for CVE-2022-31686 and CVE-202

The Hacker News

November 09, 2022

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days Full Text

Abstract Microsoft's latest round of monthly security updates has been released with fixes for  68 vulnerabilities  spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by  OpenSSL  the previous week. Also separately  addressed  at the start of the month is an actively exploited flaw in Chromium-based browsers ( CVE-2022-3723 ) that was plugged by Google as part of an out-of-band update late last month. "The big news is that  two older zero-day CVEs  affecting Exchange Server, made public at the end of September, have finally been fixed," Greg Wiseman, product manager at Rapid7, said in a statement shared with The Hacker News. "Customers are advised to update their  Exchange Server systems  immediately, regardless of whether any previously recommended mitigation steps have been applied

The Hacker News

November 8, 2022

Citrix ADC and Citrix Gateway are affected by a critical authentication bypass flaw Full Text

Abstract Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Citrix is urging customers to install security updates to address a critical authentication bypass issue, tracked as CVE-2022-27510,...

Security Affairs

November 8, 2022

Passport-SAML auth bypass triggers fix of critical, upstream XMLDOM bug Full Text

Abstract A critical security vulnerability arising from improper input validation has been addressed in XMLDOM, the JavaScript implementation of W3C DOM for Node.js, Rhino, and browsers.

The Daily Swig

November 08, 2022

VMware fixes three critical auth bypass bugs in remote access tool Full Text

Abstract VMware has released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that enable remote attackers to bypass authentication and elevate privileges to admin.

BleepingComputer

November 08, 2022

Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks Full Text

Abstract Microsoft has released security updates to address two high-severity Microsoft Exchange zero-day vulnerabilities collectively known as ProxyNotShell and exploited in the wild.

BleepingComputer

November 8, 2022

Siemens Addresses Critical Vulnerabilities; Schneider Electric Also Issues One Advisory Full Text

Abstract Siemens and Schneider Electric have released their Patch Tuesday advisories for November 2022. Siemens has released nine new security advisories covering a total of 30 vulnerabilities, but Schneider has only published one new advisory.

Security Week

November 08, 2022

Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws Full Text

Abstract ​Today is Microsoft's November 2022 Patch Tuesday, and with it comes fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws.

BleepingComputer

November 8, 2022

Google Patches High-Severity Privilege Escalation Vulnerabilities in Android Full Text

Abstract The first part of the update, the ‘2022-11-01 patch level’, includes fixes for 17 security defects, 12 of which could lead to escalation of privilege (EoP), three to denial of service (DoS), and two leading to information disclosure.

Security Week

November 08, 2022

Citrix urges admins to patch critical ADC, Gateway auth bypass Full Text

Abstract Citrix is urging customers to install security updates for a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway.

BleepingComputer

November 8, 2022

Prototype pollution bug exposed Ember.js applications to XSS Full Text

Abstract A prototype pollution bug in the JavaScript framework for building Node.js web applications could potentially allow attackers to stage cross-site scripting (XSS) attacks and steal user information.

The Daily Swig

November 7, 2022

China likely is stockpiling vulnerabilities, says Microsoft Full Text

Abstract Microsoft has asserted that China's offensive cyber capabilities have improved, thanks to a law that has allowed Beijing to create an arsenal of unreported software vulnerabilities.

The Register

November 7, 2022

Water sector in the US and Israel still unprepared to defeat cyber attacks Full Text

Abstract Expert warns that the US and Israel are still unprepared to defeat a cyber attack against organizations in the water sector. Ariel Stern, a former Israeli Air Force captain, warns that the US and Israel are still unprepared to defeat a cyber attack...

Security Affairs

November 05, 2022

Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities Full Text

Abstract Microsoft is warning of an uptick among nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page  Digital Defense Report , said it has "observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability," making it imperative that organizations patch such exploits in a timely manner. This also corroborates with an April 2022 advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which  found  that bad actors are "aggressively" targeting newly disclosed software bugs against broad targets globally. Microsoft noted that it only takes 14 days on average for an exploit to be available in the wild after public disclosure of a flaw, stating that while zero-day attacks are initially limited in scope, they tend to be swiftly adopted by other threat actors, leading to indiscriminat

The Hacker News

November 5, 2022

Zero-day are exploited on a massive scale in increasingly shorter timeframes Full Text

Abstract Microsoft warns of an uptick among threat actors increasingly using publicly-disclosed zero-day exploits in their attacks. According to the Digital Defense Report published by Microsoft, threat actors are increasingly leveraging publicly-disclosed...

Security Affairs

November 4, 2022

Cisco addressed several high-severity flaws in its products Full Text

Abstract Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple vulnerabilities impacting some of its products, including high-severity flaws in identity,...

Security Affairs

November 4, 2022

Splunk Patches 9 High-Severity Vulnerabilities in Enterprise Product Full Text

Abstract The most severe of these security defects have a CVSS score of 8.8 and are described as remote code execution (RCE), XML external entity (XXE) injection, and reflected cross-site scripting (XSS) bugs.

Security Week

November 3, 2022

Gatsby patches SSRF, XSS bugs in Cloud Image CDN Full Text

Abstract A high-risk bug in the Gatsby Cloud Image CDN service allowed attackers to stage server-side request forgery (SSRF) and cross-site scripting (XSS) attacks against some cloud-hosted Gatsby websites.

The Daily Swig

November 3, 2022

Fortinet fixed 16 vulnerabilities, 6 rated as high severity Full Text

Abstract Fortinet addressed 16 vulnerabilities in some of the company’s products, six flaws received a ‘high’ severity rate. One of the high-severity issues is a persistent XSS, tracked as CVE-2022-38374, in Log pages of FortiADC. The root cause of the issue...

Security Affairs

November 3, 2022

India Metro Smart Cards Vulnerable to ‘Free Top-up’ Bug Allowing Free Rides Full Text

Abstract India’s mass rapid transit systems — or metro, as it’s known locally — rely on commuter smart cards that are apparently vulnerable to exploitation and allow anyone to effectively travel for free.

Tech Crunch

November 02, 2022

Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software Full Text

Abstract Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers.  "These vulnerabilities can be chained together by an unauthenticated, remote attacker to gain code execution on the server running Checkmk version 2.1.0p10 and lower," SonarSource researcher Stefan Schiller  said  in a technical analysis. Checkmk's open source edition of the monitoring tool is based on  Nagios Core  and offers integrations with  NagVis  for the visualization and generation of topological maps of infrastructures, servers, ports, and processes. According to its Munich-based developer tribe29 GmbH, its Enterprise and Raw editions are used by  over 2,000 customers , including Airbus, Adobe, NASA, Siemens, Vodafone, and others. The four vulnerabilities, which consist of two Critical and two Medium severity bugs, are as follows - A  code injection flaw

The Hacker News

November 2, 2022

OpenSSL fixed two high-severity vulnerabilities Full Text

Abstract The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities,...

Security Affairs

November 01, 2022

OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities Full Text

Abstract The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as  CVE-2022-3602 and CVE-2022-3786 , have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email address. "In a TLS client, this can be triggered by connecting to a malicious server," OpenSSL said in an advisory for CVE-2022-3786. "In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects." OpenSSL is an  open source implementation  of the SSL and TLS protocols used for secure communication and is baked into several operating systems and a wide range of software. Versions 3.0.0 through 3.0.6 of the library are affected by the new flaws, which has been remediated in version 3.0.7. It's worth noting tha

The Hacker News

November 01, 2022

Researchers Disclose Details of Critical ‘CosMiss’ RCE Flaw Affecting Azure Cosmos DB Full Text

Abstract Microsoft on Tuesday said it addressed an authentication bypass vulnerability in  Jupyter Notebooks  for Azure Cosmos DB that enabled full read and write access. The tech giant said the problem was introduced on August 12, 2022, and rectified worldwide on October 6, 2022, two days after responsible disclosure from Orca Security, which dubbed the flaw  CosMiss . "In short, if an attacker had knowledge of a Notebook's 'forwardingId,' which is the UUID of the Notebook Workspace, they would have had full permissions on the Notebook without having to authenticate, including read and write access, and the ability to modify the file system of the container running the notebook," researchers Lidor Ben Shitrit and Roee Sagi said. This container modification could ultimately pave the way for obtaining remote code execution in the Notebook container by overwriting a Python file associated with the  Cosmos DB Explorer  to spawn a reverse shell. Successful exploitation

The Hacker News

November 1, 2022

Experts warn of critical RCE in ConnectWise Server Backup Solution Full Text

Abstract ConnectWise has addressed a critical remote code execution vulnerability impacting Recover and R1Soft Server Backup Manager (SBM). According to the advisory published by ConnectWise, the vulnerability is an Improper Neutralization of Special Elements...

Security Affairs

November 01, 2022

OpenSSL fixes two high severity vulnerabilities, what you need to know Full Text

Abstract The OpenSSL Project has patched two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections.

BleepingComputer

November 01, 2022

Last Years Open Source - Tomorrow’s Vulnerabilities Full Text

Abstract Linus Torvalds, the creator of Linux and Git, has his own law in software development, and it goes like this: " given enough eyeballs, all bugs are shallow ." This phrase puts the finger on the very principle of open source: the more, the merrier - if the code is easily available for anyone and everyone to fix bugs, it's pretty safe. But is it? Or is the saying "all bugs are shallow" only true for  shallow  bugs and not ones that lie deeper? It turns out that security flaws in open source can be harder to find than we thought. Emil Wåreus, Head of R&D at  Debricked , took it upon himself to look deeper into the community's performance. As the data scientist he is, he, of course, asked the data:  how good is the open source community at finding vulnerabilities in a timely manner ? The thrill of the (vulnerability) hunt Finding open source vulnerabilities is typically done by the maintainers of the open source project, users, auditors, or external secur

The Hacker News

November 1, 2022

Samsung Galaxy Store flaw could have allowed installing malicious apps on target devices Full Text

Abstract A security flaw in the Galaxy Store app for Samsung devices could have potentially allowed remote command execution on affected phones. A now-patched vulnerability in the Galaxy Store app for Samsung devices could have potentially triggered remote...

Security Affairs

November 01, 2022

Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution Full Text

Abstract IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager (SBM). The issue,  characterized  as a "neutralization of Special Elements in Output Used by a Downstream Component," could be abused to result in the execution of remote code or disclosure of sensitive information. ConnectWise's advisory notes that the flaw affects Recover v2.9.7 and earlier, as well as R1Soft SBM v6.16.3 and earlier, are impacted by the critical flaw. At its core, the issue is tied to an upstream authentication bypass vulnerability in the ZK open source Ajax web application framework ( CVE-2022-36537 ), which was initially patched in May 2022. "Affected ConnectWise Recover SBMs have automatically been updated to the latest version of Recover (v2.9.9)," the company  said , urging customers to upgrade to  SBM v6.16.4  shipped on October 28, 2022. Cybersecurity firm Huntress

The Hacker News

November 01, 2022

Microsoft fixes critical RCE flaw affecting Azure Cosmos DB Full Text

Abstract Analysts at Orca Security have found a critical vulnerability affecting Azure Cosmos DB that allowed unauthenticated read and write access to containers.

BleepingComputer

October 31, 2022

Mozilla Firefox fixes freezes caused by new Windows 11 feature Full Text

Abstract Mozilla has fixed a known issue causing the Firefox web browser to freeze when copying text on Windows 11 devices where the Suggested Actions clipboard feature is enabled.

BleepingComputer

October 31, 2022

VMware warns of the public availability of CVE-2021-39144 exploit code Full Text

Abstract VMware warned of the availability of a public exploit for a recently addressed critical remote code execution flaw in NSX Data Center for vSphere (NSX-V). VMware warned of the existence of a public exploit targeting a recently addressed critical remote...

Security Affairs

October 31, 2022

Actively exploited Windows Mark-of-the-Web zero-day received an unofficial patch Full Text

Abstract An unofficial patch for an actively exploited flaw in Microsoft Windows that allows to bypass Mark-of-the-Web (MotW) protections. 0patch released an unofficial patch to address an actively exploited security vulnerability in Microsoft Windows that...

Security Affairs

October 31, 2022

Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability Full Text

Abstract An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web ( MotW ) protections. The fix,  released  by 0patch, arrives weeks after HP Wolf Security  disclosed  a Magniber ransomware campaign that targets users with fake security updates which employ a JavaScript file to proliferate the file-encrypting malware. While files downloaded from the internet in Windows are tagged with a MotW flag to prevent unauthorized actions, it has since been found that corrupt Authenticode signatures can be used to allow the execution of arbitrary executables without any  SmartScreen warning . Authenticode  is a Microsoft code-signing technology that authenticates the identity of the publisher of a particular piece of software and verifies whether the software was tampered with after it was signed and published. "The [JavaScript] file actually has the Mo

The Hacker News

October 31, 2022

Samsung Galaxy Store Bug Could’ve Let Hackers Secretly Install Apps on Targeted Devices Full Text

Abstract A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain  deep links . An independent security researcher has been credited with reporting the issue. "Here, by not checking the deep link securely, when a user accesses a link from a website containing the deeplink, the attacker can execute JS code in the webview context of the Galaxy Store application," SSD Secure Disclosure  said  in an advisory posted last week. XSS attacks  allow an adversary to inject and execute malicious JavaScript code when visiting a website from a browser or another application. The issue identified in the Galaxy Store app has to do with how deep links are configured for Samsung's Marketing & Content Service ( MCS ), potentially leading to

The Hacker News

October 31, 2022

GitHub Repojacking Bug Could’ve Allowed Attackers to Takeover Other Users’ Repositories Full Text

Abstract Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories and mount supply chain attacks. The RepoJacking technique,  disclosed  by Checkmarx, entails a bypass of a protection mechanism called  popular repository namespace retirement , which aims to prevent developers from pulling unsafe repositories with the same name. The issue was addressed by the Microsoft-owned subsidiary on September 19, 2022 following responsible disclosure. RepoJacking  occurs  when a creator of a repository opts to change the username, potentially enabling a threat actor to claim the old username and publish a rogue repository with the same name in an attempt to trick users into downloading them. While Microsoft's countermeasure "retire[s] the namespace of any open source project that had more than 100 clones in the week leading up to the owner's account being renamed or deleted," Checkmarx

The Hacker News

October 31, 2022

GitHub flaw could have allowed attackers to takeover repositories of other users Full Text

Abstract A critical flaw in the cloud-based repository hosting service GitHub could've allowed attackers to takeover other repositories. The cloud-based repository hosting service GitHub has addressed a vulnerability that could have been exploited by threat...

Security Affairs

October 30, 2022

Actively exploited Windows MoTW zero-day gets unofficial patch Full Text

Abstract A free unofficial patch has been released for an actively exploited zero-day that allows files signed with malformed signatures to bypass Mark-of-the-Web security warnings in Windows 10 and Windows 11.

BleepingComputer

October 28, 2022

ConnectWise fixes RCE bug exposing thousands of servers to attacks Full Text

Abstract ConnectWise has released security updates to address a critical vulnerability in the ConnectWise Recover and R1Soft Server Backup Manager (SBM) secure backup solutions.

BleepingComputer

October 28, 2022

High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices Full Text

Abstract Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. "This vulnerability can be exploited by an unauthenticated remote attacker to get remote phar files deserialized, leading to arbitrary file write, which leads to a remote code execution (RCE)," Yibelo  said  in a report shared with The Hacker News. Also identified are five other issues, which are listed as follow - CVE-2022-22242  (CVSS score: 6.1) - A pre-authenticated reflected  XSS  on the error page ("error.php"), allowing a remote adversary to siphon Junos OS admin session and chained with other flaws that require authentication. CVE-2022-22243  (CVSS score: 4.3) &  CVE-2022-22

The Hacker News

October 28, 2022

Multiple vulnerabilities affect the Juniper Junos OS Full Text

Abstract Juniper Networks devices are affected by multiple high-severity issues, including code execution vulnerabilities. Multiple high-severity security vulnerabilities have been discovered in Juniper Networks devices. "Multiple vulnerabilities have been...

Security Affairs

October 28, 2022

Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year Full Text

Abstract Google Thursday released an emergency patch for Chrome 107 to address the actively exploited zero-day vulnerability CVE-2022-3723. Google released an emergency update for the Chrome 107 to address an actively exploited zero-day vulnerability...

Security Affairs

October 28, 2022

Apple backports fixes for CVE-2022-42827 zero-day to older iPhones, iPads Full Text

Abstract Apple released updates to backport the recently released security patches for CVE-2022-42827 zero-day to older iPhones and iPads. Apple has released new security updates to backport security patches released this week to address actively exploited...

Security Affairs

October 28, 2022

VMWare patches RCE exploit in NSX Manager Full Text

Abstract The vulnerability, caused by an old deserialization bug in an outdated Java library, could be abused to achieve pre-authentication remote code execution (RCE) on the host computer.

The Daily Swig

October 28, 2022

Exploit released for critical VMware RCE vulnerability, patch now Full Text

Abstract Proof-of-concept exploit code is now available for a pre-authentication remote code execution (RCE) vulnerability allowing attackers to execute arbitrary code remotely with root privileges on unpatched Cloud Foundation and NSX Manager appliances.

BleepingComputer

October 28, 2022

Google fixes seventh Chrome zero-day exploited in attacks this year Full Text

Abstract Google has released an emergency security update for the Chrome desktop web browser to address a single vulnerability known to be exploited in attacks.

BleepingComputer

October 28, 2022

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability Full Text

Abstract Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability , tracked as  CVE-2022-3723 , has been described as a type confusion flaw in the V8 JavaScript engine. Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022. "Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild," the internet giant acknowledged in an advisory without getting into more specifics about the nature of the attacks. CVE-2022-3723 is the third actively exploited type confusion bug in V8 this year after  CVE-2022-1096  and  CVE-2022-1364 . The latest fix also marks the resolution of the seventh zero-day in Google Chrome since the start of 2022 - CVE-2022-0609  - Use-after-free in Animation CVE-2022-1096  - Type confusion in V8 CVE-2022-1364  - Type confusion in V8 CVE-2022-2294  - Heap buffer overflow in WebRTC

The Hacker News

October 27, 2022

Apple fixes recently disclosed zero-day on older iPhones, iPads Full Text

Abstract Apple has released new security updates to backport patches released earlier this week to older iPhones and iPads, addressing an actively exploited zero-day bug.

BleepingComputer

October 27, 2022

Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit Full Text

Abstract Two separate vulnerabilities exist in different versions of Windows that allow attackers to sneak malicious attachments and files past Microsoft's Mark of the Web (MoTW) security feature.

Dark Reading

October 27, 2022

SiriSpy flaw allows eavesdropping on users’ conversations with Siri Full Text

Abstract SiriSpy is a vulnerability affecting Apple iOS and macOS that allowed apps to eavesdrop on users' conversations with Siri. SiriSpy is a now-patched vulnerability, tracked as CVE-2022-32946, in Apple's iOS and macOS that could have potentially allowed...

Security Affairs

October 27, 2022

Apple iOS and macOS Flaw Could’ve Let Apps Eavesdrop on Your Conversations with Siri Full Text

Abstract A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said "an app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements. Credited with discovering and reporting the bug in August 2022 is app developer Guilherme Rambo. The bug, dubbed  SiriSpy , has been assigned the identifier CVE-2022-32946. "Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets," Rambo  said  in a write-up. "This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone." The vulnerability, according to Rambo, relates to a service called DoAP that's included in AirPo

The Hacker News

October 26, 2022

OpenSSL to fix the second critical flaw ever Full Text

Abstract The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit. Experts...

Security Affairs

October 26, 2022

Google Patches 14 Vulnerabilities with the Release of Chrome 107 Full Text

Abstract Google this week announced the release of Chrome 107 to the stable channel, with patches for 14 vulnerabilities, including high-severity bugs reported by external researchers.

Security Week

October 26, 2022

Two flaws in Cisco AnyConnect Secure Mobility client for Windows actively exploited Full Text

Abstract Cisco warns of active exploitation attempts targeting two vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows. Cisco is warning of exploitation attempts targeting two security flaws, tracked as CVE-2020-3153 (CVSS score: 6.5)...

Security Affairs

October 26, 2022

Microsoft fixes Windows vulnerable driver blocklist sync issue Full Text

Abstract Microsoft says it addressed an issue preventing the Windows kernel vulnerable driver blocklist from being synced to systems running older Windows versions.

BleepingComputer

October 26, 2022

OpenSSL to Patch First Critical Vulnerability Since 2016 Full Text

Abstract OpenSSL version 3.0.7 is scheduled for Tuesday, November 1, between 13:00 and 17:00 UTC. No details have been provided, but it has been described as a ‘security-fix release’ that will include a patch for a vulnerability rated ‘critical’.

Security Week

October 26, 2022

VMware fixes critical RCE in VMware Cloud Foundation Full Text

Abstract VMware addressed a critical remote code execution vulnerability in VMware Cloud Foundation tracked as CVE-2021-39144. VMware has released security updates to address a critical vulnerability, tracked as CVE-2021-39144 (CVSSv3 9.8), in VMware Cloud...

Security Affairs

October 26, 2022

Apple Patches Over 100 Vulnerabilities With Release of macOS Ventura 13 Full Text

Abstract A total of 112 CVE identifiers are listed in Apple’s security advisory for macOS Ventura 13, including issues that are specific to the operating system and flaws impacting third-party components.

Security Week

October 26, 2022

Hackers Actively Exploiting Cisco AnyConnect and GIGABYTE Drivers Vulnerabilities Full Text

Abstract Cisco has warned of active exploitation attempts targeting a pair of two-year-old security flaws in the Cisco AnyConnect Secure Mobility Client for Windows. Tracked as  CVE-2020-3153  (CVSS score: 6.5) and  CVE-2020-3433  (CVSS score: 7.8), the vulnerabilities could enable local authenticated attackers to perform DLL hijacking and copy arbitrary files to system directories with elevated privileges.  While CVE-2020-3153 was addressed by Cisco in February 2020, a fix for CVE-2020-3433 was shipped in August 2020. "In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild," the networking equipment maker said in an updated advisory. "Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability." The alert comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) moved to add the two flaws to its K

The Hacker News

October 26, 2022

VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform Full Text

Abstract VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product. Tracked as CVE-2021-39144, the issue has been rated 9.8 out of 10 on the CVSS vulnerability scoring system, and relates to a remote code execution vulnerability via XStream open source library. "Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of 'root' on the appliance," the company  said  in an advisory. In light of the severity of the flaw and its relatively low bar for exploitation, the Palo Alto-based virtualization services provider has also made available a  patch  for end-of-life products. Also addressed by VMware as part of the update is CVE-2022-31678 (CVSS score: 5.3), an XML External Entity ( XXE ) vulnerability that could be exploited to result in a denial-of-service (DoS) condition or unauthorized info

The Hacker News

October 25, 2022

Cisco warns admins to patch AnyConnect flaw exploited in attacks Full Text

Abstract Cisco warned customers today that two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows are being exploited in the wild.

BleepingComputer

October 25, 2022

Experts disclosed a 22-year-old bug in popular SQLite Database library Full Text

Abstract A high-severity vulnerability, tracked as CVE-2022-35737, has been disclosed in the SQLite database library. The security expert Andreas Kellas detailed a high-severity vulnerability, tracked as CVE-2022-35737 (CVSS score: 7.5), in the SQLite database...

Security Affairs

October 25, 2022

22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library Full Text

Abstract A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as  CVE-2022-35737  (CVSS score: 7.5), the 22-year-old issue affects SQLite versions  1.0.12  through 3.39.1, and has been addressed in  version 3.39.2  released on July 21, 2022. "CVE-2022-35737 is  exploitable  on 64-bit systems, and exploitability depends on how the program is compiled," Trail of Bits researcher Andreas Kellas  said  in a technical write-up published today. "Arbitrary code execution is confirmed when the library is compiled without stack canaries, but unconfirmed when stack canaries are present, and denial-of-service is confirmed in all cases." Programmed in C, SQLite is the most widely used database engine , included by default in Android, iOS, Windows, and macOS, as well as popular web browsers such as Googl

The Hacker News

October 25, 2022

Researchers Detail Windows Event Log Vulnerabilities: LogCrusher and OverLog Full Text

Abstract Cybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service (DoS). The exploits, dubbed  LogCrusher  and  OverLog  by Varonis, take aim at the EventLog Remoting Protocol ( MS-EVEN ), which enables remote access to event logs. While the former allows "any domain user to remotely crash the Event Log application of any Windows machine," OverLog causes a DoS by "filling the hard drive space of any Windows machine on the domain," Dolev Taler  said  in a report shared with The Hacker News. OverLog has been assigned the CVE identifier CVE-2022-37981 (CVSS score: 4.3) and was addressed by Microsoft as part of its  October Patch Tuesday  updates. LogCrusher, however, remains unresolved. "The performance can be interrupted and/or reduced, but the attacker cannot fully deny service," the tech giant said in an advisory for the flaw released earlier this m

The Hacker News

October 25, 2022

VMware fixes critical Cloud Foundation remote code execution bug Full Text

Abstract VMware has released security updates today to fix a critical vulnerability in VMware Cloud Foundation, a hybrid cloud platform for running enterprise apps in private or public environments.

BleepingComputer

October 25, 2022

Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability Full Text

Abstract Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827 , has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges. Successful exploitation of out-of-bounds write flaws, which typically occur when a program attempts to write data to a memory location that's outside of the bounds of what it is allowed to access, can result in corruption of data, a crash, or execution of unauthorized code. The iPhone maker said it addressed the bug with improved bounds checking, while crediting an anonymous researcher for reporting the vulnerability. As is usually the case with actively exploited zero-day flaws, Apple refrained from sharing more specifics about the shortcoming other than acknowledging that it's "aware of a report that this i

The Hacker News

October 25, 2022

Jira Align Vulnerabilities Exposed Atlassian Infrastructure to Attacks Full Text

Abstract Vulnerabilities addressed recently in Jira Align could allow an attacker to elevate privileges, obtain Atlassian cloud credentials, and potentially go after Atlassian infrastructure, researchers with Bishop Fox warn.

Security Week

October 24, 2022

Apple fixed the ninth actively exploited zero-day this year Full Text

Abstract Apple released security updates that addressed the ninth zero-day vulnerability actively exploited in the wild since the start of the year.  Apple has addressed the ninth zero-day vulnerability exploited in attacks in the wild since the start of the year. The...

Security Affairs

October 24, 2022

Apple fixes new zero-day used in attacks against iPhones, iPads Full Text

Abstract In security updates released on Monday, Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year. 

BleepingComputer

October 22, 2022

Exploited Windows zero-day lets JavaScript files bypass security warnings Full Text

Abstract A new Windows zero-day allows threat actors to use malicious JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks.

BleepingComputer

October 22, 2022

Threat actors exploit critical flaw in VMware Workspace ONE Access to drop ransomware, miners Full Text

Abstract Threat actors are exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace ONE Access in attacks in the wild. Threat actors are actively exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace...

Security Affairs

October 22, 2022

Critical Flaw Reported in Move Virtual Machine Powering the Aptos Blockchain Network Full Text

Abstract Researchers have disclosed details about a now-patched critical flaw in the Move virtual machine that powers the Aptos blockchain network. The vulnerability "can cause Aptos nodes to crash and cause denial of service," Singapore-based Numen Cyber Labs  said  in a technical write-up published earlier this month. Aptos is a  new entrant  to the blockchain space, which  launched  its  mainnet  on October 17, 2022. It has its roots in the Diem stablecoin payment system proposed by Meta (née Facebook), which also introduced a short-lived digital wallet called  Novi . The network is built using a platform-agnostic programming language known as  Move , a Rust-based system that's  designed  to implement and execute  smart contracts  in a secure  runtime environment , also known as the Move Virtual Machine (aka  MoveVM ). The  vulnerability  identified by Numen Cyber Labs is rooted in the Move language's verification module (" stack_usage_verifier.rs "), a com

The Hacker News

October 21, 2022

Experts warn of CVE-2022-42889 Text4Shell exploit attempts Full Text

Abstract Wordfence researchers warn of exploitation attempts targeting the recently disclosed flaw in Apache Commons Text dubbed Text4Shell. Experts at WordPress security firm Wordfence reported exploitation attempts targeting the recently disclosed flaw...

Security Affairs

October 21, 2022

Vulnerabilities in Cisco Identity Services Engine Require Your Attention Full Text

Abstract There are no workarounds available for the two flaws. And, while there’s currently a fix for CVE-2022-20959 (for one specific ISE version and patch level), other fixes are scheduled to be released in the coming months – some even in January 2023.

Help Net Security

October 21, 2022

Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware Full Text

Abstract A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines. "The attacker intends to utilize a victim's resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency," Fortinet FortiGuard Labs researcher Cara Lin  said  in a Thursday report. The issue, tracked as CVE-2022-22954 (CVSS score: 9.8), concerns a remote code execution vulnerability that stems from a case of server-side template injection. Although the shortcoming was addressed by the virtualization services provider in April 2022, it has since come under active exploitation in the wild. Fortinet said it observed in August 2022 attacks that sought to weaponize the flaw to deploy the  Mirai botnet  on Linux devices as well as the RAR1Ransom and  GuardMiner , a variant of the XMRig Monero miner. The Mirai sample is retrieved fr

The Hacker News

October 21, 2022

Hackers exploit critical VMware flaw to drop ransomware, miners Full Text

Abstract Security researchers observed malicious campaigns leveraging a critical vulnerability in VMware Workspace One Access to deliver various malware, including the RAR1Ransom tool that locks files in password-protected archives.

BleepingComputer

October 21, 2022

Hackers Started Exploiting Critical “Text4Shell” Apache Commons Text Vulnerability Full Text

Abstract WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as  CVE-2022-42889  aka Text4Shell , has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 of the library. It's also similar to the now infamous  Log4Shell  vulnerability in that the  issue  is rooted in the manner  string substitutions  carried out during  DNS, script, and URL lookups  could lead to the execution of arbitrary code on susceptible systems when passing untrusted input. "The attacker can send a crafted payload remotely using 'script,' 'dns,' and 'url' lookups to achieve arbitrary remote code execution," Zscaler ThreatLabZ team explained . A  successful exploitation of the flaw  can enable a threat actor to open a reverse shell connection with the vulnerable app

The Hacker News

October 19, 2022

Researchers Detail Azure SFX Flaw That Could’ve Allowed Attackers to Gain Admin Access Full Text

Abstract Cybersecurity researchers have shared more details about a now-patched security flaw in Azure Service Fabric Explorer (SFX) that could potentially enable an attacker to gain administrator privileges on the cluster. The vulnerability, tracked as  CVE-2022-35829 , carries a CVSS severity rating of 6.2 and was addressed by Microsoft as part of its  Patch Tuesday updates  last week. Orca Security, which  discovered and reported  the flaw to the tech giant on August 11, 2022, dubbed the vulnerability  FabriXss  (pronounced "fabrics"). It impacts Azure Fabric Explorer version 8.1.316 and prior. SFX is described by Microsoft as an  open-source tool  for inspecting and managing  Azure Service Fabric  clusters, a distributed systems platform that's used to build and deploy microservices-based cloud applications. The vulnerability is rooted in the fact that a user with  permissions  to "Create Compose Application" through the SFX client can leverage the privileges

The Hacker News

October 19, 2022

Text4Shell, a remote code execution bug in Apache Commons Text library Full Text

Abstract Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub's threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache...

Security Affairs

October 19, 2022

Researchers share of FabriXss bug impacting Azure Fabric Explorer Full Text

Abstract Cybersecurity researchers published technical details about a now-patched FabriXss flaw that impacts Azure Fabric Explorer. Orca Security researchers have released technical details about a now-patched FabriXss vulnerability, tracked as CVE-2022-35829...

Security Affairs

October 19, 2022

Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update Full Text

Abstract Details have emerged about a previously undocumented and fully undetectable (FUD) PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted approximately 100 victims," Tomer Bar, director of security research at SafeBreach,  said  in a new report. Attributed to an  unnamed threat actor , attack chains involving the malware commence with a weaponized  Microsoft Word document  that, per the company, was uploaded from Jordan on August 25, 2022. Metadata associated with the lure document indicates that the initial intrusion vector is a LinkedIn-based spear-phishing attack, which ultimately leads to the execution of a PowerShell script via a piece of embedded macro code. The PowerShell script ( Script1.ps1 ) is designed to connect to a remote command-and-control (C2) server and retrieve a comm

The Hacker News

October 19, 2022

Microsoft Azure SFX bug let hackers hijack Service Fabric clusters Full Text

Abstract Attackers could exploit a now-patched spoofing vulnerability in Service Fabric Explorer to gain admin privileges and hijack Azure Service Fabric clusters.

BleepingComputer

October 19, 2022

WordPress Security Update 6.0.3 Patches 16 Vulnerabilities Full Text

Abstract Researchers say, we found that these vulnerabilities are unlikely to be perceived as mass exploits, but several of them potentially present a mechanism for knowledgeable attackers to hack high-value sites via tailored attacks.

Security Week

October 19, 2022

Apache Commons Text RCE flaw — Keep calm and patch away Full Text

Abstract A remote code execution flaw in the open-source Apache Commons Text library has some people worried that it could turn into the next Log4Shell. However, most cybersecurity researchers say it is nowhere near as concerning.

BleepingComputer

October 19, 2022

Explained: Log4Shell-like bugs Found in Apache Commons Text Full Text

Abstract The flaw exists in Apache Commons Text, a library released in 2017 that focuses on algorithms enabling a variety of functionalities around strings. The proof-of-concept (PoC) code for the flaw is available.

Aquasec

October 19, 2022

Microsoft Office 365 Message Encryption (OME) doesn’t ensure confidentiality Full Text

Abstract A bug in the message encryption mechanism used by Microsoft in Office 365 can allow to access the contents of the messages. Researchers at the cybersecurity firm WithSecure discovered a bug in the message encryption mechanism used by Microsoft...

Security Affairs

October 18, 2022

Critical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt Strike Full Text

Abstract HelpSystems, the company that developed the Cobalt Strike platform, addressed a critical remote code execution vulnerability in its software. HelpSystems, the company that developed the commercial post-exploitation toolkit Cobalt Strike, addressed...

Security Affairs

October 18, 2022

Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software Full Text

Abstract HelpSystems, the company behind the Cobalt Strike software platform, has released an out-of-band security update to address a remote code execution vulnerability that could allow an attacker to take control of targeted systems. Cobalt Strike is a commercial red-team framework that's mainly used for adversary simulation, but cracked versions of the software have been  actively   abused  by ransomware operators and espionage-focused advanced persistent threat (APT) groups alike. The  post-exploitation tool  consists of a team server, which functions as a command-and-control (C2) component, and a beacon, the default malware used to create a connection to the team server and drop next-stage payloads. The issue, tracked as  CVE-2022-42948 , affects Cobalt Strike version 4.7.1, and stems from an incomplete patch released on September 20, 2022, to rectify a cross-site scripting ( XSS ) vulnerability ( CVE-2022-39197 ) that could lead to remote code execution. "The XSS vulnerabi

The Hacker News

October 18, 2022

Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684 Full Text

Abstract Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. Unfortunately, the number...

Security Affairs

October 18, 2022

Text message verification flaws in your Windows Active Directory Full Text

Abstract While text messaging-based MFA goes a long way toward protecting an org against compromised credentials, it also has vulnerabilities of its own. Orgs must look for ways around the flaws associated with test-based MFA by upgrading to multi-factor authentication. Learn more in this article from Specops Software.

BleepingComputer

October 18, 2022

Researchers Keep a Wary Eye on Critical New Vulnerability in Apache Commons Text Full Text

Abstract Researchers are closely tracking a critical, newly disclosed vulnerability in Apache Commons Text that gives unauthenticated attackers a way to execute code remotely on servers running applications with the affected component.

Dark Reading

October 18, 2022

CVE-2022-28762: Zoom for macOS contains a debugging port misconfiguration Full Text

Abstract Video messaging company Zoom fixed a high-severity vulnerability, tracked as CVE-2022-28762, in Zoom Client for Meetings for macOS. Zoom Client for Meetings for macOS (Standard and for IT Admin) is affected by a debugging port misconfiguration. The issue,...

Security Affairs

October 17, 2022

Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages Full Text

Abstract New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. "The [Office 365 Message Encryption] messages are encrypted in insecure Electronic Codebook ( ECB ) mode of operation," Finnish cybersecurity company WithSecure  said  in a report published last week. Office 365 Message Encryption (OME) is a security mechanism used to send and receive encrypted email messages between users inside and outside an organization without revealing anything about the communications themselves. A consequence of the newly disclosed issue is that rogue third-parties gaining access to the encrypted email messages may be able to decipher the messages, effectively breaking confidentiality protections. Electronic Codebook is one of the simplest modes of encryption wherein each message block is encoded separately by a key, meaning identical plaintext blocks wi

The Hacker News

October 17, 2022

Windows Mark of the Web bypass zero-day gets unofficial patch Full Text

Abstract A free unofficial patch has been released through the 0patch platform to address an actively exploited zero-day flaw in the Windows Mark of the Web (MotW) security mechanism.

BleepingComputer

October 17, 2022

Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite Full Text

Abstract Zimbra has  released patches  to contain an actively exploited security flaw in its enterprise collaboration suite that could be leveraged to upload arbitrary files to vulnerable instances. Tracked as  CVE-2022-41352  (CVSS score: 9.8), the issue affects a component of the Zimbra suite called  Amavis , an open source content filter, and more specifically, the cpio utility it uses to scan and extract archives. The flaw, in turn, is said to be rooted in another underlying vulnerability ( CVE-2015-1197 ) that was first disclosed in early 2015, which  according to Flashpoint  was rectified, only to be subsequently reverted in later Linux distributions. "An attacker can use cpio package to gain incorrect access to any other user accounts," Zimbra said in an advisory published last week, adding it "recommends pax over cpio." Fixes are available in the following versions - Zimbra 9.0.0 Patch 27 Zimbra 8.8.15 Patch 34 All an adversary seeking needs to do to weapo

The Hacker News

October 17, 2022

45,654 VMware ESXi servers reached End of Life on Oct. 15 Full Text

Abstract Lansweeper warns that over 45,000 VMware ESXi servers exposed online have reached end-of-life (EOL), making them an easy target for attackers. IT Asset Management software provider Lansweeper has scanned the Internet for VMware ESXi servers and found...

Security Affairs

October 15, 2022

Over 45,000 VMware ESXi servers just reached end-of-life Full Text

Abstract Over 45,000 VMware ESXi servers inventoried by Lansweeper just reached end-of-life (EOL), with VMware no longer providing software and security updates unless companies purchase an extended support contract.

BleepingComputer

October 15, 2022

Fortinet urges admins to patch bug with public exploit immediately Full Text

Abstract Fortinet urges customers to urgently patch their appliances against a critical authentication bypass FortiOS, FortiProxy, and FortiSwitchManager vulnerability exploited in attacks.

BleepingComputer

October 15, 2022

Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS Full Text

Abstract Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS...

Security Affairs

October 14, 2022

Researchers Detail Windows Zero-Day Vulnerability Patched Last Month Full Text

Abstract Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as  CVE-2022-37969  (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022, while also noting that it was being actively exploited in the wild. "An attacker must already have access and the ability to run code on the target system," the company  noted  in its advisory. "This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system." It also credited researchers from CrowdStrike, DBAPPSecurity, Mandiant, and Zscaler for reporting the vulnerability without delving into additional specifics surrounding the nature of the attacks. Now, the Zscaler ThreatLabz researcher team has disclosed that it captured an in-the-wild exploit for the the

The Hacker News

October 14, 2022

Experts disclose technical details of now-patched CVE-2022-37969 Windows Zero-Day Full Text

Abstract Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) flaw is a Windows Common Log File System Driver Elevation of Privilege Vulnerability. The Common...

Security Affairs

October 14, 2022

Experts released PoC exploit code for critical bug CVE-2022-40684 in Fortinet products Full Text

Abstract Experts released the PoC exploit code for the authentication bypass flaw CVE-2022-40684 in FortiGate firewalls and FortiProxy web proxies. A proof-of-concept (PoC) exploit code for the authentication bypass vulnerability CVE-2022-40684 (CVSS score:...

Security Affairs

October 14, 2022

Microsoft Office 365 email encryption could expose message content Full Text

Abstract Security researchers at WithSecure have discovered it's possible to partially or fully infer the contents of encrypted messages sent through Microsoft Office 365, highlighting an intrinsic weakness in the encryption scheme used.

BleepingComputer

October 13, 2022

New Timing Attack Against NPM Registry API Could Expose Private Packages Full Text

Abstract A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats. "By creating a list of possible package names, threat actors can detect organizations'  scoped private packages  and then masquerade public packages, tricking employees and users into downloading them," Aqua Security researcher Yakir Kadkoda  said . The Scoped Confusion attack banks on analyzing the time it takes for the  npm API  (registry.npmjs[.]org) to return an HTTP 404 error message when querying for a private package, and measuring it against the response time for a non-existing module. "It takes on average less time to get a reply for a private package that does not exist compared to a private package that does," Kadkoda explained. The idea, ultimately, is to identify packages internally used by companies, which could then be used by threat actors to

The Hacker News

October 12, 2022

Aruba fixes critical vulnerabilities in EdgeConnect Enterprise Orchestrator Full Text

Abstract Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator. Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator that can be exploited by remote attackers...

Security Affairs

October 12, 2022

Microsoft Patch Tuesday for October 2022 doesn’t fix Exchange Server flaws Full Text

Abstract Microsoft Patch Tuesday security updates for October 2022 addressed a total of 85 security vulnerabilities, including an actively exploited zero-day. Microsoft Patch Tuesday security updates for October 2022 addressed 85 new vulnerabilities in multiple...

Security Affairs

October 12, 2022

VMware has yet to fix CVE-2021-22048 flaw in vCenter Server disclosed one year ago Full Text

Abstract VMware has yet to address the CVE-2021-22048 privilege escalation vulnerability in vCenter Server disclosed in November 2021. VMware warns customers that it has yet to address a high-severity privilege escalation vulnerability, tracked as CVE-2021-22048,...

Security Affairs

October 12, 2022

Aruba fixes critical RCE and auth bypass flaws in EdgeConnect Full Text

Abstract Aruba has released security updates for the EdgeConnect Enterprise Orchestrator, addressing multiple critical severity vulnerabilities that enable remote attackers to compromise the host.

BleepingComputer

October 12, 2022

Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys Full Text

Abstract A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related  TIA Portal , while bypassing all four of its  access level protections ," industrial cybersecurity company Claroty  said  in a new report. "A malicious actor could use this secret information to compromise the entire SIMATIC S7-1200/1500 product line in an irreparable way." The critical vulnerability, assigned the identifier  CVE-2022-38465 , is rated 9.3 on the CVSS scoring scale and has been addressed by Siemens as part of security updates issued on October 11, 2022. The list of impacted products and versions is below - SIMATIC Drive Controller family (all versions before 2.9.2) SIMATIC ET 200SP Open Controller CPU 1515SP PC2, including SIPLUS variants (all

The Hacker News

October 12, 2022

Chrome 106 Update Patches Several High-Severity Vulnerabilities Full Text

Abstract Based on the bug bounty amounts that Google has paid out, the most severe of the newly addressed flaws is CVE-2022-3445, a use-after-free vulnerability in Skia, the open-source 2D graphics library that serves as Chrome’s graphics engine.

Security Week

October 12, 2022

Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs Full Text

Abstract Microsoft's Patch Tuesday update for the month of October has addressed a total of  85 security vulnerabilities , including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the  actively exploited   ProxyNotShell  flaws in  Exchange Server . The  patches  come alongside  updates to resolve 12 other flaws  in the Chromium-based Edge browser that have been released since the beginning of the month. Topping the list of this month's patches is  CVE-2022-41033  (CVSS score: 7.8), a privilege escalation vulnerability in Windows COM+ Event System Service. An anonymous researcher has been credited with reporting the issue. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," the company said in an advisory, cautioning that the shortcoming is being actively weaponized in

The Hacker News

October 11, 2022

Android leaks some traffic even when ‘Always-on VPN’ is enabled Full Text

Abstract Mullvad VPN has discovered that Android leaks traffic every time the device connects to a WiFi network, even if the "Block connections without VPN," or "Always-on VPN," features is enabled.

BleepingComputer

October 11, 2022

Hidden DNS resolver insecurity creates widespread website hijack risk Full Text

Abstract Closed DNS resolvers are used by numerous hosting providers and other internet service providers (ISPs) to provision services to their clients. As the name suggests, closed DNS resolvers reside on closed networks or intranets.

The Daily Swig

October 11, 2022

Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox Full Text

Abstract A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," GitHub  said  in an advisory published on September 28, 2022. The issue, tracked as CVE-2022-36067 and codenamed Sandbreak, carries a maximum severity rating of 10 on the CVSS vulnerability scoring system. It has been addressed in  version 3.9.11  released on August 28, 2022. vm2 is a  popular Node library  that's used to run untrusted code with allowlisted built-in modules. It's also one of the most widely downloaded software, accounting for nearly 3.5 million downloads per week. The  shortcoming  is rooted in the error mechanism in Node.js to escape the sandbox, according to application security firm Oxeye, which  discovered the flaw . This mean

The Hacker News

October 11, 2022

VMware vCenter Server bug disclosed last year still not patched Full Text

Abstract VMware informed customers today that vCenter Server 8.0 (the latest version) is still waiting for a patch to address a high-severity privilege escalation vulnerability disclosed in November 2021.

BleepingComputer

October 11, 2022

Microsoft October 2022 Patch Tuesday fixes zero-day used in attacks, 84 flaws Full Text

Abstract Today is Microsoft's October 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 84 flaws.

BleepingComputer

October 11, 2022

Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug Full Text

Abstract Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and proxy products is being actively exploited in the wild. Tracked as  CVE-2022-40684  (CVSS score: 9.6), the flaw relates to an authentication bypass in FortiOS, FortiProxy, and FortiSwitchManager that could allow a remote attacker to perform unauthorized operations on the administrative interface via specially crafted HTTP(S) requests. "Fortinet is aware of an instance where this vulnerability was exploited, and recommends immediately validating your systems against the following indicator of compromise in the device's logs: user='Local_Process_Access,'" the company  noted  in an advisory. The list of impacted devices is below - FortiOS version 7.2.0 through 7.2.1 FortiOS version 7.0.0 through 7.0.6 FortiProxy version 7.2.0 FortiProxy version 7.0.0 through 7.0.6 FortiSwitchManager version 7.2.0, and FortiSwitchManager version 7.0.0 Updates hav

The Hacker News

October 11, 2022

Critical VM2 flaw lets attackers run code outside the sandbox Full Text

Abstract Researchers are warning of a critical remote code execution flaw in 'vm2', a JavaScript sandbox library downloaded over 16 million times per month via the NPM package repository.

BleepingComputer

October 11, 2022

New ‘Thermal Attack’ can Read User Passwords From the Heat Signatures Left While Typing Full Text

Abstract Computer security researchers say they've developed an AI-driven system that can guess computer and smartphone passwords in seconds by examining the heat signatures that fingertips leave on keyboards and screens when entering data.

ZDNet

October 10, 2022

CVE-2022-40684 flaw in Fortinet products is being exploited in the wild Full Text

Abstract Fortinet has confirmed that the recently disclosed critical authentication bypass issue (CVE-2022-40684) is being exploited in the wild. Last week, Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted...

Security Affairs

October 10, 2022

Fortinet says critical auth bypass bug is exploited in attacks Full Text

Abstract Fortinet has confirmed today that a critical authentication bypass security vulnerability patched last week is being exploited in the wild.

BleepingComputer

October 10, 2022

Android vulnerabilities could allow arbitrary code execution Full Text

Abstract Several vulnerabilities have been patched in the Google Android operating system (OS), the most severe of which could allow for arbitrary code execution. None of the vulnerabilities have been spotted in the wild.

Malwarebytes Labs

October 08, 2022

Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities Full Text

Abstract Microsoft on Friday  disclosed  it has made more improvements to the  mitigation method  offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from ".*autodiscover\.json.*Powershell.*" to "(?=.*autodiscover\.json)(?=.*powershell)." The list of updated steps to add the URL Rewrite rule is below - Open IIS Manager Select Default Web Site In the Feature View, click URL Rewrite In the Actions pane on the right-hand side, click Add Rule(s)… Select Request Blocking and click OK Add the string "(?=.*autodiscover\.json)(?=.*powershell)" (excluding quotes) Select Regular Expression under Using Select Abort Request under How to block and then click OK Expand the rule and select the rule with the pattern: (?=.*autodiscover\.json)(?=.*powershell) and click Edit under Conditions Change the Condition input from {U

The Hacker News

October 8, 2022

GitHub Repositories Offer Fake Exploits for Exchange Flaws Full Text

Abstract Microsoft and GTSC disclosed that scammers have jumped on the bandwagon to abuse Exchange flaws by creating GitHub repositories for fake exploits.

Cyware Alerts - Hacker News

October 8, 2022

Researchers Uncover Details on Zero-Day Vulnerability Affecting Zimbra Collaboration and CPIO Full Text

Abstract In September, an attack was reported in the Zimbra forums where a malicious actor was able to upload a JSP web shell into the public directory to execute a command, generating a pre-authentication key to login to an existing account.

Security Boulevard

October 8, 2022

Unpatched remote code execution flaw in Zimbra Collaboration Suite actively exploited Full Text

Abstract Threat actors are exploiting an unpatched severe remote code execution vulnerability in the Zimbra collaboration platform. Researchers from Rapid7 are warning of the exploitation of unpatched zero-day remote code execution vulnerability, tracked as CVE-2022-41352,...

Security Affairs

October 7, 2022

New cryptojacking campaign exploits OneDrive vulnerability Full Text

Abstract In a new development, cybersecurity software maker Bitdefender has detected a cryptojacking campaign that uses a Microsoft OneDrive vulnerability to gain persistence and run undetected on infected devices.

CSO Online

October 07, 2022

Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy Full Text

Abstract Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices. Tracked as  CVE-2022-40684 , the high-severity flaw relates to an  authentication bypass vulnerability  that could permit an unauthenticated adversary to perform arbitrary operations on the administrative interface. The issue impacts the following versions, and has been addressed in FortiOS versions  7.0.7  and  7.2.2 , and FortiProxy version  7.0.7  released this week - FortiOS - From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1 FortiProxy - From 7.0.0 to 7.0.6 and 7.2.0 "Due to the ability to exploit this issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade," the company  cautioned  in an alert shared by a security researcher named Gitworm on Twitter. When reached for a comment, Fortine

The Hacker News

October 7, 2022

VMware fixed a high-severity bug in vCenter Server Full Text

Abstract VMware this week addressed a severe vulnerability in vCenter Server that could lead to arbitrary code execution. VMware on Thursday released security patches to address a code execution vulnerability, tracked as CVE-2022-31680 (CVSS score of 7.2),...

Security Affairs

October 7, 2022

Fortinet urges customers to immediately fix a critical authentication bypass flaw in FortiGate and FortiProxy Full Text

Abstract Customers that are not able to upgrade their systems should restrict access to their devices to a specific set of IP addresses. At this time it is not clear if the vulnerability has been actively exploited in attacks in the wild.

Security Affairs

October 7, 2022

Fortinet urges customers to immediately fix a critical authentication bypass flaw in FortiGate and FortiProxy Full Text

Abstract Fortinet addressed a critical authentication bypass vulnerability that impacted FortiGate firewalls and FortiProxy web proxies. Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls...

Security Affairs

October 7, 2022

VMware Patches Code Execution Vulnerability in vCenter Server Full Text

Abstract VMware announced patches for a vCenter Server vulnerability that could lead to arbitrary code execution. Tracked as CVE-2022-31680 (CVSS score: 7.2), its described as an unsafe deserialization vulnerability in the platform services controller (PSC).

Security Week

October 07, 2022

Fortinet warns admins to patch critical auth bypass bug immediately Full Text

Abstract Fortinet has warned administrators to update FortiGate firewalls and FortiProxy web proxies to the latest versions, which address a critical severity vulnerability.

BleepingComputer

October 07, 2022

Hackers Can Use ‘App Mode’ in Chromium Browsers’ for Stealth Phishing Attacks Full Text

Abstract In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "realistic desktop phishing applications." Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the address bar. According to security researcher mr.d0x – who also devised the browser-in-the-browser ( BitB ) attack method earlier this year – a bad actor can leverage this behavior to resort to some HTML/CSS trickery and display a fake address bar on top of the window and fool users into giving up their credentials on rogue login forms. "Although this technique is meant more towards internal phishing, you can technically still use it in an external phishing scenario," mr.d0x  said . "You can deliver these fake applications independently as files." This is

The Hacker News

October 7, 2022

Critical flaw in open source WebPageTest remains unpatched Full Text

Abstract In a blog post dated September 23, ManoMano researcher Louka “Laluka” Jacques-Chevallier discussed his discovery of a pre-authentication RCE vulnerability in the open-source project WebPageTest.

The Daily Swig

October 6, 2022

Watch out, a bug in Linux Kernel 5.19.12 can damage displays on Intel laptops Full Text

Abstract A bug in Linux Kernel 5.19.12 that was released at the end of September 2022 can potentially damage the displays of Intel laptops. Linux users reported the displays of their Intel laptops rapidly blinking, flickering, and showing white flashes after...

Security Affairs

October 6, 2022

Cisco fixed two high-severity bugs in Communications, Networking Products Full Text

Abstract Cisco announced it has addressed high-severity vulnerabilities affecting some of its networking and communications products, including Enterprise NFV, Expressway, and TelePresence.

Security Affairs

October 06, 2022

Details Released for Recently Patched new macOS Archive Utility Vulnerability Full Text

Abstract Security researchers have shared details about a now-addressed security flaw in Apple's macOS operating system that could be potentially exploited to run malicious applications in a manner that can bypass Apple's security measures. The vulnerability, tracked as  CVE-2022-32910 , is rooted in the built-in Archive Utility and "could lead to the execution of an unsigned and unnotarized application without displaying security prompts to the user, by using a specially crafted archive," Apple device management firm Jamf said in an analysis. Following responsible disclosure on May 31, 2022, Apple addressed the issue as part of  macOS Big Sur 11.6.8  and  Monterey 12.5  released on July 20, 2022. The tech giant, for its part, also revised the earlier-issued advisories as of October 4 to add an entry for the flaw. Apple described the bug as a logic issue that could allow an archive file to get around Gatekeeper checks, which is designed so as to ensure that only trusted

The Hacker News

October 6, 2022

Cisco fixed two high-severity bugs in Communications, Networking Products Full Text

Abstract Cisco fixed high-severity flaws in some of its networking and communications products, including Enterprise NFV, Expressway and TelePresence. Cisco announced it has addressed high-severity vulnerabilities affecting some of its networking and communications...

Security Affairs

October 6, 2022

Dex patches authentication bug that enabled unauthorized access to client applications Full Text

Abstract OpenID Connect (OIDC) identity service Dex has patched a critical vulnerability that would allow an attacker to fetch an ID token through an intercepted authorization code and potentially gain unauthorized access to client applications.

The Daily Swig

October 05, 2022

Mitigation for Exchange Zero-Days Bypassed! Microsoft Issues New Workarounds Full Text

Abstract Microsoft has revised its mitigation measures for the newly disclosed and actively exploited zero-day flaws in Exchange Server after it was found that they could be trivially bypassed. The two vulnerabilities, tracked as CVE-2022-41040 and CVE-2022-41082, have been codenamed  ProxyNotShell  due to similarities to another set of flaws called  ProxyShell , which the tech giant resolved last year. In-the-wild attacks abusing the  shortcomings  have chained the two flaws to gain remote code execution on compromised servers with elevated privileges, leading to the deployment of web shells. The Windows maker, which is yet to release a fix for the bugs, has acknowledged that a single state-sponsored threat actor may have been weaponizing the flaws since August 2022 in limited targeted attacks. In the meantime, the company has made available temporary workarounds to reduce the risk of exploitation by restricting known attack patterns through a rule in the IIS Manager. However, according

The Hacker News

October 05, 2022

Microsoft updates mitigation for ProxyNotShell Exchange zero days Full Text

Abstract Microsoft has updated the mitigation for the latest Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also referred to ProxyNotShell.

BleepingComputer

October 4, 2022

A flaw in the Packagist PHP repository could have allowed supply chain attacks Full Text

Abstract Experts disclosed a flaw in the PHP software package repository Packagist that could have been exploited to carry out supply chain attacks. SonarSource Researchers disclosed details about a now-fixed vulnerability (CVE-2022-24828) in PHP software...

Security Affairs

October 4, 2022

Hackers Target Zero-Days in Microsoft Exchange Full Text

Abstract Vietnamese cybersecurity company GTSC uncovered a zero-day in fully patched Microsoft Exchange servers. The flaws are being tracked (by Zero Day Initiative) as ZDI-CAN-18333 with a CVSS score of 8.8 and ZDI-CAN-18802 with a CVSS score of 6.3. The bug could be abused by attackers to achieve remote a ... Read More

Cyware Alerts - Hacker News

October 04, 2022

Researchers Report Supply Chain Vulnerability in Packagist PHP Repository Full Text

Abstract Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks. "This vulnerability allows gaining control of  Packagist ," SonarSource researcher Thomas Chauchefoin  said  in a report shared with The Hacker News. Packagist is used by the PHP package manager Composer to determine and download software dependencies that are included by developers in their projects. The disclosure comes as planting malware in open source repositories is turning into an attractive conduit for mounting  software supply chain attacks . Tracked as  CVE-2022-24828  (CVSS score: 8.8), the  issue  has been described as a case of command injection and is linked to another similar Composer bug ( CVE-2021-29472 ) that came to light in April 2021, suggesting an inadequate patch. "An attacker controlling a Git or Mercurial repository explicitly listed by URL

The Hacker News

October 4, 2022

Microsoft mitigations for recently disclosed Exchange zero-days can be easily bypassed Full Text

Abstract The mitigation shared by Microsoft for the two recently disclosed Exchange zero-day vulnerabilities can be bypassed, expert warns. Last week, Microsoft confirmed that two zero-day vulnerabilities in Microsoft Exchange recently disclosed by researchers...

Security Affairs

October 4, 2022

JavaScript sandbox vm2 remediates remote code execution risk Full Text

Abstract A bug in vm2, a popular JavaScript sandbox environment, could allow malicious actors to bypass sandbox protections and stage remote code execution (RCE) on the host device.

The Daily Swig

October 4, 2022

Critical Vulnerabilities Expose Parking Management System to Hacker Attacks Full Text

Abstract Nearly a dozen vulnerabilities have been found in a car parking management system made by Italian company Carlo Gavazzi, which makes electronic control components for building and industrial automation.

Security Week

October 03, 2022

Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers Full Text

Abstract The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver ( BYOVD ) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter)ception  that's directed against aerospace and defense industries. "The campaign started with spear-phishing emails containing malicious Amazon-themed documents and targeted an employee of an aerospace company in the Netherlands, and a political journalist in Belgium," ESET researcher Peter Kálnai  said . Attack chains unfolded upon the opening of the lure documents, leading to the distribution of malicious droppers that were trojanized versions of open source projects, corroborating recent reports from Google's  Mandiant  and  Microsoft . ESET said it uncovered evid

The Hacker News

October 3, 2022

Reflected XSS bugs in Canon Medical ’s Vitrea View could expose patient info Full Text

Abstract Trustwave researchers discovered two XSS flaws in Canon Medical ’s Vitrea View tool that could expose patient information. During a penetration test, Trustwave Spiderlabs’ researchers discovered two reflected cross-site scripting (XSS) vulnerabilities,...

Security Affairs

October 03, 2022

Microsoft Exchange server zero-day mitigation can be bypassed Full Text

Abstract Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough.

BleepingComputer

October 1, 2022

SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates Full Text

Abstract Researchers have discovered the group behind the SolarMarker malware targeting a global tax consulting organization with a presence in the US, Canada, the UK, and Europe, which is using fake Chrome browser updates as part of watering hole attacks.

Dark Reading

October 01, 2022

Lazarus hackers abuse Dell driver bug using new FudModule rootkit Full Text

Abstract The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack.

BleepingComputer

September 30, 2022

Microsoft confirms Exchange zero-day flaws actively exploited in the wild Full Text

Abstract Microsoft confirmed that two recently disclosed zero-day flaws in Microsoft Exchange are being actively exploited in the wild. Microsoft confirmed that two zero-day vulnerabilities in Microsoft Exchange recently disclosed by researchers at cybersecurity...

Security Affairs

September 30, 2022

Cisco Patches High-Severity Vulnerabilities in Networking Software Full Text

Abstract Cisco announced IOS and IOS XE software updates that address 12 security vulnerabilities. The bugs were resolved as part of Cisco’s semiannual bundle patches for its networking software, which it releases in March and September.

Security Week

September 30, 2022

Unpatched Microsoft Exchange Zero-Day actively exploited in the wild Full Text

Abstract Security researchers are warning of a new Microsoft Exchange zero-day that are being exploited by malicious actors in the wild. Cybersecurity firm GTSC discovered two Microsoft Exchange zero-day vulnerabilities that are under active exploitation in attacks...

Security Affairs

September 30, 2022

Microsoft Confirms 2 New Exchange Zero-Day Flaws Being Used in the Wild Full Text

Abstract Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following  reports of in-the-wild exploitation . "The first vulnerability, identified as  CVE-2022-41040 , is a Server-Side Request Forgery ( SSRF ) vulnerability, while the second, identified as  CVE-2022-41082 , allows remote code execution (RCE) when PowerShell is accessible to the attacker," the tech giant  said . The company also confirmed that it's aware of "limited targeted attacks" weaponizing the flaws to obtain initial access to targeted systems, but emphasized that authenticated access to the vulnerable Exchange Server is required to achieve successful exploitation. The attacks detailed by Microsoft show that the two flaws are stringed together in an exploit chain, with the SSRF bug enabling an authenticated adversary to remotely trigger arbitrary code execution. The Redmond-based company also confirmed that it'

The Hacker News

September 29, 2022

New Microsoft Exchange zero-day actively exploited in attacks Full Text

Abstract Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks.

BleepingComputer

September 29, 2022

Drupal Updates Patch Vulnerability in Twig Template Engine Full Text

Abstract “Multiple vulnerabilities are possible if an untrusted user has access to write Twig code, including potential unauthorized read access to private files, the contents of other files on the server, or database credentials,” Drupal noted.

Security Week

September 29, 2022

Details Disclosed After Schneider Electric Patches Critical Flaw Allowing PLC Hacking Full Text

Abstract Schneider Electric in recent months released patches for its EcoStruxure platform and some Modicon programmable logic controllers (PLCs) to address a critical vulnerability that was disclosed more than a year ago.

Security Week

September 29, 2022

Matrix: Install security update to fix end-to-end encryption flaws Full Text

Abstract Matrix decentralized communication platform has published a security warning about two critical-severity vulnerabilities that affect the end-to-end encryption in the software development kit (SDK).

BleepingComputer

September 28, 2022

Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely Full Text

Abstract WhatsApp has released  security updates  to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns  CVE-2022-36934  (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and WhatsApp Business for Android and iOS prior to versions 2.22.16.12. Also patched by the Meta-owned messaging platform is an integer underflow bug, which refers to an opposite category of errors that occur when the result of an operation is too small for storing the value within the allocated memory space. The high-severity issue, given the CVE identifier  CVE-2022-27492  (CVSS score: 7.8), affects WhatsApp for Android prior to versions 2.22.16.2 and WhatsApp for iOS version 2.22.15.9, and could be triggered upon receiving a specially crafted video file. Exploiting  integer overflows  and

The Hacker News

September 28, 2022

Java template framework Pebble vulnerable to command injection Full Text

Abstract Java templating engine Pebble was vulnerable to a bug that could allow attackers to bypass its security mechanisms and conduct command injection attacks against host servers.

The Daily Swig

September 28, 2022

Ethernet VLAN Stacking flaws let hackers launch DoS, MiTM attacks Full Text

Abstract Four vulnerabilities in the widely adopted 'Stacked VLAN' Ethernet feature allows attackers to perform denial-of-service (DoS) or man-in-the-middle (MitM) attacks against network targets using custom-crafted packets.

BleepingComputer

September 27, 2022

WhatsApp fixed critical and high severy vulnerabilities Full Text

Abstract WhatsApp has addressed two severe Remote Code Execution vulnerabilities affecting the mobile version of the software. WhatsApp has published three security advisories for 2022, two of which are related to CVE-2021-24042 and CVE-2021-24043 vulnerabilities...

Security Affairs

September 27, 2022

Two Remote Code Execution Vulnerabilities Patched in WhatsApp Full Text

Abstract WhatsApp only has three security advisories for 2022, with the first two released in January and February. The latest advisory, released this month, informs customers of two memory-related issues affecting the WhatsApp mobile applications.

Security Week

September 24, 2022

ISC fixed high-severity flaws in the BIND DNS software Full Text

Abstract The Internet Systems Consortium (ISC) fixed six remotely exploitable vulnerabilities in the BIND DNS software. The Internet Systems Consortium (ISC) this week released security patches to address six remotely exploitable vulnerabilities in BIND DNS software. Four...

Security Affairs

September 24, 2022

Hackers Actively Exploiting New Sophos Firewall RCE Vulnerability Full Text

Abstract Security software company Sophos has warned of cyberattacks targeting a recently addressed critical vulnerability in its firewall product. The issue, tracked as  CVE-2022-3236  (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the User Portal and Webadmin components that could result in remote code execution. The company  said  it "has observed this vulnerability being used to target a small set of specific organizations, primarily in the South Asia region," adding it directly notified these entities. As a workaround, Sophos is recommending that users take steps to ensure that the User Portal and Webadmin are not exposed to WAN. Alternatively, users can update to the latest supported version - v19.5 GA v19.0 MR2 (19.0.2) v19.0 GA, MR1, and MR1-1 v18.5 MR5 (18.5.5) v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4 v18.0 MR3, MR4, MR5, and MR6 v17.5 MR12, MR13, MR14, MR15, MR16, and MR17 v17.0 MR10 Users

The Hacker News

September 24, 2022

Sophos warns of a new actively exploited flaw in Firewall product Full Text

Abstract Cybersecurity firm, Sophos, warned of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product which is being exploited in the wild.

Security Affairs

September 23, 2022

Sophos warns of a new actively exploited flaw in Firewall product Full Text

Abstract Sophos warns that a critical code injection security vulnerability in its Firewall product is actively exploited in the wild. Sophos warns of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product...

Security Affairs

September 23, 2022

Surge in Magento 2 template attacks exploiting the CVE-2022-24086 flaw Full Text

Abstract Sansec researchers warn of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Sansec researchers are warning of a hacking campaign targeting the CVE-2022-24086 Magento 2 vulnerability. Magento...

Security Affairs

September 22, 2022

AttachMe: a critical flaw affects Oracle Cloud Infrastructure (OCI) Full Text

Abstract A critical vulnerability in Oracle Cloud Infrastructure (OCI) could be exploited to access the virtual disks of other Oracle customers. Wiz researchers discovered a critical flaw in Oracle Cloud Infrastructure (OCI) that could be exploited by users...

Security Affairs

September 22, 2022

A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects Full Text

Abstract More than 350,000 open source projects can be potentially affected by a 15-Year-Old unpatched Python vulnerability More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS...

Security Affairs

September 22, 2022

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign Full Text

Abstract Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134...

Security Affairs

September 22, 2022

Critical Magento vulnerability targeted in new surge of attacks Full Text

Abstract Researchers have observed a surge in hacking attempts targeting CVE-2022-24086, a critical Magento 2 vulnerability allowing unauthenticated attackers to execute code on unpatched sites.

BleepingComputer

September 22, 2022

Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure Full Text

Abstract Researchers have disclosed a new severe Oracle Cloud Infrastructure (OCI) vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. "Each virtual disk in Oracle's cloud has a unique identifier called OCID," Shir Tamari, head of research at Wiz,  said  in a series of tweets. "This identifier is not considered secret, and organizations do not treat it as such." "Given the OCID of a victim's disk that is not currently attached to an active server or configured as shareable, an attacker could 'attach' to it and obtain read/write over it," Tamari added. The cloud security firm, which dubbed the tenant isolation vulnerability " AttachMe ," said Oracle  patched the issue  within 24 hours of responsible disclosure on June 9, 2022. Accessing a volume using the CLI without sufficient permissions At its core, the vulnerability is rooted in the fact that a disk could be attached to a compute

The Hacker News

September 22, 2022

15-Year-Old Unpatched Python Vulnerability Potentially Affects Over 350,000 Projects Full Text

Abstract As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years. The open source repositories span a number of industry verticals, such as software development, artificial intelligence/machine learning, web development, media, security, IT management. The shortcoming, tracked as  CVE-2007-4559  (CVSS score: 6.8), is rooted in the tarfile module, successful exploitation of which could lead to code execution from an arbitrary file write. "The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the '..' sequence to filenames in a TAR archive," Trellix security researcher Kasimir Schulz  said  in a writeup. Originally disclosed in August 2007, the bug has to do with how a specially crafted tar archive can be leveraged to overwrite a

The Hacker News

September 21, 2022

Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet Full Text

Abstract An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to  install a cryptocurrency miner . It's not immediately known if all of these hosts were successfully compromised. Nonetheless, it was made possible by means of a "lesser-known technique" designed to trick the servers into writing data to arbitrary files – a case of  unauthorized access  that was first documented in September 2018. "The general idea behind this exploitation technique is to configure Redis to write its file-based database to a directory containing some method to authorize a user (like adding a key to '.ssh/authorized_keys'), or start a process (like adding a script to '/etc/cron.d')," Censys  said  in a new write-up. The attack surface management platform said it uncovered evidence (i.e., Redis commands) indicating efforts on part of the attacker to store malicious  crontab entries  into the file "/var/

The Hacker News

September 21, 2022

Twitter failed to log you out of all devices after password resets Full Text

Abstract Twitter logged out some users after addressing a bug where some Twitter accounts remained logged on some mobile devices after voluntary password resets.

BleepingComputer

September 21, 2022

Prototype pollution bug in Chromium bypassed Sanitizer API Full Text

Abstract Reported by security researcher Micha? Bentkowski, the bug highlights the challenges of preventing client-side prototype pollution attacks. Prototype pollution can happen both on the client side (browser) and server side (Node.js servers).

The Daily Swig

September 21, 2022

Parse Server fixes brute-forcing bug that put sensitive user data at risk Full Text

Abstract Tracked as CVE-2022-36079, the high severity issue was assigned a CVSS rating of 8.6 by GitHub but 7.5 by the National Institute of Standards and Technology (NIST). Attack complexity was deemed ‘low’.

The Daily Swig

September 21, 2022

Unpatched 15-year old Python bug allows code execution in 350k projects Full Text

Abstract A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than 350,000 open-source repositories and can lead to code execution.

BleepingComputer

September 21, 2022

Critical Remote Hack Flaws Found in Dataprobe’s Power Distribution Units Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an industrial control systems (ICS) advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe iBoot-PDU device," the agency  said  in a notice. Credited with disclosing the flaws is industrial cybersecurity firm Claroty, which  said  the weaknesses could be remotely triggered "either through a direct web connection to the device or via the cloud." iBoot-PDU  is a power distribution unit (PDU) that provides users with real-time monitoring capabilities and sophisticated alerting mechanisms via a web interface so as to control the power supply to devices and other equipment in an OT environment. The vulnerabilities assume new significance when taking into consid

The Hacker News

September 20, 2022

Vulnerability Management Fatigue Fueled by Non-Exploitable Bugs Full Text

Abstract Companies are faced with a backlog of 100,000 vulnerabilities within their systems. Not all are exploitable – in fact, 85% cannot or cannot really be exploited. Nevertheless, 15,000 remaining vulnerabilities is a frightening number.

Security Week

September 20, 2022

MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches Full Text

Abstract Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. One component of these attacks that is becoming more popular with the rise of multi-factor authentication is a technique called MFA Fatigue.

BleepingComputer

September 19, 2022

High severity vulnerabilities found in Harbor open-source artifact registry Full Text

Abstract Oxeye security researchers have uncovered several new high severity variants of the Insecure Director Object Reference (IDOR) vulnerabilities in CNCF-graduated project Harbor, the popular open-source artifact registry by VMware.

Help Net Security

September 19, 2022

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes Full Text

Abstract Researchers discovered two critical vulnerabilities (CVE–2022–36158 and CVE–2022–36159) in Flexlan devices that provide WiFi on airplanes. Researchers from Necrum Security Labs discovered a couple of critical vulnerabilities, tracked as CVE–2022–36158...

Security Affairs

September 18, 2022

Netgear Routers impacted by FunJSQ Game Acceleration Module flaw Full Text

Abstract Multiple Netgear router models are impacted by an arbitrary code execution via FunJSQ, which is a third-party module for online game acceleration. Researchers at security and compliance assessment firm Onekey warns of an arbitrary code execution via FunJSQ,...

Security Affairs

September 17, 2022

Twitter pranksters derail GPT-3 bot with newly discovered “prompt injection” hack Full Text

Abstract A few Twitter users discovered how to hijack an automated tweet bot, dedicated to remote jobs, running on the GPT-3 language model by OpenAI, using a newly discovered technique called a "prompt injection attack."

ARS Technica

September 17, 2022

Water Tank Management System Used Worldwide Has Unpatched Security Hole Full Text

Abstract A water tank management system used by organizations worldwide is affected by a critical vulnerability that can be exploited remotely and the vendor does not appear to want to patch it.

Security Week

September 16, 2022

OIG Warns USCIS Over Unauthorized Access to Systems and Information Full Text

Abstract OIG said the deficiencies stemmed from insufficient internal controls and day-to-day oversight to ensure access controls are administered appropriately and effectively to prevent unauthorized access.

HS Today

September 16, 2022

SAP Patches High-Severity Flaws in Business One, BusinessObjects, GRC Full Text

Abstract The most important of the newly released security notes deals with a high-severity vulnerability, tracked as CVE-2022-35292 (CVSS score of 7.8), in Business One that could lead to escalation of privileges.

Security Week

September 15, 2022

Google Improves Chrome Protections Against Use-After-Free Bug Exploitation Full Text

Abstract For security flaws in the browser process, Google has introduced MiraclePtr, which rewrites the codebase to use a smart pointer type called ‘raw_ptr’ to prevent the exploitation of use-after-free bugs.

Security Week

September 15, 2022

Microsoft Edge’s News Feed ads abused for tech support scams Full Text

Abstract An ongoing malvertising campaign is injecting ads in the Microsoft Edge News Feed to redirect potential victims to websites pushing tech support scams.

BleepingComputer

September 14, 2022

New Lenovo BIOS updates fix security bugs in hundreds of models Full Text

Abstract Chinese computer manufacturer Lenovo has issued a security advisory to warn its clients about several high-severity vulnerabilities impacting a wide range of products in the Desktop, All in One, Notebook, ThinkPad, ThinkServer, and ThinkStation lines.

BleepingComputer

September 14, 2022

Threat actors are actively exploiting a zero-day in WPGateway WordPress plugin Full Text

Abstract Threat actors are actively exploiting a zero-day vulnerability in the WPGateway premium plugin to target WordPress websites. The Wordfence Threat Intelligence team reported that threat actors are actively exploiting a zero-day vulnerability (CVE-2022-3180)...

Security Affairs

September 14, 2022

Passengers Exposed to Hacking via Vulnerabilities in Airplane Wi-Fi Devices Full Text

Abstract Researchers Thomas Knudsen and Samy Younsi of Necrum Security Labs identified the vulnerabilities in the Flexlan FX3000 and FX2000 series wireless LAN devices made by Contec.

Security Week

September 14, 2022

Microsoft’s Latest Security Update Fixes 64 New Flaws, Including a Zero-Day Full Text

Abstract Tech giant Microsoft on Tuesday shipped fixes to quash  64 new security flaws  across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to  16 vulnerabilities  that Microsoft addressed in its Chromium-based Edge browser earlier this month. "In terms of CVEs released, this Patch Tuesday may appear on the lighter side in comparison to other months," Bharat Jogi, director of vulnerability and threat research at Qualys, said in a statement shared with The Hacker News. "However, this month hit a sizable milestone for the calendar year, with MSFT having fixed the 1000th CVE of 2022 – likely on track to surpass 2021 which patched 1,200 CVEs in total." The actively exploited vulnerability in question is  CVE-2022-37969  (CVSS score: 7.8), a privilege escalation flaw

The Hacker News

September 14, 2022

Microsoft September 2022 Patch Tuesday fixed actively exploited zero-day Full Text

Abstract Microsoft released September 2022 Patch Tuesday security updates to address 64 flaws, including an actively exploited Windows zero-day. Microsoft September 2022 Patch Tuesday security updates address 64 vulnerabilities, including an actively exploited...

Security Affairs

September 14, 2022

Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability Full Text

Abstract A zero-day flaw in the latest version of a WordPress premium plugin known as  WPGateway  is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as  CVE-2022-3180  (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence noted. "Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator," Wordfence researcher Ram Gall  said  in an advisory. WPGateway is billed as a means for site administrators to install, backup, and clone WordPress plugins and themes from a unified dashboard. The most common indicator that a website running the plugin has been compromised is the presence of an administrator with the username "rangex." Additionally, the appearance of requests to "//wp-content/plugins/wpgateway/wpgateway-webse

The Hacker News

September 14, 2022

Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs Full Text

Abstract Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication (MFA) turned on.

BleepingComputer

September 13, 2022

Zero-day in WPGateway Wordpress plugin actively exploited in attacks Full Text

Abstract The Wordfence Threat Intelligence team warned today that WordPress sites are actively targeted with exploits targeting a zero-day vulnerability in the WPGateway premium plugin.

BleepingComputer

September 13, 2022

Trend Micro addresses actively exploited Apex One zero-day Full Text

Abstract Trend Micro addressed multiple vulnerabilities in its Apex One endpoint security product, including actively exploited zero-day flaws. Trend Micro announced this week the release of security patches to address multiple vulnerabilities in its Apex...

Security Affairs

September 13, 2022

Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws Full Text

Abstract Today is Microsoft's September 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 63 flaws.

BleepingComputer

September 13, 2022

Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw Full Text

Abstract Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild. The issue, assigned the identifier  CVE-2022-32917 , is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges. "Apple is aware of a report that this issue may have been actively exploited," the iPhone maker acknowledged in a brief statement, adding it resolved the bug with improved bound checks. An anonymous researcher has been credited with reporting the shortcoming. It's worth noting that CVE-2022-32917 is also the  second Kernel related zero-day flaw  that Apple has remediated in less than a month. Patches are available in versions  iOS 15.7, iPadOS 15.7 ,  iOS 16 ,  macOS Big Sur 11.7 , and  macOS Monterey 12.6 . The iOS and iPadOS updates cover iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generati

The Hacker News

September 13, 2022

Azure Active Directory Pass-Through Authentication Flaws Full Text

Abstract Secureworks CTU researchers shared their findings with Microsoft on May 10, 2022. Microsoft responded on July 2 that PTA is working as intended and gave no indication of plans to address the reported flaws.

Secure Works

September 13, 2022

Trend Micro warns of actively exploited Apex One RCE vulnerability Full Text

Abstract Security software firm Trend Micro warned customers today to patch an actively exploited Apex One security vulnerability as soon as possible.

BleepingComputer

September 13, 2022

Siemens and Schneider Electric Fix High-Severity Vulnerabilities Full Text

Abstract Siemens and Schneider Electric have released their Patch Tuesday security advisories to inform customers about dozens of vulnerabilities affecting their industrial products.

Security Week

September 13, 2022

Trend Micro Patches Another Apex One Vulnerability Exploited in Attacks Full Text

Abstract The security hole allows the agent to download unverified rollback components and execute arbitrary code, according to a translation of a Japanese-language advisory released by Trend Micro.

Security Week

September 12, 2022

Vulnerability in Xalan-J could allow arbitrary code execution Full Text

Abstract Xalan-J is a Java version implementation of an XSLT processor. The project is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets, discovered by Google Project Zero’s Felix Wilhelm.

The Daily Swig

September 12, 2022

Apple fixed the eighth actively exploited zero-day this year Full Text

Abstract Apple has addressed the eighth zero-day vulnerability that is actively exploited in attacks against iPhones and Macs since January. Apple has released security updates to fix a zero-day vulnerability, tracked as CVE-2022-32917, which is actively exploited...

Security Affairs

September 12, 2022

Apple fixes eighth zero-day used to hack iPhones and Macs this year Full Text

Abstract Apple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs since the start of the year.

BleepingComputer

September 12, 2022

More Path Filter Bypass Vulnerabilities in Java Open Source Projects Full Text

Abstract As a security precaution, a web application typically has a path filter mechanism to prevent an unauthorized user from exploiting an unintended functionality via a specially crafted URL.

Fortinet

September 12, 2022

High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices Full Text

Abstract A number of firmware security flaws uncovered in HP's business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure. Binarly, which first  revealed details  of the issues at the  Black Hat USA conference  in mid-August 2022, said the vulnerabilities "can't be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement." Firmware flaws can have serious implications as they can be abused by an adversary to achieve long-term persistence on a device in a manner that can survive reboots and evade traditional operating system-level security protections. The high-severity weaknesses identified by Binarly affect HP EliteBook devices and concern a case of memory corruption in the System Management Mode (SMM) of the firmware, thereby enabling the execution of arbitrary code with the highest privileges - CVE-2022-23930  (CVSS score: 8.2) - Stack-based buffer

The Hacker News

September 12, 2022

Some firmware bugs in HP business devices are yet to be fixed Full Text

Abstract Six high-severity firmware bugs affecting several HP Enterprise devices are yet to be patched, some of them since July 2021. The Binarly security research team reported several HP Enterprise devices are affected by six high-severity firmware vulnerabilities...

Security Affairs

September 12, 2022

VMware: 70% drop in Linux ESXi VM performance with Retbleed fixes Full Text

Abstract VMware is warning that ESXi VMs running on Linux kernel 5.19 can have up to a 70% performance drop when Retbleed mitigations are enabled compared to the Linux kernel 5.18 release.

BleepingComputer

September 12, 2022

Critical KEPServerEX Flaws Can Put Attackers in Powerful Position in OT Networks Full Text

Abstract Claroty discovered that KEPServerEX is affected by two critical vulnerabilities that could allow an attacker to crash a server, obtain data, or remotely execute arbitrary code by sending specially crafted OPC UA messages to the targeted system.

Security Week

September 11, 2022

Firmware bugs in many HP computer models left unfixed for over a year Full Text

Abstract A set of six high-severity firmware vulnerabilities impacting a broad range of HP devices used in enterprise environments are still waiting to be patched, although some of them were publicly disclosed since July 2021.

BleepingComputer

September 10, 2022

Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin Full Text

Abstract The vulnerability, tracked as CVE-2022-31474 (CVSS score: 7.5), can be exploited by an unauthenticated user to download arbitrary files from the affected site. It has been estimated that the plugin has around 140,000 active installations.

Security Affairs

September 9, 2022

Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin Full Text

Abstract Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy...

Security Affairs

September 9, 2022

Report identified key vulnerabilities two years before cyberattack on L.A. Unified Full Text

Abstract The report indicated that district staff agreed with its findings and committed to addressing them, but district officials did not clarify Wednesday which of the recommended actions were carried out.

LA Times

September 9, 2022

ManageEngine vulnerability posed code injection risk for password management software Full Text

Abstract A researcher has discovered a vulnerability in ManageEngine that could allow an attacker to execute arbitrary code on affected installations of some of its password and access management tools.

The Daily Swig

September 08, 2022

New Vulnerabilities Reported in Baxter’s Internet-Connected Infusion Pumps Full Text

Abstract Multiple security vulnerabilities have been disclosed in Baxter's internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients. "Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said  in a coordinated advisory. Infusion pumps are internet-enabled devices used by hospitals to deliver medication and nutrition directly into a patient's circulatory system. The four vulnerabilities in question, discovered by  cybersecurity firm Rapid7  and reported to Baxter in April 2022, affect the following Sigma Spectrum Infusion systems - Sigma Spectrum v6.x model 35700BAX Sigma Spectrum v8.x model 35700BAX2 Baxter Spectrum IQ (v9.x) model 35700BAX3 Sigma Spectrum LVP v6.x Wireless Battery Modules v16, v16D38, v17, v17D19, v20D29 to v20D32, and v22D24 to v22D28 Sig

The Hacker News

September 8, 2022

Vendor disputes seriousness of firewall plugin RCE flaw Full Text

Abstract Security researchers from IHTeam have uncovered a serious vulnerability in a plugin to the pfSense firewall technology. The pfSense pfBlockerNG vulnerability is tracked as CVE-2022-31814.

The Daily Swig

September 8, 2022

Cisco will not fix the authentication bypass flaw in EoL routers Full Text

Abstract Cisco fixed new security flaws affecting its products, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit. The most severe issues fixed by Cisco are an unauthenticated Access to Messaging Services Vulnerability...

Security Affairs

September 08, 2022

Cisco Releases Security Patches for New Vulnerabilities Impacting Multiple Products Full Text

Abstract Cisco on Wednesday rolled out patches to address  three security flaws  affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month. Tracked as  CVE-2022-28199  (CVSS score: 8.6), the vulnerability stems from a lack of proper error handling in DPDK's network stack, enabling a remote adversary to trigger a denial-of-service (DoS) condition and cause an impact on data integrity and confidentiality. "If an error condition is observed on the device interface, the device may either reload or fail to receive traffic, resulting in a denial-of-service (DoS) condition," Cisco  said  in a notice published on September 7. DPDK  refers to a set of libraries and optimized network interface card (NIC) drivers for fast packet processing, offering a framework and common API for high-speed networking applications. Cisco said it investigated its product lineup and determined the following services to be affecte

The Hacker News

September 07, 2022

HP fixes severe bug in pre-installed Support Assistant tool Full Text

Abstract HP issued a security advisory alerting users about a newly discovered vulnerability in HP Support Assistant, a software tool that comes pre-installed on all HP laptops and desktop computers, including the Omen sub-brand.

BleepingComputer

September 07, 2022

Cisco won’t fix authentication bypass zero-day in EoL routers Full Text

Abstract Cisco says that a new authentication bypass flaw affecting multiple small business VPN routers will not be patched because the devices have reached end-of-life (EoL).

BleepingComputer

September 7, 2022

Zyxel addressed a critical RCE flaw in its NAS devices Full Text

Abstract Networking equipment vendor Zyxel addressed a critical vulnerability impacting its network-attached storage (NAS) devices. Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747, impacting its network-attached storage (NAS) devices. The...

Security Affairs

September 07, 2022

Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released Full Text

Abstract Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices. Tracked as  CVE-2022-34747  (CVSS score: 9.8), the issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models. Zyxel credited researcher Shaposhnikov Ilya for reporting the flaw. "A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet," the company  said  in an advisory released on September 6. The flaw affects the following versions - NAS326 (V5.21(AAZF.11)C0 and earlier) NAS540 (V5.21(AATB.8)C0 and earlier), and NAS542 (V5.21(ABAG.8)C0 and earlier) The disclosure comes as Zyxel previously addressed local privilege escalation and authenticated directory traversal vulnerabilities ( CVE-2022-30526 and CVE-2022-2030 ) affecting its firewall products in July. Hacki

The Hacker News

September 6, 2022

Mirai Variant MooBot Targeting D-Link Devices Full Text

Abstract In early August, Unit 42 researchers discovered attacks leveraging several vulnerabilities in devices made by D-Link, a company that specializes in network and connectivity products.

Palo Alto Networks

September 06, 2022

Zyxel releases new NAS firmware to fix critical RCE vulnerability Full Text

Abstract Zyxel Corporation, the Taiwanese networking and data storage device maker, has issued a security advisory to warn clients of a critical remote code execution (RCE) vulnerability impacting three models of its NAS products.

BleepingComputer

September 5, 2022

Critical Flaw in TikTok Allows Account Hijacking Full Text

Abstract A now-patched, high-severity flaw in the Android version of TikTok could have resulted in attackers hijacking user accounts with a single click - disclosed Microsoft. Attackers can use that access to modify users' TikTok profiles and sensitive information, such as sending messages, posting private ... Read More

Cyware Alerts - Hacker News

September 05, 2022

QNAP patches zero-day used in new Deadbolt ransomware attacks Full Text

Abstract QNAP is warning customers of ongoing DeadBolt ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station.

BleepingComputer

September 5, 2022

CSRF flaw in csurf NPM package aimed at protecting against the same flaws Full Text

Abstract Researchers found that while the popular package was intended to defend against CSRF, a CSRF bug has lain dormant within the code since the last version release, impacting any application using the open source package.

The Daily Swig

September 5, 2022

Windows Defender identified Chromium, Electron apps as Hive Ransomware Full Text

Abstract Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify...

Security Affairs

September 04, 2022

Microsoft Defender falsely detects Win32/Hive.ZY in Google Chrome, Electron apps Full Text

Abstract A bad Microsoft Defender signature update mistakenly detects Google Chrome, Microsoft Edge, Discord, and other Electron apps as 'Win32/Hive.ZY' each time the apps are opened in Windows.

BleepingComputer

September 3, 2022

Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects Full Text

Abstract A pair of security vulnerabilities discovered in the GitHub environments of two very popular open source projects from Apache and Google could be used to stealthily modify project source code, steal secrets, and move laterally inside an organization.

Dark Reading

September 3, 2022

Google rolled out emergency fixes to address actively exploited Chrome zero-day Full Text

Abstract Google rolled out emergency fixes to address a vulnerability in the Chrome web browser that is being actively exploited in the wild. Google on Friday released emergency fixes to address a vulnerability, tracked as CVE-2022-3075, in the Chrome web browser...

Security Affairs

September 03, 2022

Google Release Urgent Chrome Update to Patch New Zero-Day Vulnerability Full Text

Abstract Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier  CVE-2022-3075 , concerns a case of insufficient data validating in  Mojo , which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). An anonymous researcher has been credited with reporting the high-severity flaw on August 30, 2022. "Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild," the internet giant  said , without delving into additional specifics about the nature of the attacks to prevent additional threat actors from taking advantage of the flaw. The latest update makes it the sixth zero-day vulnerability in Chrome that Google has resolved since the start of the year - CVE-2022-0609  - Use-after-free in Animation CVE-2022-1096  - Type confusion in V8 CVE-2022-1364  -

The Hacker News

September 02, 2022

Google Chrome emergency update fixes new zero-day used in attacks Full Text

Abstract Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year.

BleepingComputer

September 2, 2022

Google Chrome issue allows overwriting the clipboard content Full Text

Abstract A security issue in the Google Chrome browser could allow malicious web pages to automatically overwrite clipboard content. A vulnerability in the Google Chrome browser, as well as Chromium-based browsers, could allow malicious web pages to automatically...

Security Affairs

September 02, 2022

Warning: PyPI Feature Executes Code Automatically After Python Package Download Full Text

Abstract In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically run when developers are merely downloading a package," Checkmarx researcher Yehuda Gelb  said  in a technical report published this week. "Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates." One of the ways by which packages can be installed for Python is by executing the " pip install " command, which, in turn, invokes a file called "setup.py" that comes bundled along with the module. "setup.py," as the name implies, is a  setup script  that's used to specify metadata associated wit

The Hacker News

September 1, 2022

WatchGuard firewall exploit threatens appliance takeover Full Text

Abstract WatchGuard has patched several vulnerabilities in two main firewall brands that have been rated between medium and critical severity. In combination, two of the flaws enable pre-authentication remote root on every WatchGuard Firebox or XTM appliance.

The Daily Swig

September 1, 2022

1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials Full Text

Abstract Researchers discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials. Researchers from Broadcom Symantec's Threat Hunter team discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services...

Security Affairs

September 01, 2022

Microsoft Discover Severe ‘One-Click’ Exploit for TikTok Android App Full Text

Abstract Microsoft on Wednesday disclosed details of a now-patched "high severity vulnerability" in the TikTok app for Android that could let attackers take over accounts when victims clicked on a malicious link. "Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," Dimitrios Valsamaras of the Microsoft 365 Defender Research Team  said  in a write-up. Successful exploitation of the flaw could have permitted malicious actors to access and modify users' TikTok profiles and sensitive information, leading to the unauthorized exposure of private videos. Attackers could also have abused the bug to send messages and upload videos on behalf of users. The issue, addressed in version 23.7.3, impacts two flavors of its Android app com.ss.android.ugc.trill (for East and Southeast Asian users) and com.zhiliaoapp.musically (for users in other countries except for India, wher

The Hacker News

September 1, 2022

Apple released patches for recently disclosed WebKit zero-day in older iPhones and iPads Full Text

Abstract Apple released new security updates for older iPhone and iPad devices addressing recently fixed WebKit zero-day. Apple has released new updates to backport patches released this month to older iPhone and iPad devices addressing the...

Security Affairs

September 01, 2022

Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability Full Text

Abstract Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a  critical security flaw  that has been actively exploited in the wild. The issue, tracked as  CVE-2022-32893  (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. The tech giant said it fixed the bug with improved bounds checking. An anonymous researcher has been credited for reporting the vulnerability. The iOS 12.5.6 update is available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). "iOS 12 is not impacted by CVE-2022-32894," Apple  noted  in its advisory. The latest set of patches arrived weeks after the iPhone maker  remediated the two flaws  in iOS 15.6.1, iPadOS 15.6.1, macOS 12.5.1, and Safari 15.6.1 as part of updates shipped on August 18, 2022. "Apple is aware of a report that thi

The Hacker News

August 31, 2022

Apple backports fix for actively exploited iOS zero-day to older iPhones Full Text

Abstract Apple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely exploitable WebKit zero-day that allows attackers to execute arbitrary code on unpatched devices.

BleepingComputer

August 31, 2022

A flaw in TikTok Android app could have allowed the hijacking of users’ accounts Full Text

Abstract Microsoft discovered a vulnerability in the TikTok app for Android that could lead to one-click account hijacking. Microsoft researchers discovered a high-severity flaw (CVE-2022-28799) in the TikTok Android app, which could have allowed attackers...

Security Affairs

August 31, 2022

Google Chrome bug lets sites write to clipboard without asking Full Text

Abstract Chrome version 104 accidentally introduced a bug that removes the user requirement to approve clipboard writing events from websites they visit.

BleepingComputer

August 31, 2022

Command injection vulnerability in GitHub Pages nets bug hunter $4k Full Text

Abstract According to researcher Joren Vrancken, the security issue existed in GitHub Pages, a static hosting service able to pull data from repositories, run code through a build process, and then publish websites.

The Daily Swig

August 31, 2022

WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites Full Text

Abstract The WordPress team this week announced the release of version 6.0.2 of the content management system (CMS), with patches for three security bugs, including a high-severity SQL injection vulnerability.

Security Week

August 31, 2022

Microsoft found TikTok Android flaw that let hackers hijack accounts Full Text

Abstract Microsoft found and reported a high severity flaw in the TikTok Android app in February that allowed attackers to "quickly and quietly" take over accounts with one click by tricking targets into clicking a specially crafted malicious link.

BleepingComputer

August 31, 2022

Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks Full Text

Abstract Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a reference to  eleet or leet ) to secure the ecosystem from  supply chain attacks . Called the Open Source Software Vulnerability Rewards Program (OSS VRP), the offering is one of the first open source-specific vulnerability programs. With the tech giant the maintainer of major projects such as Angular, Bazel, Golang, Protocol Buffers, and Fuchsia, the program aims to reward vulnerability discoveries that could otherwise have a significant impact on the larger open source landscape.  Other projects managed by Google and hosted on public repositories such as GitHub as well as the third-party dependencies that are included in those projects are also eligible. Submissions  from bug hunters are expected to meet the following criteria - Vulnerabilities that lead to supply chain compromise Design issues that cause product vulnerabilities Other security

The Hacker News

August 30, 2022

A new Google bug bounty program now covers Open Source projects Full Text

Abstract Google this week launched a new bug bounty program that covers the open source projects of the IT giant. Google launched a new bug bounty program as part of the new Open Source Software Vulnerability Rewards Program (OSS VRP) that covers the source...

Security Affairs

August 30, 2022

Google Launches Bug Bounty Program for Open Source Projects Full Text

Abstract As part of the new Open Source Software Vulnerability Rewards Program (OSS VRP), Google is offering bug bounty payouts of up to $31,337. The lowest vulnerability reward will be $100.

Security Week

August 30, 2022

Google launches open-source software bug bounty program Full Text

Abstract Google will now pay security researchers to find and report bugs in the latest versions of Google-released open-source software (Google OSS).

BleepingComputer

August 29, 2022

Details Disclosed for OPC UA Vulnerabilities Exploited at ICS Hacking Competition Full Text

Abstract Software development and security solutions provider JFrog has disclosed the details of several vulnerabilities affecting the OPC UA protocol, including flaws exploited by its employees at a hacking competition earlier this year.

Security Week

August 27, 2022

Atlassian Ships Urgent Patch for Critical Bitbucket Vulnerability Full Text

Abstract Atlassian’s security response team has issued an urgent advisory to warn of a critical command injection flaw in its Bitbucket Server and Data Center product. The vulnerability carries a CVSS severity score of 9.9 out of 10.

Security Week

August 27, 2022

Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center Full Text

Abstract Atlassian has rolled out fixes for a  critical security flaw  in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as  CVE-2022-36804  (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. "An attacker with access to a public Bitbucket repository or with read permissions to a private one can execute arbitrary code by sending a malicious HTTP request," Atlassian  said  in an advisory. The shortcoming, discovered and reported by security researcher  @TheGrandPew  impacts all versions of Bitbucket Server and Datacenter released after 6.10.17, inclusive of 7.0.0 and newer - Bitbucket Server and Datacenter 7.6 Bitbucket Server and Datacenter 7.17 Bitbucket Server and Datacenter 7.21 Bitbucket Server and Datacenter 8.0 Bitbucket Server and Datacenter 8.1 Bitbucket Server and Datacenter 8.2, and

The Hacker News

August 26, 2022

Atlassian Bitbucket Server vulnerable to critical RCE vulnerability Full Text

Abstract Atlassian has published a security advisory warning Bitbucket Server and Data Center users of a critical security flaw that attackers could leverage to execute arbitrary code on vulnerable instances.

BleepingComputer

August 26, 2022

Critical flaw impacts Atlassian Bitbucket Server and Data Center Full Text

Abstract Atlassian addressed a critical vulnerability in Bitbucket Server and Data Center that could lead to malicious code execution on vulnerable instances. Atlassian fixed a critical flaw in Bitbucket Server and Data Center, tracked as CVE-2022-36804 (CVSS...

Security Affairs

August 26, 2022

Microsoft: Iranian hackers still exploiting Log4j bugs against Israel Full Text

Abstract Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian 'MuddyWater' threat actor who was found targeting Israeli organizations using the SysAid software.

BleepingComputer

August 25, 2022

Mozilla Patches High-Severity Vulnerabilities in Firefox, Thunderbird Full Text

Abstract Firefox 104 — as well as Firefox ESR 91.13 and 102.2 — patches a high-severity address bar spoofing issue related to XSLT error handling. The flaw, tracked as CVE-2022-38472, could be exploited for phishing.

Security Week

August 24, 2022

GitLab ‘strongly recommends’ patching critical RCE vulnerability Full Text

Abstract GitLab is urging users to install a security update for branches 15.1, 15.2, and 15.3 of its community and enterprise editions to fix a critical vulnerability that could enable an attacker to perform remote command execution via Github import.

BleepingComputer

August 24, 2022

Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs Full Text

Abstract A security researcher who has a long line of work demonstrating novel data exfiltration methods from air-gapped systems has come up with yet another technique that involves sending Morse code signals via LEDs on network interface cards ( NICs ). The approach, codenamed  ETHERLED , comes from Dr. Mordechai Guri , the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, who recently outlined  GAIROSCOPE , a method for transmitting data ultrasonically to smartphone gyroscopes. "Malware installed on the device could programmatically control the status LED by blinking or alternating its colors, using documented methods or undocumented firmware commands," Dr. Guri said. "Information can be encoded via simple encoding such as Morse code and modulated over these optical signals. An attacker can intercept and decode these signals from tens to hundreds of meters away." A network interface card, also known as a netwo

The Hacker News

August 24, 2022

VMware fixed a privilege escalation issue in VMware Tools Full Text

Abstract VMware this week released patches to address an important-severity vulnerability in the VMware Tools suite of utilities. The virtualization giant VMware this week released patches to address an important-severity flaw, tracked as CVE-2022-31676, which...

Security Affairs

August 24, 2022

IBM Patches Severe Vulnerabilities in MQ Messaging Middleware Full Text

Abstract IBM this week announced patches for high-severity vulnerabilities in IBM MQ, warning that attackers could exploit them to bypass security restrictions or access sensitive information.

Security Week

August 24, 2022

GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software Full Text

Abstract DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as  CVE-2022-2884 , the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Community Edition (CE) and Enterprise Edition (EE) starting from 11.3.4 before 15.1.5, 15.2 before 15.2.3, and 15.3 before 15.3.1. At its core, the security weakness is a case of authenticated remote code execution that can be triggered via the GitHub import API. GitLab credited  yvvdwf  with discovering and reporting the flaw. While the issue has been resolved in versions 15.3.1, 15.2.3, 15.1.5, users also have the option of securing against the flaw by temporarily disabling the GitHub import option - Click "Menu" -> "Admin" Click "Settings" -> "General" Expand the "Visibility and access controls" tab Under "Import sources"

The Hacker News

August 23, 2022

Java libraries are full of deserialization security bugs Full Text

Abstract Serialization is used to convert a data object in memory into a series of bytes for storage or transmission. Deserialization reverses that process by turning a data stream back into an object in memory.

The Register

August 23, 2022

Microsoft publicly discloses details on critical ChromeOS flaw Full Text

Abstract Microsoft shared technical details of a critical ChromeOS flaw that could be exploited to trigger a DoS condition or for remote code execution. Microsoft shared details of a critical ChromeOS vulnerability tracked as CVE-2022-2587 (CVSS score of 9.8)....

Security Affairs

August 23, 2022

VMware Carbon Black causing BSOD crashes on Windows Full Text

Abstract Windows servers and workstations at dozens of organizations started to crash earlier today because of an issue caused by certain versions of VMware's Carbon Black endpoint security solution.

BleepingComputer

August 23, 2022

GitLab fixed a critical Remote Code Execution (RCE) bug in CE and EE releases Full Text

Abstract DevOps platform GitLab fixed a critical remote code execution flaw in its GitLab Community Edition (CE) and Enterprise Edition (EE) releases. DevOps platform GitLab has released security updates to fix a critical remote code execution vulnerability,...

Security Affairs

August 23, 2022

Over 80,000 Hikvision cameras can be easily hacked Full Text

Abstract Experts warn that over 80,000 Hikvision cameras are vulnerable to a critical command injection vulnerability. Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked...

Security Affairs

August 22, 2022

Over 80,000 exploitable Hikvision cameras exposed online Full Text

Abstract Security researchers have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that's easily exploitable via specially crafted messages sent to the vulnerable web server.

BleepingComputer

August 22, 2022

Microsoft: How we unearthed a critical flaw in ChromeOS, and how Google fixed it Full Text

Abstract ChromeOS is considered secure compared to legacy Windows and MacOS, but Microsoft recently discovered a nasty, remotely exploitable bug in ChromeOS's audio server with a severity score of 9.8 out of 10.

ZDNet

August 22, 2022

“As Nasty as Dirty Pipe” — 8 Year Old Linux Kernel Vulnerability Uncovered Full Text

Abstract Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is "as nasty as Dirty Pipe." Dubbed  DirtyCred  by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw ( CVE-2022-2588 ) to escalate privileges to the maximum level. "DirtyCred is a kernel exploitation concept that swaps unprivileged  kernel credentials  with privileged ones to escalate privilege," researchers Zhenpeng Lin, Yuhang Wu, and Xinyu Xing noted. "Instead of overwriting any critical data fields on kernel heap, DirtyCred abuses the heap memory reuse mechanism to get privileged." This entails three steps - Free an in-use unprivileged credential with the vulnerability Allocate privileged credentials in the freed memory slot by triggering a privileged userspace process such as su, mount, or sshd Operate as a privileged user The novel exploitation method, according to the resea

The Hacker News

August 22, 2022

8-year-old Linux Kernel flaw DirtyCred is nasty as Dirty Pipe Full Text

Abstract Researchers shared details of an eight-year-old flaw dubbed DirtyCred, defined as nasty as Dirty Pipe, in the Linux kernel. Researchers from Northwestern University (Zhenpeng Lin  |  PhD Student,Yuhang Wu  |  PhD Student, Xinyu Xing  |  Associate...

Security Affairs

August 22, 2022

RTLS Systems Found Vulnerable to MiTM Attacks and Location Tampering Full Text

Abstract Researchers have disclosed multiple vulnerabilities impacting Ultra-wideband (UWB) Real-time Locating Systems ( RTLS ), enabling threat actors to launch adversary-in-the-middle (AitM) attacks and tamper with location data. "The zero-days found specifically pose a security risk for workers in industrial environments," cybersecurity firm Nozomi Networks  disclosed  in a technical write-up last week. "If a threat actor exploits these vulnerabilities, they have the ability to tamper with safety zones designated by RTLS to protect workers in hazardous areas." RTLS is used to automatically identify and track the location of objects or people in real-time, usually within a confined indoor area. This is achieved by making use of tags that are attached to assets, which broadcast USB signals to fixed reference points called anchors that then determine their location. But flaws identified in RTLS solutions –  Sewio Indoor Tracking RTLS UWB Wi-Fi Kit  and  Avalue Renity Ar

The Hacker News

August 19, 2022

A flaw in Amazon Ring could expose user’s camera recordings Full Text

Abstract Amazon addressed a high-severity flaw in its Ring app for Android that could have exposed sensitive information and camera recordings. In May, Amazon fixed a high-severity vulnerability in its Ring app for Android that could have allowed a malicious...

Security Affairs

August 19, 2022

Cisco fixes High-Severity bug in Secure Web Appliance Full Text

Abstract Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance. Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection...

Security Affairs

August 18, 2022

Google Patches Chrome’s Fifth Zero-Day of the Year Full Text

Abstract An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Threatpost

August 18, 2022

Safari 15.6.1 addresses a zero-day flaw actively exploited in the wild Full Text

Abstract Apple released Safari 15.6.1 for macOS Big Sur and Catalina to address a zero-day vulnerability actively exploited in the wild. Safari 15.6.1 for macOS Big Sur and Catalina addressed an actively exploited zero-day vulnerability tracked as CVE-2022-32893....

Security Affairs

August 18, 2022

Apple releases Safari 15.6.1 to fix zero-day bug used in attacks Full Text

Abstract Apple has released Safari 15.6.1 for macOS Big Sur and Catalina to fix a zero-day vulnerability exploited in the wild to hack Macs.

BleepingComputer

August 18, 2022

Janet Jackson’s music video is now a vulnerability for crashing hard disks Full Text

Abstract Janet Jackson's Rhythm Nation music video of 1989 has officially been declared a security vulnerability as it freezes some models of hard drives on older computers.

BleepingComputer

August 18, 2022

Apple fixed two new zero-day flaws exploited by threat actors Full Text

Abstract Apple addressed two zero-day vulnerabilities, exploited by threat actors, affecting iOS, iPadOS, and macOS devices. Apple this week released security updates for iOS, iPadOS, and macOS platforms to address two zero-day vulnerabilities exploited...

Security Affairs

August 18, 2022

PoC exploit code for critical Realtek RCE flaw released online Full Text

Abstract Exploit code for a critical vulnerability affecting networking devices using Realtek RTL819x system on a chip released online. The PoC exploit code for a critical stack-based buffer overflow issue, tracked as CVE-2022-27255 (CVSS 9.8), affecting networking...

Security Affairs

August 18, 2022

Amazon fixes Ring Android app flaw exposing camera recordings Full Text

Abstract Amazon has fixed a high-severity vulnerability in the Amazon Ring app for Android that could have allowed hackers to download customers' saved camera recordings.

BleepingComputer

August 17, 2022

Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities Full Text

Abstract Apple on Wednesday released security updates for  iOS, iPadOS , and  macOS  platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below - CVE-2022-32893  - An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content CVE-2022-32894  - An out-of-bounds issue in the operating system's Kernel that could be abused by a malicious application to execute arbitrary code with the highest privileges Apple said it addressed both the issues with improved bounds checking, adding it's aware the vulnerabilities "may have been actively exploited." The company did not disclose any additional information regarding these attacks or the identities of the threat actors perpetrating them, although it's likely that they were abused as part of highly-targeted intrusions. The latest update brings the total number of zero-days

The Hacker News

August 17, 2022

Apple security updates fix 2 zero-days used to hack iPhones, Macs Full Text

Abstract Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs.

BleepingComputer

August 17, 2022

Security Analysis Leads to Discovery of Vulnerabilities in 18 Electron Applications Full Text

Abstract The research project targeting Electron apps has been dubbed ElectroVolt and the findings were presented last week at the Black Hat conference. Nearly all of the exploits, many of which involve chaining several flaws, can lead to RCE attacks.

Security Week

August 17, 2022

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild Full Text

Abstract Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as  CVE-2022-2856 , the issue has been described as a case of insufficient validation of untrusted input in  Intents . Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022. As is typically the case, the tech giant has refrained from sharing additional specifics about the shortcoming until a majority of the users are updated. "Google is aware that an exploit for CVE-2022-2856 exists in the wild," it  acknowledged  in a terse statement. The latest update further addresses 10 other security flaws, most of which relate to use-after-free bugs in various components such as FedCM, SwiftShader, ANGLE, and Blink, among others. Also fixed is a heap buffer overflow vulnerability in Downloads. The development marks the fifth zero-day vulnerab

The Hacker News

August 17, 2022

Google fixed a new Chrome Zero-Day actively exploited in the wild Full Text

Abstract Google addressed a dozen vulnerabilities in the Chrome browser, including the fifth Chrome zero-day flaw exploited this year. Google this week released security updates to address a dozen vulnerabilities in its Chrome browser for desktops including...

Security Affairs

August 17, 2022

ÆPIC Leak is the first CPU flaw able to architecturally disclose sensitive data Full Text

Abstract Researchers uncovered a new flaw, dubbed ÆPIC, in Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. The ÆPIC Leak (CVE-2022-21233) is the first architecturally CPU bug that could lead...

Security Affairs

August 17, 2022

Google fixes fifth Chrome zero-day bug exploited this year Full Text

Abstract Google has released a security update for Chrome browser that addresses close to a dozen vulnerabilities, including a zero-day flaw that is being exploited in the wild.

BleepingComputer

August 17, 2022

Zoom fixed two flaws in macOS App that were disclosed at DEF CON Full Text

Abstract Zoom addressed two high-severity vulnerabilities in its macOS app that were disclosed at the DEF CON conference. Zoom last week released macOS updates to fix two high-severity flaws in its macOS app that were disclosed at the DEF CON conference....

Security Affairs

August 16, 2022

Exploit out for critical Realtek flaw affecting many networking devices Full Text

Abstract Exploit code has been released for a critical vulnerability affecting networking devices with Realtek's RTL819x system on a chip (SoC), which are estimated to be in the millions.

BleepingComputer

August 16, 2022

Users of Zoom on Macs Told to Update App as Company Issues Security Fix Full Text

Abstract Zoom disclosed the details about the sensitive security gaps that were affecting both the standard and IT admin versions of the application. The bugs could be exploited in Zoom’s update process.

The Guardian

August 16, 2022

ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors Full Text

Abstract A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed  ÆPIC Leak , the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that's akin to an "uninitialized memory read in the CPU itself." "In contrast to transient execution attacks like  Meltdown and Spectre ,  ÆPIC Leak  is an architectural bug: the sensitive data gets directly disclosed without relying on any (noisy) side channel," the academics said. The study was conducted by researchers from the Sapienza University of Rome, the Graz University of Technology, Amazon Web Services, and the CISPA Helmholtz Center for Information Security. The vulnerability ( CVE-2022-21233 , CVSS score: 6.0), which affects CPUs with Sunny Cover microarchitecture, is rooted in a component called Advanced Programmable Interrupt Controller ( APIC ), wh

The Hacker News

August 16, 2022

RTLS systems vulnerable to MiTM attacks, location manipulation Full Text

Abstract Security researchers have uncovered multiple vulnerabilities impacting UWB (ultra-wideband) RTLS (real-time locating systems), enabling threat actors to conduct man-in-the-middle attacks and manipulate tag geo-location data.

BleepingComputer

August 16, 2022

Secure Boot Bypass Flaws Affect Bootloaders of Many Devices Made in Past Decade Full Text

Abstract Secure Boot is a mechanism designed to protect a device’s boot process from attacks, and bypassing it can allow an attacker to execute arbitrary code before the operating system loads.

Security Week

August 16, 2022

Microsoft Secure Boot fix sends PCs into BitLocker Recovery Full Text

Abstract The issues are related to KB5012170, which is designed to plug some Secure Boot holes. The problem occurs on boot, and brings up the BitLocker Recovery screen into which a user is supposed to enter a key.

The Register

August 16, 2022

Rapid7: Cisco ASA and ASDM flaws went unpatched for months Full Text

Abstract Vulnerabilities discovered in Cisco software may lead to a variety of threats, including supply chain attacks, Rapid7 lead researcher Jake Baines warned during a Black Hat USA 2022 session.

Tech Target

August 15, 2022

VNC instances exposed to Internet pose critical infrastructures at risk Full Text

Abstract Researchers from threat intelligence firm Cyble reported a surge in attacks targeting virtual network computing (VNC). Virtual Network Computing (VNC) is a graphical desktop-sharing system that leverages the Remote Frame Buffer (RFB) protocol to control...

Security Affairs

August 15, 2022

Windows KB5012170 Secure Boot DBX update may fail with 0x800f0922 error Full Text

Abstract Users may see a 0x800f0922 error when trying to install security update KB5012170 on the currently supported Windows operating system for consumers and the enterprise-class Server version.

BleepingComputer

August 14, 2022

Over 9,000 VNC servers exposed online without a password Full Text

Abstract Researchers have discovered at least 9,000 exposed VNC (virtual network computing) endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks.

BleepingComputer

August 14, 2022

A flaw in Xiaomi phones using MediaTek Chips could allow to forge transactions Full Text

Abstract Flaws in Xiaomi Redmi Note 9T and Redmi Note 11 models could be exploited to disable the mobile payment mechanism and even forge transactions. Check Point researchers discovered the flaws while analyzing the payment system built into Xiaomi smartphones...

Security Affairs

August 13, 2022

Three flaws allow attackers to bypass UEFI Secure Boot feature Full Text

Abstract Researchers discovered a flaw in three signed third-party UEFI boot loaders that allow bypass of the UEFI Secure Boot feature. Researchers from hardware security firm Eclypsium have discovered a vulnerability in three signed third-party Unified Extensible...

Security Affairs

August 12, 2022

Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders Full Text

Abstract A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader instead of the existing one," hardware security firm Eclypsium  said  in a report shared with The Hacker News. The following  vendor-specific boot loaders , which were signed and authenticated by Microsoft, have been found vulnerable to the bypass and have been patched as part of the tech giant's  Patch Tuesday update  released this week - Eurosoft Boot Loader ( CVE-2022-34301 ) New Horizon Data Systems Inc Boot Loader ( CVE-2022-34302 ), and Crypto Pro Boot Loader ( CVE-20220-34303 ) Secure Boot is a  security standard  designed to thwart malicious programs from loading whe

The Hacker News

August 12, 2022

Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments Full Text

Abstract Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices. Check Point said it found the flaws in devices powered by MediaTek chipsets during a security analysis of the Chinese handset maker's "Kinibi" Trusted Execution Environment (TEE). A TEE refers to a  secure enclave  inside the main processor that's used to process and store sensitive information such as cryptographic keys so as to ensure confidentiality and integrity. Specifically, the Israeli cybersecurity firm discovered that a trusted app on a Xiaomi device can be downgraded due to a lack of version control, enabling an attacker to replace a newer, secure version of an app with an older, vulnerable variant. "Therefore, an attacker can bypass security fixes made by Xiaomi or MediaTek in trusted apps by downgrading them to unpatched

The Hacker News

August 12, 2022

Experts warn of mass exploitation of an RCE flaw in Zimbra Collaboration Suite Full Text

Abstract Threat actors are exploiting an authentication bypass Zimbra flaw, tracked as CVE-2022-27925, to hack Zimbra Collaboration Suite email servers worldwide. An authentication bypass affecting Zimbra Collaboration Suite, tracked as CVE-2022-27925, is...

Security Affairs

August 12, 2022

Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions Full Text

Abstract Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifier  CVE-2022-20866  (CVSS score: 7.4), has been described as a "logic error" when handling RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. Successful exploitation of the flaw could allow an attacker to retrieve the RSA private key by means of a  Lenstra side-channel attack  against the targeted device. "If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic," Cisco warned in an advisory issued on August 10. Cisco noted that the flaw impacts only Cisco ASA Software releases 9.16.1 and later and Cisco FTD Software releases 7.0.0 and later. Affected products are listed below -

The Hacker News

August 12, 2022

Xiaomi phones with MediaTek chips vulnerable to forged payments Full Text

Abstract Security analysts have found weaknesses in the implementation of the trusted execution environment (TEE) in MediaTek-powered Xiaomi smartphones, which could enable third-party unprivileged apps to disable the payment system or forge payments.

BleepingComputer

August 12, 2022

VA Systems Vulnerable to Cyber Intrusions Due to Lack of Effective Oversight, Report Says Full Text

Abstract The Department of Veterans Affairs Inspector General's office said the agency is "leaving its systems vulnerable to compromise by impostors who may gain access to protected information."

Nextgov

August 11, 2022

Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday  added  two flaws to its  Known Exploited Vulnerabilities Catalog , citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve unauthenticated remote code execution on affected email servers - CVE-2022-27925  (CVSS score: 7.2) - Remote code execution (RCE) through mboximport from authenticated user (fixed in  versions  8.8.15 Patch 31 and 9.0.0 Patch 24 released in March) CVE-2022-37042  - Authentication bypass in MailboxImportServlet (fixed in  versions  8.8.15 Patch 33 and 9.0.0 Patch 26 released in August) "If you are running a Zimbra version that is older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26 you should update to the latest patch as soon as possible," Zimbra  warned  earlier this week. CISA has not shared any information on the attacks exploiting the flaws but cybersecurity fi

The Hacker News

August 11, 2022

Zimbra auth bypass bug exploited to breach over 1,000 servers Full Text

Abstract An authentication bypass Zimbra security vulnerability is being exploited to compromise Zimbra Collaboration Suite (ZCS) email servers worldwide.

BleepingComputer

August 11, 2022

Cisco fixed a flaw in ASA, FTD devices that can give access to RSA private key Full Text

Abstract Cisco addressed a high severity flaw, tracked as CVE-2022-20866, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco addressed a high severity vulnerability in its Adaptive Security Appliance (ASA) and Firepower...

Security Affairs

August 11, 2022

Critical Flaws Disclosed in Device42 IT Asset Management Software Full Text

Abstract Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platform  Device42  that, if successfully exploited, could enable a malicious actor to seize control of affected systems. "By exploiting these issues, an attacker could impersonate other users, obtain admin-level access in the application (by leaking session with an  LFI ) or obtain full access to the appliance files and database (through remote code execution)," Bitdefender  said  in a Wednesday report. Even more concerningly, an adversary with any level of access within the host network could daisy-chain three of the flaws to bypass authentication protections and achieve remote code execution with the highest privileges. The issues in question are listed below - CVE-2022-1399  - Remote Code Execution in scheduled tasks component CVE-2022-1400  - Hard-coded encryption key IV in Exago WebReportsApi.dll CVE 2022-1401  - Insufficient validation of provided paths in Exago

The Hacker News

August 10, 2022

Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws Full Text

Abstract August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild.

Threatpost

August 10, 2022

GitHub Dependabot Now Alerts Developers On Vulnerable GitHub Actions Full Text

Abstract Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows. "When a security vulnerability is reported in an action, our team of security researchers will create an advisory to document the vulnerability, which will trigger an alert to impacted repositories," GitHub's Brittany O'Shea and Kate Catlin  said . GitHub Actions  is a continuous integration and continuous delivery (CI/CD) solution that enables users to automate the software build, test, and deployment pipeline. Dependabot  is part of the Microsoft-owned subsidiary's continued efforts to secure the  software supply chain  by  notifying  users that their source code depends on a package with a security vulnerability and helping keep all the dependencies up-to-date. The latest move entails receiving alerts on GitHub Actions and vulnerabilities impacting developer code,

The Hacker News

August 10, 2022

Risky Business: Enterprises Can’t Shake Log4j flaw Full Text

Abstract 70% of Large enterprises that previously addressed the Log4j flaw are still struggling to patch Log4j-vulnerable assets. INTRODUCTION In December 2021 security teams scrambled to find Log4j-vulnerable assets and patch them. Eight months later many...

Security Affairs

August 10, 2022

Security Firm Finds Flaws in Indian Online Insurance Broker Full Text

Abstract Last month, a small cybersecurity firm told a major Indian online insurance brokerage it had found critical vulnerabilities in the company’s internet-facing network that could expose sensitive data from at least 11 million customers.

Security Week

August 10, 2022

SmokeLoader Actively Spreads by Exploiting Old Vulnerabilities Full Text

Abstract Researchers had spotted the mass exploitation of two flaws— CVE-2017-0199 and CVE-2017-11882—that are almost five years old. Although patches are available for both flaws, they continue to be exploited.

Cyware Alerts - Hacker News

August 10, 2022

Intel Patches Severe Vulnerabilities in Firmware, Management Software Full Text

Abstract Intel on Tuesday published 27 security advisories detailing roughly 60 vulnerabilities across firmware, software libraries, and endpoint and data center management products.

Security Week

August 10, 2022

SAP Patches Information Disclosure Vulnerabilities in BusinessObjects Full Text

Abstract SAP released five new and two updated security notes as part of its August 2022 Security Patch Day. Of the five, four address information disclosure vulnerabilities, three of which impact SAP's BusinessObjects Business Intelligence Platform.

Security Week

August 10, 2022

VMware warns of public PoC code for critical auth bypass bug CVE-2022-31656 Full Text

Abstract VMware warns of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw in multiple products. VMware warns its customers of the availability of a proof-of-concept exploit code for a critical authentication bypass...

Security Affairs

August 10, 2022

Cisco fixes bug allowing RSA private key theft on ASA, FTD devices Full Text

Abstract Cisco has addressed a high severity vulnerability affecting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software.

BleepingComputer

August 09, 2022

Microsoft Issues Patches for 121 Flaws, Including Zero-Day Under Active Attack Full Text

Abstract As many as  121 new security flaws  were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues have been listed as publicly known at the time of the release. It's worth noting that the 121 security flaws are in addition to  25 shortcomings  the tech giant addressed in its Chromium-based Edge browser late last month and the previous week. Topping the list of patches is  CVE-2022-34713  (CVSS score: 7.8), a case of remote code execution affecting the Microsoft Windows Support Diagnostic Tool (MSDT), making it the second flaw in the same component after  Follina  (CVE-2022-30190) to be weaponized in  real-world attacks  within three months. The vulnerability is also said to be a var

The Hacker News

August 9, 2022

Microsoft Patch Tuesday for August 2022 fixed actively exploited zero-day Full Text

Abstract Microsoft Patch Tuesday security updates for August 2022 addressed a zero-day attack remote code execution vulnerability in Windows. Microsoft Patch Tuesday security updates for August 2022 addressed 118 CVEs in multiple products, including .NET Core,...

Security Affairs

August 9, 2022

ICS Patch Tuesday: Siemens, Schneider Electric Fix Only 11 Vulnerabilities Full Text

Abstract Siemens’ four advisories describe seven security holes. The company informed customers that some of its SCALANCE switches, routers, security appliances and wireless communication devices are affected by three vulnerabilities.

Security Week

August 09, 2022

Microsoft: Exchange ‘Extended Protection’ needed to fully patch new bugs Full Text

Abstract Microsoft says that some of the Exchange Server flaws addressed as part of the August 2022 Patch Tuesday also require admins to manually enable Extended Protection on affected servers to fully block attacks.

BleepingComputer

August 9, 2022

IBM Patches High-Severity Vulnerabilities in Cloud, Voice, Security Products Full Text

Abstract A total of three vulnerabilities were resolved in IBM Netezza for Cloud Pak for Data, all of which impact the Golang packages that the platform uses. Two of these issues are rated ‘high severity’, with a CVSS score of 7.5.

Security Week

August 09, 2022

Microsoft patches Windows DogWalk zero-day exploited in attacks Full Text

Abstract Microsoft has released security updates to address a high severity Windows zero-day vulnerability with publicly available exploit code and abused in attacks.

BleepingComputer

August 09, 2022

Microsoft August 2022 Patch Tuesday fixes exploited zero-day, 121 flaws Full Text

Abstract Today is Microsoft's August 2022 Patch Tuesday, and with it comes fixes for the actively exploited 'DogWalk' zero-day vulnerability and a total of 121 flaws.

BleepingComputer

August 09, 2022

VMware warns of public exploit for critical auth bypass vulnerability Full Text

Abstract Proof-of-concept exploit code is now publicly available online for a critical authentication bypass security flaw in multiple VMware products that enables attackers to gain admin privileges.

BleepingComputer

August 8, 2022

F5 Fixes 21 Vulnerabilities With Quarterly Security Patches Full Text

Abstract Security and application delivery solutions provider F5 has released its quarterly security notification for August 2022, which informs customers about 21 vulnerabilities affecting BIG-IP and other products.

Security Week

August 05, 2022

Emergency Alert System Flaws Could Let Attackers Transmit Fake Messages Full Text

Abstract The U.S. Department of Homeland Security (DHS) has warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. If left unpatched, the issues could allow an adversary to issue fraudulent emergency alerts over TV, radio, and cable networks. The August 1 advisory comes courtesy of DHS' Federal Emergency Management Agency (FEMA). CYBIR security researcher Ken Pyle has been credited with discovering the shortcoming. EAS is a U.S. national  public warning system  that enables state authorities to disseminate information within 10 minutes during an emergency. Such alerts can interrupt radio and television to broadcast emergency alert information. Details of the flaw have been kept under wraps to prevent active exploitation by malicious actors, although it's expected to be publicized as a proof-of-concept at the DEF CON conference to be held in Las Vegas next week. "In short, the vulnerability is public knowledge and will be demons

The Hacker News

August 5, 2022

Chromium site isolation bypass allows wide range of attacks on browsers Full Text

Abstract The security weakness opens the door to a number of exploits including stealing private information, reading and modifying cookies, and gaining access to microphone and camera feeds.

The Daily Swig

August 04, 2022

Critical RCE vulnerability impacts 29 models of DrayTek routers Full Text

Abstract Researchers at Trellix have discovered a critical unauthenticated remote code execution (RCE) vulnerability impacting 29 models of the DrayTek Vigor series of business routers.

BleepingComputer

August 4, 2022

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction Full Text

Abstract A critical flaw in multiple models of DrayTek Vigor routers can allow unauthenticated, remote attackers to fully compromise affected devices. Tens of router models from Taiwanese SOHO manufacturer DrayTek are affected by a critical, unauthenticated,...

Security Affairs

August 04, 2022

Critical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers Full Text

Abstract As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated remote code execution vulnerability that, if successfully exploited, could lead to full compromise of the devices and unauthorized access to the broader network. "The attack can be performed without user interaction if the management interface of the device has been configured to be internet facing," Trellix researcher Philippe Laulheret  said . "A one-click attack can also be performed from within the LAN in the default device configuration." Filed under CVE-2022-32548, the vulnerability has received the maximum severity rating of 10.0 on the CVSS scoring system, owing to its ability to completely allow an adversary to seize control of the routers. At its core, the shortcoming is the result of a buffer overflow flaw in the web management interface ("/cgi-bin/wlogin.cgi"), which can be weaponized by a malicious actor by supplying spec

The Hacker News

August 4, 2022

Cisco addressed critical flaws in Small Business VPN routers Full Text

Abstract Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. The...

Security Affairs

August 03, 2022

Cisco Business Routers Found Vulnerable to Critical Remote Hacking Flaws Full Text

Abstract Cisco on Wednesday rolled out patches to address eight security vulnerabilities , three of which could be weaponized by an unauthenticated attacker to gain remote code execution (RCE) or cause a denial-of-service (DoS) condition on affected devices. The most critical of the flaws impact Cisco Small Business RV160, RV260, RV340, and RV345 Series routers. Tracked as CVE-2022-20842 (CVSS score: 9.8), the weakness stems from an insufficient validation of user-supplied input to the web-based management interface of the appliances. "An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device," Cisco said in an advisory. "A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition." A second shortcoming relates to a command injection vulnerability residing in the routers' web filter database update featur

The Hacker News

August 3, 2022

Google Paid Out $90,000 for Vulnerabilities Patched by Chrome 104 Full Text

Abstract Google has patched 27 vulnerabilities with the release of Chrome 104 on Tuesday, and the researchers who reported some of these security holes earned thousands of dollars in bug bounties.

Security Week

August 3, 2022

Unpatched XSS, CSRF bugs included in latest Jenkins plugin advisory Full Text

Abstract The organization’s latest security advisory lists a total of 27 plugin vulnerabilities, five of which were deemed to be ‘high’ impact and the majority of which remain unpatched.

The Daily Swig

August 3, 2022

Google fixed Critical Remote Code Execution flaw in Android Full Text

Abstract Google addressed a critical vulnerability in Android OS, tracked as CVE-2022-20345, that can be exploited to achieve remote code execution over Bluetooth. Google has fixed a critical vulnerability, tracked as CVE-2022-20345, that affects the Android...

Security Affairs

August 03, 2022

Cisco fixes critical remote code execution bug in VPN routers Full Text

Abstract Cisco has fixed critical security vulnerabilities affecting Small Business VPN routers and enabling unauthenticated, remote attackers to execute arbitrary code or commands and trigger denial of service (DoS) conditions on vulnerable devices.

BleepingComputer

August 3, 2022

Nvidia releases security update for unsupported Windows 7 and 8.1 systems Full Text

Abstract Effective October 2021, Game Ready Driver upgrades, including performance enhancements, new features, and bug fixes, are exclusively available for systems utilizing Windows 10 and Windows 11 as their operating system.

Ghacks

August 02, 2022

VMware Releases Patches for Several New Flaws Affecting Multiple Products Full Text

Abstract Virtualization services provider VMware on Tuesday shipped updates to  address 10 security flaws  affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues, tracked from CVE-2022-31656 through CVE-2022-31665 (CVSS scores: 4.7 - 9.8), impact VMware Workspace ONE Access, Workspace ONE Access Connector, Identity Manager, Identity Manager Connector, vRealize Automation, Cloud Foundation, and vRealize Suite Lifecycle Manager. The most severe of the flaws is CVE-2022-31656 (CVSS score: 9.8), an authentication bypass vulnerability affecting local domain users that could be leveraged by a bad actor with network access to obtain administrative rights. Also resolved by VMware are three remote code execution vulnerabilities (CVE-2022-31658, CVE-2022-31659, and CVE-2022-31665) related to JDBC and SQL injection that could be weaponized by an adversary with administrator and network access. Elsewhere, it has also remediated a reflec

The Hacker News

August 2, 2022

VMware fixed critical authentication bypass vulnerability Full Text

Abstract VMware patched a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. VMware has addressed a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting...

Security Affairs

August 02, 2022

New ‘ParseThru’ Parameter Smuggling Vulnerability Affects Golang-based Applications Full Text

Abstract Security researchers have discovered a new vulnerability called  ParseThru  affecting Golang-based applications that could be abused to gain unauthorized access to cloud-based applications. "The newly discovered vulnerability allows a threat actor to bypass validations under certain conditions, as a result of the use of unsafe URL parsing methods built in the language," Israeli cybersecurity firm Oxeye said in a report shared with The Hacker News. The issue, at its core, has to do with inconsistencies stemming from changes introduced to Golang's URL parsing logic that's implemented in the "net/url" library. While versions of the programming language prior to 1.17 treated semicolons as a valid query delimiter (e.g., example.com?a=1;b=2&c=3), this behavior has since been modified to throw an error upon finding a query string containing a semicolon. "The net/url and net/http packages used to accept ";" (semicolon) as a setting separat

The Hacker News

August 02, 2022

VMware urges admins to patch critical auth bypass bug immediately Full Text

Abstract VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges.

BleepingComputer

August 1, 2022

GitHub Actions workflow flaws provided write access to projects including Logstash Full Text

Abstract A research team from dating platform Tinder crafted an automation script that unearthed flaws that enabled the exfiltration of secrets that provide write access to various open source GitHub repositories, including Elastic’s Logstash.

The Daily Swig

August 1, 2022

CompleteFTP path traversal flaw allowed attackers to delete server files Full Text

Abstract A security researcher with the handle rgod discovered a flaw in the HttpFile class that results from the lack of proper validation of a user-supplied path prior to using it in file operations.

The Daily Swig

August 1, 2022

Organizations Warned of Critical Confluence Flaw as Exploitation Continues Full Text

Abstract The US Cybersecurity and Infrastructure Security Agency (CISA) has instructed government organizations — and advised private sector companies — to address a recently disclosed Confluence vulnerability that has been exploited in attacks.

Security Week

August 1, 2022

A flaw in Dahua IP Cameras allows full take over of the devices Full Text

Abstract A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563 vulnerability impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The issue affects...

Security Affairs

July 29, 2022

Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices Full Text

Abstract Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum ( ONVIF ) standard implementation, which, when exploited, can lead to seizing control of IP cameras.  Tracked as CVE-2022-30563 (CVSS score: 7.4), the "vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the credentials in a new request towards the camera," Nozomi Networks  said  in a Thursday report. The issue, which was  addressed  in a patch released on June 28, 2022,  impacts  the following products - Dahua ASI7XXX: Versions prior to v1.000.0000009.0.R.220620 Dahua IPC-HDBW2XXX: Versions prior to v2.820.0000000.48.R.220614 Dahua IPC-HX2XXX: Versions prior to v2.820.0000000.48.R.220614 ONVIF governs the development and use of an open standard for how IP-based physical security products such as video surveillance cameras and access control systems can communicate with one an

The Hacker News

July 29, 2022

Exploitation is underway for a critical flaw in Atlassian Confluence Server and Data Center Full Text

Abstract Threat actors are actively exploiting the recently patched critical flaw in Atlassian Confluence Server and Data Center Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data...

Security Affairs

July 29, 2022

XSS vulnerabilities in Google Cloud, Google Play could lead to account hijacks Full Text

Abstract A pair of vulnerabilities in Google Cloud, DevSite, and Google Play could have allowed attackers to achieve cross-site scripting (XSS) attacks, opening the door to account hijacks.

The Daily Swig

July 28, 2022

Latest Critical Atlassian Confluence Vulnerability Under Active Exploitation Full Text

Abstract A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is  CVE-2022-26138 , which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain unrestricted access to all pages in Confluence. The real-world exploitation follows the release of the hard-coded credentials on Twitter, prompting the Australian software company to prioritize patches to mitigate potential threats targeting the flaw. "Unsurprisingly, it didn't take long [...] to observe exploitation once the hard-coded credentials were released, given the high value of Confluence for attackers who often jump on Confluence vulnerabilities to execute ransomware attacks," Rapid7 security researcher Glenn Thorpe  said . It's worth noting that the bug only exists

The Hacker News

July 28, 2022

Threat Actors Exploit Zero-day in PrestaShop Full Text

Abstract Researchers discovered a zero-day vulnerability affecting older versions of PrestaShop websites. The bug can be exploited to harvest customers’ payment information. After the attack, the remote attackers erase their traces that stops the site owner from knowing that they were breached. Experts sugg ... Read More

Cyware Alerts - Hacker News

July 28, 2022

LibreOffice fixed 3 flaws, including a code execution issue Full Text

Abstract LibreOffice maintainers addressed three security flaws in their productivity software, including an arbitrary code execution issue. LibreOffice is an open-source office productivity software suite, a project of The Document Foundation (TDF). LibreOffice...

Security Affairs

July 28, 2022

LibreOffice addresses security issues with macros, passwords Full Text

Abstract The LibreOffice suite has been updated to address several security vulnerabilities related to the execution of macros and the protection of passwords for web connections.

BleepingComputer

July 28, 2022

Moxa NPort Device Flaws Can Expose Critical Infrastructure to Disruptive Attacks Full Text

Abstract The two security holes, tracked as CVE-2022-2043 and CVE-2022-2044 and rated ‘high severity,’ affect Moxa’s NPort 5110 device servers, which are designed for connecting serial devices to Ethernet networks.

Security Week

July 27, 2022

LibreOffice Releases Software Update to Patch 3 New Vulnerabilities Full Text

Abstract The team behind LibreOffice has released security updates to fix three security flaws in the productivity software, one of which could be exploited to achieve arbitrary code execution on affected systems. Tracked as  CVE-2022-26305 , the issue has been described as a case of improper certificate validation when checking whether a macro is signed by a trusted author, leading to the execution of rogue code packaged within the macros. "An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted," LibreOffice said in an advisory. Also resolved is the use of a static initialization vector ( IV ) during encryption ( CVE-2022-26306 ) that could have weakened the security should a bad actor have access to the user's configuration inform

The Hacker News

July 27, 2022

Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite Full Text

Abstract The latest patch release includes fixes for two remote code execution (RCE) vulnerabilities that were discovered in the software’s document converter component. CVE-2022-23100 and CVE-2022-24405 earned CVSS scores of 8.2 and 7.3, respectively.

The Daily Swig

July 26, 2022

Microsoft: IIS extensions increasingly used as Exchange backdoors Full Text

Abstract Microsoft says attackers increasingly use malicious Internet Information Services (IIS) web server extensions to backdoor unpatched Exchange servers as they have lower detection rates compared to web shells.

BleepingComputer

July 26, 2022

Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers Full Text

Abstract FileWave's mobile device management (MDM) system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass authentication mechanisms and gain full control over the MDM platform and its managed devices," Claroty security researcher Noam Moshe  said  in a Monday report. FileWave MDM is a cross-platform mobile device management solution that allows IT administrators to manage and monitor all of an organization's devices, including mobile phones, tablets, laptops, workstations, and smart TVs. The platform functions as a channel to push mandatory software and updates, change device settings, and even remotely wipe devices, all of which is delivered from a central server. The two issues identified by the operational technology firm relate to an authentication bypass (CVE-2022-34907) a

The Hacker News

July 25, 2022

Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores Full Text

Abstract Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company  noted  in an advisory published on July 22. PrestaShop is  marketed  as the leading open-source e-commerce solution in Europe and Latin America, used by nearly 300,000 online merchants worldwide. The goal of the infections is to introduce malicious code capable of stealing payment information entered by customers on checkout pages. Shops using outdated versions of the software or other vulnerable third-party modules appear to be the prime targets.  The PrestaShop maintainers also said they found a zero-day flaw in its service that they said has been addressed in  version 1.7.8.7 , although they cautioned that "we cannot be sure

The Hacker News

July 25, 2022

Flaws in FileWave MDM could have allowed hacking +1000 organizzations Full Text

Abstract Multiple flaws in FileWave mobile device management (MDM) product exposed organizations to cyberattacks. Claroty researchers discovered two vulnerabilities in the FileWave MDM product that exposed more than one thousand organizations to cyber attacks....

Security Affairs

July 25, 2022

1,000 Organizations Exposed to Remote Attacks by FileWave MDM Vulnerabilities Full Text

Abstract Claroty researchers discovered that the FileWave MDM product is affected by two critical security holes: an authentication bypass issue (CVE-2022-34907) and a hardcoded cryptographic key (CVE-2022-34906). The vendor quickly patched the flaws.

Security Week

July 25, 2022

Drupal developers fixed a code execution flaw in the popular CMS Full Text

Abstract Drupal development team released security updates to fix multiple issues, including a critical code execution flaw. Drupal developers have released security updates to address multiple vulnerabilities in the popular CMS: Drupal core - Moderately...

Security Affairs

July 23, 2022

SonicWall fixed critical SQLi in Analytics and GMS products Full Text

Abstract Security company SonicWall released updates to address a critical SQL injection (SQLi) flaw in Analytics On-Prem and Global Management System (GMS) products. Security company SonicWall addressed a critical SQL injection (SQLi) vulnerability, tracked...

Security Affairs

July 22, 2022

Atlassian Patches Servlet Filter Vulnerabilities Impacting Multiple Products Full Text

Abstract Tracked as CVE-2022-26136, the first of the flaws could allow a remote, unauthenticated attacker to send specially crafted HTTP requests and authenticate to third-party apps, or to launch an XSS attack, to execute JavaScript code in a user’s browser.

Security Week

July 22, 2022

SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products Full Text

Abstract Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as  CVE-2022-22280 , is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "improper neutralization of special elements" used in an SQL command that could lead to an unauthenticated SQL injection. "Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data," MITRE  notes  in its description of SQL injection. "This can be used to alter query logic to bypass security checks, or to insert additional statements that modify the back-end database, possibly including execution of system commands." H4lo and Catalpa of DBappSecurity HAT Lab have been credited with discov

The Hacker News

July 22, 2022

Grafana patches vulnerability that could lead to admin account takeover Full Text

Abstract The security flaw, tracked as CVE-2022-31107, is present in versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, and has been patched by Grafana in versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10.

The Daily Swig

July 22, 2022

SonicWall: Patch critical SQL injection bug immediately Full Text

Abstract SonicWall has published a security advisory today to warn of a critical SQL injection flaw impacting the GMS (Global Management System) and Analytics On-Prem products.

BleepingComputer

July 22, 2022

Code Execution and Other Vulnerabilities Patched in Drupal Full Text

Abstract Patches for these vulnerabilities are included in Drupal 9.4.3 and 9.3.19. The information disclosure flaw also impacts Drupal 7 and a fix has been included in version 7.91.

Security Week

July 22, 2022

Atlassian: Confluence hardcoded password was leaked, patch now! Full Text

Abstract Australian software firm Atlassian warned customers to immediately patch a critical vulnerability that provides remote attackers with hardcoded credentials to log into unpatched Confluence Server and Data Center servers.

BleepingComputer

July 22, 2022

Zyxel firewall vulnerabilities left business networks open to abuse Full Text

Abstract First on the list is CVE-2022-2030, an authenticated directory traversal vulnerability in the Common Gateway Interface (GLI) programs of some Zyxel firewalls. This was caused by specific character sequences within an improperly sanitized URL.

The Daily Swig

July 21, 2022

Atlassian patched a critical Confluence vulnerability Full Text

Abstract Atlassian released security updates to address a critical security vulnerability affecting Confluence Server and Confluence Data Center. Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server...

Security Affairs

July 21, 2022

Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability Full Text

Abstract Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting  the Questions For Confluence  app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138 , arises when the app in question is enabled on either of two services, causing it to create a Confluence user account with the username "disabledsystemuser." While this account, Atlassian says, is to help administrators migrate data from the app to Confluence Cloud, it's also created with a hard-coded password, effectively allowing viewing and editing all non-restricted pages within Confluence by default. "A remote, unauthenticated attacker with knowledge of the hard-coded password could exploit this to log into Confluence and access any pages the  confluence-users group  has access to," the company  said  in an advisory, adding that "the hard-coded password is trivial to obtain after downloading an

The Hacker News

July 21, 2022

Apple fixes multiple flaws in iOS, iPadOS, macOS, tvOS, and watchOS devices Full Text

Abstract Apple released security updates to address multiple vulnerabilities that affect iOS, iPadOS, macOS, tvOS, and watchOS devices. Apple released security updates to fix 37 vulnerabilities impacting iOS, iPadOS, macOS, tvOS, and watchOS devices....

Security Affairs

July 20, 2022

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers Full Text

Abstract Multiple flaws in MiCODUS MV720 Global Positioning System (GPS) trackers shipped with over 1.5 million vehicles can allow hackers to remotely hack them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn...

Security Affairs

July 20, 2022

Atlassian fixes critical Confluence hardcoded credentials flaw Full Text

Abstract Atlassian has patched a critical hardcoded credentials vulnerability in Confluence Server and Data Center that could let remote, unauthenticated attackers log into vulnerable, unpatched servers.

BleepingComputer

July 20, 2022

Unpatched GPS Tracker Bugs Could Let Attackers Disrupt Vehicles Remotely Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a handful of unpatched security vulnerabilities in  MiCODUS MV720  Global Positioning System (GPS) trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations. "Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control of the global positioning system tracker," CISA  said . "These vulnerabilities could impact access to a vehicle fuel supply, vehicle control, or allow locational surveillance of vehicles in which the device is installed." Available on sale for $20 and manufactured by the China-based MiCODUS, the company's tracking devices are employed by major organizations in 169 countries spanning aerospace, energy, engineering, government, manufacturing, nuclear power plant, and shipping sectors. The top countries with the most users include Chile, Australia, Mexico, Ukraine, Russi

The Hacker News

July 20, 2022

Cisco fixes bug that lets attackers execute commands as root Full Text

Abstract Cisco has addressed severe vulnerabilities in the Cisco Nexus Dashboard data center management solution that can let remote attackers execute commands and perform actions with root or Administrator privileges.

BleepingComputer

July 20, 2022

Are your visuals making businesses more vulnerable to cybercrime? Full Text

Abstract Entertaining short-form content and striking imagery are what make companies and brands stand out online but it’s important to remain aware of your cybersecurity and data protection.

Tripwire

July 20, 2022

Linus Torvalds says Linux kernel has addressed ‘Retbleed’ Full Text

Abstract Linux kernel developers have addressed the Retbleed speculative execution bug in older Intel and AMD silicon, though the fix wasn't straightforward, so Linus Torvalds has delayed delivery of the next kernel version by a week.

The Register

July 19, 2022

Hacker Abusing Windows NFS Remote Code Execution Flaw Full Text

Abstract Trend Micro analyzed and warned against a Windows RCE vulnerability, identified as CVE-2022-30136, impacting the Network File System. The flaw occurs due to improper handling of NFSv4 requests which could be abused by sending malicious RPC calls to a target server. An advisory suggests that a user ... Read More

Cyware Alerts - Hacker News

July 19, 2022

Security Experts Warn of Two Primary Client-Side Risks Associated with Data Exfiltration and Loss Full Text

Abstract Two client-side risks dominate the problems with data loss and data exfiltration: improperly placed trackers on websites and web applications and malicious client-side code pulled from third-party repositories like NPM.  Client-side security researchers are finding that improperly placed trackers, while not intentionally malicious, are a growing problem and have clear and significant privacy implications when it comes to both compliance/regulatory concerns, like HIPAA or PCI DSS 4.0. To highlight the risks with misplaced trackers, a  recent study  by The Markup (a non-profit news organization) examined Newsweek's top 100 hospitals in America. They found a Facebook tracker on one-third of the hospital websites which sent Facebook highly personal healthcare data whenever the user clicked the "schedule appointment" button. The data was not necessarily anonymized, because the data was connected to an IP address, and both the IP address and the appointment information get delivered to Fac

The Hacker News

July 19, 2022

Popular vehicle GPS tracker gives hackers admin privileges over SMS Full Text

Abstract Vulnerability researchers have found security issues in a GPS tracker that is advertised as being present in about 1.5 million vehicles in 169 countries.

BleepingComputer

July 19, 2022

Security issue in Accusoft ImageGear could lead to memory corruption, code execution Full Text

Abstract Cisco Talos recently discovered a use-after-free vulnerability in Accusoft ImageGear's PSD header processing function. The library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various images.

Cisco Talos

July 18, 2022

Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability Full Text

Abstract Researchers from Wordfence have  sounded  the alarm about a "sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called  Kaswara Modern WPBakery Page Builder Addons . Tracked as  CVE-2021-24284 , the issue is rated 10.0 on the CVSS vulnerability scoring system and relates to an unauthenticated arbitrary file upload that could be abused to gain code execution, permitting attackers to seize control of affected WordPress sites. Although the bug was originally  disclosed  in April 2021 by the WordPress security company, it continues to remain unresolved to date. To make matters worse, the plugin has been closed and is no longer actively maintained. Wordfence, which is protecting over 1,000 websites that have the plugin installed, said it has blocked an average of 443,868 attack attempts per day since the start of the month. The attacks have emanated from 10,215 IP addresses, with a majority of the exploitation attempts narrowed down

The Hacker News

July 18, 2022

Anatomy of a Windows Network File System vulnerability Full Text

Abstract Trend Micro Research has published an analysis of a Windows remote code execution vulnerability lurking in the Network File System. The vulnerability in question, CVE-2022-30136, was patched by Microsoft in June.

The Register

July 18, 2022

Watch out for the CVE-2022-30136 Windows NFS Remote Code Execution flaw Full Text

Abstract Researchers published an analysis of the Windows remote code execution vulnerability CVE-2022-30136 impacting the Network File System. Trend Micro Research has published an analysis of the recently patched Windows vulnerability CVE-2022-30136 that...

Security Affairs

July 18, 2022

Prototype pollution in Blitz.js leads to remote code execution Full Text

Abstract Prototype pollution is a type of JavaScript vulnerability that allows attackers to exploit the rules of the programming language to change an application’s behavior and compromise it in various ways.

The Daily Swig

July 17, 2022

Juniper Releases Patches for Critical Flaws in Junos OS and Contrail Networking Full Text

Abstract Juniper Networks has pushed security updates to address  several vulnerabilities  affecting multiple products, some of which could be exploited to seize control of affected systems. The most critical of the flaws affect Junos Space and Contrail Networking, with the tech company urging customers to release versions 22.1R1 and 21.4.0, respectively. Chief among them is a collection of 31 bugs in the Junos Space network management software, including CVE-2021-23017 (CVSS score: 9.4) that could result in a crash of vulnerable devices or even achieve arbitrary code execution. "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact," the company  said . The same security vulnerability has also been  remediated  in Northstar Controller in versions 5.1.0 Service Pack 6 and 6.2.2. Additionally, the networking

The Hacker News

July 16, 2022

Critical flaw in Netwrix Auditor application allows arbitrary code execution Full Text

Abstract A vulnerability in the Netwrix Auditor software can be exploited to execute arbitrary code on affected devices. Bishop Fox discovered a vulnerability in the Netwrix Auditor software that can be exploited by attackers to execute arbitrary code on affected...

Security Affairs

July 15, 2022

New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain Full Text

Abstract Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices.  "Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox  said  in an advisory published this week. Auditor  is an auditing and visibility platform that enables organizations to have a consolidated view of their IT environments, including Active Directory, Exchange, file servers, SharePoint, VMware, and other systems—all from a single console. Netwrix, the company behind the software, claims more than 11,500 customers across over 100 countries, such as Airbus, Virgin, King's College Hospital, and Credissimo, among others. The flaw, which impacts all supported versions prior to 10.5, has been described as an  insecure object deserialization

The Hacker News

July 15, 2022

Software Vendors Start Patching Retbleed CPU Vulnerabilities Full Text

Abstract VMware has confirmed that all four vulnerabilities impact its ESXi hypervisor, and that patches are available for ESXi versions 7.0, 6.7, and 6.5, as well as for Cloud Foundation versions 4.x and 3.x.

Security Week

July 15, 2022

Experts warn of attacks on sites using flawed Kaswara Modern WPBakery Page Builder Addons Full Text

Abstract Researchers spotted a massive campaign that scanned close to 1.6 million WordPress sites for vulnerable Kaswara Modern WPBakery Page Builder Addons. The Wordfence Threat Intelligence team observed a sudden increase in attacks targeting the Kaswara...

Security Affairs

July 15, 2022

New Hacking Technique can Unmask Anonymous Users Across All Major Web Browsers Full Text

Abstract Researchers from the New Jersey Institute of Technology are warning this week about a novel technique attackers could use to de-anonymize website visitors and potentially connect the dots on many components of targets’ digital lives.

Wired

July 14, 2022

The new Retbleed speculative execution attack impacts both Intel and AMD chips Full Text

Abstract Researchers warn of a new vulnerability, dubbed Retbleed, that impacts multiple older AMD and Intel microprocessors. ETH Zurich researchers Johannes Wikner and Kaveh Razavi discovered a new vulnerability, dubbed Retbleed, that affects multiple older...

Security Affairs

July 14, 2022

Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices Full Text

Abstract Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. "An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional payloads," Jonathan Bar Or of the Microsoft 365 Defender Research Team  said  in a write-up. Tracked as  CVE-2022-26706  (CVSS score: 5.5), the security vulnerability impacts iOS, iPadOS, macOS, tvOS, and watchOS and was fixed by Apple in May 2022. Calling it an access issue affecting the LaunchServices (launchd) component, the tech giant noted that "A sandboxed process may be able to circumvent sandbox restrictions," adding it mitigates the issue with additional restrictions. While Apple's  App Sandbox  is designed to tightly regulate a third-party app's access

The Hacker News

July 14, 2022

Microsoft published exploit code for a macOS App sandbox escape flaw Full Text

Abstract Microsoft published the exploit code for a vulnerability in macOS that can allow an attacker to escape the sandbox. Microsoft publicly disclosed technical details for an access issue vulnerability, tracked as CVE-2022-26706, that resides in the...

Security Affairs

July 14, 2022

VMware fixed a flaw in vCenter Server discovered eight months ago Full Text

Abstract VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048, in vCenter Server IWA mechanism. VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048 (CVSSv3 base score of 7.1.), in vCenter Server...

Security Affairs

July 14, 2022

SAP Patches High-Severity Vulnerabilities in Business One Product Full Text

Abstract German software maker SAP on Tuesday announced the release of 20 new security notes and three updates to previous security notes as part of its July 2022 Security Patch Day.

Security Week

July 13, 2022

Microsoft releases PoC exploit for macOS sandbox escape vulnerability Full Text

Abstract On macOS systems that don't have Apple's recent security updates, a vulnerability identified as CVE-2022-26706 could help an attacker bypass sandbox restrictions to execute code with elevated privileges.

BleepingComputer

July 13, 2022

Three UEFI Firmware flaws found in tens of Lenovo Notebook models Full Text

Abstract IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. The multinational technology company Lenovo released security fixes to address three vulnerabilities that reside...

Security Affairs

July 13, 2022

Microsoft releases tweet-size exploit for macOS sandbox escape bug Full Text

Abstract On macOS systems that don't have Apple's recent security updates, a vulnerability identified as CVE-2022-26706 could help an attacker bypass sandbox restrictions to execute code with elevated privileges.

BleepingComputer

July 13, 2022

Retbleed: Another New Spectre-BTI Attack Discovered Full Text

Abstract Researchers from ETH Zurich have revealed that threat actors can exploit two new vulnerabilities, collectively called Retbleed, to obtain sensitive data and passwords from memory.

Cyware Alerts - Hacker News

July 13, 2022

New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models Full Text

Abstract Consumer electronics maker Lenovo on Tuesday  rolled out fixes  to contain three security flaws in its UEFI firmware affecting over 70 product models. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," Slovak cybersecurity firm ESET  said  in a series of tweets. Tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892, all three bugs relate to  buffer overflow vulnerabilities  that have been described by Lenovo as leading to privilege escalation on affected systems. Martin Smolár from ESET has been credited with reporting the flaws. The bugs stem from an insufficient validation of an NVRAM variable called "DataSize" in three different drivers ReadyBootDxe, SystemLoadDefaultDxe, and SystemBootManagerDxe, leading to a buffer overflow that could be weaponized to achieve code execution. T

The Hacker News

July 13, 2022

New UEFI firmware flaws impact over 70 Lenovo laptop models Full Text

Abstract The UEFI firmware used in several laptops made by Lenovo is vulnerable to three buffer overflow vulnerabilities that could enable attackers to hijack the startup routine of Windows installations.

BleepingComputer

July 12, 2022

VMware patches vCenter Server flaw disclosed in November Full Text

Abstract Eight months after disclosing a high-severity privilege escalation flaw in vCenter Server's IWA (Integrated Windows Authentication) mechanism, VMware has finally released a patch for one of the affected versions.

BleepingComputer

July 12, 2022

Microsoft fixes dozens of Azure Site Recovery privilege escalation bugs Full Text

Abstract Microsoft has fixed 32 vulnerabilities in the Azure Site Recovery suite that could have allowed attackers to gain elevated privileges or perform remote code execution.

BleepingComputer

July 12, 2022

Flaws in the ExpressLRS Protocol allow the takeover of drones Full Text

Abstract The protocol for radio-controlled (RC) drones, named ExpressLRS, is affected by vulnerabilities that can allow device takeover. Researchers warn of vulnerabilities that affect the protocol for radio-controlled (RC) drones, named ExpressLRS, which...

Security Affairs

July 12, 2022

Microsoft fixes dozens of Azure Site Recovery privilege escalation bugs Full Text

Abstract Microsoft has fixed 32 vulnerabilities in the Azure Site Recovery suite that could have allowed attackers to gain elevated privileges or perform remote code execution.

BleepingComputer

July 12, 2022

Microsoft July 2022 Patch Tuesday fixes exploited zero-day, 84 flaws Full Text

Abstract Today is Microsoft's July 2022 Patch Tuesday, and with it comes fixes for one actively exploited zero-day vulnerability and a total of 84 flaws.

BleepingComputer

July 12, 2022

Researchers defeat facial recognition systems with universal face mask Full Text

Abstract Can attackers create a face mask that would defeat modern facial recognition (FR) systems? A group of researchers from from Ben-Gurion University of the Negev and Tel Aviv University have proven that it can be done.

Help Net Security

July 11, 2022

Hackers can unlock Honda cars remotely in Rolling-PWN attacks Full Text

Abstract A team of security researchers found that several modern Honda car models have a vulnerable rolling code mechanism that allows unlocking the cars or even starting the engine remotely.

BleepingComputer

July 9, 2022

Fortinet addressed multiple vulnerabilities in several products Full Text

Abstract Fortinet released security patches to address multiple High-Severity vulnerabilities in several products of the vendor. Fortinet addressed multiple vulnerabilities in several products of the vendor. Impacted products are FortiADC, FortiAnalyzer, FortiManager,...

Security Affairs

July 8, 2022

Cisco fixed a critical arbitrary File Overwrite flaw in Enterprise Communication solutions Full Text

Abstract Cisco fixed a critical vulnerability in the Cisco Expressway series and TelePresence Video Communication Server (VCS) products. Cisco released security patches to address a critical vulnerability, tracked as CVE-2022-20812 (CVSS score of 9.0), in the Expressway...

Security Affairs

July 7, 2022

OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE Full Text

Abstract The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue, tracked as CVE-2022-2274, affecting...

Security Affairs

July 06, 2022

Cisco and Fortinet Release Security Patches for Multiple Products Full Text

Abstract Cisco on Wednesday rolled out patches for  10 security flaws  spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks. The issues, tracked as  CVE-2022-20812 and CVE-2022-20813 , affect Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) and "could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device," the company  said  in an advisory. CVE-2022-20812 (CVSS score: 9.0), which concerns a case of arbitrary file overwrite in the cluster database API, requires the authenticated, remote attacker to have Administrator read-write privileges on the application so as to be able to mount path traversal attacks as a root user. "This vulnerability is due to insufficient input validation of user-supplied command arguments," the company said. "An attacker could exploit this vulnerability by authenticati

The Hacker News

July 06, 2022

OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks Full Text

Abstract The maintainers of the OpenSSL project have released patches to address a  high-severity bug  in the cryptographic library that could potentially lead to remote code execution under certain scenarios. The  issue , now assigned the identifier  CVE-2022-2274 , has been described as a case of heap memory corruption with RSA private key operation that was introduced in OpenSSL version 3.0.4 released on June 21, 2022. First released in 1998, OpenSSL is a general-purpose  cryptography library  that offers open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, enabling users to generate private keys, create certificate signing requests ( CSRs ), install SSL/TLS certificates. "SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue," the advisory  noted . Calling it a "serious bug in the RSA implementation

The Hacker News

July 6, 2022

High severity OpenSSL bug could lead to remote code execution Full Text

Abstract SSL/TLS servers or other servers using 2048-bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.

The Daily Swig

July 05, 2022

Microsoft quietly fixes ShadowCoerce Windows NTLM Relay bug Full Text

Abstract Microsoft has confirmed it fixed a previously disclosed 'ShadowCoerce' vulnerability as part of the June 2022 updates that enabled attackers to target Windows servers in NTLM relay attacks.

BleepingComputer

July 04, 2022

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild Full Text

Abstract Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as  CVE-2022-2294 , relates to a heap overflow flaw in the  WebRTC  component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps. Heap buffer overflows, also referred to as heap overrun or heap smashing, occur when data is overwritten in the  heap area of the memory , leading to arbitrary code execution or a denial-of-service (DoS) condition. "Heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker's code," MITRE  explains . "When the consequence is arbitrary code execution, this can often be used to subvert any other security service." Credited with reporting the flaw on July 1, 2022, is Jan Vojtesek from the Avast Thre

The Hacker News

July 4, 2022

Google fixes the fourth Chrome zero-day in 2022 Full Text

Abstract Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked...

Security Affairs

July 4, 2022

Google fixes the fourth Chrome zero-day in 2022 Full Text

Abstract Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked...

Security Affairs

July 04, 2022

Google patches new Chrome zero-day flaw exploited in attacks Full Text

Abstract Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022.

BleepingComputer

July 4, 2022

Popular Django web framework affected by a SQL Injection flaw. Upgrade it now! Full Text

Abstract The development team behind the Django Project has addressed a high-severity SQL Injection flaw in its framework. Django is a free and open-source, Python-based web framework that follows the model–template–views (MTV) architectural pattern. Django...

Security Affairs

July 04, 2022

Django fixes SQL Injection vulnerability in new releases Full Text

Abstract Django, an open source Python-based web framework has patched a high severity vulnerability in its latest releases. Tracked as CVE-2022-34265, the potential SQL Injection vulnerability impacts Django's main branch, and versions 4.1 (currently in beta), 4.0, and 3.2, with patches and new releases issued fixing the vulnerability.

BleepingComputer

July 3, 2022

Tens of Jenkins plugins are affected by zero-day vulnerabilities Full Text

Abstract Jenkins security team disclosed tens of flaws affecting 29 plugins for the Jenkins automation server, most of them are yet to be patched. Jenkins is the most popular open-source automation server, it is maintained by CloudBees and the Jenkins community....

Security Affairs

July 2, 2022

Experts shared PoC exploit code for RCE in Zoho ManageEngine ADAudit Plus tool Full Text

Abstract Researchers shared technical details and proof-of-concept exploit code for the CVE-2022-28219 flaw in Zoho ManageEngine ADAudit Plus tool. Security researchers from Horizon3.ai have published technical details and proof-of-concept exploit code for a critical...

Security Affairs

July 01, 2022

Zoho ManageEngine ADAudit Plus bug gets public RCE exploit Full Text

Abstract Security researchers have published technical details and proof-of-concept exploit code for CVE-2022-28219, a critical vulnerability in the Zoho ManageEngine ADAudit Plus tool for monitoring activities in the Active Directory.

BleepingComputer

July 01, 2022

Jenkins discloses dozens of zero-day bugs in multiple plugins Full Text

Abstract On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched.

BleepingComputer

July 01, 2022

Amazon Quietly Patches ‘High Severity’ Vulnerability in Android Photos App Full Text

Abstract Amazon, in December 2021, patched a high severity vulnerability affecting its  Photos app  for Android that could have been exploited to steal a user's access tokens. "The Amazon access token is used to authenticate the user across multiple Amazon APIs, some of which contain personal data such as full name, email, and address," Checkmarx researchers João Morais and Pedro Umbelino  said . "Others, like the Amazon Drive API, allow an attacker full access to the user's files." The Israeli application security testing company reported the issue to Amazon on November 7, 2021, following which the tech giant rolled out a fix on December 18, 2021. The leak is the result of a misconfiguration in one of the app's components named "com.amazon.gallery.thor.app.activity.ThorViewActivity" that's defined in the  AndroidManifest.xml file  and which, when launched, initiates an HTTP request with a header containing the access token. In a nutshell, it

The Hacker News

July 1, 2022

Gitlab patches critical RCE bug in latest security release Full Text

Abstract The security issue, which has been rated as critical, has been discovered in all versions of GitLab, starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1.

The Daily Swig

June 30, 2022

Chromium browsers vulnerable to dangling markup injection Full Text

Abstract A recently-patched security hole in Chromium browsers allowed attackers to bypass safeguards against dangling markup injection’, an attack that extracts sensitive information from webpages.

The Daily Swig

June 30, 2022

Brocade Vulnerabilities Could Impact Storage Solutions of Several Major Companies Full Text

Abstract According to Broadcom, the Brocade SANnav storage area network (SAN) management application is affected by nine vulnerabilities. Patches have been made available for these security holes.

Security Week

June 29, 2022

Path Traversal flaw in UnRAR utility can allow hacking Zimbra Mail servers Full Text

Abstract Researchers discovered a new flaw in RARlab's UnRAR utility, tracked CVE-2022-30333, that can allow to remotely hack Zimbra Webmail servers. SonarSource researchers have discovered a new vulnerability in RARlab's UnRAR utility, tracked as CVE-2022-30333,...

Security Affairs

June 29, 2022

New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers Full Text

Abstract A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive. Following responsible disclosure on May 4, 2022, the shortcoming was addressed by RarLab as part of  version 6.12  released on May 6. Other versions of the software, including those for Windows and Android operating systems, are not impacted. "An attacker is able to create files outside of the target extraction directory when an application or victim user extracts an untrusted archive," SonarSource researcher Simon Scannell  said  in a Tuesday report. "If they can write to a known location, they are likely to be able to leverage it in a way leading to the execution of arb

The Hacker News

June 29, 2022

New ‘FabricScape’ Bug in Microsoft Azure Service Fabric Impacts Linux Workloads Full Text

Abstract Cybersecurity researchers from Palo Alto Networks Unit 42  disclosed  details of a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster. The issue, which has been dubbed  FabricScape  ( CVE-2022-30137 ), could be exploited on containers that are configured to have  runtime access . It has been  remediated  as of June 14, 2022, in  Service Fabric 9.0 Cumulative Update 1.0 . Azure Service Fabric  is Microsoft's platform-as-a-service ( PaaS ) and a container orchestrator solution used to build and deploy microservices-based cloud applications across a cluster of machines. "The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control of the resource's host SF node and the entire cluster," Microsoft  said  as part of the coordinated disclosure process. "Though the bug exists on both Operating System (OS)

The Hacker News

June 29, 2022

Thunderbird 102 released with highly anticipated features, bug fixes Full Text

Abstract Mozilla has announced the release of Thunderbird 102, one of the world's most popular open-source email clients with an estimated userbase of over 25 million.

BleepingComputer

June 29, 2022

Firefox 102 Patches 19 Vulnerabilities, Improves Privacy Full Text

Abstract With the latest update, Mozilla has patched CVE-2022-34470, a high-severity use-after-free issue in nsSHistory that was triggered when navigating between XML documents, and which could lead to a potentially exploitable crash.

Security Week

June 29, 2022

Amazon fixes high-severity vulnerability in Android Photos app Full Text

Abstract Amazon has confirmed and fixed a vulnerability in its Photos app for Android, which has been downloaded over 50 million times on the Google Play Store.

BleepingComputer

June 29, 2022

Microsoft Azure FabricScape bug let hackers hijack Linux clusters Full Text

Abstract Microsoft has fixed a container escape bug dubbed FabricScape in the Service Fabric (SF) application hosting platform that let threat actors escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster.

BleepingComputer

June 28, 2022

Latest OpenSSL version is affected by a remote memory corruption flaw Full Text

Abstract Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4. The library...

Security Affairs

June 28, 2022

OpenSSL to Release Security Patch for Remote Memory Corruption Vulnerability Full Text

Abstract The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. The issue has been identified in OpenSSL  version 3.0.4 , which was released on June 21, 2022, and impacts x64 systems with the  AVX-512  instruction set. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected. Security researcher Guido Vranken, who reported the bug at the end of May,  said  it "can be triggered trivially by an attacker." Although the shortcoming has been  fixed , no patches have been made available as yet. OpenSSL is a popular cryptography library that offers an open source implementation of the Transport Layer Security ( TLS ) protocol. Advanced Vector Extensions ( AVX ) are extensions to the x86 instruction set architecture for microprocessors from Intel and AMD. "I do not think this is a security vulnerability," Tomáš Mráz of the OpenSSL Foundation said in a GitHub issue thread.

The Hacker News

June 28, 2022

Two critical flaws affect CODESYS ICS Automation Software Full Text

Abstract CODESYS addressed 11 security flaws in the ICS Automation Software that could lead to information disclosure and trigger a denial-of-service (DoS) condition. CODESYS has released security patches to fix eleven 11 vulnerabilities in its ICS Automation...

Security Affairs

June 28, 2022

Over 900,000 Kubernetes instances found exposed online Full Text

Abstract Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks.

BleepingComputer

June 27, 2022

Critical Security Flaws Identified in CODESYS ICS Automation Software Full Text

Abstract CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service (DoS) condition, among others.  "These vulnerabilities are simple to exploit, and they can be successfully exploited to cause consequences such as sensitive information leakage, PLCs entering a severe fault state, and arbitrary code execution," Chinese cybersecurity firm NSFOCUS  said . "In combination with industrial scenarios on the field, these vulnerabilities could expose industrial production to stagnation, equipment damage, etc." CODESYS is a  software   suite  used by automation specialists as a development environment for programmable logic controller applications ( PLCs ). Following responsible disclosure between September 2021 and January 2022, fixes were  shipped  by the German software company last week on June 23, 2022. Two of the bugs are rated as Critical, seven as High, and two as Me

The Hacker News

June 27, 2022

Microsoft Exchange bug abused to hack building automation systems Full Text

Abstract A Chinese-speaking threat actor has hacked into the building automation systems (used to control HVAC, fire, and security functions) of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks.

BleepingComputer

June 27, 2022

Codesys Patches 11 Flaws Likely Affecting Controllers From Several ICS Vendors Full Text

Abstract Codesys admits that the vulnerabilities can be exploited remotely by an attacker with low skills, but the company says in many cases an attacker requires some form of access to the targeted system.

Security Week

June 25, 2022

Oracle spent 6 months to fix ‘Mega’ flaws in the Fusion Middleware Full Text

Abstract Researchers disclose technical details of a critical flaw in Fusion Middleware, tracked as CVE-2022–21445, that Oracle took six months to patch. Security researchers have published technical details of a critical Fusion Middleware vulnerability,...

Security Affairs

June 24, 2022

Threat actors continue to exploit Log4Shell in VMware Horizon Systems Full Text

Abstract The U.S. CISA and the Coast Guard Cyber Command (CGCYBER) warn of attacks exploiting the Log4Shell flaw in VMware Horizon servers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER),...

Security Affairs

June 24, 2022

Vulnerabilities in the Jacuzzi SmartTub app could allow to access users’ data Full Text

Abstract Researchers discovered multiple vulnerabilities in Jacuzzi SmartTub app web interface that can expose private data. Multiple vulnerabilities in Jacuzzi SmartTub app web interface could have disclosed private data to attackers, security researcher...

Security Affairs

June 24, 2022

Researchers Say Oracle Took 6 Months to Patch Critical Vulnerability Affecting Many Systems Full Text

Abstract Tracked as CVE-2022–21445 (CVSS score of 9.8), the vulnerability is described as a deserialization of untrusted data, which could be exploited to achieve arbitrary code execution.

Security Week

June 23, 2022

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and [Unified Access Gateway] servers," the agencies  said . "As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command-and-control (C2)." In one instance, the adversary is said to have been able to move laterally inside the victim network, obtain access to a disaster recovery network, and collect and exfiltrate sensitive law enforcement data. Log4Shell , tracked as  CVE-2021-44228  (CVSS score: 10.0), is a remote code execution vulnerability affecting the Apache

The Hacker News

June 23, 2022

QNAP warns of a critical PHP flaw that could lead to remote code execution Full Text

Abstract Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution. Taiwanese vendor QNAP is addressing a critical PHP vulnerability, tracked as CVE-2019-11043 (CVSS score 9.8 out of 10), that...

Security Affairs

June 23, 2022

Researchers found flaws in MEGA that allowed to decrypt of user data Full Text

Abstract Researchers at ETH Zurich discovered several critical flaws in the MEGA cloud storage service that could have allowed the decryption of user data MEGA has addressed multiple vulnerabilities in its cloud storage service that could have allowed threat...

Security Affairs

June 23, 2022

ICS Vendors Respond to OT:Icefall Vulnerabilities Impacting Critical Infrastructure Full Text

Abstract Affected vendors include Baker Hughes (Bentley Nevada), Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa. One of the impacted vendors has not been named as the disclosure process is still ongoing.

Security Week

June 23, 2022

Severe Parse Server bug impacts Apple Game Center Full Text

Abstract Tracked as CVE-2022-31083 and issued a CVSS severity score of 8.6, the security issue is described as a scenario in which the authentication adapter for Apple Game Center’s security certificate is not validated.

The Daily Swig

June 22, 2022

Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks Full Text

Abstract QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Wednesday said it's in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution. "A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config," the hardware vendor  said  in an advisory. "If exploited, the vulnerability allows attackers to gain remote code execution." The vulnerability, tracked as  CVE-2019-11043 , is rated 9.8 out of 10 for severity on the CVSS vulnerability scoring system. That said, it's required that Nginx and php-fpm are running in appliances using the following QNAP operating system versions - QTS 5.0.x and later QTS 4.5.x and later QuTS hero h5.0.x and later QuTS hero h4.5.x and later QuTScloud c5.0.x and later "As QTS, QuTS hero or QuTScloud does not have nginx installed by default, QNAP NAS are not aff

The Hacker News

June 22, 2022

Researchers Uncover Ways to Break the Encryption of ‘MEGA’ Cloud Storage Service Full Text

Abstract A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled " MEGA: Malleable Encryption Goes Awry ," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a rogue actor to fully compromise the privacy of the uploaded files. "Additionally, the integrity of user data is damaged to the extent that an attacker can insert malicious files of their choice which pass all authenticity checks of the client," ETH Zurich's Matilda Backendal, Miro Haller, and Kenneth G. Paterson said in an analysis of the service's cryptographic architecture. MEGA, which  advertises  itself as the "privacy company" and claims to provide user-controlled end-to-end encrypted cloud storage, has more than 10 million daily active users, w

The Hacker News

June 22, 2022

MEGA fixes critical flaws that allowed the decryption of user data Full Text

Abstract MEGA has released a security update to address a set of severe vulnerabilities that could have exposed user data, even if the data had been stored in encrypted form.

BleepingComputer

June 22, 2022

SMA Technologies Patches Critical Security Issue in Workload Automation Solution Full Text

Abstract Aimed at financial institutions and insurance firms, OpCon is a cross-platform process automation and orchestration solution that can be used for the management of workloads across business-critical operations.

Security Week

June 22, 2022

Critical PHP flaw exposes QNAP NAS devices to RCE attacks Full Text

Abstract QNAP has warned customers today that many of its Network Attached Storage (NAS) devices are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution.

BleepingComputer

June 22, 2022

Google Patches 14 Vulnerabilities With Release of Chrome 103 Full Text

Abstract The most severe of these bugs is CVE-2022-2156, which is described as a critical-severity use-after-free issue in Base. The security flaw was identified by Mark Brand of Google Project Zero.

Security Week

June 21, 2022

Researchers Disclose 56 Vulnerabilities Impacting OT Devices from 10 Vendors Full Text

Abstract Nearly five dozen security vulnerabilities have been disclosed in devices from 10 operational technology (OT) vendors due to what researchers call are "insecure-by-design practices." Collectively dubbed  OT:ICEFALL  by Forescout, the 56 issues span as many as 26 device models from Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa. "Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service or have a variety of operational impacts," the company said in a technical report. These vulnerabilities could have disastrous consequences considering the impacted products are widely employed in critical infrastructure industries such as oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, min

The Hacker News

June 21, 2022

Jacuzzi customer details could be exposed by SmartTub web bugs, claims researcher Full Text

Abstract Vulnerabilities in the web interface of Jacuzzi’s SmartTub app could have enabled an attacker to view and potentially manipulate the personal data of hot tub owners, a security researcher claims.

The Daily Swig

June 21, 2022

Icefall: 56 flaws impact thousands of exposed industrial devices Full Text

Abstract A security report has been published on a set of 56 vulnerabilities that are collectively called Icefall and affect operational technology (OT) equipment used in various critical infrastructure environments.

BleepingComputer

June 20, 2022

Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild Full Text

Abstract A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. The issue, tracked as  CVE-2022-22620  (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to gain arbitrary code execution. In early February 2022, Apple shipped patches for the bug across Safari, iOS, iPadOS, and macOS, while acknowledging that it "may have been actively exploited." "In this case, the variant was completely patched when the vulnerability was initially reported in 2013," Maddie Stone of Google Project Zero  said . "However, the variant was reintroduced three years later during large refactoring efforts. The vulnerability then continued to exist for 5 years until it was fixed as an in-the-wild zero-day in January 2022." While both th

The Hacker News

June 20, 2022

Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild Full Text

Abstract Google Project Zero experts disclosed details of a 5-Year-Old Apple Safari flaw actively exploited in the wild. Researchers from the Google Project Zero team have disclosed details of a vulnerability in Apple Safari that was actively exploited in the wild. The...

Security Affairs

June 20, 2022

Attackers Can Use ‘Scroll to Text Fragment’ Web Browser Feature to Steal Data Full Text

Abstract Scroll to Text Fragment (STTF), a feature that can be used to directly browse to a specific text fragment on a webpage, can be exploited to leak sensitive user information, a security researcher has found.

The Daily Swig

June 20, 2022

Cisco will not address critical RCE in end-of-life Small Business RV routers Full Text

Abstract Cisco announced that it will not release updates to fix the CVE-2022-20825 flaw in end-of-life Small Business RV routers. Cisco will not release updates to address the CVE-2022-20825 RCE flaw in end-of-life Small Business RV routers and encourage...

Security Affairs

June 20, 2022

AutomationDirect Patches Vulnerabilities in PLC, HMI Products Full Text

Abstract The US CISA has informed organizations that AutomationDirect has patched several high-severity vulnerabilities in some of its programmable logic controller (PLC) and human-machine interface (HMI) products.

Security Week

June 19, 2022

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild Full Text

Abstract A critical vulnerability in Ninja Forms plugin potentially impacted more than one million WordPress websites In middle June, the Wordfence Threat Intelligence team noticed a back-ported security update in the popular WordPress plugin Ninja Forms,...

Security Affairs

June 18, 2022

Follina Patch Finally Out! Full Text

Abstract Referred to as Follina, the flaw is tracked as CVE-2022-30190. It affects multiple Office versions, including Office 2013, Office 2016, Office 2021, and Office Pro Plus.

Cyware Alerts - Hacker News

June 18, 2022

15 vulnerabilities discovered in Siemens industrial control management system Full Text

Abstract Fifteen security vulnerabilities affecting Siemens SINEC network management system (NMS) were unveiled this week, according to new research published by security company Claroty.

The Record

June 17, 2022

Over a Dozen Flaws Found in Siemens’ Industrial Network Management System Full Text

Abstract Cybersecurity researchers have disclosed details about 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems. "The vulnerabilities, if exploited, pose a number of risks to Siemens devices on the network including denial-of-service attacks, credential leaks, and remote code execution in certain circumstances," industrial security company Claroty  said  in a new report. The shortcomings in question — tracked from CVE-2021-33722 through CVE-2021-33736 — were addressed by Siemens in version V1.0 SP2 Update 1 as part of updates shipped on October 12, 2021. "The most severe could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions," Siemens  noted  in an advisory at the time. Chief among the weaknesses is CVE-2021-33723 (CVSS score: 8.8), which allows for privilege escalation to

The Hacker News

June 17, 2022

Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners Full Text

Abstract A recently patched  critical security flaw  in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads. In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to deliver Cerber ransomware and a  crypto miner  called z0miner on victim networks. The bug ( CVE-2022-26134 , CVSS score: 9.8), which was  patched  by Atlassian on June 3, 2022, enables an unauthenticated actor to inject malicious code that paves the way of remote code execution (RCE) on affected installations of the collaboration suite. All supported versions of Confluence Server and Data Center are affected. Other notable malware pushed as part of disparate instances of attack activity include Mirai and Kinsing bot variants, a rogue package called  pwnkit , and Cobalt Strike by way of a web shell deployed after gaining an initial foothold into the

The Hacker News

June 17, 2022

Cisco says it won’t fix zero-day RCE in end-of-life VPN routers Full Text

Abstract Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched.

BleepingComputer

June 17, 2022

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould Full Text

Abstract Experts discovered a feature in Microsoft 365 suite that could be abused to encrypt files stored on SharePoint and OneDrive and target cloud infrastructure. Researchers from Proofpoint reported that a feature in the in Microsoft 365 suite could be abused...

Security Affairs

June 17, 2022

Over a Million WordPress Sites Forcibly Updated to Patch a Critical Plugin Vulnerability Full Text

Abstract WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability that's suspected of having been actively exploited in the wild. The issue, which relates to a case of code injection, is rated 9.8 out of 10 for severity and affects multiple versions starting from 3.0. It has been fixed in 3.0.34.2, 3.1.10, 3.2.28, 3.3.21.4, 3.4.34.2, 3.5.8.4, and 3.6.11. Ninja Forms is a  customizable contact form builder  that has over 1 million installations. According to Wordfence, the bug "made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserialized user-supplied content, resulting in Object Injection." "This could allow attackers to execute arbitrary code or delete arbitrary files on sites where a separate [property oriented programming] chain was present," Chloe Chamberland of Wordfence  noted . Suc

The Hacker News

June 17, 2022

Reddit patches CSRF vulnerability that forced users to view NSFW content Full Text

Abstract The medium severity security bug disabled the option to turn on certain settings, meaning that any user who has opted to restrict adult content could instead be directed towards it by malicious hackers.

The Daily Swig

June 16, 2022

Sophos Firewall zero-day bug exploited weeks before fix Full Text

Abstract Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim.

BleepingComputer

June 16, 2022

A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage Full Text

Abstract A "dangerous piece of functionality" has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to ransom files stored on SharePoint and OneDrive and launch attacks on cloud infrastructure. The cloud ransomware attack makes it possible to launch file-encrypting malware to "encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker," Proofpoint  said  in a report published today. The infection sequence can be carried out using a combination of Microsoft APIs, command-line interface (CLI) scripts, and PowerShell scripts, the enterprise security firm added. The attack, at its core, hinges on a Microsoft 365 feature called AutoSave that creates copies of older file versions as and when users make edits to a file stored on OneDrive or SharePoint Online. It commences with gaining unauthorized access to a target user's SharePoint Onlin

The Hacker News

June 16, 2022

Researchers disclosed a remote code execution flaw in Fastjson Library Full Text

Abstract Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson...

Security Affairs

June 16, 2022

730K WordPress sites force-updated to patch critical plugin bug Full Text

Abstract WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild.

BleepingComputer

June 16, 2022

High-Severity RCE Vulnerability Reported in Popular Fastjson Library Full Text

Abstract Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as  CVE-2022-25845  (CVSS score: 8.1), the  issue  relates to a case of  deserialization of untrusted data  in a supported feature called "AutoType." It was patched by the project maintainers in  version 1.2.83  released on May 23, 2022. "This vulnerability affects all Java applications that rely on Fastjson versions 1.2.80 or earlier and that pass user-controlled data to either the JSON.parse or JSON.parseObject APIs without specifying a specific  class  to deserialize," JFrog's Uriya Yavnieli  said  in a write-up. Fastjson  is a Java library that's used to convert Java Objects into their  JSON  representation and vice versa.  AutoType , the function vulnerable to the flaw, is enabled by default and is designed to specify a custom type when parsing

The Hacker News

June 16, 2022

Cisco fixed a critical Bypass Authentication flaw in Cisco ESA and Secure Email and Web Manager Full Text

Abstract Cisco addressed a critical bypass authentication flaw in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager. Cisco addressed a critical bypass authentication vulnerability affecting Email Security Appliance (ESA) and Secure Email...

Security Affairs

June 16, 2022

Anker Eufy smart home hubs exposed to RCE attacks by critical flaw Full Text

Abstract Anker's central smart home device hub, Eufy Homebase 2, was vulnerable to three vulnerabilities, one of which is a critical remote code execution (RCE) flaw.

BleepingComputer

June 16, 2022

GhostTouch: Hackers can reach your phone’s touchscreen without even touching it Full Text

Abstract According to the researchers’ findings, an attacker can use GhostTouch to carry out several types of malicious actions, including initiating calls and downloading malware.

The Daily Swig

June 15, 2022

Critical Flaw in Cisco Secure Email and Web Manager Lets Attackers Bypass Authentication Full Text

Abstract Cisco on Wednesday rolled out fixes to address a critical security flaw affecting Email Security Appliance (ESA) and Secure Email and Web Manager that could be exploited by an unauthenticated, remote attacker to sidestep authentication. Assigned the CVE identifier CVE-2022-20798 , the bypass vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring system and stems from improper authentication checks when an affected device uses Lightweight Directory Access Protocol ( LDAP ) for external authentication. "An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device," Cisco noted in an advisory. "A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device." The flaw, which it said was identified during the resolution of a technical assistance center (TAC) case, impacts ESA and Secure Email and Web Manager running vulnerable

The Hacker News

June 15, 2022

Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips Full Text

Abstract Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption keys. Researchers from University of Texas, University of Illinois Urbana-Champaign, and the University of Washington,...

Security Affairs

June 15, 2022

Cisco Secure Email bug can let attackers bypass authentication Full Text

Abstract Cisco notified customers this week to patch a critical vulnerability that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances with non-default configurations.

BleepingComputer

June 15, 2022

New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs Full Text

Abstract A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. Dubbed  Hertzbleed  by a group of researchers from the University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, the issue is rooted in dynamic voltage and frequency scaling ( DVFS ), power and thermal management feature employed to conserve power and reduce the amount of heat generated by a chip. "The cause is that, under certain circumstances, periodic CPU frequency adjustments depend on the current CPU power consumption, and these adjustments directly translate to execution time differences (as 1 hertz = 1 cycle per second)," the researchers said. This can have significant security implications on cryptographic libraries even when implemented correctly as  constant-time code  to prevent timing-based side channels, effectively enabling an attacker to leverage the execution t

The Hacker News

June 15, 2022

A critical flaw in Citrix Application Delivery Management allows resetting admin passwords Full Text

Abstract Citrix fixed a critical flaw in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can allow attackers to reset admin passwords. Citrix fixed a critical vulnerability in Citrix Application Delivery Management (ADM), tracked...

Security Affairs

June 15, 2022

Zimbra bug allows stealing email logins with no user interaction Full Text

Abstract Zimbra and SonarSource proceeded to the coordinated disclosure of a high-severity vulnerability that allows unauthenticated attackers to steal cleartext credentials from Zimbra without any user interaction.

BleepingComputer

June 15, 2022

Attackers Can Exploit Critical Citrix ADM Vulnerability to Reset Admin Passwords Full Text

Abstract Tracked as CVE-2022-27511, the newly addressed security bug is described as an improper access control issue that could allow a remote, unauthenticated attacker to corrupt the system and trigger an administrator password reset.

Security Week

June 15, 2022

Citrix warns critical bug can let attackers reset admin passwords Full Text

Abstract Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management (ADM) vulnerability that can let attackers reset admin passwords.

BleepingComputer

June 15, 2022

Multiple Critical Flaws in Carrier’s Access Control Systems Full Text

Abstract Researchers found a total of eight vulnerabilities in Carrier’s LenelS2 access control products using HID Mercury controllers. Out of eight flaws, seven were identified as critical. These can be exploited by hackers to remotely unlock doors and perform command injection, DoS conditions, information ... Read More

Cyware Alerts - Hacker News

June 15, 2022

Microsoft: June Windows Server updates may cause backup issues Full Text

Abstract Microsoft says that some applications might fail to backup data using Volume Shadow Copy Service (VSS) after applying the June 2022 Patch Tuesday Windows updates.

BleepingComputer

June 14, 2022

Patch Tuesday: Microsoft Issues Fix for Actively Exploited ‘Follina’ Vulnerability Full Text

Abstract Microsoft officially released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Also addressed by the tech giant are  55 other flaws , three of which are rated Critical, 51 are rated Important, and one is rated Moderate in severity. Separately,  five other shortcomings  were resolved in the Microsoft Edge browser. Tracked as  CVE-2022-30190  (CVSS score: 7.8), the  zero-day bug  relates to a remote code execution vulnerability affecting the Windows Support Diagnostic Tool (MSDT) when it's invoked using the "ms-msdt:" URI protocol scheme from an application such as Word. The vulnerability can be trivially exploited by means of a specially crafted Word document that downloads and loads a malicious HTML file through Word's remote template feature. The HTML file ultimately permits the attacker to load and execute PowerShell code within Windows. "An attacker who successfully exploits this

The Hacker News

June 14, 2022

New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials Full Text

Abstract A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. "With the consequent access to the victims' mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal services and steal highly sensitive information," SonarSource  said  in a report shared with The Hacker News. Tracked as  CVE-2022-27924  (CVSS score: 7.5), the issue has been characterized as a case of "Memcached poisoning with unauthenticated request," leading to a scenario where an adversary can inject malicious commands and siphon sensitive information. This is made possible by poisoning the  IMAP  route cache entries in the Memcached server that's used to look up Zimbra users and forward their HTTP requests to appropriate backend services. Given that Memcached parses incoming

The Hacker News

June 14, 2022

A flaw in Zimbra email suite allows stealing login credentials of the users Full Text

Abstract A high-severity vulnerability in the Zimbra email suite could be exploited by an unauthenticated attacker to steal login credentials of users. Researchers from Sonarsource have discovered a high-severity vulnerability impacting the Zimbra email suite,...

Security Affairs

June 14, 2022

Technical Details Released for ‘SynLapse’ RCE Vulnerability Reported in Microsoft Azure Full Text

Abstract Microsoft has incorporated additional improvements to address the recently disclosed  SynLapse  security vulnerability in order to meet comprehensive  tenant isolation   requirements  in Azure Data Factory and Azure Synapse Pipelines. The latest safeguards include moving the shared integration runtimes to sandboxed ephemeral instances and using scoped tokens to prevent adversaries from using a client certificate to access other tenants' information. "This means that if an attacker could execute code on the  integration runtime , it is never shared between two different tenants, so no sensitive data is in danger," Orca Security said in a technical report detailing the flaw. The high-severity issue, tracked as  CVE-2022-29972  (CVSS score: 7.8) and disclosed early last month, could have allowed an attacker to perform remote command execution and gain access to another Azure client's cloud environment. Originally reported by the cloud security company on January 4

The Hacker News

June 14, 2022

Microsoft patches actively exploited Follina Windows zero-day Full Text

Abstract Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks.

BleepingComputer

June 14, 2022

Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens Full Text

Abstract An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other credentials associated with popular cloud service providers such as GitHub, AWS, and Docker Hub," researchers from cloud security firm Aqua  said  in a Monday report. Travis CI is a  continuous integration  service used to build and test software projects hosted on cloud repository platforms such as GitHub and Bitbucket. The issue, previously reported in 2015 and  2019 , is rooted in the fact that the  API  permits access to historical logs in cleartext format, enabling a malicious party to even "fetch the logs that were previously unavailable via the API." The logs go all

The Hacker News

June 14, 2022

Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws Full Text

Abstract Today is Microsoft's June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT 'Follina' zero-day vulnerability and new Intel MMIO flaws.

BleepingComputer

June 14, 2022

Researcher Shows How Tesla Key Card Feature Can Be Abused to Steal Cars Full Text

Abstract The researcher found that when a Tesla is unlocked using the key card via NFC, there is a 130-second window when an attacker within Bluetooth range of the targeted vehicle can add their own key, which they can later use to unlock and drive the car.

Security Week

June 13, 2022

Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses Full Text

Abstract Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as  CVE-2022-29854  and  CVE-2022-29855  (CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May 2022. "Due to this undocumented backdoor, an attacker with physical access to a vulnerable desk phone can gain root access by pressing specific keys on system boot, and then connect to a provided Telnet service as root user," SySS researcher Matthias Deeg said in a statement shared with The Hacker News. Specifically, the issue relates to a previously unknown functionality present in a shell script ("check_mft.sh") in the phones' firmware that's designed to be executed at system boot. "The shell script 'check_mft.sh,' which is located in the direc

The Hacker News

June 12, 2022

HID Mercury Access Controller flaws could allow to unlock Doors Full Text

Abstract Experts found vulnerabilities in HID Mercury Access Controllers can be exploited by attackers to remotely unlock doors. Researchers from security firm Trellix discovered some critical vulnerabilities in HID Mercury Access Controllers that can be exploited...

Security Affairs

June 11, 2022

MIT Researchers Discover New Flaw in Apple M1 CPUs That Can’t Be Patched Full Text

Abstract A novel hardware attack dubbed  PACMAN  has been demonstrated against Apple's M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems. It leverages "speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity," MIT researchers Joseph Ravichandran, Weon Taek Na, Jay Lang, and Mengjia Yan  said  in a new paper. What's more concerning is that "while the hardware mechanisms used by PACMAN cannot be patched with software features, memory corruption bugs can be," the researchers added. The vulnerability is rooted in pointer authentication codes ( PACs ), a line of defense introduced in arm64e architecture that aims to detect and secure against unexpected changes to  pointers  — objects that store a memory address — in memory. PACs aim to solve a common problem in software secur

The Hacker News

June 10, 2022

‘PACMAN’ Hardware Vulnerability Can Enable Memory Defense Bypass Full Text

Abstract Apple's M1 chip has been found to contain a hardware vulnerability that can be abused to disable one of its defense mechanisms against memory corruption exploits, giving such attacks a greater chance of success.

The Register

June 10, 2022

Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones Full Text

Abstract A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals). The identification, at its core, hinges on imperfections in the Bluetooth chipset hardware introduced during the manufacturing process, resulting in a "unique physical-layer fingerprint." "To perform a physical-layer fingerprinting attack, the attacker must be equipped with a Software Defined Radio sniffer: a radio receiver capable of recording raw IQ radio signals," the researchers  said  in a  new paper   titled  "Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices." The  attack  is made possible due to the ubiquitous nature of Bluetooth Low Energy (BLE) beacons that are continuously transmitted by modern devices to enable crucial functions such as  contact tracing  during public health emergencies. The hardwa

The Hacker News

June 10, 2022

8 zero-day vulnerabilities discovered in popular industrial control system from Carrier Full Text

Abstract Carrier’s LenelS2 Mercury access control panels are widely used across hundreds of companies in the healthcare, education, and transportation industries as well as federal government agencies and organizations.

The Record

June 10, 2022

Researchers Disclose Critical Flaws in Industrial Access Control System from Carrier Full Text

Abstract As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems," Trellix security researchers Steve Povolny and Sam Quinn said in a report shared with The Hacker News. The issues, in a nutshell, could be weaponized by a malicious actor to gain full system control, including the ability to manipulate door locks. One of the bugs (CVE-2022-31481) includes an unauthenticated remote execution flaw that's rated 10 out of 10 for severity on the CVSS scoring system. Other shortcomings could lead to command injection (CVE-2022-31479, CVE-2022-31486), denial-of-service (CVE-2022-31480, CVE-2022-31482), user modification (CVE-2022-31484), and information spoofing (CVE

The Hacker News

June 10, 2022

InfiRay Thermal Camera Flaws Can Allow Hackers to Tamper With Industrial Processes Full Text

Abstract Researchers at Austria-based cybersecurity consultancy SEC Consult discovered that at least one of the vendor’s thermal cameras, the A8Z3 model, is affected by several potentially serious vulnerabilities.

Security Week

June 10, 2022

Chrome 102 Update Patches High-Severity Vulnerabilities Full Text

Abstract Tracked as CVE-2022-2007, the first of these bugs is described as a use-after-free in WebGPU. The security hole was reported by David Manouchehri, who received a $10,000 bug bounty reward for his finding.

Security Week

June 10, 2022

Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups Full Text

Abstract The security vulnerabilities were present in the enterprise-grade Fujitsu Eternus CS8000 (Control Center) V8.1. Researchers from the NCC Group found two separate issues due to a lack of user input validation in two PHP scripts.

The Daily Swig

June 9, 2022

Three Actively Exploited SAP Vulnerabilities Identified Full Text

Abstract Recently, Onapsis researchers detected exploitation activity related to three vulnerabilities that were already patched by SAP - CVE-2021-38163, CVE-2016-2386, and CVE-2016-2388.

Onapsis

June 08, 2022

Researchers Warn of Unpatched “DogWalk” Microsoft Windows Vulnerability Full Text

Abstract An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT), even as the Follina flaw continues to be exploited in the wild. The issue — referenced as  DogWalk  — relates to a path traversal flaw that can be exploited to stash a malicious executable file to the Windows Startup folder when a potential target opens a specially crafted ".diagcab" archive file that contains a diagnostics configuration file. The idea is that the payload would get executed the next time the victim logs in to the system after a restart. The vulnerability affects all Windows versions, starting from Windows 7 and Server Server 2008 to the latest releases. DogWalk was originally  disclosed  by security researcher Imre Rad in January 2020 after Microsoft, having acknowledged the problem, deemed it as not a security issue. "There are a number of file types that can execute code in such a way but aren't techni

The Hacker News

June 8, 2022

0Patch released unofficial security patch for new DogWalk Windows zero-day Full Text

Abstract 0patch researchers released an unofficial security patch for a Windows zero-day vulnerability dubbed DogWalk. 0patch released an unofficial security patch for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) dubbed...

Security Affairs

June 07, 2022

New ‘DogWalk’ Windows zero-day bug gets free unofficial patches Full Text

Abstract Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) have been released today through the 0patch platform. 

BleepingComputer

June 07, 2022

Android June 2022 updates bring fix for critical RCE vulnerability Full Text

Abstract Google has released the June 2022 security updates for Android devices running OS versions 10, 11, and 12, fixing 41 vulnerabilities, five rated critical.

BleepingComputer

June 06, 2022

Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices Full Text

Abstract Cybersecurity researchers have disclosed  two unpatched security vulnerabilities  in the open-source U-Boot boot loader. The issues, which were uncovered in the  IP defragmentation  algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service (DoS). U-Boot is a  boot loader  used in Linux-based embedded systems such as ChromeOS as well as ebook readers such as Amazon Kindle and Kobo eReader. The issues are summarized below - CVE-2022-30790  (CVSS score: 9.6) - Hole Descriptor overwrite in U-Boot IP packet defragmentation leads to an arbitrary out-of-bounds write primitive. CVE-2022-30552  (CVSS score: 7.1) - Large buffer overflow leads to DoS in U-Boot IP packet defragmentation code It's worth noting that both the flaws are exploitable only from the local network. But doing so can enable an attacker to root the devices and lead to a DoS by crafting a malformed packet. The shortcomings are expected to be addr

The Hacker News

June 6, 2022

Red TIM Research discovers a Command Injection with a 9,8 score on Resi Full Text

Abstract During the bug hunting activity, Red Team Research (RTR) detected 2 zero-day bugs on GEMINI-NET, a RESI Informatica solution. It’s been detected an OS Command Injection, which has been identified from NIST as a Critical one, its score is 9,8. ...

Security Affairs

June 6, 2022

Unpatched bug chain poses ‘mass account takeover’ threat to Yunmai weight monitoring app Full Text

Abstract A chained, zero-day exploit could potentially expose all user data in the backend of the companion mobile application for a popular smart weight scale, security researchers have claimed.

The Daily Swig

June 05, 2022

Exploit released for Atlassian Confluence RCE bug, patch now Full Text

Abstract Proof-of-concept exploits for the actively exploited critical CVE-2022-26134 vulnerability impacting Atlassian Confluence and Data Center servers have been widely released this weekend.

BleepingComputer

June 5, 2022

PoC exploits for Atlassian CVE-2022-26134 RCE flaw released online Full Text

Abstract Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center...

Security Affairs

June 4, 2022

GitLab addressed critical account take over via SCIM email change Full Text

Abstract GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users' accounts. GitLab has fixed a critical security flaw in its GitLab Enterprise Edition (EE), tracked as CVE-2022-1680...

Security Affairs

June 03, 2022

GitLab Issues Security Patch for Critical Account Takeover Vulnerability Full Text

Abstract GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as  CVE-2022-1680 , the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of GitLab Enterprise Edition (EE) starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, and all versions starting from 15.0 before 15.0.1. "When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users' email addresses via SCIM to an attacker controlled email address and thus — in the absence of 2FA — take over those accounts," GitLab  said . Having achieved this, a malicious actor can also change the display name and username of the targeted account, the DevOps platform provider cautioned in its

The Hacker News

June 03, 2022

Atlassian fixes Confluence zero-day widely exploited in attacks Full Text

Abstract Atlassian has released security updates to address a critical zero-day vulnerability in Confluence Server and Data Center actively exploited in the wild to backdoor Internet-exposed servers.

BleepingComputer

June 03, 2022

GitLab security update fixes critical account take over flaw Full Text

Abstract GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover.

BleepingComputer

June 3, 2022

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited Full Text

Abstract Atlassian warned of an actively exploited critical unpatched remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products. Atlassian is warning of a critical unpatched remote code execution vulnerability affecting all Confluence...

Security Affairs

June 2, 2022

A critical RCE flaw in Horde Webmail has yet to be addressed Full Text

Abstract A remote code execution vulnerability in the open-source Horde Webmail client can allow to take over servers by sending a specially crafted email. Researchers from SonarSource discovered a remote code execution vulnerability (CVE-2022-30287) in the open-source...

Security Affairs

June 1, 2022

Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack Full Text

Abstract Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.

Threatpost

June 01, 2022

New Windows Search zero-day added to Microsoft protocol nightmare Full Text

Abstract A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document.

BleepingComputer

June 01, 2022

New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email Full Text

Abstract A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. "Once the email is viewed, the attacker can silently take over the complete mail server without any further user interaction," SonarSource said in a report shared with The Hacker News. "The vulnerability exists in the default configuration and can be exploited with no knowledge of a targeted Horde instance." The issue, which has been assigned the CVE identifier  CVE-2022-30287 , was reported to the vendor on February 2, 2022. The maintainers of the Horde Project did not immediately respond to a request for comment regarding the unresolved vulnerability. At its core, the issue makes it possible for an authenticated user of a Horde instance to run malicious code on the underlying server by taking advantage of a quirk in how the client

The Hacker News

June 1, 2022

Browser Automation Framework is the New Threat Full Text

Abstract Researchers have warned against the increased use of free-to-use browser automation frameworks by attackers that can be abused in malicious activities.  Researchers observed C2 IP addresses linked with malware such as BlackGuard, Bumblebee, and RedLine Stealer communicating with the subdomai ... Read More

Cyware Alerts - Hacker News

June 01, 2022

Windows MSDT zero-day vulnerability gets free unofficial patch Full Text

Abstract A free unofficial patch is now available to block ongoing attacks against Windows systems that target a critical zero-day vulnerability known as 'Follina.'

BleepingComputer

May 31, 2022

Microsoft shared workarounds for the Microsoft Office zero-day dubbed Follina Full Text

Abstract Microsoft released workarounds for a recently discovered zero-day vulnerability, dubbed Follina, in the Microsoft Office productivity suite. Microsoft has released workarounds for a recently discovered zero-day vulnerability, dubbed...

Security Affairs

May 31, 2022

Over 3.6 million MySQL servers found exposed on the Internet Full Text

Abstract ​Over 3.6 million MySQL servers are publicly exposed on the Internet and responding to queries, making them an attractive target to hackers and extortionists.

BleepingComputer

May 30, 2022

Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation Full Text

Abstract Microsoft on Monday published guidance for a newly discovered  zero-day security flaw  in its Office productivity suite that could be exploited to achieve code execution on affected systems. The weakness, now assigned the identifier  CVE-2022-30190 , is rated 7.8 out of 10 for severity on the CVSS vulnerability scoring system. Microsoft Office versions Office 2013, Office 2016, Office 2019, and Office 2021, as well as Professional Plus editions, are impacted.  "To help protect customers, we've published CVE-2022-30190 and additional guidance  here ," a Microsoft spokesperson told The Hacker News in an emailed statement. The  Follina  vulnerability, which came to light late last week, involved a real-world exploit that leveraged the shortcoming in a weaponized Word document to execute arbitrary PowerShell code by making use of the "ms-msdt:" URI scheme. The sample was uploaded to VirusTotal from Belarus. But first signs of exploitation of the flaw date back

The Hacker News

May 30, 2022

Multiple Microsoft Office versions impacted by an actively exploited zero-day Full Text

Abstract A zero-day flaw in Microsoft Office that could be exploited by attackers to achieve arbitrary code execution on Windows systems. The cybersecurity researcher nao_sec discovered a malicious Word document ("05-2022-0438.doc") that was uploaded to VirusTotal...

Security Affairs

May 28, 2022

Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices Full Text

Abstract Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to stage remote and local attacks or be abused as vectors to obtain sensitive information by taking advantage of their extensive system privileges. "As it is with many of pre-installed or default applications that most Android devices come with these days, some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device," the Microsoft 365 Defender Research Team  said  in a report published Friday. The weaknesses, which range from command-injection to local privilege escalation, have been assigned the identifiers CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601, with CVSS scores between 7.0 and 8.9. Command injection proof-of-concept (POC) exploit code Injecting a simil

The Hacker News

May 28, 2022

GitHub saved plaintext passwords of npm users in log files Full Text

Abstract GitHub has revealed it stored a "number of plaintext user credentials for the npm registry" in internal logs following the integration of the JavaScript package registry into GitHub's logging systems.

The Register

May 27, 2022

Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel Full Text

Abstract Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitation of which could "allow an attacker to execute arbitrary code in the context of the browser." The flaw, which  was identified  in the Dev channel version of Chrome 101, was reported to Google by Weibo Wang, a security researcher at Singapore cybersecurity company  Numen Cyber Technology  and has since been quietly fixed by the company. "This vulnerability occurs in the instruction selection stage, where the wrong instruction has been selected and resulting in memory access exception," Wang said . Use-after-free flaws  occur  when previous-freed memory is accessed, inducing undefined behavior and causing a program to crash, use corrupted data, or even achieve execution

The Hacker News

May 27, 2022

Microsoft finds severe bugs in Android apps from large mobile providers Full Text

Abstract Microsoft security researchers have found high severity vulnerabilities in a framework used by Android apps from multiple large international mobile service providers.

BleepingComputer

May 27, 2022

Patch released for cross-domain cookie leakage flaw in Guzzle Full Text

Abstract The flaw resides in Guzzle’s cookie middleware, which is disabled by default, “so most library consumers will not be affected by this issue”, reads a GitHub security advisory published by a Guzzle maintainer on Wednesday (May 25).

The Daily Swig

May 27, 2022

Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely Full Text

Abstract Researchers have demonstrated what they call the "first active contactless attack against capacitive touchscreens." GhostTouch , as it's called, "uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of Darmstadt  said  in a new research paper. The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device. The attack, which works from a distance of up to 40mm, hinges on the fact that  capacitive touchscreens  are sensitive to EMI, leveraging it to inject electromagnetic signals into transparent electrodes that are built into the touchscreen so as to register them as touch events. The experimental setup involves an electrostatic gun

The Hacker News

May 27, 2022

Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices Full Text

Abstract Zyxel has released  patches  to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information. The list of security vulnerabilities is as follows - CVE-2022-0734  - A cross-site scripting (XSS) vulnerability in some firewall versions that could be exploited to access information stored in the user's browser, such as cookies or session tokens, via a malicious script. CVE-2022-26531  - Several input validation flaws in command line interface (CLI) commands for some versions of firewall, AP controller, and AP devices that could be exploited to cause a system crash. CVE-2022-26532  - A command injection vulnerability in the " packet-trace " CLI command for some versions of firewall, AP controller, and AP devices that could lead to execution of arbitrary OS commands. CVE-2022-0910  - An authentication bypass vulnerability affecting select firewall versions that could p

The Hacker News

May 27, 2022

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw Full Text

Abstract Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. Horizon3 security researchers have released a proof-of-concept (PoC) exploit and technical analysis...

Security Affairs

May 26, 2022

Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers Full Text

Abstract Quanta Cloud Technology (QCT) servers have been identified as vulnerable to the severe "Pantsdown" Baseboard Management Controller (BMC) flaw, according to new research published today. "An attacker running code on a vulnerable QCT server would be able to 'hop' from the server host to the BMC and move their attacks to the server management network, possibly continue and obtain further permissions to other BMCs on the network and by doing that gaining access to other servers," firmware and hardware security firm Eclypsium  said . A baseboard management controller is a specialized system used for remote monitoring and management of servers, including controlling low-level hardware settings as well as installing firmware and software updates. Tracked as  CVE-2019-6260  (CVSS score: 9.8), the  critical security flaw  came to light in January 2019 and relates to a case of arbitrary read and write access to the BMC's physical address space, resulting in a

The Hacker News

May 26, 2022

Windows 11 KB5014019 breaks Trend Micro ransomware protection Full Text

Abstract This week's Windows optional cumulative update previews have introduced a compatibility issue with some of Trend Micro's security products that breaks some of their capabilities, including the ransomware protection feature.

BleepingComputer

May 26, 2022

Zyxel addresses four flaws affecting APs, AP controllers, and firewalls Full Text

Abstract Zyxel addressed multiple vulnerabilities impacting many of its products, including APs, AP controllers, and firewalls. Zyxel has released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller...

Security Affairs

May 26, 2022

OAS platform vulnerable to critical RCE and API access flaws Full Text

Abstract Threat analysts have disclosed vulnerabilities affecting the Open Automation Software (OAS) platform, leading to device access, denial of service, and remote code execution.

BleepingComputer

May 26, 2022

Exploit released for critical VMware auth bypass bug, patch now Full Text

Abstract Proof-of-concept exploit code is now available online for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain admin privileges.

BleepingComputer

May 26, 2022

Quanta Servers Caught With ‘Pantsdown’ BMC Vulnerability Full Text

Abstract Several Quanta Cloud Technology (QCT) server models are vulnerable to a critical firmware vulnerability that puts them at risk of attacks that take full control over the server — and that can spread across numerous servers on the same network.

Dark Reading

May 26, 2022

The Added Dangers Privileged Accounts Pose to Your Active Directory Full Text

Abstract In any organization, there are certain accounts that are designated as being privileged. These privileged accounts differ from standard user accounts in that they have permission to perform actions that go beyond what standard users can do. The actions vary based on the nature of the account but can include anything from setting up new user accounts to shutting down mission-critical systems. Privileged accounts are essential tools. Without these accounts, the IT staff would be unable to do its job. At the same time, privileged accounts can pose a serious threat to an organization's security. Added risk of a privileged account  Imagine for a moment that a hacker manages to steal a standard user's password and is able to log in as that user. Even though the hacker would have access to certain resources at that point, they would be constrained by the user's privileges (or lack thereof). In other words, the hacker would be able to browse the Internet, open some applications, and access

The Hacker News

May 26, 2022

Do not use Tails OS until a flaw in the bundled Tor Browser will be fixed Full Text

Abstract The maintainers of the Tails project (The Amnesic Incognito Live System) warn users that the Tor Browser bundled with the OS could expose their sensitive information. The maintainers confirmed that Tor Browser in Tails 5.0 and earlier is unsafe...

Security Affairs

May 26, 2022

Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched Full Text

Abstract The maintainers of the Tails project have issued a warning that the Tor Browser that's bundled with the operating system is unsafe to use for accessing or entering sensitive information. "We recommend that you stop using Tails until the release of 5.1 (May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.)," the project  said  in an advisory issued this week. Tails, short for The Amnesic Incognito Live System, is a security-oriented Debian-based Linux distribution aimed at preserving privacy and anonymity by connecting to the internet through the Tor network. The alert comes as Mozilla on May 20, 2022 rolled out fixes for  two critical zero-day flaws  in its Firefox browser, a modified version of which acts as the foundation of the Tor Browser. Tracked as CVE-2022-1802 and CVE-2022-1529, the two vulnerabilities are what's referred to as  prototype pollution  that could be weaponized to gain JavaScript c

The Hacker News

May 26, 2022

Zyxel warns of flaws impacting firewalls, APs, and controllers Full Text

Abstract Zyxel has published a security advisory to warn admins about multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products.

BleepingComputer

May 25, 2022

Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service Full Text

Abstract Cisco Talos discovered eight vulnerabilities that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into the targeted device and causing a denial of service.

Cisco Talos

May 25, 2022

Tails 5.0 Linux users warned against using it “for sensitive information” Full Text

Abstract Tails developers have warned users to stop using the portable Debian-based Linux distro until the next release if they're entering or accessing sensitive information using the bundled Tor Browser application.

BleepingComputer

May 25, 2022

Chrome 102 Patches 32 Vulnerabilities Full Text

Abstract The critical security hole, tracked as CVE-2022-1853, has been described as a use-after-free bug affecting Indexed DB. Google learned about it on May 12 and it has yet to determine the bug bounty for this vulnerability.

Security Week

May 25, 2022

Zoom Patches ‘Zero-Click’ RCE Bug Full Text

Abstract The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.

Threatpost

May 25, 2022

Chaining Zoom bugs is possible to hack users in a chat by sending them a message Full Text

Abstract Security flaws in Zoom can be exploited to compromise another user over chat by sending specially crafted messages. A set of four security flaws in the popular video conferencing service Zoom could be exploited to compromise another user over chat...

Security Affairs

May 24, 2022

Trend Micro addressed a flaw exploited by China-linked Moshen Dragon APT Full Text

Abstract Trend Micro addressed a DLL hijacking issue in Trend Micro Security actively exploited by a China-linked threat group to deploy malware. Trend Micro addressed a DLL hijacking flaw in Trend Micro Security that a China-linked threat actor actively exploited...

Security Affairs

May 24, 2022

Mozilla fixes Firefox, Thunderbird zero-days exploited at Pwn2Own Full Text

Abstract Mozilla has released security updates for multiple products to address zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2022 hacking contest.

BleepingComputer

May 24, 2022

Corrupted PyPI Package Opens Backdoors for Different OSes Full Text

Abstract Sonatype warns developers against malicious packages in the PyPI registry that were rooted by cybercriminals to perform supply chain attacks by deploying Cobalt Strike beacons and backdoors on Windows, macOS, and Linux systems. It could provide hackers initial access to the developer's network for ... Read More

Cyware Alerts - Hacker News

May 24, 2022

Screencastify Chrome extension flaws allow webcam hijacks Full Text

Abstract The popular Screencastify Chrome extension has fixed a vulnerability that allowed malicious sites to hijack users' webcams and steal recorded videos. However, security flaws still exist that could be exploited by unscrupulous insiders.

BleepingComputer

May 24, 2022

Trend Micro fixes bug Chinese hackers exploited for espionage Full Text

Abstract Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware.

BleepingComputer

May 24, 2022

Researchers to release exploit for new VMware auth bypass, patch now Full Text

Abstract Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products.

BleepingComputer

May 23, 2022

Yik Yak fixes information disclosure bug that leaked users’ GPS location Full Text

Abstract ‘Anonymous’ social network Yik Yak took more than three months to address vulnerabilities which meant it wasn’t anonymous at all, despite reports from two different security researchers.

The Daily Swig

May 23, 2022

A flaw in PayPal can allow attackers to steal money from users’ account Full Text

Abstract A security researcher announced the discovery of an unpatched flaw in PayPal that could allow attackers to steal money from users. TheHackerNews first reported that a security researcher (that goes online with the moniker h4x0r_dz) has discovered...

Security Affairs

May 23, 2022

New Unpatched Bug Could Let Attackers Steal Money from PayPal Users Full Text

Abstract A security researcher claims to have discovered an unpatched vulnerability in PayPal's money transfer service that could allow attackers to trick victims into unknowingly completing attacker-directed transactions with a single click. Clickjacking, also called UI redressing, refers to a technique wherein an unwitting user is tricked into clicking seemingly innocuous webpage elements like buttons with the goal of downloading malware, redirecting to malicious websites, or disclose sensitive information. This is typically achieved by displaying an invisible page or HTML element on top of the visible page, resulting in a scenario where users are fooled into thinking that they are clicking the legitimate page when they are in fact clicking the rogue element overlaid atop it. "Thus, the attacker is 'hijacking' clicks meant for [the legitimate] page and routing them to another page, most likely owned by another application, domain, or both," security researcher h4x0r

The Hacker News

May 21, 2022

Windows 11 hacked three more times on last day of Pwn2Own contest Full Text

Abstract On the third and last day of the 2022 Pwn2Own Vancouver hacking contest, security researchers successfully hacked Microsoft's Windows 11 operating system three more times using zero-day exploits.

BleepingComputer

May 21, 2022

Cisco fixes an IOS XR flaw actively exploited in the wild Full Text

Abstract Cisco addressed a medium-severity vulnerability affecting IOS XR Software, the company warns that the flaw is actively exploited in the wild. Cisco released security updates to address a medium-severity vulnerability affecting IOS XR Software, tracked...

Security Affairs

May 21, 2022

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices Full Text

Abstract Taiwanese vendor QNAP is asking users to install the latest update on their NAS devices and avoid exposing them on the Internet. The company issued the alert in response to a new wave of DeadBolt ransomware attacks targeting NAS devices.

Security Affairs

May 21, 2022

Microsoft’s out-of-band patch fixes Windows AD authentication failures Full Text

Abstract Microsoft has released an out-of-band patch to fix authentication failures on Windows after installing the May 10, 2022 security update on Windows Server domain controllers.

ZDNet

May 20, 2022

Cisco urges admins to patch IOS XR zero-day exploited in attacks Full Text

Abstract Cisco has addressed a zero-day vulnerability in its IOS XR router software that allowed unauthenticated attackers to remotely gain access to Redis instances running in NOSi Docker containers.

BleepingComputer

May 20, 2022

Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild Full Text

Abstract Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks. Tracked as CVE-2022-20821 (CVSS score: 6.5), the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a Redis instance and achieve code execution. "A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database," Cisco  said  in an advisory. "Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system." The flaw, which it said was identified during the resolution of a technical assistance center (TAC) case, impacts Cisco 8000 Series routers running IOS XR Software that has the health

The Hacker News

May 20, 2022

Windows 11 hacked again at Pwn2Own, Telsa Model 3 also falls Full Text

Abstract During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants hacked Microsoft's Windows 11 OS again and demoed zero-days in Tesla Model 3's infotainment system.

BleepingComputer

May 19, 2022

New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars Full Text

Abstract A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely  unlock and operate cars ,  break open residential smart locks , and breach secure areas. The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low Energy (BLE), a wireless technology used for authenticating Bluetooth devices that are physically located within a close range. "An attacker can falsely indicate the proximity of Bluetooth LE (BLE) devices to one another through the use of a relay attack," U.K.-based cybersecurity company NCC Group  said . "This may enable unauthorized access to devices in BLE-based proximity authentication systems." Relay attacks , also called two-thief attacks, are a variation of person-in-the-middle attacks in which an adversary intercepts communication between two parties, one of whom is also an attacker, and then relays it to the target device without any manipulation. While various mitigations have been implem

The Hacker News

May 19, 2022

Google OAuth client library flaw allowed to deploy of malicious payloads Full Text

Abstract Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. Google addressed a high-severity authentication bypass flaw in Google OAuth Client Library...

Security Affairs

May 19, 2022

High-Severity Bug Reported in Google’s OAuth Client Library for Java Full Text

Abstract Google last month addressed a high-severity flaw in its OAuth client library for Java that could be abused by a malicious actor with a compromised token to deploy arbitrary payloads. Tracked as  CVE-2021-22573 , the vulnerability is rated 8.7 out of 10 for severity and relates to an authentication bypass in the library that stems from an improper verification of the cryptographic signature. Credited with discovering and reporting the flaw on March 12 is  Tamjid Al Rahat , a fourth-year Ph.D. student of Computer Science at the University of Virginia, who has been awarded $5,000 as part of Google's bug bounty program. "The vulnerability is that the IDToken verifier does not verify if the token is properly signed," an  advisory  for the flaw reads. "Signature verification makes sure that the token's payload comes from a valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on

The Hacker News

May 19, 2022

Rogue cloud users could sabotage fellow off-prem tenants via critical Flux flaw Full Text

Abstract A critical vulnerability in Flux2, the continuous delivery (CD) tool for Kubernetes, can enable rogue tenants in multi-tenancy deployments to sabotage ‘neighbors’ using the same off-premise infrastructure.

The Daily Swig

May 19, 2022

Critical Flaws in Jupiter WordPress Plugin Full Text

Abstract WordPress researchers unearthed a set of flaws in the Jupiter Theme and JupiterX Core plugins for the WordPress CMS, including a high-severity flaw that allows a third party to gain administrative privileges and completely take over a live site. Users are recommended to keep their machines up-to-da ... Read More

Cyware Alerts - Hacker News

May 18, 2022

VMware Releases Patches for New Vulnerabilities Affecting Multiple Products Full Text

Abstract VMware has issued patches to contain  two security flaws  impacting Workspace ONE Access, Identity Manager, and vRealize Automation that could be exploited to backdoor enterprise networks. The first of the two flaws, tracked as CVE-2022-22972 (CVSS score: 9.8), concerns an authentication bypass that could enable an actor with network access to the UI to gain administrative access without prior authentication. CVE-2022-22973 (CVSS score: 7.8), the other bug, is a case of local privilege escalation that could enable an attacker with local access to elevate privileges to the "root" user on vulnerable virtual appliances. "It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments," VMware  said . The disclosure follows a  warning  from the U.S. Cybersecurity and Infrastructure Agency (CISA) that advanced persistent threat (APT) groups are exploiting CVE-2022-22954 and CVE-2022-22960 — two other VMware flaws t

The Hacker News

May 18, 2022

VMware fixed a critical auth bypass issue in some of its products Full Text

Abstract VMware addressed a critical authentication bypass vulnerability "affecting local domain users" in multiple products. The virtualization giant warns that a threat actor can exploit the flaw, tracked as CVE-2022-22972 (CVSSv3 base score of 9.8),...

Security Affairs

May 18, 2022

Critical Jupiter WordPress plugin flaws let hackers take over sites Full Text

Abstract WordPress security analysts have discovered a set of vulnerabilities impacting the Jupiter Theme and JupiterX Core plugins for WordPress, one of which is a critical privilege escalation flaw.

BleepingComputer

May 18, 2022

Over 380,000 Kubernetes API Servers Exposed to Internet: Shadowserver Full Text

Abstract ShadowServer is conducting daily scans of the IPv4 space on ports 443 and 6443, looking for IP addresses that respond with an HTTP 200 OK status, which indicates that the request has succeeded.

Security Week

May 18, 2022

VMware patches critical auth bypass flaw in multiple products Full Text

Abstract VMware warned customers today to immediately patch a critical authentication bypass vulnerability "affecting local domain users" in multiple products that can be exploited to obtain admin privileges.

BleepingComputer

May 17, 2022

iPhones Vulnerable to Attack Even When Turned Off Full Text

Abstract Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.

Threatpost

May 17, 2022

NVIDIA fixes ten vulnerabilities in Windows GPU display drivers Full Text

Abstract NVIDIA has released a security update for a wide range of graphics card models, addressing four high-severity and six medium-severity vulnerabilities in its GPU drivers.

BleepingComputer

May 17, 2022

Hackers can steal your Tesla Model 3, Y using new Bluetooth attack Full Text

Abstract Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy (BLE) relay attack that bypasses all existing protections to authenticate on target devices.

BleepingComputer

May 17, 2022

CISA warns admins to patch actively exploited Spring, Zyxel bugs Full Text

Abstract The Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices.

BleepingComputer

May 16, 2022

Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF Full Text

Abstract A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "off." The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication ( NFC ), and ultra-wideband ( UWB ) continue to operate while iOS is shut down when entering a "power reserve" Low Power Mode (LPM). While this is done so as to enable features like  Find My  and facilitate  Express Card transactions , all the three wireless chips have direct access to the secure element, academics from the Secure Mobile Networking Lab ( SEEMOO ) at the Technical University of Darmstadt  said  in a paper. "The Bluetooth and UWB chips are hardwired to the Secure Element (SE) in the NFC chip, storing secrets that should be available in LPM," the researchers said. "Since LPM support is impleme

The Hacker News

May 16, 2022

Apple fixes the sixth zero-day since the beginning of 2022 Full Text

Abstract Apple released security updates to address a zero-day bug actively exploited in attacks against Macs and Apple Watch devices. Apple has addressed a zero-day vulnerability, tracked as CVE-2022-22675, actively exploited in attacks aimed at Macs and Apple...

Security Affairs

May 16, 2022

SharePoint RCE bug resurfaces three months after being patched by Microsoft Full Text

Abstract The flaw, a variant on an issue that was patched in February, uses the site creation features of SharePoint, Microsoft’s intranet platform, to upload and run malicious files on the server.

The Daily Swig

May 16, 2022

Experts show how to run malware on chips of a turned-off iPhone Full Text

Abstract Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is "off." A team of researchers from the Secure Mobile Networking Lab (SEEMOO) at the Technical University of Darmstadt demonstrated...

Security Affairs

May 16, 2022

Apple emergency update fixes zero-day used to hack Macs, Watches Full Text

Abstract Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices.

BleepingComputer

May 16, 2022

SonicWall Patches Unauthorized Access Vulnerability in SMA Appliances Full Text

Abstract SonicWall has released patches for multiple vulnerabilities in its Secure Mobile Access (SMA) series appliances, including a high-severity issue that could lead to unauthorized access.

Security Week

May 14, 2022

Microsoft fixes new PetitPotam Windows NTLM Relay attack vector Full Text

Abstract A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack.

BleepingComputer

May 14, 2022

Critical Vulnerabilities Provide Root Access to InHand Industrial Routers Full Text

Abstract A total of 17 vulnerabilities have been found in a wireless industrial router made by InHand Networks, including flaws that can be chained to gain root access by getting a user to click on a malicious link.

Security Week

May 14, 2022

Critical flaw in Zyxel firewalls grants access to corporate networks Full Text

Abstract A critical vulnerability, CVE-2022-30525, affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. The patches for the vulnerability are available.

Help Net Security

May 13, 2022

SonicWall urges customers to fix SMA 1000 vulnerabilities Full Text

Abstract SonicWall warns customers to address several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products. SonicWall urges customers to address several high-risk security vulnerabilities affecting its Secure...

Security Affairs

May 13, 2022

Zyxel fixed firewall unauthenticated remote command injection issue Full Text

Abstract Zyxel addressed a critical flaw affecting Zyxel firewall devices that allows unauthenticated, remote attackers to gain arbitrary code execution. Zyxel has moved to address a critical security vulnerability (CVE-2022-30525, CVSS score: 9.8) affecting...

Security Affairs

May 13, 2022

SonicWall ‘strongly urges’ admins to patch SSLVPN SMA1000 bugs Full Text

Abstract SonicWall "strongly urges" customers to patch several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products that can let attackers bypass authorization and, potentially, compromise unpatched appliances.

BleepingComputer

May 12, 2022

Zyxel fixes firewall flaws that could lead to hacked networks Full Text

Abstract Threat analysts who discovered a vulnerability affecting multiple Zyxel products report that the network equipment company fixed it via a silent update pushed out two weeks ago.

BleepingComputer

May 12, 2022

HP Patches UEFI Vulnerabilities Affecting Over 200 Computers Full Text

Abstract HP on Wednesday announced the release of patches for two high-severity vulnerabilities that impact the UEFI firmware of more than 200 laptops, workstations, and other products.

Security Week

May 12, 2022

Chrome 101 Update Patches High-Severity Vulnerabilities Full Text

Abstract Based on severity ratings and the currently listed bug bounties, the most important of these flaws is CVE-2022-1633, a high-severity use-after-free in Sharesheet that was reported by Khalil Zhani, who was awarded a $5,000 reward for the find.

Security Week

May 12, 2022

Red TIM Research (RTR) founds 2 bugs affecting F5 Traffix SDC Full Text

Abstract Experts at TIM research laboratory, Red Team Research (RTR), have disclosed a couple of bugs affecting F5 Traffix SDC. Among these 45 bugs fixed by the well-known manufacturer of computer security systems, 2 were detected by TIM research laboratory,...

Security Affairs

May 12, 2022

Zyxel silently fixes critical RCE vulnerability in firewall products Full Text

Abstract Threat analysts who discovered a vulnerability affecting multiple Zyxel products report that the network equipment company fixed it via a silent update pushed out two weeks ago.

BleepingComputer

May 12, 2022

Intel Patches High-Severity Vulnerabilities in BIOS, Boot Guard Full Text

Abstract Intel also announced the release of patches for a high-severity bug in Boot Guard and Trusted Execution Technology (TXT). Tracked as CVE-2022-0004 (CVSS score of 7.3), the bug could be exploited to elevate privileges on a vulnerable system.

Security Week

May 12, 2022

Hundreds of Thousands of Konica Printers Vulnerable to Hacking via ​​Physical Access Full Text

Abstract Researchers at Atos-owned cybersecurity consulting firm SEC Consult analyzed Konica Minolta printers to determine what could be achieved by an attacker who has physical access to a device. The answer: a lot!

Security Week

May 11, 2022

Actively Exploited Zero-Day Bug Patched by Microsoft Full Text

Abstract Microsoft’s May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.

Threatpost

May 11, 2022

Intel Memory Bug Poses Risk for Hundreds of Products Full Text

Abstract Dell and HP were among the first to release patches and fixes for the bug.

Threatpost

May 11, 2022

HP fixes bug letting attackers overwrite firmware in over 200 models Full Text

Abstract HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which might allow arbitrary code execution.

BleepingComputer

May 11, 2022

Microsoft Patch Tuesday updates for May 2022 fixes 3 zero-days, 1 under active attack Full Text

Abstract Microsoft Patch Tuesday security updates for May 2022 address three zero-day vulnerabilities, one of them actively exploited. Microsoft Patch Tuesday security updates for May 2022 addressed three zero-day vulnerabilities, one of which is under active...

Security Affairs

May 10, 2022

Critical F5 BIG-IP vulnerability exploited to wipe devices Full Text

Abstract A recently disclosed F5 BIG-IP vulnerability has been used in destructive attacks, attempting to erase a device's file system and make the server unusable.

BleepingComputer

May 10, 2022

Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates Full Text

Abstract Microsoft on Tuesday rolled out fixes for as many as  74 security vulnerabilities , including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as publicly known at the time of release. These encompass 24 remote code execution (RCE), 21 elevation of privilege, 17 information disclosure, and six denial-of-service vulnerabilities, among others. The updates are in addition to  36 flaws  patched in the Chromium-based Microsoft Edge browser on April 28, 2022. Chief among the resolved bugs is  CVE-2022-26925  (CVSS score: 8.1), a spoofing vulnerability affecting the Windows Local Security Authority ( LSA ), which Microsoft describes as a "protected subsystem that authenticates and logs users onto the local system." "An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to

The Hacker News

May 10, 2022

Microsoft fixed RCE flaw in a driver used by Azure Synapse and Data Factory Full Text

Abstract Microsoft disclosed a now-fixed vulnerability in Azure Synapse and Azure Data Factory that could have allowed remote code execution. Microsoft announced to have addressed a critical remote code execution flaw, tracked as CVE-2022-29972 and named SynLapse,...

Security Affairs

May 10, 2022

QNAP Patches Critical Vulnerability in Network Surveillance Products Full Text

Abstract QNAP says only VS series NVR devices running QVR are impacted and that the issue was addressed with the release of QVR 5.1.6 build 20220401. The manufacturer encourages all users to update their systems to the latest release.

Security Week

May 10, 2022

Microsoft fixes new NTLM relay zero-day in all Windows versions Full Text

Abstract Microsoft has addressed an actively exploited Windows LSA spoofing zero-day that unauthenticated attackers can exploit remotely to force domain controllers to authenticate them via the Windows NT LAN Manager (NTLM) security protocol.

BleepingComputer

May 10, 2022

Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory Full Text

Abstract Microsoft on Monday disclosed that it mitigated a security flaw affecting Azure Synapse and Azure Data Factory that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as  CVE-2022-29972 , has been codenamed " SynLapse " by researchers from Orca Security, who reported the flaw to Microsoft in January 2022. "The vulnerability was specific to the third-party Open Database Connectivity ( ODBC ) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime ( IR ) and did not impact Azure Synapse as a whole," the company  said . "The vulnerability could have allowed an attacker to perform remote command execution across IR infrastructure not limited to a single tenant." In other words, a malicious actor can weaponize the bug to acquire the Azure Data Factory service certificate and access another tenant's Integration Runtimes to gain access to sensitive informa

The Hacker News

May 10, 2022

Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws Full Text

Abstract Today is Microsoft's May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws.

BleepingComputer

May 09, 2022

Critical Gems Takeover Bug Reported in RubyGems Package Manager Full Text

Abstract The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances. "Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so," RubyGems  said  in a security advisory published on May 6, 2022. RubyGems, like npm for JavaScript and pip for Python, is a  package manager  and a gem hosting service for the Ruby programming language, offering a repository of more than 171,500 libraries. In a nutshell, the flaw in question, tracked as CVE-2022-29176, enabled anyone to pull certain gems and upload different files with the same name, same version number, and different platforms. For this to happen, however, a gem needed to have one or more dashes in its name, where the word before the dash was the name of an attacker-controlled gem, and which was create

The Hacker News

May 9, 2022

Critical Flaw Identified in F5 BIG-IP Devices Full Text

Abstract Security researchers issued an alert to F5 BIG-IP admins to immediately update their devices after creating exploits for a recently disclosed critical CVE-2022-1388, an RCE flaw. The vulnerable devices are mostly used in the enterprise and may allow attackers to exploit the flaw for gaining initial ... Read More

Cyware Alerts - Hacker News

May 09, 2022

Microsoft releases fixes for Azure flaw allowing RCE attacks Full Text

Abstract Microsoft has released security updates to address a security flaw affecting Azure Synapse and Azure Data Factory pipelines that could let attackers execute remote commands across Integration Runtime infrastructure.

BleepingComputer

May 9, 2022

Experts developed exploits for CVE-2022-1388 RCE in F5 BIG-IP products Full Text

Abstract A few days after F5 addressed the critical CVE-2022-1388 Remote Code execution flaw in its BIG-IP products, researchers created exploits for it. Last week security and application delivery solutions provider F5 released its security notification to inform...

Security Affairs

May 08, 2022

Researchers Develop RCE Exploit for the Latest F5 BIG-IP Vulnerability Full Text

Abstract Days after F5 released patches for a critical remote code execution vulnerability affecting its BIG-IP family of products, security researchers are warning that they were able to create an exploit for the shortcoming. Tracked  CVE-2022-1388  (CVSS score: 9.8), the flaw relates to an iControl REST authentication bypass that, if successfully exploited, could lead to remote code execution, allowing an attacker to gain initial access and take control of an affected system. This could range anywhere from deploying cryptocurrency miners to deploying web shells for follow-on attacks, such as information theft and ransomware. "We have reproduced the fresh CVE-2022-1388 in F5's BIG-IP," cybersecurity company Positive Technologies  said  in a tweet on Friday. "Patch ASAP!" The critical security vulnerability impacts the following versions of BIG-IP products - 16.1.0 - 16.1.2 15.1.0 - 15.1.5 14.1.0 - 14.1.4 13.1.0 - 13.1.4 12.1.0 - 12.1.6 11.6.1 - 11.6.5 Fix

The Hacker News

May 5, 2022

Google addresses actively exploited Android flaw in the kernel Full Text

Abstract Google released the May security bulletin for Android, 2022-05-05 security patch level, which fixed an actively exploited Linux kernel flaw. Google has released the second part of the May Security Bulletin for Android, which includes a fix for an actively...

Security Affairs

May 08, 2022

Check your gems: RubyGems fixes unauthorized package takeover bug Full Text

Abstract The RubyGems package repository has fixed a critical vulnerability that would allow anyone to unpublish ("yank") certain Ruby packages from the repository and republish their tainted or malicious versions with the same file names and version numbers.

BleepingComputer

May 08, 2022

Exploits created for critical F5 BIG-IP flaw, install patch immediately Full Text

Abstract Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability.

BleepingComputer

May 7, 2022

DLL Hijacking Bug Puts a Hole in Prominent Ransomware Families Full Text

Abstract A researcher named hyp3rlinx claims that several malware samples are exposed to DLL hijacking, a method used to inject malicious code into a genuine app. The bug could be exploited to stop file encryption.

Cyware Alerts - Hacker News

May 07, 2022

Trend Micro antivirus modified Windows registry by mistake — How to fix Full Text

Abstract Trend Micro antivirus has fixed a false positive affecting its Apex One endpoint security solution that caused Microsoft Edge updates to be tagged as malware and the Windows registry to be incorrectly modified.

BleepingComputer

May 6, 2022

QNAP fixes multiple flaws, including a QVR RCE vulnerability Full Text

Abstract QNAP addressed multiple vulnerabilities, including a critical remote execution flaw affecting the QVR video surveillance solution. QNAP has addressed multiple vulnerabilities, including a critical security issue, tracked as CVE-2022-27588 (CVSS score...

Security Affairs

May 06, 2022

QNAP Releases Firmware Patches for 9 New Flaws Affecting NAS Devices Full Text

Abstract QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Friday released security updates to patch nine security weaknesses, including a critical issue that could be exploited to take over an affected system. "A vulnerability has been reported to affect QNAP VS Series NVR running QVR," QNAP  said  in an advisory. "If exploited, this vulnerability allows remote attackers to run arbitrary commands." Tracked as  CVE-2022-27588  (CVSS score: 9.8), the vulnerability has been addressed in QVR 5.1.6 build 20220401 and later. Credited with reporting the flaw is the Japan Computer Emergency Response Team Coordination Center (JPCERT/CC). Aside from the critical shortcoming, QNAP has also resolved three high-severity and five medium-severity bugs in its software - CVE-2021-38693  (CVSS score: 5.3) - A  path traversal vulnerability  in thttpd affecting QNAP devices running QTS, QuTS hero, QuTScloud, and QVR Pro Appliance, leading to information disclosure C

The Hacker News

May 06, 2022

QNAP fixes critical QVR remote command execution vulnerability Full Text

Abstract QNAP has released several security advisories today to alert its customers about various fixes for flaws affecting its products. The one that stands out is a critical RCE (remote code execution) in QVR.

BleepingComputer

May 6, 2022

Vulnerable Docker Installations Are A Playhouse for Malware Attacks Full Text

Abstract Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API. The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port...

Security Affairs

May 6, 2022

Android’s May 2022 Security Updates Patch 36 Vulnerabilities Full Text

Abstract The most serious of these security holes, the internet giant notes in an advisory, is a high-severity issue in Android’s Framework component that could be exploited for privilege escalation.

Security Week

May 05, 2022

Google Releases Android Update to Patch Actively Exploited Vulnerability Full Text

Abstract Google has released monthly security patches for Android with fixes for 37 flaws across different components, one of which is a fix for an actively exploited Linux kernel vulnerability that came to light earlier this year. Tracked as  CVE-2021-22600  (CVSS score: 7.8), the vulnerability is ranked "High" for severity and could be exploited by a local user to escalate privileges or deny service. The issue relates to a  double-free vulnerability  residing in the  Packet  network protocol implementation in the Linux kernel that could cause memory corruption, potentially leading to denial-of-service or execution of arbitrary code. Patches were released by different Linux distributions, including  Debian ,  Red Hat ,  SUSE , and  Ubuntu  in January 2022. "There are indications that CVE-2021-22600 may be under limited, targeted exploitation," Google  noted  in its Android Security Bulletin for May 2022. Specifics about the nature of the attacks are unknown as yet.

The Hacker News

May 5, 2022

Serious Snipe-IT bug exploitable to send password reset email traps Full Text

Abstract Developers have patched a critical vulnerability in Snipe-IT that could be exploited to send users malicious password reset requests. Grokability’s Snipe-IT is a cloud-based, open-source project for user asset management.

The Daily Swig

May 5, 2022

Cisco addresses three bugs in Enterprise NFVIS Software Full Text

Abstract Cisco addresses three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could allow the compromise of the hosts. Cisco addressed three vulnerabilities, tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, affecting...

Security Affairs

May 5, 2022

A couple of 10-Year-Old flaws affect Avast and AVG antivirus Full Text

Abstract Researcher discovered a couple of high-severity security flaws that affect a driver used by Avast and AVG antivirus solutions. SentinelOne researcher Kasif Dekel discovered two high-severity security vulnerabilities, tracked as CVE-2022-26522 and CVE-2022-26523,...

Security Affairs

May 05, 2022

Researchers Disclose Years-Old Vulnerabilities in Avast and AVG Antivirus Full Text

Abstract Two high-severity security vulnerabilities, which went undetected for several years, have been discovered in a  legitimate driver  that's part of Avast and AVG antivirus solutions. "These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded," SentinelOne researcher Kasif Dekel  said  in a report shared with The Hacker News. Tracked as CVE-2022-26522 and CVE-2022-26523, the flaws reside in a legitimate anti-rootkit kernel driver named aswArPot.sys and are said to have been introduced in Avast version 12.1, which was released in June 2016. Specifically, the shortcomings are rooted in a socket connection handler in the kernel driver that could lead to privilege escalation by running code in the kernel from a non-administrator user, potentially causing the operating system to crash and display a blue screen of death ( BSoD ) e

The Hacker News

May 5, 2022

F5 warns its customers of tens of flaws in its products Full Text

Abstract Cybersecurity provider F5 released security patches to address tens of vulnerabilities affecting its products. Security and application delivery solutions provider F5 released its security notification to inform customers that it has released security...

Security Affairs

May 05, 2022

Google fixes actively exploited Android kernel vulnerability Full Text

Abstract Google has released the second part of the May security patch for Android, including a fix for an actively exploited Linux kernel vulnerability.

BleepingComputer

May 5, 2022

Cisco Patches Critical VM Escape in NFV Infrastructure Software Full Text

Abstract Cisco on Wednesday announced patches to address severe vulnerabilities in Enterprise Network Function Virtualization Infrastructure Software (NFVIS), including a critical bug that allows attackers to escape from a guest VM.

Security Week

May 5, 2022

A couple of 10-Year-Old flaws affect Avast and AVG antivirus Full Text

Abstract SentinelOne researcher Kasif Dekel discovered two high-severity security vulnerabilities, tracked as CVE-2022-26522 and CVE-2022-26523, that affect a driver used by Avast and AVG antivirus solutions.

Security Affairs

May 4, 2022

Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk Full Text

Abstract A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices.

Threatpost

May 04, 2022

Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software Full Text

Abstract Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software ( NFVIS ) that could permit an attacker to fully compromise and take control over the hosts. Tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, the vulnerabilities "could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM," the company  said . Credited for discovering and reporting the issues are Cyrille Chatras, Pierre Denouel, and Loïc Restoux of Orange Group. Updates have been released in version 4.7.1. The networking equipment company said the flaws affect Cisco Enterprise NFVIS in the default configuration. Details of the three bugs are as follows - CVE-2022-20777  (CVSS score: 9.9) - An issue with insufficient guest restrictions that allows an authenticated, remote attacker to escape from the guest VM

The Hacker News

May 04, 2022

F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability Full Text

Abstract Cloud security and application delivery network ( ADN ) provider F5 on Wednesday released patches to contain 43 bugs spanning its products. Of the  43 issues addressed , one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low in severity. Chief among the flaws is  CVE-2022-1388 , which carries a CVSS score of 9.8 out of a maximum of 10 and stems from a lack of authentication check, potentially allowing an attacker to take control of an affected system. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services," F5 said in an advisory. "There is no data plane exposure; this is a control plane issue only." The security vulnerability, which the company said was discovered internally, affects BIG-IP products with the following versions - 16.1.0 - 16.1.2 15.1.0

The Hacker News

May 04, 2022

F5 warns of critical BIG-IP RCE bug allowing device takeover Full Text

Abstract F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP.

BleepingComputer

May 04, 2022

Cisco fixes NFVIS bugs that help gain root and hijack hosts Full Text

Abstract Cisco has addressed several security flaws found in the Enterprise NFV Infrastructure Software (NFVIS), a solution that helps virtualize network services for easier management of virtual network functions (VNFs).

BleepingComputer

May 04, 2022

Critical RCE Bug Reported in dotCMS Content Management Software Full Text

Abstract A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open-source content management system written in Java and " used by over 10,000 clients in over 70 countries around the globe, from Fortune 500 brands and mid-sized businesses." The critical flaw, tracked as CVE-2022-26352 , stems from a directory traversal attack when performing file uploads, enabling an adversary to execute arbitrary commands on the underlying system. "An attacker can upload arbitrary files to the system," Shubham Shah of Assetnote  said  in a report. "By uploading a JSP file to the tomcat's root directory, it is possible to achieve code execution, leading to command execution." In other words, the arbitrary file upload flaw can be abused to replace already existing files in the system with a web shell, which can then be used to gain persistent remote access. Although the exploit made it possible to write to arbitrary JavaScript files bei

The Hacker News

May 4, 2022

Vulnerabilities Allow Hijacking of Most Ransomware to Prevent File Encryption Full Text

Abstract A researcher has shown how a type of vulnerability affecting many ransomware families can be exploited to control the malware and terminate it before it can encrypt files on compromised systems.

Security Week

May 03, 2022

Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches Full Text

Abstract Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information. The findings follow the March disclosure of  TLStorm , a set of three critical flaws in APC Smart-UPS devices that could permit an attacker to take over control and, worse, physically damage the appliances. IoT security firm Armis, which uncovered the shortcomings, noted that the design flaws can be traced back to a common source: a misuse of  NanoSSL , a standards-based SSL developer suite from Mocana, a DigiCert subsidiary. The new set of flaws, dubbed  TLStorm 2.0 , renders Aruba and Avaya network switches vulnerable to remote code execution vulnerabilities, enabling an adversary to commandeer the devices, move laterally across the network, and exfiltrate sensitive data. Affected devices include Avaya ERS3500 Seri

The Hacker News

May 3, 2022

A DNS flaw impacts a library used by millions of IoT devices Full Text

Abstract A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc...

Security Affairs

May 03, 2022

Unpatched DNS bug affects millions of routers and IoT devices Full Text

Abstract A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk.

BleepingComputer

May 3, 2022

TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switches Full Text

Abstract The new TLStorm 2.0 research exposes vulnerabilities that could allow an attacker to take full control over network switches used in airports, hospitals, hotels, and other organizations worldwide.

Help Net Security

May 03, 2022

Aruba and Avaya network switches are vulnerable to RCE attacks Full Text

Abstract Security researchers have discovered five vulnerabilities in network equipment from Aruba (owned by HP) and Avaya (owned by ExtremeNetworks), that could allow malicious actors to execute code remotely on the devices.

BleepingComputer

May 3, 2022

Researchers Reveal Unpatched Vulnerability in C Library That Could Enable DNS Poisoning Attacks Full Text

Abstract The vulnerability is in a library for the C programming language — uClibc / uClibc-ng — that is commonly used in creating software for IoT products, reported researchers at Nozomi Networks.

The Record

May 3, 2022

Two vulnerabilities in Accusoft ImageGear could lead to DoS, arbitrary free Full Text

Abstract The ImageGear library is a document-imaging developer toolkit that allows users to create, edit, annotate and convert various images. It supports more than 100 file formats such as DICOM, PDF and Microsoft Office.

Cisco Talos

May 02, 2022

Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices Full Text

Abstract Cybersecurity researchers have disclosed an unpatched security vulnerability that could pose a serious risk to IoT products. The issue, which was originally reported in September 2021, affects the Domain Name System (DNS) implementation of two popular C libraries called  uClibc  and  uClibc-ng  that are used for developing embedded Linux systems. uClibc is known to be used by major vendors such as Linksys, Netgear, and Axis, as well as Linux distributions like Embedded Gentoo, potentially exposing millions of IoT devices to security threats. "The flaw is caused by the predictability of transaction IDs included in the DNS requests generated by the library, which may allow attackers to perform DNS poisoning attacks against the target device," Giannis Tsaraias and Andrea Palanca of Nozomi Networks  said  in a Monday write-up. DNS poisoning , also referred to as DNS spoofing, is the technique of corrupting a DNS resolver cache — which provides clients with the IP address a

The Hacker News

May 02, 2022

Which Hole to Plug First? Solving Chronic Vulnerability Patching Overload Full Text

Abstract According to folklore, witches were able to sail in a sieve, a strainer with holes in the bottom. Unfortunately, witches don't work in cybersecurity – where networks generally have so many vulnerabilities that they resemble sieves.  For most of us, keeping the sieve of our networks afloat requires nightmarishly hard work and frequent compromises on which holes to plug first. The reason? In 2010, just under 5000 CVEs were recorded in the MITRE vulnerabilities database. By 2021, the yearly total had skyrocketed to  over 20,000 . Today, software and network integrity are synonymous with business continuity. And this makes the issue of which vulnerabilities to address first mission-critical. Yet owing to the countless documented vulnerabilities lurking in a typical enterprise ecosystem – across thousands of laptops, servers, and internet-connected devices – less than  one in ten  actually needs to be patched. The question is: how can we know which patches will ensure that our sieve does

The Hacker News

May 1, 2022

Synology and QNAP warn of critical Netatalk flaws in some of their products Full Text

Abstract Synology warns customers that some of its NAS devices are affected by multiple critical Netatalk vulnerabilities. Synology has warned customers that multiple critical Netatalk vulnerabilities affect some of its network-attached storage (NAS) devices....

Security Affairs

April 30, 2022

Microsoft Azure flaws could allow accessing PostgreSQL DBs of other customers Full Text

Abstract Researchers discovered flaws in the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. Microsoft addressed a couple of vulnerabilities impacting the Azure Database for PostgreSQL...

Security Affairs

April 29, 2022

Vulnerable plugins plague the CMS website security landscape Full Text

Abstract According to the report released by the researchers at Sucuri, vulnerable plugins and extensions "account for far more website compromises than out-of-date, core CMS files".

ZDNet

April 29, 2022

Hurry up, disable AFP on your QNAP NAS until the vendor fixes 8 bugs Full Text

Abstract QNAP urges customers to disable the AFP file service protocol on their NAS devices until it fixes critical Netatalk flaws. Taiwanese vendor QNAP is warning customers to disable the AFP file service protocol on their network-attached storage (NAS)...

Security Affairs

April 29, 2022

Many Internet-Exposed Servers Affected by Exploited Redis Vulnerability Full Text

Abstract While Redis statically links the Lua Library, some Debian/Ubuntu packages dynamically link it, leading to a sandbox escape that can be exploited to achieve remote code execution.

Security Week

April 29, 2022

Vulnerable plugins, Credit card skimming, SEO spam continue to be a menace: Report Full Text

Abstract Websites containing a recently vulnerable plugin or other extension are most likely to be caught up in malware campaigns. Default configurations of popular website software applications remain a serious liability, according to Sucuri.

Sucuri

April 28, 2022

Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers Full Text

Abstract Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers' databases," Microsoft Security Response Center (MSRC)  said . New York City-based cloud security company Wiz, which uncovered the flaws, dubbed the exploit chain " ExtraReplica ." Microsoft said it mitigated the bug within 48 hours of disclosure on January 13, 2022. Specifically, it relates to a case of privilege escalation in the Azure PostgreSQL engine to gain code execution and a cross-account authentication bypass by means of a forged certificate, allowing an attacker to create a database in the target's Azure r

The Hacker News

April 28, 2022

Synology warns of critical Netatalk bugs in multiple products Full Text

Abstract Synology has warned customers that some of its network-attached storage (NAS) appliances are exposed to attacks exploiting multiple critical Netatalk vulnerabilities.

BleepingComputer

April 28, 2022

Microsoft fixes ExtraReplica Azure bugs that exposed user databases Full Text

Abstract Microsoft has addressed a chain of critical vulnerabilities found in the Azure Database for PostgreSQL Flexible Server that could let malicious users escalate privileges and gain access to other customers' databases after bypassing authentication.

BleepingComputer

April 28, 2022

NPM flaw let attackers add anyone as maintainer to malicious packages Full Text

Abstract A logical flaw in the npm registry, dubbed 'package planting' let authors of malicious packages quietly add anyone and any number of users as 'maintainers' to their packages in an attempt to boost the trust in their package.

BleepingComputer

April 27, 2022

U.S Cybersecurity Agency Lists 2021’s Top 15 Most Exploited Software Vulnerabilities Full Text

Abstract Log4Shell ,  ProxyShell ,  ProxyLogon ,  ZeroLogon , and flaws in  Zoho ManageEngine AD SelfService Plus ,  Atlassian Confluence , and  VMware vSphere Client  emerged as some of the top exploited security vulnerabilities in 2021. That's according to a " Top Routinely Exploited Vulnerabilities " report released by cybersecurity authorities from the Five Eyes nations Australia, Canada, New Zealand, the U.K., and the U.S. Other frequently weaponized flaws included a remote code execution bug in Microsoft Exchange Server ( CVE-2020-0688 ), an arbitrary file read vulnerability in Pulse Secure Pulse Connect Secure ( CVE-2019-11510 ), and a path traversal defect in Fortinet FortiOS and FortiProxy ( CVE-2018-13379 ). Nine of the top 15 routinely exploited flaws were remote code execution vulnerabilities, followed by two privilege escalation weaknesses, and one each of security feature bypass, arbitrary code execution, arbitrary file read, and path traversal flaws. "G

The Hacker News

April 27, 2022

Linux Nimbuspwn flaws could allow attackers to deploy sophisticated threats Full Text

Abstract Microsoft disclosed two Linux privilege escalation flaws, collectively named Nimbuspwn, that could allow conducting various malicious activities. The Microsoft 365 Defender Research Team has discovered two Linux privilege escalation flaws (tracked...

Security Affairs

April 27, 2022

Chrome 101 Patches 30 Vulnerabilities Full Text

Abstract Google this week announced that Chrome 101 was released to the stable channel with 30 security fixes inside, including 25 for vulnerabilities identified by external security researchers.

Security Week

April 27, 2022

QNAP warns users to disable AFP until it fixes critical bugs Full Text

Abstract Taiwanese corporation QNAP has asked customers this week to disable the AFP file service protocol on their network-attached storage (NAS) appliances until it fixes multiple critical Netatalk vulnerabilities.

BleepingComputer

April 27, 2022

Cybersecurity agencies reveal top exploited vulnerabilities of 2021 Full Text

Abstract In partnership with the NSA and the FBI, cybersecurity authorities worldwide have released today a list of the top 15 vulnerabilities routinely exploited by threat actors during 2021.

BleepingComputer

April 27, 2022

New Nimbuspwn Linux vulnerability gives hackers root privileges Full Text

Abstract A new set of vulnerabilities collectively tracked as Nimbuspwn could let local attackers escalate privileges on Linux systems to deploy malware ranging from backdoors to ransomware.

BleepingComputer

April 26, 2022

NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages Full Text

Abstract A "logical flaw" has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them. The supply chain threat has been dubbed "Package Planting" by researchers from cloud security firm Aqua. Following responsible disclosure on February 10, the underlying issue was remediated by NPM on April 26. "Up until recently, NPM allowed adding anyone as a maintainer of the package without notifying these users or getting their consent," Aqua's Yakir Kadkoda  said  in a report published Tuesday. This effectively meant that an adversary could create malware-laced packages and assign them to trusted, popular maintainers without their knowledge. The idea here is to add credible owners associated with other popular NPM libraries to the attacker-controlled poisoned package in hopes that doing so would a

The Hacker News

April 26, 2022

Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System Full Text

Abstract Microsoft on Tuesday disclosed a set of two privilege escalation vulnerabilities in the Linux operating system that could potentially allow threat actors to carry out an array of nefarious activities. Collectively called " Nimbuspwn ," the flaws "can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution," Jonathan Bar Or of the Microsoft 365 Defender Research Team  said  in a report. On top of that, the defects — tracked as  CVE-2022-29799 and CVE-2022-29800  — could also be weaponized as a vector for root access to deploy more sophisticated threats such as ransomware. The vulnerabilities are rooted in a  systemd  component called  networkd-dispatcher , a  daemon program  for the network manager system service that's designed to dispatch network status changes. Specifically, they relate to a combination of  directory t

The Hacker News

April 26, 2022

Public interest in Log4Shell fades but attack surface remains Full Text

Abstract It's been four months since Log4Shell, a critical zero-day vulnerability in the ubiquitous Apache Log4j library, was discovered, and threat analysts warn that the application of the available fixes is still way behind.

BleepingComputer

April 26, 2022

IBM database updates address critical vulnerabilities in third-party XML parser Full Text

Abstract IBM has updated its data management platform Db2 in order to protect users from a pair of critical vulnerabilities in older versions of Expat, a third-party library. Both flaws notched a CVSS score of 9.8.

The Daily Swig

April 26, 2022

Hackers exploit critical VMware RCE flaw to install backdoors Full Text

Abstract Advanced hackers are actively exploiting a critical remote code execution (RCE) vulnerability, CVE-2022-22954, that affects in VMware Workspace ONE Access (formerly called VMware Identity Manager).

BleepingComputer

April 25, 2022

Researchers Report Critical RCE Vulnerability in Google’s VirusTotal Platform Full Text

Abstract Security researchers have disclosed a security vulnerability in the VirusTotal platform that could have been potentially weaponized to achieve remote code execution (RCE). The flaw, now patched, made it possible to "execute commands remotely within VirusTotal platform and gain access to its various scans capabilities," Cysource researchers Shai Alfasi and Marlon Fabiano da Silva said in a report exclusively shared with The Hacker News. VirusTotal , part of Google's Chronicle security subsidiary, is a malware-scanning service that analyzes suspicious files and URLs and checks for viruses using more than 70 third-party antivirus products. The attack method involved the upload of a DjVu file through the platform's  web user interface , using it to trigger an exploit for a high-severity remote code execution flaw in  ExifTool , an open-source utility used to read and edit EXIF metadata information in image and PDF files. Tracked as  CVE-2021-22204  (CVSS score: 7.

The Hacker News

April 24, 2022

Atlassian addresses a critical Jira authentication bypass flaw Full Text

Abstract Atlassian fixed a critical flaw in its Jira software, tracked as CVE-2022-0540, that could be exploited to bypass authentication. Atlassian has addressed a critical vulnerability in its Jira Seraph software, tracked as CVE-2022-0540 (CVSS score 9.9),...

Security Affairs

April 23, 2022

Are you using Java 15/16/17 or 18 in production? Patch them now! Full Text

Abstract A researcher has released proof-of-concept (PoC) code for a digital signature bypass vulnerability in Java. Security researcher Khaled Nassar released a proof-of-concept (PoC) code for a new digital signature bypass vulnerability, tracked as CVE-2022-21449 (CVSS...

Security Affairs

April 22, 2022

Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability Full Text

Abstract Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as  CVE-2022-0540 , the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph. Khoadha of Viettel Cyber Security has been credited with discovering and reporting the security weakness. "A remote, unauthenticated attacker could exploit this by sending a specially crafted HTTP request to bypass authentication and authorization requirements in WebWork actions using an affected configuration," Atlassian  noted . The flaw affects the following Jira products - Jira Core Server, Jira Software Server and Jira Software Data Center: All versions before 8.13.18, 8.14.x, 8.15.x, 8.16.x, 8.17.x, 8.18.x, 8.19.x, 8.20.x before 8.20.6, and 8.21.x Jira Service Management Server and Jira Service Management Data Cent

The Hacker News

April 22, 2022

‘Hack DHS’ bug hunters find 122 security flaws in DHS systems Full Text

Abstract The Department of Homeland Security (DHS) today revealed that bug bounty hunters enrolled in its 'Hack DHS' bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity.

BleepingComputer

April 22, 2022

Researcher Releases PoC for Recent Java Cryptographic Vulnerability Full Text

Abstract A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online.  The  high-severity flaw  in question,  CVE-2022-21449  (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition - Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, 22.0.0.2 The issue resides in Java's implementation of the Elliptic Curve Digital Signature Algorithm ( ECDSA ), a  cryptographic mechanism  to  digitally sign  messages and data for verifying the authenticity and the integrity of the contents. In a nutshell, the cryptographic blunder — dubbed Psychic Signatures in Java — makes it possible to present a totally blank signature, which would still be perceived as valid by the vulnerable implementation. Successful exploitation of the flaw could permit an attacker to forge signatures and bypass authentication measures put in place. The PoC, p

The Hacker News

April 22, 2022

QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities Full Text

Abstract Network-attached storage (NAS) appliance maker QNAP on Thursday said it's investigating its lineup for potential impact arising from two security vulnerabilities that were addressed in the Apache HTTP server last month. The critical flaws, tracked as  CVE-2022-22721 and CVE-2022-23943 , are rated 9.8 for severity on the CVSS scoring system and impact Apache HTTP Server versions 2.4.52 and earlier - CVE-2022-22721  - Possible buffer overflow with very large or unlimited LimitXMLRequestBody CVE-2022-23943  - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server Both the vulnerabilities, alongside CVE-2022-22719 and CVE-2022-22720, were remediated by the project maintainers as part of  version 2.4.53 , which was shipped on March 14, 2022. "While CVE-2022-22719 and CVE-2022-22720 do not affect QNAP products, CVE-2022-22721 affects 32-bit QNAP NAS models, and CVE-2022-23943 affects users who have enabled mod_sed in Apache HTTP Server on their QNAP device,"

The Hacker News

April 22, 2022

A stored XSS flaw in RainLoop allows stealing users’ emails Full Text

Abstract Experts disclose an unpatched vulnerability in the RainLoop webmail client, tracked as CVE-2022-29360, that can be exploited to steal users' emails. RainLoop is an open-source web-based email client used by thousands of organizations, which is affected...

Security Affairs

April 22, 2022

Several Critical Vulnerabilities Affect SmartPPT, SmartICS Industrial Products Full Text

Abstract A security researcher has discovered several vulnerabilities, including ones rated critical- and high-severity, in industrial products made by Elcomplus, a Russian company specializing in professional radio communications and industrial automation.

Security Week

April 22, 2022

QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS Full Text

Abstract Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked...

Security Affairs

April 22, 2022

Atlassian fixes critical Jira authentication bypass vulnerability Full Text

Abstract Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company's web application security framework.

BleepingComputer

April 22, 2022

Windows 10 KB5012636 cumulative update fixes freezing issues Full Text

Abstract Microsoft has released the optional KB5012636 cumulative update preview for Windows 10 1809 and Windows Server 2019, with fixes for system freezing issues affecting client and server systems.

BleepingComputer

April 21, 2022

Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA Full Text

Abstract Networking equipment maker Cisco has released security updates to address three high-severity vulnerabilities in its products that could be exploited to cause a denial-of-service (DoS) condition and take control of affected systems. The first of the three flaws,  CVE-2022-20783  (CVSS score: 7.5), affects Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software, and stems from a lack of proper input validation, allowing an unauthenticated, remote attacker to send specially crafted traffic to the devices. "A successful exploit could allow the attacker to cause the affected device to either reboot normally or reboot into maintenance mode, which could result in a DoS condition on the device," the company  noted  in an advisory. Credited with discovering and reporting the flaw is the U.S. National Security Agency (NSA). The issue has been addressed in Cisco TelePresence CE Software versions 9.15.10.8 and 10.11.2.2. CVE-2022-20773  (CVSS score: 7.5),

The Hacker News

April 21, 2022

Cisco Patches Virtual Conference Software Vulnerability Reported by NSA Full Text

Abstract Tracked as CVE-2022-20783 (CVSS score of 7.5), the NSA-reported flaw is a denial of service (DoS) issue in TelePresence Collaboration Endpoint (CE) and RoomOS software, which could be exploited remotely, without authentication.

Security Week

April 21, 2022

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack Full Text

Abstract A critical RCE flaw in Android devices running on Qualcomm and MediaTek chipsets could allow access to users' media files. Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation...

Security Affairs

April 21, 2022

Access Bypass, Data Overwrite Vulnerabilities Patched in Drupal Full Text

Abstract The first of the bugs fixed with the latest iterations of the open-source CMS is an access bypass issue that exists because of an improperly implemented generic entity access API for entity revisions.

Security Week

April 21, 2022

Amazon’s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug Full Text

Abstract The "hotpatch" released by Amazon Web Services (AWS) in response to the  Log4Shell  vulnerabilities could be leveraged for container escape and privilege escalation, allowing an attacker to seize control of the underlying host. "Aside from containers, unprivileged processes can also exploit the patch to escalate privileges and gain root code execution," Palo Alto Networks Unit 42 researcher Yuval Avrahami  said  in a report published this week. The issues —  CVE-2021-3100 ,  CVE-2021-3101 ,  CVE-2022-0070 , and  CVE-2022-0071  (CVSS scores: 8.8) — affect the  hotfix solutions  shipped by AWS, and stem from the fact that they are designed to search for Java processes and patch them against the Log4j flaw on the fly but without ensuring that the new Java processes are run within the restrictions imposed on the container. "Any process running a binary named 'java' – inside or outside of a container – is considered a candidate for the hot patch,"

The Hacker News

April 21, 2022

QNAP asks users to mitigate critical Apache HTTP Server bugs Full Text

Abstract QNAP has asked customers to apply mitigation measures to block attempts to exploit Apache HTTP Server security vulnerabilities impacting their network-attached storage (NAS) devices.

BleepingComputer

April 21, 2022

Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails Full Text

Abstract An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims' inboxes. "The code vulnerability [...] can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client," SonarSource security researcher Simon Scannell  said  in a report published this week. "When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their emails, including those that contain highly sensitive information such as passwords, documents, and password reset links." Tracked as CVE-2022-29360, the flaw relates to a stored cross-site-scripting (XSS) vulnerability impacting the latest version of RainLoop ( v1.16.0 ) that was released on May 7, 2021. Stored XSS flaws, also called persistent XSS, occur when a malicious script is injected directly into a target web applic

The Hacker News

April 21, 2022

Static SSH host key in Cisco Umbrella allows stealing admin credentials Full Text

Abstract Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA) that could allow stealing admin credentials. Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), tracked as CVE-2022-20773,...

Security Affairs

April 21, 2022

Critical bug in Android could allow access to users’ media files Full Text

Abstract Security analysts have found that Android devices running on Qualcomm and MediaTek chipsets were vulnerable to remote code execution due to a flaw in the implementation of the Apple Lossless Audio Codec (ALAC).

BleepingComputer

April 21, 2022

Critical Chipset Bugs Open Millions of Android Devices to Remote Spying Full Text

Abstract Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices. According to Israeli cybersecurity company Check Point , the issues could be used as a launchpad to carry out remote code execution (RCE) attacks simply by sending a specially crafted audio file. "The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user's multimedia data, including streaming from a compromised machine's camera," the researchers said in a report shared with The Hacker News. "In addition, an unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations." The vulnerabilities are rooted in an audio coding format originally developed and open-sourced by Apple in 2011. Called t

The Hacker News

April 21, 2022

CVE-2022-20685 flaw in the Modbus preprocessor of the Snort makes it unusable Full Text

Abstract CVE-2022-20685 flaw in the Modbus preprocessor of the Snort detection engine could trigger a DoS condition and make it ineffective against malicious traffic. Snort is a free open source network intrusion detection system (IDS)...

Security Affairs

April 21, 2022

Cisco Umbrella default SSH key allows theft of admin credentials Full Text

Abstract Cisco has released security updates to address a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), allowing unauthenticated attackers to steal admin credentials remotely.

BleepingComputer

April 20, 2022

Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021 Full Text

Abstract Google Project Zero called 2021 a "record year for in-the-wild 0-days," as  58 security vulnerabilities  were detected and disclosed during the course of the year. The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, only 25 0-day exploits were detected in 2020. "The large uptick in in-the-wild 0-days in 2021 is due to increased detection and disclosure of these 0-days, rather than simply increased usage of 0-day exploits," Google Project Zero security researcher  Maddie Stone   said . "Attackers are having success using the same bug patterns and exploitation techniques and going after the same attack surfaces," Stone added. The tech giant's in-house security team characterized the exploits as similar to previous and publicly known vulnerabilities, with only two of them markedly different for the technical sophistication and use of logic bugs to escape the sandbox. B

The Hacker News

April 20, 2022

Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System Full Text

Abstract Details have emerged about a now-patched security vulnerability in the Snort intrusion detection and prevention system that could trigger a denial-of-service (DoS) condition and render it powerless against malicious traffic. Tracked as  CVE-2022-20685 , the vulnerability is rated 7.5 for severity and resides in the Modbus preprocessor of the Snort detection engine. It affects all open-source Snort project releases earlier than 2.9.19 as well as version 3.1.11.0. Maintained by Cisco,  Snort  is an open-source intrusion detection system (IDS) and intrusion prevention system (IPS) that offers real-time network traffic analysis to spot potential signs of malicious activity based on predefined rules. "The vulnerability, CVE-2022-20685, is an integer-overflow issue that can cause the Snort Modbus OT preprocessor to enter an infinite  while loop ," Uri Katz, a security researcher with Claroty,  said  in a report published last week. "A successful exploit keeps Snort from p

The Hacker News

April 20, 2022

QNAP users are recommended to disable UPnP port forwarding on routers Full Text

Abstract QNAP urges customers to disable Universal Plug and Play (UPnP) port forwarding on their routers to secure their NAS devices. Taiwanese vendor QNAP urges customers to disable Universal Plug and Play (UPnP) port forwarding on their routers to protect...

Security Affairs

April 20, 2022

Microsoft Defender flags Google Chrome updates as suspicious Full Text

Abstract Microsoft Defender for Endpoint has been tagging Google Chrome updates delivered via Google Update as suspicious activity due to a false positive issue.

BleepingComputer

April 20, 2022

Amazon Web Services fixes container escape in Log4Shell hotfix Full Text

Abstract Amazon Web Services (AWS) has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability (CVE-2021-44228) affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4j logging library or containers.

BleepingComputer

April 19, 2022

Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild Full Text

Abstract A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned . To that end, the agency has added the shortcoming to its Known Exploited Vulnerabilities Catalog , requiring Federal Civilian Executive Branch (FCEB) agencies to address the issues by May 10, 2022. Tracked as CVE-2022-22718 (CVSS score: 7.8), the security vulnerability is one among the four privilege escalation flaws in the Print Spooler that Microsoft resolved as part of its Patch Tuesday updates on February 8, 2022. It's worth noting that the Redmond-based tech giant has remediated a number of Print Spooler flaws since the critical PrintNightmare remote code execution vulnerability came to light last year, including 15 elevation of privilege vulnerabilities in April 2022. Specifics about the nature of the attacks and the identity of the threat actors that m

The Hacker News

April 19, 2022

New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops Full Text

Abstract Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two "affect firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks," ESET researcher Martin Smolár  said  in a report published today. "Unfortunately, they were mistakenly included also in the production BIOS images without being properly deactivated," Smolár added. Successful exploitation of the flaws could permit an attacker to disable SPI flash protections or Secure Boot, effectively granting the adversary the ability to install persistent malware that can survive system reboots. CVE-2021-3970, on the other hand, relates to a case of memory corruption in the System Management Mode ( SMM

The Hacker News

April 19, 2022

ESET warns of three flaws that affect over 100 Lenovo notebook models Full Text

Abstract Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. Lenovo has published a security advisory to warn customers of vulnerabilities that affect its Unified Extensible Firmware...

Security Affairs

April 19, 2022

QNAP urges customers to disable UPnP port forwarding on routers Full Text

Abstract Taiwanese hardware vendor QNAP urged customers on Monday to disable Universal Plug and Play (UPnP) port forwarding on their routers to prevent exposing their network-attached storage (NAS) devices to attacks from the Internet.

BleepingComputer

April 19, 2022

Microsoft disables SMB1 by default for Windows 11 Home Insiders Full Text

Abstract Microsoft announced today that the 30-year-old SMBv1 file-sharing protocol is now disabled by default on Windows systems running the latest Windows 11 Home Dev channel builds, the last editions of Windows or Windows Server that still came with SMBv1 enabled.

BleepingComputer

April 19, 2022

Google fixes Chrome zero day being used in exploits in the wild Full Text

Abstract Google hasn't revealed any details about it besides that it was a type confusion in Chrome's V8 JavaScript engine. "Google is aware that an exploit for CVE-2022-1364 exists in the wild," the company says.

ZDNet

April 19, 2022

Lenovo UEFI firmware driver bugs affect over 100 laptop models Full Text

Abstract Lenovo has published a security advisory on vulnerabilities that impact its Unified Extensible Firmware Interface (UEFI) loaded on at least 100 of its laptop models.

BleepingComputer

April 18, 2022

XSS vulnerability in open source tool PrivateBin patched Full Text

Abstract If a user opens a paste with a specifically crafted SVG attachment and interacts with the preview image while the instance isn’t protected by an appropriate content security policy, an attacker can also execute code.

The Daily Swig

April 17, 2022

Critical RCE Flaw Reported in WordPress Elementor Website Builder Plugin Full Text

Abstract Elementor, a WordPress website builder plugin with over five million active installations, has been found to be vulnerable to an authenticated remote code execution flaw that could be abused to take over affected websites. Plugin Vulnerabilities, which  disclosed  the flaw last week, said the bug was introduced in version 3.6.0 that was released on March 22, 2022. Roughly  37% of users  of the plugin are on version 3.6.x. "That means that malicious code provided by the attacker can be run by the website," the researchers said. "In this instance, it is possible that the vulnerability might be exploitable by someone not logged in to WordPress, but it can easily be exploited by anyone logged in to WordPress who has access to the WordPress admin dashboard." In a nutshell, the issue relates to a case of arbitrary file upload to affected websites, potentially leading to code execution. The bug has been addressed in the latest version of Elementor, with Patchstack

The Hacker News

April 17, 2022

Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns Full Text

Abstract GitHub reported that threat actors used stolen OAuth user tokens to exfiltrate private data from several organizations. GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from...

Security Affairs

April 15, 2022

JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots Full Text

Abstract As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples. "Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow full control of robot functions, or expose sensitive information," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said  in an advisory published this week. Aethon TUG smart autonomous mobile robots are used in hospitals around the world to deliver medication, transport clinical supplies, and independently navigate around to perform different tasks such as cleaning floors and collecting meal trays. Collectively dubbed " JekyllBot:5 " by Cynerio, the flaws reside in the TUG Homebase Server component, effectively allowing attackers to impede the delivery of medications, surveil patients, staff, and hospital interiors thr

The Hacker News

April 15, 2022

Critical Vulnerability in Elementor Plugin Impacts Millions of WordPress Sites Full Text

Abstract A critical vulnerability addressed in the Elementor WordPress plugin could allow authenticated users to upload arbitrary files to affected websites, potentially leading to code execution.

Security Week

April 15, 2022

Cisco vulnerability lets hackers craft their own login credentials Full Text

Abstract Cisco has released a security advisory to warn about a critical vulnerability (CVSS v3 score: 10.0), tracked as CVE-2022-20695, impacting the Wireless LAN Controller (WLC) software. 

BleepingComputer

April 15, 2022

Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover Full Text

Abstract Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices. Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked...

Security Affairs

April 15, 2022

Google fixed third zero-day in Chrome since the start of 2022 Full Text

Abstract Google Chrome 100.0.4896.127 addresses a new high-severity zero-day vulnerability tracked as CVE-2022-1364, actively exploited by threat actors in the wild. Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux to address a high-severity...

Security Affairs

April 15, 2022

Cisco’s Webex phoned home audio telemetry even when muted Full Text

Abstract Researchers at two US universities have found that muting popular native video-conferencing apps fails to disable device microphones – and that these apps have the ability to access audio data when muted, or actually do so.

The Register

April 14, 2022

Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software Full Text

Abstract Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system. Tracked as  CVE-2022-20695 , the issue has been rated 10 out of 10 for severity and enables an adversary to bypass authentication controls and log in to the device through the management interface of WLC. "This vulnerability is due to the improper implementation of the password validation algorithm," the company said in an advisory. "An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials." Successful exploitation of the flaw could permit an attacker to gain administrator privileges and carry out malicious actions in a manner that allows a complete takeover of the vulnerable system. The company stressed that the issue only affects the following products if running Cisco WLC Software Release 8.10.151.

The Hacker News

April 14, 2022

Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure Full Text

Abstract Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks. The issue, assigned the identifier  CVE-2022-22966 , has a CVSS score of 9.1 out of a maximum of 10. VMware credited security researcher Jari Jääskelä with reporting the flaw. "An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server," VMware  said  in an advisory. VMware Cloud Director, formerly known as vCloud Director, is used by many well-known cloud providers to operate and manage their cloud infrastructures and gain visibility into datacenters across sites and geographies. The vulnerability could, in other words, end up allowing attackers to gain access to sensitive data and take over private clou

The Hacker News

April 14, 2022

Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw Full Text

Abstract Google on Thursday shipped emergency patches to address two security issues in its Chrome web browser, one of which it says is being actively exploited in the wild. Tracked as  CVE-2022-1364 , the tech giant described the high-severity bug as a case of type confusion in the V8 JavaScript engine. Clément Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw on April 13, 2022. As is typically the case with actively exploited zero-day flaws, the company acknowledged it's "aware that an exploit for CVE-2022-1364 exists in the wild." Additional details about the flaw and the identity of the threat actors have been withheld to prevent further abuse. With the latest fix, Google has patched a total of three zero-day vulnerabilities in Chrome since the start of the year. It's also the second type confusion-related bug in V8 to be squashed in less than a month - CVE-2022-0609  - Use-after-free in Animation CVE-2022-1096  - Type confusio

The Hacker News

April 14, 2022

Critical Windows RPC CVE-2022-26809 flaw raises concerns — Patch now Full Text

Abstract Microsoft has fixed a new Windows RPC CVE-2022-26809 vulnerability that is raising concerns among security researchers due to its potential for widespread, significant cyberattacks once an exploit is developed. Therefore, all organization needs to apply Windows security updates as soon as possible.

BleepingComputer

April 14, 2022

Experts warn of concerns around Microsoft RPC bug Full Text

Abstract Windows hosts running the Server Message Block protocol (SMB protocol) are vulnerable to this bug. SMB protocols allow users to share access to files and tools on remote servers.

The Record

April 14, 2022

Critical VMware Workspace ONE Access CVE-2022-22954 flaw actively exploited Full Text

Abstract Threat actors are actively exploiting a critical vulnerability in VMware Workspace ONE Access and Identity Manager recently patched by the vendor. Threat actors are actively exploiting a critical flaw, tracked as CVE-2022-22954, in VMware Workspace...

Security Affairs

April 14, 2022

Google Chrome emergency update fixes zero-day used in attacks Full Text

Abstract Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks.

BleepingComputer

April 14, 2022

Microsoft increases awards for high-impact Microsoft 365 bugs Full Text

Abstract Microsoft has increased the maximum awards for high-impact security flaws reported through the Microsoft 365 and the Dynamics 365 / Power Platform bug bounty programs.

BleepingComputer

April 14, 2022

Flaw in Rarible NFT market allowed theft of crypto assets Full Text

Abstract A security flaw in the Rarible NFT (non-fungible token) marketplace allowed threat actors to use a relatively simple attack vector to steal digital assets from the target's accounts and transfer them directly to their wallets.

BleepingComputer

April 13, 2022

Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild Full Text

Abstract A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild. Tracked as  CVE-2022-22954 , the critical issue relates to a remote code execution vulnerability that stems from server-side template injection in VMware Workspace ONE Access and Identity Manager. The bug is rated 9.8 in severity. "A malicious actor with network access can trigger a server-side  template injection  that may result in remote code execution," the company  noted  in its advisory. The virtualization services provider has since revised its bulletin to warn customers of confirmed exploitation of CVE-2022-22954 occurring in the wild. Cybersecurity firm Bad Packets also  corroborated  that it detected attempts to weaponize the vulnerability. Source:  Bad Packets It's worth noting that the patches shipped last week address seven more vulnerabilities in VMware Work

The Hacker News

April 13, 2022

CVE-2021-31805 RCE bug in Apache Struts was finally patched Full Text

Abstract Apache addressed a critical flaw in Apache Struts RCE that was linked to a previous issue that was not properly fixed. Apache Struts is an open-source web application framework for developing Java EE web applications. The Apache Software Foundation...

Security Affairs

April 13, 2022

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals Full Text

Abstract Researchers discovered five vulnerabilities that can be exploited to remotely hack hospital Aethon’s TUG autonomous mobile robots. Researchers at healthcare IoT security firm Cynerio discovered a collection of five vulnerabilities impacting TUG autonomous...

Security Affairs

April 13, 2022

Hackers exploit critical VMware CVE-2022-22954 bug, patch now Full Text

Abstract Security researchers have published various proof of concepts (PoCs) scripts for exploiting CVE-2022-22954 on social media and other channels, essentially enabling malicious actors to attack unpatched systems.

BleepingComputer

April 12, 2022

Critical LFI Vulnerability Reported in Hashnode Blogging Platform Full Text

Abstract Researchers have disclosed a previously undocumented local file inclusion ( LFI ) vulnerability in  Hashnode , a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server's IP address, and other network information. "The LFI originates in a  Bulk Markdown Import feature  that can be manipulated to provide attackers with unimpeded ability to download local files from Hashnode's server," Akamai researchers said in a report shared with The Hacker News. Local file inclusion flaws occur when a web application is tricked into exposing or running unapproved files on a server, leading to directory traversal, information disclosure, remote code execution, and cross-site scripting (XSS) attacks. The flaw, caused due to the web application failing to adequately sanitize the path to a file that's passed as input, could have serious repercussions in that an assailant could navigate to any path on the server and access s

The Hacker News

April 12, 2022

Microsoft Partch Tuesday for April 2022 fixed 10 critical vulnerabilities Full Text

Abstract Microsoft Partch Tuesday security updates for April 2022 fixed 128 vulnerabilities, including an actively exploited zero-day reported by NSA. Microsoft Partch Tuesday security updates for April 2022 fixed 128 vulnerabilities in multiple products,...

Security Affairs

April 12, 2022

Microsoft April 2022 Patch Tuesday fixes 119 flaws, 2 zero-days Full Text

Abstract Today is Microsoft's April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws.

BleepingComputer

April 12, 2022

NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation Full Text

Abstract The maintainers of the NGINX web server project have issued mitigations to address security weaknesses in its Lightweight Directory Access Protocol ( LDAP ) Reference Implementation. "NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is necessary if you do not use the reference implementation," Liam Crilly and Timo Stark of F5 Networks  said  in an advisory published Monday. NGINX said that the  reference implementation , which  uses LDAP to authenticate users , is impacted only under three conditions if the deployments involve - Command-line parameters to configure the Python-based reference implementation daemon Unused, optional configuration parameters, and Specific group membership to carry out LDAP authentication Should any of the aforementioned conditions be met, an attacker could potentially override the configuration parameters by sending specially crafted HTTP request headers and even bypass group membership requirement

The Hacker News

April 12, 2022

NGINX project maintainers fix flaws in LDAP Reference Implementation Full Text

Abstract The maintainers of the NGINX web server project addressed a zero-day vulnerability in the Lightweight Directory Access Protocol (LDAP) Reference Implementation. The maintainers of the NGINX web server project have released security updates to address...

Security Affairs

April 12, 2022

Critical HP Teradici PCoIP flaws impact 15 million endpoints Full Text

Abstract HP is warning of new critical security vulnerabilities in the Teradici PCoIP client and agent for Windows, Linux, and macOS that impact 15 million endpoints.

BleepingComputer

April 12, 2022

AWS RDS Vulnerability Leads to AWS Internal Service Credentials Full Text

Abstract Lightspin's Research Team obtained credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension.

Security Boulevard

April 11, 2022

Access control vulnerability in Easy!Appointments platform exposed sensitive personal data Full Text

Abstract An access control vulnerability in open-source scheduling platform Easy!Appointments gave unauthenticated attackers easy access to personally identifiable information (PII), a security researcher has revealed.

The Daily Swig

April 11, 2022

Securing Easy Appointments and earning CVE-2022-0482 Full Text

Abstract Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. Another day, another threat to your data. The recently discovered CVE-2022-0482 is a Broken Access Control vulnerability...

Security Affairs

April 11, 2022

Human activated risk still a pain point for organizations Full Text

Abstract Egress announced the results of a report, which revealed that 56% of IT leaders say that their non-technical staff is only ‘somewhat’ prepared, or ‘not at all’ prepared, for a security attack.

Help Net Security

April 08, 2022

Raspberry Pi removes default user to hinder brute-force attacks Full Text

Abstract An update to Raspberry Pi OS Bullseye has removed the default 'pi' user to make it harder for attackers to find and compromise Internet-exposed Raspberry Pi devices using default credentials.

BleepingComputer

April 8, 2022

Command injection bug patched in Ruby library for converting AsciiDoc files Full Text

Abstract Developers have issued a patch for a popular Ruby library used to parse and convert AsciiDoc files, to safeguard servers against a newly discovered command injection vulnerability.

The Daily Swig

April 8, 2022

Researchers Discover Multiple Vulnerabilities in AutoDesk Products Full Text

Abstract Towards the end of 2021, Fortinet security researchers discovered and reported multiple zero-day vulnerabilities in AutoDesk products: DWG TrueView, Design Review, and Navisworks.

Fortinet

April 7, 2022

Zero-Day Bugs Bug the Biggies Full Text

Abstract In the past few days, several attackers have been observed exploiting new zero-day vulnerabilities in commonly used software products by Google, Apple, and others. Apple has released emergency fixes for two zero-day flaws. Trend Micro fixed a high-severity vulnerability in its Apex Central. Meanwhi ... Read More

Cyware Alerts - Hacker News

April 7, 2022

CVE-2022-22292 flaw could allow hacking of Samsung Android devices Full Text

Abstract Experts discovered a vulnerability, tracked as CVE-2022-22292, which can be exploited to compromise Android 9, 10, 11, and 12 devices. Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292, in Android...

Security Affairs

April 7, 2022

CVE-2022-0778 OpenSSL flaw affects multiple Palo Alto devices Full Text

Abstract Palo Alto Networks plans to fix CVE-2022-0778 OpenSSL flaw in some of its firewall, VPN, and XDR, products during April 2022. In Mid March, OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778,...

Security Affairs

April 7, 2022

VMware addressed several critical vulnerabilities in multiple products Full Text

Abstract VMware fixed critical vulnerabilities in multiple products that could be exploited by remote attackers to execute arbitrary code. VMware has addressed critical remote code vulnerabilities in multiple products, including VMware’s Workspace ONE Access,...

Security Affairs

April 06, 2022

VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products Full Text

Abstract VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks. Tracked from  CVE-2022-22954 to CVE-2022-22961  (CVSS scores: 5.3 - 9.8), the issues impact VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. Five of the eight bugs are rated Critical, two are rated Important, and one is rated Moderate in severity. Credited with reporting all the vulnerabilities is Steven Seeley of Qihoo 360 Vulnerability Research Institute. The list of flaws is below - CVE-2022-22954  (CVSS score: 9.8) - Server-side template injection remote code execution vulnerability affecting VMware Workspace ONE Access and Identity Manager CVE-2022-22955 & CVE-2022-22956  (CVSS scores: 9.8) - OAuth2 ACS authentication bypass vulnerabilities in VMware Workspace ONE Access CVE-2022-22957 & CVE-2022-22958  (CVS

The Hacker News

April 06, 2022

Palo Alto Networks firewalls, VPNs vulnerable to OpenSSL bug Full Text

Abstract American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago

BleepingComputer

April 06, 2022

VMware warns of critical vulnerabilities in multiple products Full Text

Abstract VMware has warned customers to immediately patch critical vulnerabilities in multiple products that could be used by threat actors to launch remote code execution attacks.

BleepingComputer

April 6, 2022

Cyber Threats at Retail Endpoints Giving Way to Data Theft Full Text

Abstract Although e-Commerce sites are frequently targeted by cyberattackers, there isn’t much attention paid to the cybersecurity measures at brick-and-mortar retailers. Hackers target local stores for a variety of reasons including personal data theft, skimming payment card details, and sometimes extorti ... Read More

Cyware Alerts - Hacker News

April 5, 2022

CISA adds Spring4Shell flaw to its Known Exploited Vulnerabilities Catalog Full Text

Abstract The U.S. CISA added the recently disclosed remote code execution (RCE) vulnerability Spring4Shell to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed CVE-2022-22965 (aka...

Security Affairs

April 05, 2022

SpringShell attacks target about one in six vulnerable orgs Full Text

Abstract Roughly one out of six organizations worldwide that are impacted by the Spring4Shell zero-day vulnerability have already been targeted by threat actors, according to statistics from one cybersecurity company.

BleepingComputer

April 05, 2022

Microsoft adds on-premises Exchange, SharePoint to bug bounty program Full Text

Abstract Microsoft has announced that Exchange, SharePoint, and Skype for Business on-premises are now part of the Applications and On-Premises Servers Bounty Program starting today.

BleepingComputer

April 5, 2022

Yokogawa Patches Flaws Allowing Disruption, Manipulation of Physical Processes Full Text

Abstract Japanese automation giant Yokogawa recently patched a series of vulnerabilities in control system products that, according to researchers, can be exploited for the disruption or manipulation of physical processes.

Security Week

April 4, 2022

Serious RCE Bug Found in Spring Cloud Full Text

Abstract A serious vulnerability has been discovered in the Spring Cloud Java Framework that may lead to RCE or result in the compromise of an entire host. Tracked as Spring4 Shell, it was found circulating on a Chinese cybersecurity site and QQ chat service. Currently, a way to partially stop Spring4Shell ... Read More

Cyware Alerts - Hacker News

April 4, 2022

VMware released updates to fix the Spring4Shell vulnerability in multiple products Full Text

Abstract VMware released security updates to address the critical remote code execution vulnerability known as Spring4Shell. VMware has published security updates to address the critical remote code execution vulnerability known as Spring4Shell (CVE-2022-22965)....

Security Affairs

April 04, 2022

VMware patches Spring4Shell RCE flaw in multiple products Full Text

Abstract ​​​​​​​VMWare has published a security advisory for the critical remote code execution vulnerability known as Spring4Shell, which impacts multiple of its cloud computing and virtualization products.

BleepingComputer

April 4, 2022

Cisco software update blocks exploit chain in network management software Full Text

Abstract A security researcher was able to achieve unauthenticated remote code execution against Cisco Nexus Dashboard Fabric Controller by exploiting an obsolete Java library with known vulnerabilities.

The Daily Swig

April 04, 2022

Brokenwire Hack Could Let Remote Attackers Disrupt Charging for Electric Vehicles Full Text

Abstract A group of academics from the University of Oxford and Armasuisse S+T has disclosed details of a new attack technique against the popular Combined Charging System ( CCS ) that could potentially disrupt the ability to charge electric vehicles at scale. Dubbed " Brokenwire ," the method interferes with the control communications that transpire between the vehicle and charger to wirelessly abort the charging sessions from a distance of as far as 47m (151ft). "While it may only be an inconvenience for individuals, interrupting the charging process of critical vehicles, such as electric ambulances, can have life-threatening consequences," the researchers  explained . "Brokenwire has immediate implications for many of the 12 million battery EVs estimated to be on the roads worldwide — and profound effects on the new wave of electrification for vehicle fleets, both for private enterprise and for crucial public services." Additional details of the attack

The Hacker News

April 4, 2022

Experts discovered 15-Year-Old vulnerabilities in the PEAR PHP repository Full Text

Abstract SonarSource discovered a 15-year-old flaw in the PEAR PHP repository that could have enabled supply chain attacks. Researchers from SonarSource discovered two 15-year-old security flaws in the PEAR (PHP Extension and Application Repository) repository...

Security Affairs

April 2, 2022

Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts Full Text

Abstract GitLab has addressed a critical vulnerability, tracked as CVE-2022-1162 (CVSS score of 9.1), that could allow remote attackers to take over user accounts. The CVE-2022-1162 vulnerability is related to the set of hardcoded static passwords during...

Security Affairs

April 2, 2022

Trend Micro fixed high severity flaw in Apex Central product management console Full Text

Abstract Trend Micro has fixed a high severity arbitrary file upload flaw, tracked as CVE-2022-26871, in the Apex Central product management console. Cybersecurity firm Trend Micro has addressed a high severity security flaw, tracked as CVE-2022-26871, in the Apex...

Security Affairs

April 01, 2022

15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks Full Text

Abstract A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code. "An attacker exploiting the first one could take over any developer account and publish malicious releases, while the second bug would allow the attacker to gain persistent access to the central PEAR server," SonarSource vulnerability researcher Thomas Chauchefoin  said  in a write-up published this week. PEAR, short for PHP Extension and Application Repository, is a framework and distribution system for reusable PHP components. One of the issues, introduced in a  code commit  made in March 2007 when the feature was originally implemented, relates to the use of the cryptographically insecure  mt_rand()  PHP function in the password reset functionality that could allow an attacker to "discover a valid password reset token in les

The Hacker News

April 01, 2022

GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts Full Text

Abstract DevOps platform GitLab has released software updates to address a critical security vulnerability that, if potentially exploited, could permit an adversary to seize control of accounts. Tracked as  CVE-2022-1162 , the issue has a CVSS score of 9.1 and is said to have been discovered internally by the GitLab team. "A hardcoded password was set for accounts registered using an  OmniAuth provider  (e.g., OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts," the company  said  in an advisory published on March 31. GitLab, which has addressed the bug with the latest release of versions 14.9.2, 14.8.5, and 14.7.7 for GitLab Community Edition (CE) and Enterprise Edition (EE), also said it took the step of resetting the password of an unspecified number of users out of an abundance of caution. "Our investigation shows no indication that users or accounts have

The Hacker News

April 01, 2022

Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code Full Text

Abstract Two new security vulnerabilities have been disclosed in Rockwell Automation's programmable logic controllers ( PLCs ) and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily modify automation processes. The flaws have the potential to disrupt industrial operations and cause physical damage to factories in a manner similar to that of Stuxnet and the  Rogue7 attacks , operational technology security company Claroty said. "Programmable logic and predefined variables drive these [automation] processes, and changes to either will alter normal operation of the PLC and the process it manages," Claroty's Sharon Brizinov  noted  in a write-up published Thursday. The list of two flaws is below – CVE-2022-1161  (CVSS score: 10.0) – A remotely exploitable flaw that allows a malicious actor to write user-readable "textual" program code to a separate memory location from the executed c

The Hacker News

April 1, 2022

Zyxel fixes a critical bug in its business firewall and VPN devices Full Text

Abstract Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects...

Security Affairs

April 1, 2022

GitLab addresses critical account hijack bug Full Text

Abstract GitLab has patched a critical vulnerability that meant static passwords were inadvertently set during OmniAuth-based registration – putting accounts at risk of malicious takeover.

The Daily Swig

April 01, 2022

Trend Micro fixes actively exploited remote code execution bug Full Text

Abstract Japanese cybersecurity software firm Trend Micro has patched a high severity security flaw in the Apex Central product management console that can let attackers execute arbitrary code remotely.

BleepingComputer

April 1, 2022

Trend Micro Patches Apex Central Zero-Day Exploited in Targeted Attacks Full Text

Abstract Trend Micro this week announced patches for a high-severity arbitrary file upload vulnerability in Apex Central that has already been exploited in what appear to be targeted attacks.

Security Week

April 1, 2022

Flaws in Wyze cam devices allow their complete takeover Full Text

Abstract Wyze Cam devices are affected by three security vulnerabilities that can allow attackers to takeover them and access camera feeds. Bitdefender researchers discovered three security vulnerabilities in the popular Wyze Cam devices that can be exploited...

Security Affairs

April 01, 2022

Critical GitLab vulnerability lets attackers take over accounts Full Text

Abstract GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords.

BleepingComputer

March 31, 2022

Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices Full Text

Abstract Networking equipment maker Zyxel has pushed security updates for a critical vulnerability affecting some of its business firewall and VPN products that could enable an attacker to take control of the devices. "An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions," the company  said  in an advisory published this week. "The flaw could allow an attacker to bypass the authentication and obtain administrative access to the device." The flaw has been assigned the identifier  CVE-2022-0342  and is rated 9.8 out of 10 for severity. Credited with reporting the bug are Alessandro Sgreccia from Tecnical Service Srl and Roberto Garcia H and Victor Garcia R from Innotec Security. The following Zyxel products are impacted – USG/ZyWALL running firmware versions ZLD V4.20 through ZLD V4.70 (fixed in ZLD V4.71) USG FLEX running firmware versions ZLD V4.50 through ZLD V5.20

The Hacker News

March 31, 2022

Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices Full Text

Abstract Apple on Thursday rolled out emergency patches to address two zero-day flaws in its  mobile  and  desktop operating systems  that it said may have been exploited in the wild. The shortcomings have been fixed as part of updates to iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1. Both the vulnerabilities have been reported to Apple anonymously. Tracked as  CVE-2022-22675 , the issue has been described as an  out-of-bounds write  vulnerability in an audio and video decoding component called AppleAVD that could allow an application to execute arbitrary code with kernel privileges. Apple said the defect was resolved with improved bounds checking, adding it's aware that "this issue may have been actively exploited." The latest version of macOS Monterey, besides fixing CVE-2022-22675, also includes remediation for  CVE-2022-22674 , an  out-of-bounds read  issue in the Intel Graphics Driver module that could enable a malicious actor to read kern

The Hacker News

March 31, 2022

CISA orders agencies to patch actively exploited Sophos firewall bug Full Text

Abstract The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies on Thursday to patch a critical Sophos firewall bug and seven other vulnerabilities within the next three weeks, all exploited in ongoing attacks.

BleepingComputer

March 31, 2022

Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework Full Text

Abstract The maintainers of Spring Framework have released an emergency patch to address a newly disclosed  remote code execution flaw  that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system. Tracked as  CVE-2022-22965 , the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, unsupported versions. Users are recommended to upgrade to versions 5.3.18 or later and 5.2.20 or later. The Spring Framework is a Java framework that offers infrastructure support to develop web applications. "The vulnerability impacts Spring  MVC  [model–view–controller] and Spring WebFlux applications running on [Java Development Kit] 9+," Rossen Stoyanchev of Spring.io  said  in an advisory published Thursday. "The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e., the default, it is not vulnerabl

The Hacker News

March 31, 2022

Apple issues emergency patches to fix actively exploited zero-days Full Text

Abstract Apple released emergency patches to address two zero-day vulnerabilities actively exploited to compromise iPhones, iPads, and Macs. Apple has released emergency security patches to address two zero-day vulnerabilities actively exploited to hack iPhones,...

Security Affairs

March 31, 2022

Bugs in Wyze Cams Could Let Attackers Takeover Devices and Access Video Feeds Full Text

Abstract Three security vulnerabilities have been disclosed in the popular Wyze Cam devices that grant malicious actors to execute arbitrary code and access camera feeds as well as unauthorizedly read the SD cards, the latter of which remained unresolved for nearly three years after the initial discovery. The security flaws relate to an authentication bypass (CVE-2019-9564), a remote code execution bug stemming from a stack-based buffer overflow (CVE-2019-12266), and a case of unauthenticated access to the contents of the SD card (no CVE). Successful exploitation of the bypass vulnerability could allow an outside attacker to fully control the device, including disabling recording to the SD card and turning on/off the camera, not to mention chaining it with CVE-2019-12266 to view the live audio and video feeds. Romanian cybersecurity firm Bitdefender, which  discovered the shortcomings , said it reached out to the vendor way back in May 2019, following which Wyze released patches to fix CVE

The Hacker News

March 31, 2022

Zyxel patches critical bug affecting firewall and VPN devices Full Text

Abstract Network equipment company Zyxel has updated the firmware of several of its business-grade firewall and VPN products to address a critical-severity vulnerability that could give attackers administrator-level access to affected devices.

BleepingComputer

March 31, 2022

Apple emergency update fixes zero-days used to hack iPhones, Macs Full Text

Abstract Apple has released security updates on Thursday to address two zero-day vulnerabilities exploited by attackers to hack iPhones, iPads, and Macs.

BleepingComputer

March 31, 2022

Mysterious disclosure of a zero-day RCE flaw Spring4Shell in Spring Full Text

Abstract An unauthenticated zero-day RCE vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed. Researchers disclosed a zero-day vulnerability, dubbed Spring4Shell, in the Spring Core Java framework called 'Spring4Shell.'...

Security Affairs

March 31, 2022

Spring patches leaked Spring4Shell zero-day RCE vulnerability Full Text

Abstract Spring released emergency updates to fix the 'Spring4Shell' zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released.

BleepingComputer

March 31, 2022

Chrome Browser Gets Major Security Update Full Text

Abstract Google this week released a security-themed Chrome 100.0.4896.60 browser makeover with patches for 28 documented vulnerabilities, some serious enough to lead to code execution attacks.

Security Week

March 31, 2022

SQL injection protections in ImpressCMS could be bypassed to achieve RCE Full Text

Abstract Vulnerabilities in ImpressCMS could allow an unauthenticated attacker to bypass the software’s SQL injection protections to achieve remote code execution (RCE), a security researcher has warned.

The Daily Swig

March 30, 2022

Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security Full Text

Abstract A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher  briefly leaked  a  proof-of-concept  (PoC)  exploit  on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit ( JDK ) versions 9 and later and is a bypass for another vulnerability tracked as  CVE-2010-1622 , enabling an unauthenticated attacker to execute arbitrary code on the target system. Spring is a  software framework  for building Java applications, including web apps on top of the Java EE (Enterprise Edition) platform. "In certain configurations, exploitation of this issue is straightforward, as it only requires an attacker to send a crafted HTTP request to a vulnerable system," researchers Anthony Weems and Dallas Kaman  said . "However, exploitation of different configurations will require the attacker to do additional research t

The Hacker News

March 30, 2022

QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices Full Text

Abstract Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library. "An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS," the company  said  in an advisory published on March 29, 2022. "If exploited, the vulnerability allows attackers to conduct denial-of-service attacks." Tracked as  CVE-2022-0778  (CVSS score: 7.5), the issue relates to a bug that arises when parsing security certificates to trigger a denial-of-service condition and remotely crash unpatched devices. QNAP, which is currently investigating its line-up, said it affects the following operating system versions – QTS 5.0.x and later QTS 4.5.4 and later QTS 4.3.6 and later QTS 4.3.4 and later QTS 4.3.3 and later QTS 4.2.6 and later QuTS hero h5.0.x and later QuTS hero h4.5.4 and later, and QuTScloud c5.0.x To date, t

The Hacker News

March 30, 2022

A critical RCE vulnerability affects SonicWall Firewall appliances Full Text

Abstract SonicWall released security updates to address a remote code execution vulnerability that affects multiple firewall appliances. SonicWall has released security updates to address a critical vulnerability (CVE-2022-22274) that impacts multiple firewall...

Security Affairs

March 30, 2022

New Spring Java framework zero-day allows remote code execution Full Text

Abstract A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications.

BleepingComputer

March 30, 2022

QNAP warns severe OpenSSL bug affects most of its NAS devices Full Text

Abstract Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago.

BleepingComputer

March 30, 2022

Mazda Infotainment Crash Shows How Fragile Car Security Really Is Full Text

Abstract Automated product security helps teams address automotive security vulnerabilities and bugs before - not after - they land companies in the headlines.

BleepingComputer

March 30, 2022

Honda’s Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles Full Text

Abstract A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what's called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system ( CVE-2022-27254 ) that affects Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured between 2016 and 2020. Credited with discovering the issue are Ayyappan Rajesh, a student at UMass Dartmouth, and Blake Berry (HackingIntoYourHeart). "A hacker can gain complete and unlimited access to locking, unlocking, controlling the windows, opening the trunk, and starting the engine of the target vehicle where the only way to prevent the attack is to either never use your fob or, after being compromised (which would be difficult to realize), resetting your fob at a dealership," Berry  explained  in a GitHub post. The underlying issue is that the remote key fob on the a

The Hacker News

March 29, 2022

Critical SonicOS Vulnerability Affects SonicWall Firewall Appliances Full Text

Abstract SonicWall has released security updates to contain a critical flaw across multiple firewall appliances that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and cause a denial-of-service (DoS) condition. Tracked as  CVE-2022-22274  (CVSS score: 9.4), the issue has been described as a stack-based buffer overflow in the web management interface of SonicOS that could be triggered by sending a specially crafted HTTP request, leading to remote code execution or DoS. The flaw impacts 31 different SonicWall Firewall devices running versions 7.0.1-5050 and earlier, 7.0.1-R579 and earlier, and 6.5.4.4-44v-21-1452 and earlier. ZiTong Wang of Hatlab has been credited with reporting the issue. The network security company  said  it's not aware of any instance of active exploitation in the wild leveraging the weakness, and that no proof-of-concept (PoC) or malicious use of the vulnerability has been publicly reported to date. That said, users of the a

The Hacker News

March 29, 2022

Critical Sophos Firewall RCE Vulnerability Under Active Exploitation Full Text

Abstract Cybersecurity firm Sophos on Monday warned that a recently patched critical security vulnerability in its firewall product is being actively exploited in real-world attacks. The flaw, tracked as  CVE-2022-1040 , is rated 9.8 out of 10 on the CVSS scoring system and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and older. It relates to an authentication bypass vulnerability in the User Portal and Webadmin interface that, if successfully weaponized, allows a remote attacker to execute arbitrary code. "Sophos has observed this vulnerability being used to target a small set of specific organizations primarily in the South Asia region," the company  noted  in a revised advisory published Monday. "We have informed each of these organizations directly." The flaw has been addressed in a hotfix that's automatically installed for customers who have the " Allow automatic installation of hotfixes " setting enabled. As a workaround, Sophos is recommending

The Hacker News

March 29, 2022

Wyze Cam flaw lets hackers remotely access your saved videos Full Text

Abstract A Wyze Cam internet camera vulnerability allows unauthenticated, remote access to videos and images stored on local memory cards and has remained unfixed for almost three years.

BleepingComputer

March 28, 2022

Critical SonicWall firewall patch not released for all devices Full Text

Abstract Security hardware manufacturer SonicWall has fixed a critical vulnerability in the SonicOS security operating system that allows denial of service (DoS) attacks and could lead to remote code execution (RCE).

BleepingComputer

March 27, 2022

Sophos Firewall affected by a critical authentication bypass flaw Full Text

Abstract Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides...

Security Affairs

March 27, 2022

Critical Sophos Firewall vulnerability allows remote code execution Full Text

Abstract Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution. Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall.

BleepingComputer

March 27, 2022

Western Digital addressed a critical bug in My Cloud OS 5 Full Text

Abstract Western Digital fixed a critical flaw affecting My Cloud OS 5 devices that allowed attackers to gain remote code execution with root privileges. Western Digital has addressed a critical vulnerability, tracked as CVE-2021-44142, that could have allowed...

Security Affairs

March 26, 2022

CISA adds 66 vulnerabilities to list of bugs exploited in attacks Full Text

Abstract The Cybersecurity and Infrastructure Security Agency (CISA) has added a massive set of 66 actively exploited vulnerabilities to its catalog of 'Known Exploited Vulnerabilities.'

BleepingComputer

March 26, 2022

Western Digital fixes critical bug giving root on My Cloud NAS devices Full Text

Abstract Western Digital has fixed a critical severity vulnerability in the Samba vfs_fruit VFS module that enabled attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices.

BleepingComputer

March 26, 2022

Honda downplays vulnerability allowing hackers to lock, unlock and start Civics Full Text

Abstract Honda said it has no plans to update its older vehicles after researchers with the University of Massachusetts and cybersecurity firm Cybereason released a proof-of-concept for a replay vulnerability affecting the Honda Civics.

The Record

March 26, 2022

100s of Russian Building Controllers Can be Remotely Hacked Full Text

Abstract Jose Bertin, an IT security researcher, has identified critical vulnerabilities in Tekon Avtomatika’s building controllers, which, if exploited, can lead to remote hacking of building controllers used by a vast number of Russian organizations.

Hackread

March 25, 2022

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability Full Text

Abstract Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild. Tracked as  CVE-2022-1096 , the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug on March 23, 2022. Type confusion errors, which arise when a resource (e.g., a variable or an object) is accessed using a type that's incompatible to what was originally initialized, could have serious consequences in languages that are not  memory safe  like C and C++, enabling a malicious actor to perform out-of-bounds memory access. "When a memory buffer is accessed using the wrong type, it could read or write memory out of the bounds of the buffer, if the allocated buffer is smaller than the type that the code is attempting to access, leading to a crash and possibly code execution," MITRE's Common Weakness Enum

The Hacker News

March 25, 2022

Chrome emergency update fixes actively exploited a zero-day bug Full Text

Abstract Google addresses an actively exploited zero-day flaw with the release of Chrome 99.0.4844.84 for Windows, Mac, and Linux. Google fixed an actively exploited high-severity zero-day vulnerability with the release of Chrome 99.0.4844.84 for Windows,...

Security Affairs

March 24, 2022

Microweber developers resolve XSS vulnerability in CMS software Full Text

Abstract These shortcomings meant it was possible for attackers to upload an XSS payload, providing it contained a file whose name ended with ‘html’ ­– a category that includes far more than just simple .html files.

The Daily Swig

March 24, 2022

Many Critical Flaws Patched in Delta Electronics Energy Management System Full Text

Abstract At least 30 vulnerabilities were found in the past year in the DIAEnergie industrial energy management system made by Delta Electronics. The company says it has created patches for all of them.

Security Week

March 24, 2022

VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control Full Text

Abstract VMware addressed two critical arbitrary code execution vulnerabilities affecting its Carbon Black App Control platform. VMware released this week, software updates to address two critical security vulnerabilities, CVE-2022-22951 and CVE-2022-22952...

Security Affairs

March 24, 2022

Western Digital My Cloud OS update fixes critical vulnerability Full Text

Abstract Western Digital has released new My Cloud OS firmware to fix a vulnerability exploited by bug hunters during the Pwn2Own 2021 hacking competition to achieve remote code execution.

BleepingComputer

March 23, 2022

VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control Full Text

Abstract VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems. Tracked as  CVE-2022-22951 and CVE-2022-22952 , both the flaws are rated 9.1 out of a maximum of 10 on the CVSS vulnerability scoring system. Credited with reporting the two issues is security researcher Jari Jääskelä. That said, successful exploitation of the vulnerabilities banks on the prerequisite that the attacker is already logged in as an administrator or a highly privileged user. VMware Carbon Black App Control is an  application allow listing solution  that's used to lock down servers and critical systems, prevent unwanted changes, and ensure continuous compliance with regulatory mandates. CVE-2022-22951 has been described as a command injection vulnerability that could enable an authenticated, high privileged actor w

The Hacker News

March 23, 2022

Hackers exploit new WPS Office flaw to breach betting firms Full Text

Abstract An unknown Chinese-speaking threat actor has been targeting betting companies in Taiwan, Hong Kong, and the Philippines, leveraging a vulnerability in WPS Office to plant a backdoor on the targeted systems.

BleepingComputer

March 22, 2022

Three critical RCE flaws affect hundreds of HP printer models Full Text

Abstract Three critical RCE flaws affect hundreds of HP LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models. HP issued a security bulletin warning of a buffer overflow vulnerability, tracked as CVE-2022-3942 (CVSS...

Security Affairs

March 22, 2022

New Dell BIOS Bugs Affect Millions of Inspiron, Vostro, XPS, Alienware Systems Full Text

Abstract Five new security weaknesses have been disclosed in Dell BIOS that, if successfully exploited, could lead to code execution on vulnerable systems, joining the likes of firmware vulnerabilities recently uncovered in Insyde Software's  InsydeH2O  and HP Unified Extensible Firmware Interface ( UEFI ). Tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, the high-severity vulnerabilities are rated 8.2 out of 10 on the CVSS scoring system. "The active exploitation of all the discovered vulnerabilities can't be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement," firmware security company Binarly, which discovered the latter three flaws,  said  in a write-up. "The remote device health attestation solutions will not detect the affected systems due to the design limitations in visibility of the firmware runtime." All the flaws relate to improper input v

The Hacker News

March 22, 2022

Hundreds of HP printer models vulnerable to remote code execution Full Text

Abstract HP has published security advisories for three critical-severity vulnerabilities affecting hundreds of its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models.

BleepingComputer

March 21, 2022

Windows zero-day flaw giving admin rights gets unofficial patch, again Full Text

Abstract A Windows local privilege escalation zero-day vulnerability that Microsoft has failed to fully address for several months now, allows users to gain administrative privileges in Windows 10, Windows 11, and Windows Server.

BleepingComputer

March 21, 2022

How a Vulnerability in Third-Party Technology Is Leaving Many IP Cameras and Surveillance Systems Vulnerable Full Text

Abstract A large number of IP cameras and surveillance systems used in enterprise networks were recently discovered to be vulnerable to remote code execution and information leakage due to CVE-2021-28372.

Palo Alto Networks

March 20, 2022

Western Digital app bug gives elevated privileges in Windows, macOS Full Text

Abstract Western Digital's EdgeRover desktop app for both Windows and Mac are vulnerable to local privilege escalation and sandboxing escape bugs that could allow the disclosure of sensitive information or denial of service (DoS) attacks.

BleepingComputer

March 18, 2022

Red TIM Research (RTR) team discovers a bug on Ericsson Network Manager Full Text

Abstract TIM Red Team Research (RTR) researchers discovered a new flaw on Ericsson Network Manager, aka Ericsson flagship network product. TIM Red Team Research (RTR) team discovered a new vulnerability affecting Ericsson Network Manager, which is known as Ericsson...

Security Affairs

March 17, 2022

New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers Full Text

Abstract A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called  cr8escape  could be exploited by an attacker to break out of containers and obtain root access to the host. "Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data, and lateral movement across pods," CrowdStrike researchers John Walker and Manoj Ahuje  said  in an analysis published this week. A lightweight alternative to Docker,  CRI-O  is a  container runtime  implementation of the Kubernetes Container Runtime Interface (CRI) that's used to pull container images from registries and launch an Open Container Initiative ( OCI )-compatible runtime such as runC to spawn and run container processes. The vulnerability is rated 8.8 on the CVSS vulnerability scoring system and affects CRI-O versions 1.19 and later. Following responsible disclosure, patches have been released to address the fl

The Hacker News

March 16, 2022

Microsoft Defender tags Office updates as ransomware activity Full Text

Abstract Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems.

BleepingComputer

March 15, 2022

Most QNAP NAS Devices Affected by ‘Dirty Pipe’ Linux Flaw Full Text

Abstract There are currently no mitigations for the severe Linux kernel bug, QNAP warned on Monday.

Threatpost

March 15, 2022

CVE-2022-0778 DoS flaw in OpenSSL was fixed Full Text

Abstract OpenSSL addressed a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, related to certificate parsing. OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778,...

Security Affairs

March 15, 2022

Critical flaws affect Veeam Data Backup software Full Text

Abstract Veeam addressed two critical vulnerabilities impacting the Backup & Replication product for virtual environments. Veeam has released security patches to fix two critical vulnerabilities, tracked as CVE-2022-26500 and CVE-2022-26501 (CVSS score...

Security Affairs

March 15, 2022

Dirty Pipe Linux flaw impacts most QNAP NAS devices Full Text

Abstract Taiwanese vendor QNAP warns most of its NAS devices are impacted by high severity Linux vulnerability dubbed 'Dirty Pipe.' Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by the recently discovered...

Security Affairs

March 14, 2022

‘Dirty Pipe’ Linux Flaw Affects a Wide Range of QNAP NAS Devices Full Text

Abstract Network-attached storage (NAS) appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems. "A local privilege escalation vulnerability, also known as 'Dirty Pipe,' has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x," the company  said . "If exploited, this vulnerability allows an unprivileged user to gain administrator privileges and inject malicious code." The Taiwanese firm said it's continuing to thoroughly  investigate its product line  for the vulnerability and that there's no QNAP NAS running QTS 4.x are immune to the Dirty Pipe flaw. Tracked as  CVE-2022-0847  (CVSS score: 7.8), the shortcoming resides in the Linux kernel that could permit an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of vulnerable machines. The issue

The Hacker News

March 14, 2022

Prophet Spider Exploits Citrix Flaw to Deliver Webshell Full Text

Abstract Crowdstrike reported a threat group named Prophet Spider that is abusing an RCE vulnerability in Citrix ShareFile to compromise Microsoft's Internet Information Services webserver. The relative path-traversal vulnerability (CVE-2021-22941) was disclosed in ShareFile Zones Storage Controller. Organi ... Read More

Cyware Alerts - Hacker News

March 14, 2022

QNAP warns severe Linux bug affects most of its NAS devices Full Text

Abstract Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by a high severity Linux vulnerability dubbed 'Dirty Pipe' that allows attackers with local access to gain root privileges.

BleepingComputer

March 14, 2022

New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access Full Text

Abstract A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a  kernel panic . Tracked as  CVE-2022-25636  (CVSS score: 7.8), the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a heap out-of-bounds write in the netfilter subcomponent in the kernel. The issue was  discovered  by Nick Gregory, a research scientist at Capsule8. "This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat," Red Hat  said  in an advisory published on February 22, 2022. Similar alerts have been released by  Debian ,  Oracle Linux ,  SUSE , and  Ubuntu . Netfilter is a  framework  provided by the Linux kernel that enables various networking-related operations, including packet filtering, network address translation, and

The Hacker News

March 14, 2022

Critical Vulnerabilities Patched in Veeam Data Backup Solution Full Text

Abstract The flaws were identified in the Veeam Distribution Service, which by default listens to TCP port 9380 and allows even unauthenticated users to access internal API functions.

Security Week

March 14, 2022

AMD Updates Spectre Mitigations Following Intel Research Full Text

Abstract AMD last week informed customers that it has updated mitigations for a variant of the Spectre side-channel attack. The update comes in response to research conducted by Intel.

Security Week

March 11, 2022

Multiple Security Flaws Discovered in Popular Software Package Managers Full Text

Abstract Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. It's, however, worth noting that the flaws require the targeted developers to handle a malicious package in conjunction with one of the affected package managers. "This means that an attack cannot be launched directly against a developer machine from remote and requires that the developer is tricked into loading malformed files," SonarSource researcher Paul Gerste  said . "But can you always know and trust the owners of all packages that you use from the internet or company-internal repositories?" Package managers refer to  systems  or a set of tools that are used to automate installing, upgrading, configuring third-party dependencies required for developing applications. While there are inherent  security

The Hacker News

March 11, 2022

Open database leaves major Chinese ports exposed to shipping chaos Full Text

Abstract The freight logs of two major Chinese shipping ports have been leaking data, a problem which if left unresolved could disrupt the supply chain of up to 70,000 tonnes of cargo a day, with potentially serious consequences for international shipping. The...

Security Affairs

March 11, 2022

High-Severity Vulnerabilities Patched in Omron PLC Programming Software Full Text

Abstract Several high-severity vulnerabilities that can be exploited for remote code execution were patched recently in the CX-Programmer software of Japanese electronics giant Omron.

Security Week

March 10, 2022

New Exploit Bypasses Existing Spectre-v2 Mitigations in Intel, AMD, Arm CPUs Full Text

Abstract Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm and stage  speculative execution  attacks such as Spectre to leak sensitive information from host memory. Attacks like  Spectre  are designed to break the isolation between different applications by taking advantage of an  optimization technique  called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets. While chipmakers have incorporated both software and hardware  defenses , including  Retpoline  as well as safeguards like Enhanced Indirect Branch Restricted Speculation ( eIBRS ) and  Arm   CSV2 , the latest method demonstrated by VUSec researchers aim to get around all these protections. Called  Branch History Injection  (BHI or Spectre-BHB), it's a new variant of Spectre-V2 attacks (tracked as CVE-2017-5715) that bypasses both eIB

The Hacker News

March 10, 2022

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices Full Text

Abstract Three flaws in APC Smart-UPS devices, tracked as TLStorm, could be exploited by remote attackers to hack and destroy them. Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked...

Security Affairs

March 9, 2022

Most ServiceNow Instances Misconfigured, Exposed Full Text

Abstract Customers aren’t locking down access correctly, leading to ~70 percent of ServiceNow implementations tested by AppOmni being vulnerable to malicious data extraction.

Threatpost

March 9, 2022

Access:7 - Supply Chain Flaws Impacting IoT and Medical Devices Full Text

Abstract The seven flaws have been dubbed Access:7 and are present in PTC’s Axeda agent, which is used for remote access and management of more than 150 connected devices across over 100 vendors. 

Cyware Alerts - Hacker News

March 09, 2022

Nearly 30% of critical WordPress plugin bugs don’t get a patch Full Text

Abstract Patchstack, a leader in WordPress security and threat intelligence, has released a whitepaper to present the state of WordPress security in 2021, and the report paints a dire picture.

BleepingComputer

March 09, 2022

Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart UPS Devices Full Text

Abstract Three high-impact security vulnerabilities have been disclosed in  APC Smart-UPS devices  that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed  TLStorm , the flaws "allow for complete remote takeover of Smart-UPS devices and the ability to carry out extreme cyber-physical attacks," Ben Seri and Barak Hadad, researchers from IoT security company Armis, said in a report published Tuesday. Uninterruptible power supply ( UPS ) devices function as emergency backup power providers in mission-critical environments such as medical facilities, server rooms, and industrial systems. Most of the afflicted devices, totaling over 20 million, have been identified so far in healthcare, retail, industrial, and government sectors. TLStorm consists of a trio of critical flaws that can be triggered via unauthenticated network packets without requiring any user interaction, meaning it's a zero-click att

The Hacker News

March 09, 2022

Intel, AMD, Arm warn of new speculative execution CPU bugs Full Text

Abstract Security researchers have found new a new way to bypass existing hardware-based defenses for speculative execution in modern computer processors from Intel, AMD, and ARM.

BleepingComputer

March 9, 2022

HP addressed 16 UEFI firmware flaws impacting laptops, desktops, PoS systems Full Text

Abstract Researchers disclosed 16 high-severity flaws in different implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. Researchers from cybersecurity firm Binarly discovered 16 high-severity vulnerabilities...

Security Affairs

March 9, 2022

Siemens Addresses Over 90 Vulnerabilities Affecting Third-Party Components Full Text

Abstract Siemens has released 15 new advisories to inform customers about more than 100 vulnerabilities affecting its products, including over 90 security flaws introduced by the use of third-party components.

Security Week

March 09, 2022

Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses Full Text

Abstract Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System ( CPS ) that could be combined to achieve a full pre-authenticated remote code execution of affected systems. Kerbit security researcher Daniel Eshetu  said  the shortcomings, when chained together, can lead to "an unauthenticated attacker gaining root on these devices." Pascom Cloud Phone System is an integrated collaboration and communication solution that allows businesses to host and set up private telephone networks across different platforms as well as facilitate the monitoring, maintenance, and updates associated with the virtual phone systems. The set of three flaws includes those stemming from an arbitrary path traversal in the web interface, a server-side request forgery ( SSRF ) due to an outdated third-party dependency ( CVE-2019-18394 ), and a post-authentication command injection using a daemon service ("exd.pl"). In other words, the vulnerabilities can

The Hacker News

March 9, 2022

Adobe Patches ‘Critical’ Security Flaws in Illustrator, After Effects Full Text

Abstract The patches, scheduled as part of Adobe’s Patch Tuesday release cycle, address a range of arbitrary code execution and memory leak vulnerabilities that could expose data to malicious hacker attacks.

Security Week

March 9, 2022

SAP Patches Critical Security Flaws in Monitoring Solutions Full Text

Abstract The most serious of the documented flaws is rated critical and described as a missing authorization check vulnerability in SAP Focused Run that could lead to complete system compromise.

Security Week

March 9, 2022

Microsoft March 2022 Patch Tuesday updates fix 89 vulnerabilities Full Text

Abstract Microsoft March 2022 Patch Tuesday security updates address 89 vulnerabilities in multiple products, including 3 zero-days. Microsoft March 2022 Patch Tuesday security updates address 89 vulnerabilities in multiple products, including Microsoft Windows...

Security Affairs

March 08, 2022

APC UPS zero-day bugs can remotely burn out devices, disable power Full Text

Abstract A set of three critical zero-day vulnerabilities now tracked as TLStorm could let hackers take control of uninterruptible power supply (UPS) devices from APC, a subsidiary of Schneider Electric.

BleepingComputer

March 08, 2022

New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices Full Text

Abstract Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. The  shortcomings , which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in HP's UEFI firmware. The variety of devices affected includes HP's laptops, desktops, point-of-sale (PoS) systems, and edge computing nodes. "By exploiting the vulnerabilities disclosed, attackers can leverage them to perform privileged code execution in firmware, below the operating system, and potentially deliver persistent malicious code that survives operating system re-installations and allows the bypass of endpoint security solutions (EDR/AV), Secure Boot and Virtualization-Based Security isolation," firmware security firm Binarly said in a report shared with The Hacker News. The most severe of the flaws concern a number of memory corruption vulnerabilities in t

The Hacker News

March 08, 2022

Android’s March 2022 security updates fix three critical bugs Full Text

Abstract Google has released the March 2022 security updates for Android 10, 11, and 12, addressing three critical severity flaws, one of which affects all devices running the latest version of the mobile OS.

BleepingComputer

March 08, 2022

Microsoft March 2022 Patch Tuesday fixes 71 flaws, 3 zero-days Full Text

Abstract Today is Microsoft's March 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 71 flaws.

BleepingComputer

March 8, 2022

PROPHET SPIDER Exploits Citrix ShareFile Vulnerability to Deliver Webshell Full Text

Abstract At the start of 2022, CrowdStrike found PROPHET SPIDER exploiting CVE-2021-22941 vulnerability impacting Citrix ShareFile Storage Zones Controller to compromise a Microsoft IIS web server.

Crowdstrike

March 8, 2022

Access:7 flaws impact +150 device models from over 100 manufacturers Full Text

Abstract Many IoT and medical devices are affected by seven serious flaws, collectively tracked as Access:7, in widely used Axeda platform. Researchers from medical device cybersecurity company CyberMDX have discovered seven serious flaws, collectively tracked...

Security Affairs

March 08, 2022

HP patches 16 UEFI firmware bugs allowing stealthy malware infections Full Text

Abstract HP has disclosed 16 high-impact UEFI firmware vulnerabilities that could allow threat actors to infect devices with malware that gain high privileges and remain undetectable by installed security software.

BleepingComputer

March 08, 2022

Critical “Access:7” Supply Chain Vulnerabilities Impact ATMs, Medical and IoT Devices Full Text

Abstract As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices. Collectively called " Access:7 ," the weaknesses – three of which are rated Critical in severity – potentially affect more than  150 device models  spanning over 100 different manufacturers, posing a significant supply chain risk. PTC's Axeda solution includes a cloud platform that allows device manufacturers to establish connectivity to remotely monitor, manage and service a wide range of connected machines, sensors, and devices via what's called the agent, which is installed by the OEMs before the devices are sold to customers. "Access:7 could enable hackers to remotely execute malicious code, access sensitive data, or alter configuration on medical and IoT devices running PTC's Axeda remote code and management agent," researchers from Forescout and CyberMDX said in a joint report

The Hacker News

March 8, 2022

Fresh flaws in Facebook Canvas earn bug bounty hunter a second payday Full Text

Abstract Facebook’s attempt at addressing the bug last year was found to be deficient. Researchers found three new flaws: a race conditions issue, a security bypass, and an issue involving encrypted parameters.

The Daily Swig

March 8, 2022

Dirty Pipe Linux flaw allows gaining root privileges on major distros Full Text

Abstract Dirty Pipe is a Linux vulnerability, tracked as CVE-2022-0847, that can allow local users to gain root privileges on all major distros. Security expert Max Kellermann discovered a Linux flaw, dubbed Dirty Pipe and tracked as CVE-2022-0847, that can allow...

Security Affairs

March 08, 2022

Access:7 vulnerabilities impact medical and IoT devices Full Text

Abstract A set of seven vulnerabilities collectively tracked as Access:7 have been found in PTC's Axeda agent, a solution used for remote access and management of over 150 connected devices from more than 100 vendors.

BleepingComputer

March 7, 2022

Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape Full Text

Abstract Both vulnerabilities are use-after-free issues in Mozilla’s popular web browser.

Threatpost

March 07, 2022

The Continuing Threat of Unpatched Security Vulnerabilities Full Text

Abstract Unpatched software is a computer code containing known security weaknesses. Unpatched vulnerabilities refer to weaknesses that allow attackers to leverage a known security bug that has not been patched by running malicious code. Software vendors write additions to the codes, known as "patches," when they come to know about these application vulnerabilities to secure these weaknesses. Adversaries often probe into your software, looking for unpatched systems and attacking them directly or indirectly. It is risky to run unpatched software. This is because attackers get the time to become aware of the  software's unpatched vulnerabilities  before a patch emerges. A  report  found that unpatched vulnerabilities are the most consistent and primary ransomware attack vectors. It was recorded that in 2021,  65  new vulnerabilities arose that were connected to ransomware. This was observed to be a twenty-nine percent growth compared to the number of vulnerabilities in 2020.  Gr

The Hacker News

March 07, 2022

Researchers Warn of Linux Kernel ‘Dirty Pipe’ Arbitrary File Overwrite Vulnerability Full Text

Abstract Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. Dubbed " Dirty Pipe " (CVE-2022-0847, CVSS score: 7.8) by IONOS software developer Max Kellermann, the flaw "leads to privilege escalation because unprivileged processes can inject code into root processes." Kellerman said the bug was discovered after digging into a support issue raised by one of the customers of the cloud and hosting provider that concerned a case of a "surprising kind of corruption" affecting web server access logs. The Linux kernel flaw is said to have existed since  version 5.8 , with the vulnerability sharing similarities to that of  Dirty Cow  (CVE-2016-5195), which came to light in October 2016. "A flaw was found in the way the 'flags' member of the new pipe

The Hacker News

March 07, 2022

New Linux bug gives root on all major distros, exploit released Full Text

Abstract A new Linux vulnerability known as 'Dirty Pipe' allows local users to gain root privileges through publicly available exploits.

BleepingComputer

March 07, 2022

Critical Bugs in TerraMaster TOS Could Open NAS Devices to Remote Hacking Full Text

Abstract Researchers have disclosed details of critical security vulnerabilities in TerraMaster network-attached storage (TNAS) devices that could be chained to attain unauthenticated remote code execution with the highest privileges. The issues reside in TOS, an abbreviation for TerraMaster Operating System, and "can grant unauthenticated attackers access to the victim's box simply by knowing the IP address, Ethiopian cyber security research firm Octagon Networks ' Paulos Yibelo said in a statement shared with The Hacker News. TOS is the  operating system  designed for TNAS appliances, enabling users to manage storage, install applications, and backup data. Following responsible disclosure, the flaws were patched in  TOS version 4.2.30  released last week on March 1, 2022. One of the issues, tracked as CVE-2022-24990, concerns a case of information leak in a component called "webNasIPS," resulting in the exposure of TOS firmware version, the default gateway interfac

The Hacker News

March 7, 2022

Mozilla addresses two actively exploited zero-day flaws in Firefox Full Text

Abstract Mozilla fixed two critical actively exploited zero-day bugs in Firefox with the release of 97.0.2, ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0. Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus...

Security Affairs

March 07, 2022

Microsoft fixes critical Azure bug that exposed customer data Full Text

Abstract Microsoft has addressed a critical vulnerability in the Azure Automation service that could have allowed attackers to take full control over other Azure customers' data.

BleepingComputer

March 06, 2022

2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP! Full Text

Abstract Mozilla has pushed out-of-band  software updates  to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild. Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as  use-after-free issues  impacting the Extensible Stylesheet Language Transformations ( XSLT ) parameter processing and the  WebGPU  inter-process communication ( IPC ) Framework. XSLT is an XML-based language used for the conversion of XML documents into web pages or PDF documents, whereas WebGPU is an emerging web standard that's been billed as a successor to the current WebGL JavaScript graphics library. The description of the two flaws is below – CVE-2022-26485  – Removing an XSLT parameter during processing could lead to an exploitable use-after-free CVE-2022-26486  – An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape Use-after-fre

The Hacker News

March 06, 2022

Mozilla Firefox 97.0.2 fixes two actively exploited zero-day bugs Full Text

Abstract ​Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 to fix two critical zero-day vulnerabilities actively exploited in attacks.

BleepingComputer

March 6, 2022

CVE-2022-0492 flaw in Linux Kernel cgroups feature allows container escape Full Text

Abstract A Linux kernel flaw, tracked as CVE-2022-0492, can allow an attacker to escape a container to execute arbitrary commands on the container host. A now-patched high-severity Linux kernel vulnerability, tracked as CVE-2022-0492 (CVSS score: 7.0),...

Security Affairs

March 05, 2022

New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container Full Text

Abstract Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host. The shortcoming resides in a Linux kernel feature called  control groups , also referred to as cgroups version 1 (v1), which allows processes to be organized into hierarchical groups, thereby making it possible to limit and monitor the usage of resources such as CPU, memory, disk I/O, and network. Tracked as  CVE-2022-0492  (CVSS score: 7.0), the  issue   concerns  a  case  of  privilege escalation  in the cgroups v1 release_agent functionality, a script that's executed following the termination of any process in the cgroup. "The issue stands out as one of the simplest Linux privilege escalations discovered in recent times: The Linux kernel mistakenly exposed a privileged operation to unprivileged users," Unit 42 researcher Yuval Avrahami  said  in a report publishe

The Hacker News

March 4, 2022

CISA Adds Another 95 Flaws to its Known Exploited Vulnerabilities List Full Text

Abstract The CISA just added 95 new bugs to its catalog of known exploited vulnerabilities, including multiple critical Cisco router flaws, new and old Windows flaws, bugs in Adobe Flash Player, and more.

ZDNet

March 03, 2022

New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances Full Text

Abstract Researchers have disclosed details of a new security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information. Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all versions starting from 14.4 and prior to 14.8. Credited with discovering and reporting the flaw is Jake Baines, a senior security researcher at Rapid7. Following responsible disclosure on November 18, 2021, patches were  released  for self-managed servers as part of GitLab critical security releases 14.8.2, 14.7.4, and 14.6.5 shipped on February 25, 2022. "The vulnerability is the result of a missing authentication check when executing certain GitLab GraphQL API queries," Baines  said  in a report published Thursday. "A remote, unauthenticated attacker can use this vulnerability to collect regi

The Hacker News

March 03, 2022

Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products Full Text

Abstract Cisco this week shipped patches to address a new round of critical security vulnerabilities affecting Expressway Series and Cisco TelePresence Video Communication Server (VCS) that could be exploited by an attacker to gain elevated privileges and execute arbitrary code. The two flaws – tracked as  CVE-2022-20754 and CVE-2022-20755  (CVSS scores: 9.0) – relate to an arbitrary file write and a command injection flaw in the API and web-based management interfaces of the two products that could have serious impacts on affected systems. The company said both the issues stem from insufficient input validation of user-supplied command arguments, a weakness that could be weaponized by an authenticated, remote attacker to carry out directory traversal attacks, overwrite arbitrary files, and run malicious code on the underlying operating system as the root user. "These vulnerabilities were found during internal security testing by Jason Crowder of the Cisco Advanced Security Initiative

The Hacker News

March 3, 2022

75% of medical infusion pumps affected by known vulnerabilities Full Text

Abstract Researchers analyzed more than 200,000 network-connected medical infusion pumps and discovered that over 100,000 of them are vulnerable. Researchers from Palo Alto Networks have analyzed more than 200,000 medical infusion pumps on the networks of hospitals...

Security Affairs

March 3, 2022

Cisco fixed two critical flaws in Expressway, TelePresence VCS solutions Full Text

Abstract Cisco fixed critical flaws in its Expressway Series and TelePresence Video Communication Server (VCS) unified communications products. Cisco announced security patches for a couple of critical vulnerabilities, tracked as CVE-2022-20754 and CVE-2022-20755...

Security Affairs

March 3, 2022

Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products Full Text

Abstract Cisco this week announced patches that address a couple of critical vulnerabilities in its Expressway Series and TelePresence Video Communication Server (VCS) unified communications products.

Security Week

March 03, 2022

Report: Nearly 75% of Infusion Pumps Affected by Severe Vulnerabilities Full Text

Abstract An analysis of data crowdsourced from more than 200,000 network-connected infusion pumps used in hospitals and healthcare entities has revealed that 75% of those medical devices contain security weaknesses that could put them at risk of potential exploitation. "These shortcomings included exposure to one or more of some 40 known cybersecurity vulnerabilities and/or alerts that they had one or more of some 70 other types of known security shortcomings for IoT devices," Unit 42 security researcher Aveek Das  said  in a report published Wednesday. Palo Alto Networks' threat intelligence team said it obtained the scans from seven medical device manufacturers. On top of that, 52.11% of all infusion pumps scanned were susceptible to two known vulnerabilities that were disclosed in 2019 as part of 11 flaws collectively called " URGENT/11 " – CVE-2019-12255  (CVSS score: 9.8) – A buffer overflow flaw in the TCP component of Wind River VxWorks CVE-2019-12264  (CVS

The Hacker News

March 02, 2022

Over 100,000 medical infusion pumps vulnerable to years old critical bug Full Text

Abstract Data collected from more than 200,000 network-connected medical infusion pumps used to deliver medication and fluids to patients shows that 75% of them are running with known security issues that attackers could exploit.

BleepingComputer

March 2, 2022

Popular open-source PJSIP library is affected by critical flaws Full Text

Abstract Researchers from JFrog's Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. Researchers from JFrog's Security Research team discovered five vulnerabilities in the popular PJSIP open-source...

Security Affairs

March 02, 2022

Log4shell exploits now used mostly for DDoS botnets, cryptominers Full Text

Abstract The Log4Shell vulnerabilities in the widely used Log4j software are still leveraged by threat actors today to deploy various malware payloads, including recruiting devices into DDoS botnets and for planting cryptominers.

BleepingComputer

March 2, 2022

Remote code execution vulnerability uncovered in Hashnode blogging platform Full Text

Abstract A remote code execution (RCE) attack chain caused due to a local file inclusion bug in the developer blogging platform Hashnode has been disclosed by security researchers.

The Daily Swig

March 2, 2022

Google Paid Out Over $100,000 for Vulnerabilities Patched by Chrome 99 Full Text

Abstract Nine of the externally reported security holes are rated high severity, the majority of which are use-after-free bugs affecting components such as Cast UI, Omnibox, Views, WebShare, and Media.

Security Week

March 01, 2022

Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack Full Text

Abstract As many as five security vulnerabilities have been disclosed in the PJSIP open-source multimedia communication library that could be abused by an attacker to trigger arbitrary code execution and denial-of-service (DoS) in applications that use the protocol stack. The weaknesses were  identified and reported  by JFrog's Security Research team, following which the project maintainers released patches ( version 2.12 ) last week on February 24, 2022. PJSIP is an open-source embedded  SIP protocol  suite written in C that supports audio, video, and instant messaging features for popular communication platforms such as  WhatsApp  and BlueJeans. It's also  used  by  Asterisk , a widely-used private branch exchange (PBX) switching system for VoIP networks. "Buffers used in PJSIP typically have limited sizes, especially the ones allocated in the stack or supplied by the application, however in several places, we do not check if our usage can exceed the sizes," PJSIP's

The Hacker News

March 01, 2022

Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software Full Text

Abstract Critical security vulnerabilities have been uncovered in VoIPmonitor software that, if successfully exploited, could allow unauthenticated attackers to escalate privileges to the administrator level and execute arbitrary commands. Following responsible disclosure by researchers from  Kerbit , an Ethiopia-based penetration-testing and vulnerability research firm, on December 15, 2021, the issues were addressed in  version 24.97  of the WEB GUI shipped on January 11, 2022. "[F]ix critical vulnerabilities - new SQL injects for unauthenticated users allowing gaining admin privileges," the maintainers of VoIPmonitor noted in the change log. VoIPmonitor is an open-source network packet sniffer with commercial frontend for SIP RTP and RTCP VoIP protocols running on Linux, allowing users to monitor and troubleshoot quality of SIP VoIP calls as well as decode, play, and archive calls in a  CDR  database. The three flaws identified by Kerbit is below – CVE-2022-24259  (CVSS sco

The Hacker News

March 1, 2022

Vulnerabilities in Lansweeper could lead to JavaScript, SQL injections Full Text

Abstract Cisco Talos recently discovered multiple vulnerabilities in the Lansweeper IT asset management solution that could allow an attacker to inject JavaScript or SQL code on the targeted device.

Cisco Talos

March 1, 2022

Critical GitLab vulnerability could allow attackers to steal runner registration tokens Full Text

Abstract The vulnerability affects all versions from 12.10 to 14.6.4, all versions starting from 14.7 to 14.7.3, and all versions starting from 14.8 to 14.8.1, according to a security advisory from GitLab.

The Daily Swig

February 28, 2022

100 Million Samsung Galaxy Phones Affected with Flawed Hardware Encryption Feature Full Text

Abstract A group of academics from Tel Aviv University have disclosed details of now-patched "severe" design flaws affecting about 100 million Android-based Samsung smartphones that could have resulted in the extraction of secret cryptographic keys. The shortcomings are the result of an analysis of the cryptographic design and implementation of Android's hardware-backed Keystore in Samsung's Galaxy S8, S9, S10, S20, and S21 flagship devices, researchers Alon Shakevsky, Eyal Ronen, and Avishai Wool  said . Trusted Execution Environments ( TEEs ) are a secure zone that provide an isolated environment for the execution of Trusted Applications (TAs) to carry out security critical tasks to ensure confidentiality and integrity. On Android, the hardware-backed  Keystore  is a system that facilitates the creation and storage of cryptographic keys within the TEE, making them more difficult to be extracted from the device in a manner that prevents the underlying operating system fr

The Hacker News

February 28, 2022

Experts Create Apple AirTag Clone That Can Bypass Anti-Tracking Measures Full Text

Abstract Cybersecurity researchers have managed to build a clone of Apple Airtag that circumvents the anti-stalking protection technology built into its Find My Bluetooth-based tracking protocol. The result is a stealth AirTag that can successfully track an iPhone user for over five days without triggering a tracking notification, Positive Security's co-founder Fabian Bräunlein  said  in a deep-dive published last week. Find My is Apple's asset tracking app that allows users to track the GPS location of iOS, iPadOS, macOS, watchOS devices, AirPods, AirTags as well as other supported third-party accessories through a connected iCloud account. It also enables users to view the location of others who have opted to share their location. This is far from the first time weaknesses have been uncovered in Apple's Find My system. In March 2021, the Secure Mobile Networking Lab at the Technical University of Darmstadt, Germany (SEEMO)  disclosed  design and implementation flaws in the pr

The Hacker News

February 28, 2022

Vulnerabilities spotted in Gerbv could lead to code execution, information disclosure Full Text

Abstract Cisco Talos recently discovered multiple vulnerabilities in the Gerbv file viewing software that could allow an attacker to execute arbitrary remote code or disclose sensitive information.

Cisco Talos

February 25, 2022

GE SCADA Product Vulnerabilities Show Importance of Secure Configurations Full Text

Abstract GE Digital has released patches for two high-severity vulnerabilities affecting its Proficy CIMPLICITY HMI/SCADA software, which is used by plants globally to monitor and control operations.

Security Week

February 24, 2022

New Flaws Discovered in Cisco’s Network Operating System for Switches Full Text

Abstract Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems. The most critical of the flaws is  CVE-2022-20650  (CVSS score: 8.8), which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of user-supplied data. "An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device," Cisco said. "A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system." The flaw impacts Nexus 3000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, and Nexus 9000 Series Switches in standalone NX-OS mode running Cisco NX-OS Software that have the NX-API feature enabled. Also patched are two high-severity den

The Hacker News

February 24, 2022

Deadbolt Ransomware targets Asustor and QNap NAS Devices Full Text

Abstract Deadbolt ransomware operators are targeting Asustor NAS (network-attached storage) appliances. Storage solutions provider Asustor is warning its customers of a wave of Deadbolt ransomware attacks targeting its NAS devices. Since January, DeadBolt...

Security Affairs

February 23, 2022

NSA-linked Bvp47 Linux backdoor widely undetected for 10 years Full Text

Abstract A report released today dives deep into technical aspects of a Linux backdoor now tracked as Bvp47 that is linked to the Equation Group, the advanced persistent threat actor tied to the U.S. National Security Agency.

BleepingComputer

February 23, 2022

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor Full Text

Abstract Pangu Lab researchers disclosed details of the Bvp47 backdoor that was used by the US NSA Equation Group. Researchers from The China's Pangu Lab have disclosed details of a Linux top-tier APT backdoor, tracked as Bvp47, which is associated with the U.S....

Security Affairs

February 23, 2022

Flawed Encryption Could Enable Initialization Vector Reuse Attacks on Samsung Smartphones Full Text

Abstract Samsung failed to implement Keymaster TA properly in Galaxy S series phones, meaning one could launch an Initialization Vector reuse attack to obtain the keys from the hardware-protected key blobs.

The Register

February 23, 2022

Horde Webmail Software is affected by a dangerous bug since 2012 Full Text

Abstract Experts found a nine-year-old unpatched flaw in the Horde Webmail software that could allow access to email accounts. A feature in the Horde Webmail is affected by a nine-year-old unpatched security vulnerability that could be abused to gain complete...

Security Affairs

February 23, 2022

Researchers Bypass Stalking Protections on Apple Airtags Clones Using Find My Protocol Full Text

Abstract Source code for an Airtag clone was published online by Positive Security, which said its tags "successfully tracked an iPhone user... for over five days without triggering a tracking notification."

The Register

February 22, 2022

9-Year-Old Unpatched Email Hacking Bug Uncovered in Horde Webmail Software Full Text

Abstract Users of Horde Webmail are being urged to disable a feature to contain a nine-year-old unpatched security vulnerability in the software that could be abused to gain complete access to email accounts simply by previewing an attachment. "This gives the attacker access to all sensitive and perhaps secret information a victim has stored in their email account and could allow them to gain further access to the internal services of an organization," SonarSource vulnerability researcher, Simon Scannell,  said  in a report. An " all volunteer project ," the Horde Project is a free, browser-based communication suite that allows users to read, send, and organize email messages as well as manage and share calendars, contacts, tasks, notes, files, and bookmarks. The flaw, which was introduced as part of a  code change  pushed on November 30, 2012, relates to a case of an "unusual" stored cross-site scripting flaw (aka persistent XSS) that allows an adversary to c

The Hacker News

February 21, 2022

How SMS PVA services could undermine SMS-based verification Full Text

Abstract Crooks abuse some SMS PVA services that allow their customers to create disposable user accounts to conduct malicious activities. While investigating SMS PVA services (phone-verified account services), Trend Micro researchers discovered a rogue platform...

Security Affairs

February 20, 2022

Poisoned Pipeline Execution Attacks - A New Wave of Threats Full Text

Abstract A security researcher demonstrated the possibility of poisoned pipeline attacks that can be triggered by abusing permissions in source code management (SCM) repositories. The pipelines that execute unreviewed code are more exposed to PPE attacks. Applications not developed with a security-first app ... Read More

Cyware Alerts - Hacker News

February 19, 2022

UpdraftPlus WordPress plugin update forced for million sites Full Text

Abstract WordPress forces the update of the UpdraftPlus plugin patch on 3 million sites to fix a high-severity vulnerability. WordPress has forced the update of the UpdraftPlus plugin around three million sites to address a high-severity vulnerability,...

Security Affairs

February 19, 2022

Multiple Vulnerabilities in Adobe Commerce and Magento Could Allow for Remote Code Execution Full Text

Abstract Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights in Adobe Commerce and Magento Open Source.

CIS

February 19, 2022

New WordPress Plugin Leaks Millions of Personal Information; Immediate Update is Suggested Full Text

Abstract A new WordPress plugin vulnerability is now putting millions of WordPress users at risk. This security issue is specifically found on UpdraftPlus, a cloning plugin for WordPress.

Tech Times

February 18, 2022

Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites Full Text

Abstract Patches have been issued to contain a "severe" security vulnerability in UpdraftPlus, a WordPress plugin with over three million installations, that can be weaponized to download the site's private data using an account on the vulnerable sites. "All versions of UpdraftPlus from March 2019 onwards have contained a vulnerability caused by a missing permissions-level check, allowing untrusted users access to backups," the maintainers of the plugin said in an advisory published this week. Security researcher Marc-Alexandre Montpas of Automattic has been credited with discovering and reporting the vulnerability on February 14 that's been assigned the identifier  CVE-2022-0633  (CVSS score: 8.5). The issue impacts UpdraftPlus versions from 1.16.7 to 1.22.2. UpdraftPlus is a  backup and restoration solution  that's capable of performing full, manual, or scheduled backups of WordPress files, databases, plugins and themes, which can then be reinstated via th

The Hacker News

February 18, 2022

CVE-2021-44731 Linux privilege escalation bug affects Canonical’s Snap Package Manager Full Text

Abstract Qualys experts found a new Linux privilege escalation vulnerability, tracked as CVE-2021-44731, in Canonical's Snap Package Manager. Canonical's Snap software packaging and deployment system are affected by multiple vulnerabilities, including...

Security Affairs

February 18, 2022

Researchers created a PoC exploit for recently disclosed critical Magento CVE-2022-24086 bug Full Text

Abstract Researchers developed an exploit code for CVE-2022-24086 vulnerability affecting Adobe Commerce and Magento Open Source. Positive Technologies researchers have created a working PoC exploit for the recently patched CVE-2022-24086 vulnerability...

Security Affairs

February 18, 2022

New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager Full Text

Abstract Multiple security vulnerabilities have been disclosed in Canonical's  Snap  software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges. Snaps are self-contained application packages that are designed to work on operating systems that use the Linux kernel and can be installed using a tool called snapd. Tracked as  CVE-2021-44731 , the issue concerns a privilege escalation flaw in the  snap-confine  function, a program used internally by snapd to construct the execution environment for snap applications. The shortcoming is rated 7.8 on the CVSS scoring system. "Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host," Bharat Jogi, director of vulnerability and threat research at Qualys,  said , adding the weakness could be abused to "obtain full root privileges on default installations of Ubuntu." Red Hat, in an independ

The Hacker News

February 18, 2022

WordPress force installs UpdraftPlus patch on 3 million sites Full Text

Abstract WordPress has taken the rare step of force-updating the UpdraftPlus plugin on all sites to fix a high-severity vulnerability allowing website subscribers to download the latest database backups, which often contain credentials and PII.

BleepingComputer

February 17, 2022

Hackers can crash Cisco Secure Email gateways using malicious emails Full Text

Abstract Cisco has addressed a high severity vulnerability that could allow remote attackers to crash Cisco Secure Email appliances using maliciously crafted email messages.

BleepingComputer

February 17, 2022

Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails Full Text

Abstract Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance (ESA) that could result in a denial-of-service (DoS) condition on an affected device. The weakness, assigned the identifier CVE-2022-20653 (CVSS score: 7.5), stems from a case of insufficient error handling in  DNS  name resolution that could be abused by an unauthenticated, remote attacker to send a specially crafted email message and cause a DoS. "A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition," the company  said  in an advisory. "Continued attacks could cause the device to become completely unavailable, resulting in a persistent DoS condition." The flaw impacts Cisco ESA devices running Cisco AsyncOS Software running vers

The Hacker News

February 17, 2022

Another Critical RCE Discovered in Adobe Commerce and Magento Platforms Full Text

Abstract Adobe on Thursday updated its advisory for an  actively exploited zero-day  affecting Adobe Commerce and Magento Open Source to patch a newly discovered flaw that could be weaponized to achieve arbitrary code execution. Tracked as  CVE-2022-24087 , the issue – like CVE-2022-24086 – is rated 9.8 on the CVSS vulnerability scoring system and relates to an " Improper Input Validation " bug that could result in the execution of malicious code. "We have discovered additional security protections necessary for CVE-2022-24086 and have released an update to address them (CVE-2022-24087)," the company  said  in a revised bulletin. "Adobe is not aware of any exploits in the wild for the issue addressed in this update (CVE-2022-24087)." As before, Adobe Commerce and Magento Open Source versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are impacted by CVE-2022-24087, but it's worth noting that versions 2.3.0 to 2.3.3 are not vulnerable. "A new patc

The Hacker News

February 17, 2022

Researchers create exploit for critical Magento bug, Adobe updates advisory Full Text

Abstract Offensive security researchers have created exploit code for CVE-2022-24086, the critical vulnerability affecting Adobe Commerce and Magento Open Source that Adobe that patched in an out-of-band update last Sunday.

BleepingComputer

February 17, 2022

GitHub code scanning now finds more security vulnerabilities Full Text

Abstract Code hosting platform GitHub today launched new machine learning-based code scanning analysis features that will automatically discover more common security vulnerabilities before they end up in production. 

BleepingComputer

February 17, 2022

Poisoned pipelines: Security researcher explores attack methods in CI environments Full Text

Abstract A security researcher has described how abusing permissions in source code management (SCM) repositories can lead to CI poisoning, also known as ‘poisoned pipeline attacks’.

The Daily Swig

February 17, 2022

Specially crafted emails could crash Cisco ESA devices Full Text

Abstract Cisco warns of a DoS issue affecting its Email Security Appliance (ESA) product that could be exploited using specially crafted emails. Cisco ESA products are affected by a DoS vulnerability, tracked as CVE-2022-20653, that resides in the DNS-based...

Security Affairs

February 17, 2022

Cisco bug can let hackers crash Cisco Secure Email gateways Full Text

Abstract Cisco has addressed a high severity vulnerability that could allow remote attackers to crash Cisco Secure Email appliances using maliciously crafted email messages.

BleepingComputer

February 16, 2022

High-Severity RCE Bug Found in Popular Apache Cassandra Database Full Text

Abstract On the plus side, only instances with non-standard not recommended configurations are vulnerable. On the downside, those configurations aren’t easy to track down, and it’s easy as pie to exploit.

Threatpost

February 16, 2022

Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers Full Text

Abstract A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS.

Threatpost

February 16, 2022

VMware Issues Security Patches for High-Severity Flaws Affecting Multiple Products Full Text

Abstract VMware on Tuesday patched several  high-severity   vulnerabilities  impacting ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere that could be exploited to execute arbitrary code and cause a denial-of-service (DoS) condition. As of writing, there's no evidence that any of the weaknesses are exploited in the wild. The list of six flaws is as follows – CVE-2021-22040  (CVSS score: 8.4) - Use-after-free vulnerability in XHCI USB controller CVE-2021-22041  (CVSS score: 8.4) - Double-fetch vulnerability in UHCI USB controller CVE-2021-22042  (CVSS score: 8.2) - ESXi settingsd unauthorized access vulnerability CVE-2021-22043  (CVSS score: 8.2) - ESXi settingsd TOCTOU vulnerability CVE-2021-22050  (CVSS score: 5.3) - ESXi slow HTTP POST denial-of-service vulnerability CVE-2022-22945  (CVSS score: 8.8) - CLI shell injection vulnerability in the NSX Edge appliance component Successful exploitation of the flaws could allow a malicious actor with local ad

The Hacker News

February 16, 2022

Experts disclose details of Apache Cassandra DB RCE Full Text

Abstract Researchers disclose a now-patched remote code execution (RCE) vulnerability in the Apache Cassandra database software. JFrog researchers publicly disclosed details of a now-patched high-severity security vulnerability (CVE-2021-44521) in Apache Cassandra...

Security Affairs

February 16, 2022

VMware fixes flaws demonstrated at Chinese Tianfu Cup hacking contest Full Text

Abstract VMware addressed several high-severity flaws that were disclosed during China’s Tianfu Cup hacking contest. VMware addressed several high-severity vulnerabilities that were demonstrated by Kunlun Lab team during China’s Tianfu Cup 2021 hacking...

Security Affairs

February 15, 2022

Chrome Zero-Day Under Active Attack: Patch ASAP Full Text

Abstract The year’s 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems.

Threatpost

February 15, 2022

High-Severity RCE Security Bug Reported in Apache Cassandra Database Software Full Text

Abstract Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution (RCE) on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog,  said  in a technical write-up published Tuesday. Apache Cassandra is an open-source, distributed, NoSQL database management system for managing very large amounts of structured data across commodity servers. Tracked as  CVE-2021-44521  (CVSS score: 8.4), the vulnerability concerns a specific scenario where the configuration for user-defined functions ( UDFs ) are enabled, effectively allowing an attacker to leverage the  Nashorn  JavaScript engine, escape the sandbox, and achieve execution of untrusted code. Specifically, it was fou

The Hacker News

February 15, 2022

Google almost doubles Linux Kernel, Kubernetes zero-day rewards Full Text

Abstract Google says it bumped up rewards for reports of Linux Kernel, Kubernetes, Google Kubernetes Engine (GKE), or kCTF vulnerabilities by adding bigger bonuses for zero-day bugs and exploits using unique exploitation techniques.

BleepingComputer

February 15, 2022

VMware Patches Vulnerabilities Reported by Researchers to Chinese Government Full Text

Abstract The security vulnerabilities impact VMware ESXi, Workstation, and Fusion, and they were used at the 2021 Tianfu Cup hacking contest by Kunlun Lab, the team that won the event.

Security Week

February 15, 2022

QNAP extends security Updates for some EOL devices Full Text

Abstract Taiwanese vendor QNAP extended the security update window for some devices that have reached end-of-life (EOL). Taiwanese vendor QNAP extended the security update for some devices that have reached end-of-life (EOL) years ago. The company decided...

Security Affairs

February 15, 2022

Squirrelwaffle, Microsoft Exchange Server vulnerabilities exploited for financial fraud Full Text

Abstract Researchers from Sophos revealed a recent incident in which a Microsoft Exchange Server, which had not been patched to protect it against a set of critical vulnerabilities disclosed last year.

ZDNet

February 15, 2022

Google fixes a Chrome zero-day flaw actively exploited in attacks Full Text

Abstract Google fixed a high-severity zero-day flaw actively exploited with the release of Chrome emergency update for Windows, Mac, and Linux. Google fixed a high-severity zero-day flaw, tracked as CVE-2022-0609, actively exploited with the release of Chrome...

Security Affairs

February 15, 2022

SMS PVA Services’ Use of Infected Android Phones Reveals Flaws in SMS Verification Full Text

Abstract The core security issue is that an enterprise has the ability to monitor and intercept SMSes from tons of devices globally, and then profit from it by offering the service to whoever can pay for it.

Trend Micro

February 14, 2022

Google Chrome emergency update fixes zero-day exploited in attacks Full Text

Abstract Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks.

BleepingComputer

February 14, 2022

Critical Security Flaws Reported in Moxa MXview Network Management Software Full Text

Abstract Technical details have been disclosed regarding a number of security vulnerabilities affecting Moxa's MXview web-based network management system, some of which could be chained by an unauthenticated adversary to achieve remote code execution on unpatched servers. The five security weaknesses "could allow a remote, unauthenticated attacker to execute code on the hosting machine with the highest privileges available: NT AUTHORITY\SYSTEM," Claroty security researcher Noam Moshe  said  in a report published this week. Moxa  MXview  is designed for configuring, monitoring, and diagnosing networking devices in industrial networks. The flaws, which affect versions 3.x to 3.2.2 of the network management software, were rectified in  version 3.2.4 or higher  following a coordinated disclosure process in October 2021. "Successful exploitation of these vulnerabilities may allow an attacker to create or overwrite critical files to execute code, gain access to the program, ob

The Hacker News

February 14, 2022

Critical Magento zero-day flaw CVE-2022-24086 actively exploited Full Text

Abstract Adobe addressed a critical vulnerability (CVE-2022-24086) impacting Magento Open Source products that is being actively exploited in the wild. Adobe rolled out security updates to address a critical security vulnerability, tracked as CVE-2022-24086,...

Security Affairs

February 14, 2022

QNAP extends critical updates for some unsupported NAS devices Full Text

Abstract QNAP has extended support and will keep issuing security updates for some end-of-life (EOL) network-attached storage (NAS) devices until October 2022.

BleepingComputer

February 14, 2022

Emergency Magento update fixes zero-day bug exploited in attacks Full Text

Abstract Adobe rolled out emergency updates for Adobe Commerce and Magento Open Source to fix a critical vulnerability tracked as CVE-2022-24086 that's being exploited in the wild.

BleepingComputer

February 13, 2022

Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released Full Text

Abstract Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild. Tracked as  CVE-2022-24086 , the shortcoming has a CVSS score of 9.8 out of 10 on the vulnerability scoring system and has been characterized as an " improper input validation " issue that could be weaponized to achieve arbitrary code execution.  It's also a pre-authenticated flaw, meaning it could be exploited without requiring any credentials. But the California-headquartered company also pointed out that the vulnerability is only exploitable by an attacker with administrative privileges. The flaw affects Adobe Commerce and Magento Open Source 2.4.3-p1 and earlier versions as well as 2.3.7-p2 and earlier versions. Adobe Commerce 2.3.3 and lower are not vulnerable. "Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Co

The Hacker News

February 12, 2022

Facebook exposes ‘god mode’ token miscreants could use Full Text

Abstract According to a security researcher, a malicious developer could harvest Facebook data using the same access method, because Facebook is exposing a plain-text token described as "god mode."

The Register

February 12, 2022

Apple fixes actively exploited iOS, macOS zero-day (CVE-2022-22620) Full Text

Abstract CVE-2022-22620 is a use after free issue in WebKit, the browser engine used in Safari and all iOS web browsers. Apple fixed it in iOS 15.3.1 and iPadOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3.

Help Net Security

February 11, 2022

Apple addressed a third zero-day in 2022, which is actively exploited Full Text

Abstract Apple addressed a new WebKit zero-day affecting iOS, iPadOS, macOS, and Safari that may have been actively exploited in the wild. Apple has addressed a zero-day vulnerability, tracked as CVE-2022-22620, in the WebKit affecting iOS, iPadOS, macOS,...

Security Affairs

February 10, 2022

SAP Patches Severe ‘ICMAD’ Bugs Full Text

Abstract SAP’s Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities, steal data and more.

Threatpost

February 10, 2022

Microsoft fixes Defender flaw letting hackers bypass antivirus scans Full Text

Abstract Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender's malware detection engine.

BleepingComputer

February 10, 2022

Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw Full Text

Abstract Apple on Thursday released security updates for  iOS, iPadOS ,  macOS , and  Safari  to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year. Tracked as CVE-2022-22620, the issue concerns a use-after-free vulnerability in the WebKit component that powers the Safari web browser and could be exploited by a piece of specially crafted web content to gain arbitrary code execution.  "Apple is aware of a report that this issue may have been actively exploited," the company said in a terse statement acknowledging in-the-wild attacks leveraging the flaw. The iPhone maker credited an anonymous researcher for discovering and reporting the flaw, adding it remediated the issue with improved memory management. The updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th

The Hacker News

February 10, 2022

Microsoft starts killing off WMIC in Windows, will thwart attacks Full Text

Abstract Microsoft is moving forward with removing the Windows Management Instrumentation Command-line (WMIC) tool, wmic.exe, starting with the latest Windows 11 preview builds in the Dev channel.

BleepingComputer

February 10, 2022

Apple patches new zero-day exploited to hack iPhones, iPads, Macs Full Text

Abstract Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs.

BleepingComputer

February 10, 2022

Critical RCE flaws in PHP Everywhere WordPress plugin affect thousands of sites Full Text

Abstract WordPress plugin PHP Everywhere is affected by three critical issues that can be exploited to execute arbitrary code on affected systems. Wordfence experts found three critical remote code execution vulnerabilities in the PHP Everywhere WordPress...

Security Affairs

February 09, 2022

Critical RCE Flaws in ‘PHP Everywhere’ Plugin Affect Thousands of WordPress Sites Full Text

Abstract Critical security vulnerabilities have been disclosed in a WordPress plugin known as PHP Everywhere that's used by more than 30,000 websites worldwide and could be abused by an attacker to execute arbitrary code on affected systems. PHP Everywhere is  used  to flip the switch on PHP code across WordPress installations, enabling users to insert and execute PHP-based code in the content management system's Pages, Posts, and Sidebar. The three issues, all rated 9.9 out of a maximum of 10 on the CVSS rating system, impact versions 2.0.3 and below, and are as follows - CVE-2022-24663  - Remote Code Execution by Subscriber+ users via shortcode CVE-2022-24664  - Remote Code Execution by Contributor+ users via metabox, and CVE-2022-24665  - Remote Code Execution by Contributor+ users via gutenberg block Successful exploitation of the three vulnerabilities could result in the execution of malicious PHP code that could be leveraged to achieve a complete site takeover. WordPres

The Hacker News

February 09, 2022

PHP Everywhere RCE flaws threaten thousands of WordPress sites Full Text

Abstract Researchers found three critical remote code execution (RCE) vulnerabilities in the PHP Everywhere plugin for WordPress, used by over 30,000 websites worldwide.

BleepingComputer

February 9, 2022

Zerodium Offers Huge Money for Zero-day Exploits Full Text

Abstract Premium exploits acquisition platform Zerodium rolled out an offer of $400,000 in bounty rewards to anyone who reports an RCE zero-day vulnerability in Outlook. It is reportedly a temporary offer. It is offering up to $200,000 for exploits leading to remote code execution in Mozilla Thunderbird.&nb ... Read More

Cyware Alerts - Hacker News

February 9, 2022

Siemens, Schneider Electric Address Nearly 50 ICS Vulnerabilities Full Text

Abstract Industrial equipment giants Siemens and Schneider Electric released a total of 15 advisories on Tuesday to address nearly 50 vulnerabilities discovered in their products.

Security Week

February 9, 2022

Microsoft February 2022 Patch Tuesday security updates fix a zero-day Full Text

Abstract Microsoft February 2022 Patch Tuesday security updates addressed 51 flaws in multiple products, including a zero-day bug. Microsoft February 2022 Patch Tuesday security updates addressed 51 flaws in multiple products including Microsoft Windows and Windows...

Security Affairs

February 9, 2022

Google February 2022 Android security updates fix remote escalation bug Full Text

Abstract Google February 2022 Android security updates address two critical flaws, including a remote escalation of privilege. Google has released the February 2022 Android security updates that address two critical vulnerabilities, one of them is a remote...

Security Affairs

February 08, 2022

Microsoft and Other Major Software Firms Release February 2022 Patch Updates Full Text

Abstract Microsoft on Tuesday rolled out its monthly security updates with  fixes for 51 vulnerabilities  across its software line-up consisting of Windows, Office, Teams, Azure Data Explorer, Visual Studio Code, and other components such as Kernel and Win32k. Among the 51 defects closed, 50 are rated Important and one is rated Moderate in severity, making it one of the rare Patch Tuesday updates without any fixes for Critical-rated vulnerabilities. This is also in addition to  19 more flaws  the company addressed in its Chromium-based Edge browser. None of the security vulnerabilities are listed as under active exploit, while of the flaws —  CVE-2022-21989  (CVSS score: 7.8) — has been classified as a publicly disclosed zero-day at the time of the release. The issue concerns a privilege escalation bug in Windows Kernel, with Microsoft warning of potential attacks exploiting the shortcoming. "Successful exploitation of this vulnerability requires an attacker to take additional actions

The Hacker News

February 08, 2022

Google fixes remote escalation of privileges bug on Android Full Text

Abstract Google has released the February 2022 Android security updates, addressing two critical vulnerabilities, one being a remote escalation of privilege that requires no user interaction.

BleepingComputer

February 08, 2022

Microsoft February 2022 Patch Tuesday fixes 48 flaws, 1 zero-day Full Text

Abstract Today is Microsoft's February 2022 Patch Tuesday, and with it comes fixes for one zero-day vulnerability and a total of 48 flaws.

BleepingComputer

February 08, 2022

Mozilla fixes Firefox bug letting you get Windows admin privileges Full Text

Abstract Mozilla released a security update to address a high severity privilege escalation vulnerability found in the Mozilla Maintenance Service.

BleepingComputer

February 8, 2022

Android’s February 2022 Security Updates Patch 36 Vulnerabilities Full Text

Abstract The first part of the update arrives on devices as the 2022-02-01 patch level and delivers fixes for 15 security holes in three components, namely Framework, Media framework, and System.

Security Week

February 7, 2022

Microsoft disables the ms-appinstaller protocol because it was abused to spread malware Full Text

Abstract Microsoft temporarily disabled the ms-appinstaller protocol for MSIX because it was abused by malware, such as Emotet. Microsoft announced to have temporarily disabled the ms-appinstaller protocol for MSIX because it was abused by malware,...

Security Affairs

February 6, 2022

Argo CD flaw could allow stealing sensitive data from Kubernetes Apps Full Text

Abstract A flaw in Argo CD tool for Kubernetes could be exploited by attackers to steal sensitive data from Kubernetes Apps. A zero-day vulnerability, tracked as CVE-2022-24348, in the Argo CD tool for Kubernetes could be exploited by attackers to steal sensitive...

Security Affairs

February 4, 2022

‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet Full Text

Abstract The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next.

Threatpost

February 04, 2022

Microsoft disables MSIX protocol handler abused in Emotet attacks Full Text

Abstract Microsoft has disabled the MSIX ms-appinstaller protocol handler exploited in malware attacks to install malicious apps directly from a website via a Windows AppX Installer spoofing vulnerability.

BleepingComputer

February 4, 2022

Zimbra zero-day vulnerability actively exploited by an alleged Chinese threat actor Full Text

Abstract An alleged Chinese threat actor is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform. An alleged Chinese threat actor, tracked as TEMP_Heretic, is actively attempting to exploit a zero-day XSS vulnerability...

Security Affairs

February 3, 2022

PowerPoint Files Abused to Take Over Computers Full Text

Abstract Attackers are using socially engineered emails with .ppam file attachments that hide malware that can rewrite Windows registry settings on targeted machines.

Threatpost

February 03, 2022

Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users Full Text

Abstract A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation — codenamed " EmailThief " — was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful exploitation of the cross-site scripting (XSS) vulnerability could result in the execution of arbitrary JavaScript code in the context of the user's Zimbra session. Volexity attributed the intrusions, which started on December 14, 2021, to a previously undocumented hacking group it's tracking under the moniker TEMP_HERETIC, with the assaults aimed at European government and media entities. The zero-day bug impacts the most recent open-source edition of Zimbra running  version 8.8.15 . The attacks are believed to have occurred in two phases; the first stage aimed at reconnaissance and distribut

The Hacker News

February 03, 2022

Zimbra zero-day vulnerability actively exploited to steal emails Full Text

Abstract A cross-site scripting (XSS) Zimbra security vulnerability is actively exploited in attacks targeting European media and government organizations.

BleepingComputer

February 03, 2022

Critical Flaws Discovered in Cisco Small Business RV Series Routers Full Text

Abstract Cisco has patched multiple critical  security vulnerabilities  impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept (PoC) exploit code targeting some of these bugs. Three of the 15 flaws, tracked as CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, carry the highest CVSS rating of 10.0, and affect its Small Business RV160, RV260, RV340, and RV345 Series routers. Additionally, the flaws could be exploited to bypass authentication and authorization protections, retrieve and run unsigned software, and even cause denial-of-service (DoS) conditions. The networking equipment maker acknowledged that it's "aware that proof-of-concept exploit code is available for several of the vulnerabilities" but didn't share any further specifics on the nature of the exploit or the identity of the threat actors that may be exploiting them. CVE-2022-20699

The Hacker News

February 3, 2022

Cisco fixes critical flaws in its Small Business Routers Full Text

Abstract Cisco released security patches to address multiple flaws in its Small Business RV160, RV260, RV340, and RV345 series routers. Cisco announced patches for multiple issue affecting its Small Business RV160, RV260, RV340, and RV345 series routers. Some...

Security Affairs

February 03, 2022

Cisco fixes critical bugs in SMB routers, exploits available Full Text

Abstract Cisco has released patches for multiple vulnerabilities in the Small Business RV Series router platform that could allow remote attackers to gain complete control over the device, in many cases, without authentication.

BleepingComputer

February 3, 2022

Trend Micro fixed 2 flaws in Hybrid Cloud Security products Full Text

Abstract Trend Micro recently addressed two high-severity flaws affecting some of its hybrid cloud security products. Trend Micro released security updates to fix two high-severity vulnerabilities, tracked as CVE-2022-23119 and CVE-2022-23120, affecting...

Security Affairs

February 3, 2022

Trend Micro Patches Vulnerabilities in Hybrid Cloud Security Products Full Text

Abstract The vulnerabilities are tracked as CVE-2022-23119 and CVE-2022-23120, and they impact Deep Security and Cloud One workload security solutions, specifically the Linux agent component.

Security Week

February 2, 2022

Researcher found an Information Disclosure in the Brave browser Full Text

Abstract Security researcher discovered an Information Disclosure vulnerability in Brave browser and reported it through the HackerOne platform. Security researcher Kirtikumar Anandrao Ramchandani discovered an Information Disclosure vulnerability in the Brave...

Security Affairs

February 02, 2022

ESET antivirus bug let attackers gain Windows SYSTEM privileges Full Text

Abstract Slovak internet security firm ESET released security fixes to address a high severity local privilege escalation vulnerability affecting multiple products on systems running Windows 10 and later or Windows Server 2016 and above.

BleepingComputer

February 2, 2022

Fastly patches memory leak HTTP/3 vulnerability in H2O HTTP server project Full Text

Abstract An uninitialized memory leak vulnerability in the H2O HTTP server project has been patched. H20 is an open-source optimization project for HTTP/1, HTTP/2, and HTTP/3 servers

The Daily Swig

February 02, 2022

UEFI firmware vulnerabilities affect at least 25 computer vendors Full Text

Abstract Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer.

BleepingComputer

February 2, 2022

Google Patches 27 Vulnerabilities With Release of Chrome 98 Full Text

Abstract Of the 19 flaws, 8 carry a severity rating of high, 10 are medium severity, and one is low risk. Over half of the externally reported vulnerabilities addressed in this release are use-after-free bugs.

Security Week

February 2, 2022

ESET releases fixes for local privilege escalation bug in Windows Applications Full Text

Abstract Antivirus firm ESET addressed a local privilege escalation vulnerability, tracked CVE-2021-37852, impacting its Windows clients. Antivirus firm ESET released security patches to address a high severity local privilege escalation vulnerability, tracked...

Security Affairs

February 2, 2022

Experts found 23 flaws in UEFI firmware potentially impact millions of devices Full Text

Abstract Researchers discovered tens of vulnerabilities in UEFI firmware code used by the major device manufacturers. Researchers at firmware security company Binarly have discovered 23 vulnerabilities in UEFI firmware code used by the major device makers....

Security Affairs

February 2, 2022

Two Dozen UEFI Vulnerabilities Impact Millions of Devices From Major Vendors Full Text

Abstract The vulnerabilities are mostly related to System Management Mode and they can lead to arbitrary code execution with elevated privileges. CVE IDs have been assigned to each of the 23 weaknesses.

Security Week

February 01, 2022

Dozens of Security Flaws Discovered in UEFI Firmware Used by Several Vendors Full Text

Abstract As many as 23 new high severity security vulnerabilities have been disclosed in different implementations of Unified Extensible Firmware Interface ( UEFI ) firmware used by numerous vendors, including Bull Atos, Fujitsu, HP, Juniper Networks, Lenovo, among others. The vulnerabilities reside in Insyde Software's InsydeH2O UEFI firmware, according to enterprise firmware security company  Binarly , with a majority of the anomalies diagnosed in the System Management Mode ( SMM ). UEFI is a software specification that provides a standard programming interface connecting a computer's firmware to its operating system during the booting process. In x86 systems, the UEFI firmware is usually stored in the flash memory chip of the motherboard. "By exploiting these vulnerabilities, attackers can successfully install malware that survives operating system re-installations and allows the bypass of endpoint security solutions (EDR/AV),  Secure Boot , and Virtualization-Based Securit

The Hacker News

February 01, 2022

Critical Bug Found in WordPress Plugin for Elementor with Over a Million Installations Full Text

Abstract A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites. The plugin in question is  Essential Addons for Elementor , which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts. "This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack  said  in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed." That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web

The Hacker News

February 1, 2022

RCE in WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites Full Text

Abstract A critical RCE in the popular WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites. Essential Addons for Elementor is a popular WordPress plugin used in over a million sites that provides easy-to-use and creative...

Security Affairs

January 31, 2022

Samba fixed CVE-2021-44142 remote code execution flaw Full Text

Abstract Samba fixes a critical flaw, tracked as CVE-2021-44142, that can allow remote attackers to execute code with root privileges. Samba has addressed a critical vulnerability, tracked as CVE-2021-44142, that can be exploited by remote attackers...

Security Affairs

January 31, 2022

Public Exploit Released for Windows 10 Bug Full Text

Abstract The vulnerability affects all unpatched Windows 10 versions following a messy Microsoft January update.

Threatpost

January 31, 2022

Samba bug can let remote attackers execute code as root Full Text

Abstract Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software.

BleepingComputer

January 31, 2022

600K WordPress sites impacted by critical plugin RCE vulnerability Full Text

Abstract Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older.

BleepingComputer

January 31, 2022

No smoke without fire? ‘Critical’ Loguru security flaw turns out to be non-issue Full Text

Abstract GitHub has promised to stop sending out security advisories about a vulnerability reported in Loguru, a popular Python logging package, which later turned out to be invalid.

The Daily Swig

January 31, 2022

Memory corruption and use-after-free vulnerabilities discovered in Foxit PDF Reader Full Text

Abstract These vulnerabilities could be triggered if an attacker tricks a user into opening a specially crafted, malicious PDF file, or open the file in a browser that has a PDF reader plugin installed.

Cisco Talos

January 31, 2022

277,000 routers exposed to Eternal Silence attacks via UPnP Full Text

Abstract A malicious campaign known as 'Eternal Silence' is abusing Universal Plug and Play (UPnP) turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors.

BleepingComputer

January 30, 2022

Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam Full Text

Abstract Apple last year fixed a new set of macOS vulnerabilities that exposed Safari browser to attack, potentially allowing malicious actors to access users' online accounts, microphone, and webcam. Security researcher Ryan Pickren, who discovered and reported the bugs to the iPhone maker, was compensated with a $100,500 bug bounty, underscoring the severity of the issues. By exploiting a chain of security issues with iCloud Sharing and Safari 15, it enables the attacker to hijack the multimedia permission and gain "full access to every website ever visited by the victim" in Safari, including Gmail, iCloud, Facebook, and PayPal accounts. The  issues  specifically concern ShareBear, an iCloud file-sharing mechanism that prompts users upon attempting to open a shared document for the first time. Taking advantage of the fact that users are never displayed the prompt again once they accept to open the file, Pickren found that it's possible to alter the file's content to

The Hacker News

January 30, 2022

Expert releases PoC for CVE-2022-21882 Windows local privilege elevation issue Full Text

Abstract A researcher disclosed an exploit for a Windows local privilege elevation issue (CVE-2022-21882) that allows anyone to gain admin privileges in Windows 10. The security researchers RyeLv has publicly released an exploit for a Windows local privilege...

Security Affairs

January 29, 2022

Windows vulnerability with new public exploits lets you become admin Full Text

Abstract A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10.

BleepingComputer

January 29, 2022

Over 20,000 data center management systems exposed to hackers Full Text

Abstract Researchers have found over 20,000 instances of publicly exposed data center infrastructure management (DCIM) software that monitor devices, HVAC control systems, and power distribution units, which could be used for a range of catastrophic attacks.

BleepingComputer

January 29, 2022

QNAP force-installs update against the recent wave of DeadBolt ransomware infections Full Text

Abstract QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt ransomware. QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against...

Security Affairs

January 28, 2022

CISA Mentions 17 Critical Bugs That Need Immediate Patching Full Text

Abstract The CISA has added 17 new flaws in the Known Exploited Vulnerabilities catalog, nine of which have a remediation date of February 1, and four of them have a remediation date of July 18. The newly added flaws exist in multiple products, including Struts 1, Serv-U, Airflow, and Nagios XI. An exp ... Read More

Cyware Alerts - Hacker News

January 28, 2022

Zerodium offers $400,000 for Microsoft Outlook RCE zero-day exploits Full Text

Abstract Zero-day exploit broker Zerodium announced it will pay $400,000 for zero-day RCE in Microsoft Outlook email client. The zero-day exploit broker Zerodium has announced it will pay $400,000 for zero-day remote code execution (RCE) vulnerabilities in the Microsoft...

Security Affairs

January 27, 2022

Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans? Full Text

Abstract There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn't take long. Just two weeks after reaching the official end of life, something broke spectacularly, leaving  CentOS 8  users at major risk of a severe attack – and with no support from CentOS. You'd think that this issue no longer affects a significant number of organizations because by now, companies would have migrated away from CentOS 8 to an OS that is actively supported by vendors. After all, vendor support is critical for security and compliance. But as it always is with these things, you can count on the fact that a big chunk of CentOS 8 users are soldiering on with an unsupported OS, despite being aware of the risks. With that risk now crystallizing we're using this article to examine  CVE-2021-4122 , the newly discovered vulnerability in LUKS encryption, and to discuss your options for mitigating it. Wait, wha

The Hacker News

January 27, 2022

VMware Warns of Log4j Attacks Targeting Horizon Servers Full Text

Abstract Tracked as CVE-2021-44228, the flaw was identified in December 2021 in the Apache Log4j logging utility, and has since been exploited in attacks by both cybercriminals and state-sponsored actors.

Security Week

January 27, 2022

Popular apps left biometric data, IDs of millions of users in danger Full Text

Abstract Personal data belonging to millions of customers of large businesses have been exposed due to a flaw in Onfido IDV. Millions of customers of large businesses have been left vulnerable to identity theft, thanks to a security flaw that exposes their...

Security Affairs

January 26, 2022

Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild Full Text

Abstract iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.

Threatpost

January 26, 2022

Apple Releases iOS and macOS Updates to Patch Actively Exploited 0-Day Vulnerability Full Text

Abstract Apple on Wednesday  released  iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices. Tracked as  CVE-2022-22587 , the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer component that could be abused by a malicious application to execute arbitrary code with kernel privileges. The iPhone maker said it's "aware of a report that this issue may have been actively exploited," adding it addressed the issue with improved input validation. It did not reveal the nature of the attacks, how widespread they are, or the identities of the threat actors exploiting them. An anonymous researcher along with Meysam Firouzi and Siddharth Aeri have been credited with discovering and reporting the flaw. CVE-2022-22587 is the third zero-day vulnerability discovered in IOMobileFrameBuffer in a span of six months after  CVE-2

The Hacker News

January 26, 2022

Apple fixed the first two zero-day vulnerabilities of 2022 Full Text

Abstract Apple released security updates to fix two zero-day flaws, one of them actively exploited to hack iPhones and Macs. Apple has released security updates to address a couple of zero-day vulnerabilities, one of them being actively exploited in the wild...

Security Affairs

January 26, 2022

Apple fixes new zero-day exploited to hack macOS, iOS devices Full Text

Abstract Apple has released security updates to fix two zero-day vulnerabilities, with one publicly disclosed and the other exploited in the wild by attackers to hack into iPhones and Macs.

BleepingComputer

January 26, 2022

VMware urges customers to patch VMware Horizon servers against Log4j attacks Full Text

Abstract VMware released security patches to address critical Log4j security vulnerabilities in VMware Horizon servers targeted in ongoing attacks. VMware urges customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon...

Security Affairs

January 26, 2022

PwnKit: Local Privilege Escalation bug affects major Linux distros Full Text

Abstract A flaw in Polkit's pkexec component, tracked as CVE-2021-4034 (PwnKit) can be exploited to gain full root privileges on major Linux distros. An attacker can exploit a vulnerability in Polkit's pkexec component, tracked as CVE-2021-4034, that affects...

Security Affairs

January 26, 2022

Android security tool APKLeaks patches critical vulnerability Full Text

Abstract The vulnerability, caused due to improper neutralization of argument delimiters, is tracked as CVE-2021-21386 and has a CVSS severity score of 9.3, an escalation from an original CVSS score of 7.3.

The Daily Swig

January 26, 2022

PrinterLogic fixes high severity flaws in Printer Management Suite Full Text

Abstract PrinterLogic has addressed nine vulnerabilities in Web Stack and Virtual Appliance, including three high severity flaws. PrinterLogic has released security updates to address nine vulnerabilities in Web Stack and Virtual Appliance, the most severe...

Security Affairs

January 25, 2022

12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access Full Text

Abstract A 12-year-old security vulnerability has been disclosed in a system utility called Polkit that grants attackers root privileges on Linux systems, even as a proof-of-concept (PoC) exploit has emerged in the wild merely hours after technical details of the bug became public. Dubbed "PwnKit" by cybersecurity firm Qualys, the weakness impacts a component in polkit called pkexec, a program that's installed by default on every major Linux distribution such as Ubunti, Debian, Fedora, and CentOS. Polkit  (formerly called PolicyKit ) is a toolkit for controlling system-wide privileges in Unix-like operating systems, and provides a mechanism for non-privileged processes to communicate with privileged processes. "This vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration," Bharat Jogi, director of vulnerability and threat research at Qualys,  said , adding it "has

The Hacker News

January 25, 2022

VMware: Patch Horizon servers against ongoing Log4j attacks! Full Text

Abstract VMware is urging customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks.

BleepingComputer

January 25, 2022

Linux system service bug gives root on all major distros, exploit released Full Text

Abstract A vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system, researchers warn today.

BleepingComputer

January 25, 2022

Linux kernel bug can let hackers escape Kubernetes containers Full Text

Abstract A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape Kubernetes containers, giving access to resources on the host system.

BleepingComputer

January 25, 2022

Google Drive flags nearly empty files for ‘copyright infringement’ Full Text

Abstract Users were left startled as Google Drive's automated detection systems flagged a nearly empty file for copyright infringement. The file, according to one Drive user, contained nothing other than just the digit "1" within.

BleepingComputer

January 24, 2022

Linux Servers at Risk of RCE Due to Critical CWP Bugs Full Text

Abstract The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.

Threatpost

January 24, 2022

A flaw in Rust Programming language could allow to delete files and directories Full Text

Abstract The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories from a vulnerable system. The maintainers of the Rust programming language have released a security update for a high-severity...

Security Affairs

January 24, 2022

CWP bugs allow code execution as root on Linux servers, patch now Full Text

Abstract Two security vulnerabilities that impact the Control Web Panel (CWP) software can be chained by unauthenticated attackers to gain remote code execution (RCE) as root on vulnerable Linux servers.

BleepingComputer

January 24, 2022

F5 fixes 25 flaws in BIG-IP, BIG-IQ, and NGINX products Full Text

Abstract Cybersecurity provider F5 released security patches to address 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products. Cybersecurity firm F5 announced security patches for 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products....

Security Affairs

January 23, 2022

High-Severity Rust Programming Bug Could Lead to File, Directory Deletion Full Text

Abstract The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner. "An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete," the Rust Security Response working group (WG)  said  in an  advisory  published on January 20, 2021. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability. The flaw, which is tracked as  CVE-2022-21658  (CVSS score: 7.3), has been credited to security researcher Hans Kratz, with the team pushing out a fix in  Rust version 1.58.1  shipped last week. Specifically, the issue stems from an improperly implemented check to prevent recursive deletion of symbolic links (aka  symlinks ) in a standard library function named "std::fs::remove_dir_all." This results

The Hacker News

January 22, 2022

Dutch cybersecurity agency warns of lingering Log4j risks Full Text

Abstract In a warning issued on Thursday, the Dutch National Cybersecurity Centre (NCSC) says organizations should still be aware of risks connected to Log4j attacks and remain vigilant for ongoing threats.

BleepingComputer

January 22, 2022

Vulnerabilities in Control Web Panel potentially expose Linux Servers to hack Full Text

Abstract Two critical security vulnerabilities in Control Web Panel potentially expose Linux servers to remote code execution attacks Researchers from Octagon Networks disclosed details of two critical security flaws in Control Web Panel that potentially...

Security Affairs

January 21, 2022

A bug in McAfee Agent allows running code with Windows SYSTEM privileges Full Text

Abstract McAfee addressed a security flaw in its McAfee Agent software for Windows that allows running arbitrary code with SYSTEM privileges. McAfee (now Trellix) has addressed a high-severity vulnerability, tracked as CVE-2022-0166, that resides in McAfee...

Security Affairs

January 21, 2022

Google Project Zero discloses details of two Zoom zero-day flaws Full Text

Abstract Google Project Zero experts disclosed details of two zero-day flaws impacting Zoom clients and Multimedia Router (MMR) servers. Google Project Zero researchers Natalie Silvanovich disclosed details of two zero-day vulnerabilities in Zoom clients...

Security Affairs

January 21, 2022

Over 90 WordPress themes, plugins backdoored in supply chain attack Full Text

Abstract A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites.

BleepingComputer

January 21, 2022

McAfee Agent bug lets hackers run code with Windows SYSTEM privileges Full Text

Abstract McAfee Enterprise (now rebranded as Trellix) has patched a security vulnerability discovered in the company's McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges.

BleepingComputer

January 20, 2022

Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software Full Text

Abstract Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as  CVE-2022-20649  (CVSS score: 9.0), the vulnerability stems from the fact that the debug mode has been incorrectly enabled for specific services. "An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled," Cisco said in an advisory. "A successful exploit could allow the attacker to execute arbitrary commands as the root user." The network equipment maker, however, noted that the adversary would need to perform detailed reconnaissance to allow for unauthenticated access to vulnerable devices. Stating that the vulnerability was discovered during internal security testing, Cisco added it found no evidence of active exploitat

The Hacker News

January 20, 2022

Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers Full Text

Abstract An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could have been exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who  discovered  and reported the  two   flaws  last year, said the issues impacted both Zoom clients and Multimedia Router (MMR) servers, which transmit audio and video content between clients in  on-premise deployments . The weaknesses have since been addressed by Zoom as part of  updates  shipped on November 24, 2021. The goal of a zero-click attack is to stealthily gain control over the victim's device without requiring any kind of interaction from the user, such as clicking on a link. While the specifics of the exploit will vary depending on the nature of vulnerability being exploited, a key trait of zero-click hacks is their ability not to leave behind

The Hacker News

January 20, 2022

Critical Cisco StarOS Bug Grants Root Access via Debug Mode Full Text

Abstract Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.

Threatpost

January 20, 2022

Cisco StarOS flaws could allow remote code execution and information disclosure Full Text

Abstract Cisco addressed a critical RCE flaw in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. Cisco has addressed a critical remote code execution vulnerability, tracked as CVE-2022-20649, discovered in the Cisco Redundancy Configuration...

Security Affairs

January 20, 2022

WordPress plugin flaw puts users of 20,000 sites at phishing risk Full Text

Abstract The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails.

BleepingComputer

January 20, 2022

Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 97 Update Full Text

Abstract A total of 22 vulnerabilities addressed with the latest Chrome refresh were reported by external researchers, including one critical-severity, 16 high-severity, and five medium-severity issues.

Security Week

January 20, 2022

Flaw in Crypto Protocol Leads to Theft of Over $3 Million from Users Full Text

Abstract Earlier this week, Multichain, a platform that allows users to swap tokens between blockchains publicly announced that there was a flaw that made accounts vulnerable to hackers.

Vice

January 20, 2022

SolarWinds Serv-U bug exploited by threat actors in the wild, Microsoft warns Full Text

Abstract SolarWinds has fixed a Serv-U vulnerability that threat actors actively exploited in attacks in the wild. SolarWinds has addressed a vulnerability in Serv-U products that threat actors are actively exploited in the wild. The vulnerability, tracked...

Security Affairs

January 20, 2022

Cisco bug gives remote attackers root privileges via debug mode Full Text

Abstract Cisco has fixed a critical security flaw discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software during internal security testing.

BleepingComputer

January 19, 2022

Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks Full Text

Abstract Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details.

Threatpost

January 19, 2022

Microsoft: SolarWinds fixes Serv-U bug exploited for Log4j attacks Full Text

Abstract SolarWinds has patched a Serv-U vulnerability discovered by Microsoft that threat actors actively used to propagate Log4j attacks to internal devices on a network.

BleepingComputer

January 19, 2022

Box 2FA Bypass Opens User Accounts to Attack Full Text

Abstract A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements.

Threatpost

January 19, 2022

Zoom vulnerabilities impact clients, MMR servers Full Text

Abstract Project Zero found two flaws, a buffer overflow issue that impacted both Zoom clients and Zoom Multimedia Routers (MMRs), and the other was an information leak security flaw central to MMR servers.

ZDNet

January 19, 2022

Box flaw allowed to bypass MFA and takeover accounts Full Text

Abstract A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts...

Security Affairs

January 19, 2022

Security vulnerabilities in Umbraco CMS could lead to account takeover Full Text

Abstract Researchers from AppCheck announced they had found two separate vulnerabilities, an application URL overwrite (CVE-2022-22690) and a persistent password reset bug (CVE-2022-22691).

The Daily Swig

January 19, 2022

VirusTotal Hacking: Finding stolen credentials hosted on VirusTotal Full Text

Abstract VirusTotal, the popular online service for analyzing suspicious files, URLs and IP addresses, can be used to collect credentials stolen by malware, researchers at SafeBreach have found.

Help Net Security

January 18, 2022

Critical ManageEngine Desktop Server Bug Opens Orgs to Malware Full Text

Abstract Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution.

Threatpost

January 18, 2022

Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts Full Text

Abstract Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification. "Using this technique, an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data without access to the victim's phone," Varonis researchers  said  in a report shared with The Hacker News. The cybersecurity company said it reported the issue to the cloud service provider on November 2, 2021, post which fixes were issued by Box. MFA is an authentication method that relies on a combination of factors such as a password (something only the user knows) and a temporary one-time password aka TOTP (something only the user has) to provide users a second layer of defense against credential stuffing and other account takeover attacks. This two-step authentication can either involve sending the code as an SMS or alternat

The Hacker News

January 18, 2022

Don’t Use Public Wi-Fi Without DNS Filtering Full Text

Abstract Providing public Wi-Fi is a great service to offer your customers as it becomes more and more standard in today's society. I like the fact that I do not have to worry about accessing the Internet while I am away, or spending a lot of money on an international connection, or just staying offline while I am away. With public Wi-Fi, modern life has become a constant connection to the Internet, whether we are on the bus, on the way to school or work, waiting for our flight in the airport or during the flight itself, or doing our homework or working on our projects in a café. We do business and communicate online in a variety of ways. We check our work emails, chat with our friends, and even take business calls online through the service. According to recent statistics, there are about 410,000 public Wi-Fi hotspots in the United States alone, in public places such as parks, libraries, public transportation, and train stations. Cons of using public Wi-Fi Despite the many benefits t

The Hacker News

January 18, 2022

Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues Full Text

Abstract Microsoft released Windows emergency out-of-band (OOB) updates to fix multiple issues caused by January 2021 Patch Tuesday updates. Microsoft has released emergency out-of-band (OOB) updates for Windows to address multiple issues caused by security...

Security Affairs

January 18, 2022

Vulnerability in IDEMIA Biometric Readers Allows Hackers to Unlock Doors Full Text

Abstract The products affected by the vulnerability include MorphoWave Compact MD/MDPI/MDPI-M, VisionPass MD/MDPI/MDPI-M, all variants of SIGMA Lite/Lite+/Wide, SIGMA Extreme, and MA VP MD.

Security Week

January 18, 2022

Oracle to Release Nearly 500 New Security Patches Full Text

Abstract According to its pre-release announcement, the company has lined up 483 new patches for the first Critical Patch Update (CPU) of 2022, which is scheduled for Tuesday, January 18.

Security Week

January 17, 2022

Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central Full Text

Abstract Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as  CVE-2021-44757 , the shortcoming concerns an instance of authentication bypass that "may allow an attacker to read unauthorized data or write an arbitrary zip file on the server," the company  noted  in an advisory. Osword from SGLAB of Legendsec at Qi'anxin Group has been credited with discovering and reporting the vulnerability. The Indian firm said it remediated the issue in build version 10.1.2137.9. With the latest fix, Zoho has addressed a total of four vulnerabilities over the past five months — CVE-2021-40539  (CVSS score: 9.8) – Authentication bypass vulnerability affecting Zoho ManageEngine ADSelfService Plus CVE-2021-44077  (CVSS score: 9.8) – Unauthenticated remote code execution vulnerability affecting Zoho ManageEn

The Hacker News

January 17, 2022

Microsoft: Edge will mitigate ‘unforeseen active’ zero day bugs Full Text

Abstract Microsoft Edge has added a new feature to the Beta channel that will be able to mitigate future in-the-wild exploitation of unknown zero-day vulnerabilities.

BleepingComputer

January 17, 2022

Oracle Critical Patch Update for January 2022 will fix 483 new flaws Full Text

Abstract The pre-release announcement for Critical Patch Update (CPU) for January 2022 states that Oracle will fix 483 new flaws. This pre-release announcement for Critical Patch Update (CPU) for January 2022 confirms that Oracle security updates will address...

Security Affairs

January 17, 2022

Zoho fixes a critical vulnerability (CVE-2021-44757) in Desktop Central solutions Full Text

Abstract Zoho addressed a new critical severity flaw (CVE-2021-44757) that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions Zoho fixed a new critical severity flaw, tracked as CVE-2021-44757, that affects its Desktop...

Security Affairs

January 17, 2022

Zoho plugs another critical security hole in Desktop Central Full Text

Abstract Zoho has addressed a new critical severity vulnerability found to affect the company's Desktop Central and Desktop Central MSP  unified endpoint management (UEM) solutions.

BleepingComputer

January 17, 2022

High-Severity flaw in 3 WordPress plugins impacts 84,000 websites Full Text

Abstract Researchers discovered a high-severity vulnerability in three different WordPress plugins that impact over 84,000 websites. Researchers from WordPress security company Wordfence discovered a high-severity vulnerability that affects three different...

Security Affairs

January 17, 2022

Safari bug leaks your Google account info, browsing history Full Text

Abstract There's a problem with the implementation of the IndexedDB API in Safari's WebKit engine, which could result in leaking browsing histories and even user identities to anyone exploiting the flaw.

BleepingComputer

January 17, 2022

Critical SAP Vulnerability Allows Supply Chain Attacks Full Text

Abstract A critical vulnerability addressed recently in SAP NetWeaver AS ABAP and ABAP Platform could be abused to set up supply chain attacks, SAP security solutions provider SecurityBridge warns.

Security Week

January 16, 2022

High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websites Full Text

Abstract Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites. "This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a site's administrator into performing an action, such as clicking on a link," WordPress security company Wordfence  said  in a report published last week. Tracked as CVE-2022-0215, the cross-site request forgery ( CSRF ) flaw is rated 8.8 on the CVSS scale and impacts three plugins maintained by  Xootix  — Login/Signup Popup  (Inline Form + Woocommerce), Side Cart Woocommerce  (Ajax), and Waitlist Woocommerce  (Back in stock notifier) Cross-site request forgery, also known as one-click attack or session riding, occurs when an authenticated end-user is tricked by an attacker into submitting a specially crafted web request. "If the victim i

The Hacker News

January 16, 2022

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking Full Text

Abstract A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed  IndexedDB Leaks , was disclosed by fraud protection software company FingerprintJS, which  reported the issue  to the iPhone maker on November 28, 2021. IndexedDB is a low-level JavaScript application programming interface (API) provided by web browsers for managing a  NoSQL database  of structured data objects such as files and blobs. "Like most web storage solutions, IndexedDB follows a same-origin policy," Mozilla  notes in its documentation  of the API. "So while you can access stored data within a domain, you cannot access data across different domains." Same-origin is a  fundamental security mechanism  that ensures that resources retrieved from distinct  origins  — i.e., a  combination  of the scheme (protocol),

The Hacker News

January 15, 2022

npm dependency is breaking some React apps today — here’s the fix Full Text

Abstract Tons of users are reporting their Facebook Create React App builds are failing since yesterday. The cause has been traced down to a dependency used by create-react-app, the latest version of which is breaking developers' apps.

BleepingComputer

January 14, 2022

Threat actors can bypass malware detection due to Microsoft Defender weakness Full Text

Abstract A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning. Microsoft...

Security Affairs

January 14, 2022

Amazon fixes security flaw in AWS Glue service Full Text

Abstract Amazon Web Services has fixed two flaws affecting AWS Glue and AWS CloudFormation. The bug in AWS Glue could allow an attacker using the service to create resources and access data of other AWS Glue customers, according to Orca Security.

ZDNet

January 14, 2022

Threat actors can bypass malware detection due to Microsoft Defender weakness Full Text

Abstract Threat actors can leverage a weakness in Microsoft Defender to determine in which folders to plant malware. The knowledge of the list of scanning exceptions allows attackers to know where to store their malicious code to avoid detection.

Security Affairs

January 13, 2022

Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM Full Text

Abstract Cisco Systems has rolled out security updates for a critical security vulnerability affecting Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited by a remote attacker to take control of an affected system. Tracked as  CVE-2022-20658 , the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and concerns a privilege escalation flaw arising out of a lack of server-side validation of user permissions that could be weaponized to create rogue Administrator accounts by submitting a crafted HTTP request. "With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP," Cisco  noted  in an advisory published this week. " To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials." Unified CCMP and Unified CCDM pro

The Hacker News

January 13, 2022

AWS fixes security flaws allowing access to AWS customer data Full Text

Abstract Amazon Web Services (AWS) has addressed an AWS Glue security issue that allowed attackers to access and alter data linked to other AWS customer accounts.

BleepingComputer

January 13, 2022

Cisco fixes a critical flaw in Unified CCMP and Unified CCDM Full Text

Abstract Cisco fixed a critical privilege escalation vulnerability, tracked as CVE-2022-20658, in Unified CCMP and Unified CCDM. Cisco released security patches to address a critical privilege escalation vulnerability, tracked as CVE-2022-20658, in Unified...

Security Affairs

January 13, 2022

Cisco Patches Critical Vulnerability in Contact Center Products Full Text

Abstract Tracked as CVE-2022-20658 (CVSS score of 9.6), the issue exists due to a lack of server-side validation of user permissions, which allows an attacker to submit a crafted HTTP request to exploit the bug.

Security Week

January 13, 2022

Mozilla addresses High-Risk Firefox, Thunderbird vulnerabilities Full Text

Abstract Mozilla addressed18 security vulnerabilities affecting the popular Firefox web browser and the Thunderbird mail program. Mozilla released Firefox 96 that addressed 18 security vulnerabilities in its web browser and the Thunderbird mail program. Nine...

Security Affairs

January 13, 2022

AWS fixes security flaws that exposed AWS customer data Full Text

Abstract Amazon Web Services (AWS) has addressed an AWS Glue security issue that allowed attackers to access and alter data linked to other AWS customer accounts.

BleepingComputer

January 13, 2022

Microsoft Defender weakness lets hackers bypass malware detection Full Text

Abstract Threat actors can take advantage of a weakness that affects Microsoft Defender antivirus on Windows to learn locations excluded from scanning and plant malware there.

BleepingComputer

January 13, 2022

Windows ‘RemotePotato0’ zero-day gets an unofficial patch Full Text

Abstract A privilege escalation vulnerability impacting all Windows versions that can let threat actors gain domain admin privileges through an NTLM relay attack has received unofficial patches after Microsoft tagged it as "won't fix."

BleepingComputer

January 13, 2022

KCodes NetUSB flaw impacts millions of SOHO routers Full Text

Abstract Cybersecurity experts discovered a flaw in the KCodes NetUSB component that impacts millions of end-user routers from different vendors Cybersecurity researchers from SentinelOne have discovered a critical vulnerability (CVE-2021-45608) in KCodes...

Security Affairs

January 12, 2022

Apple fixes doorLock bug that can disable iPhones and iPads Full Text

Abstract Apple has released security updates to address a persistent denial of service (DoS) dubbed doorLock that would altogether disable iPhones and iPads running HomeKit on iOS 14.7 and later.

BleepingComputer

January 12, 2022

Adobe fixes 4 critical Reader bugs that were demonstrated at Tianfu Cup Full Text

Abstract Adobe released security updates to address multiple vulnerabilities affecting several products, including Acrobat and Reader. Adobe patches for January address 41 vulnerabilities in Windows and macOS versions of Acrobat and Reader products, Illustrator,...

Security Affairs

January 11, 2022

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days Full Text

Abstract The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score.

Threatpost

January 11, 2022

MacOS Bug Could Let Creeps Snoop On You Full Text

Abstract The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab screenshots.

Threatpost

January 11, 2022

WordPress Bugs Exploded in 2021, Most Exploitable Full Text

Abstract Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk.

Threatpost

January 11, 2022

First Patch Tuesday of 2022 Brings Fix for a Critical ‘Wormable’ Windows Vulnerability Full Text

Abstract Microsoft on Tuesday kicked off its first set of updates for 2022 by  plugging 96 security holes  across its software ecosystem, while urging customers to prioritize patching for what it calls a critical "wormable" vulnerability. Of the 96 vulnerabilities, nine are rated Critical and 89 are rated Important in severity, with six zero-day publicly known at the time of the release. This is in addition to  29 issues  patched in Microsoft Edge on January 6, 2022. None of the disclosed bugs are listed as under attack. The patches cover a swath of the computing giant's portfolio, including Microsoft Windows and Windows Components, Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop Protocol (RDP). Chief among them is  CVE-2022-21907  (CVSS score: 9.8), a remote code execution vulnerability rooted in the HTTP Protocol Stack. "In

The Hacker News

January 11, 2022

Microsoft Patch Tuesday fixes critical Office RCE Full Text

Abstract Microsoft Patch Tuesday security updates fix a critical Office flaw that can allow remote attackers to execute malicious code on vulnerable systems. Microsoft Patch Tuesday security updates for January 2022 patch 96 vulnerabilities in Microsoft Windows...

Security Affairs

January 11, 2022

Microsoft: New critical Windows HTTP vulnerability is wormable Full Text

Abstract Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022.

BleepingComputer

January 11, 2022

IP spoofing bug leaves Django REST applications open to DDoS, password-cracking attacks Full Text

Abstract An IP spoofing vulnerability in Django REST allowed attackers to circumvent the framework’s throttling feature, which is supposed to protect applications against mass requests.

The Daily Swig

January 11, 2022

New KCodes NetUSB Bug Affect Millions of Routers from Different Vendors Full Text

Abstract Cybersecurity researchers have detailed a high severity flaw in KCodes NetUSB component that's integrated into millions of end-user router devices from Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital, among others. KCodes  NetUSB  is a Linux kernel module that enables devices on a local network to provide USB-based services over IP. Printers, external hard drives, and flash drives plugged into a Linux-based embedded system (e.g., a router) are made available via the network using the driver. CVE-2021-45608  (CVSS score: 9.8), as the security flaw is tracked as, relates to a  buffer overflow vulnerability  that, if successfully exploited, can allow attackers to execute code remotely in the kernel and perform malicious activities of their choice, according to a  report  shared by SentinelOne with The Hacker News. This is the latest in a string of NetUSB vulnerabilities that has been patched in recent years. In May 2015, researchers from SEC Consult disclosed another

The Hacker News

January 11, 2022

WordPress 5.8.3 Security Release fixes four vulnerabilities Full Text

Abstract WordPress maintainers have released WordPress 5.8.3 that addresses four vulnerabilities and recommend admins to update their sites immediately The WordPress 5.8.3 security release addresses four vulnerabilities affecting versions between 3.7 and 5.8,...

Security Affairs

January 11, 2022

Critical SonicWall NAC Vulnerability Stems from Apache Mods Full Text

Abstract Researchers offer more detail on the bug, which can allow attackers to completely take over targets.

Threatpost

January 11, 2022

Microsoft fixes critical Office bug, delays macOS security updates Full Text

Abstract During this year's first Patch Tuesday, Microsoft has addressed a critical severity Office vulnerability that can let attackers execute malicious code remotely on vulnerable systems.

BleepingComputer

January 11, 2022

Microsoft January 2022 Patch Tuesday fixes 6 zero-days, 97 flaws Full Text

Abstract Today is Microsoft's January 2022 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 97 flaws.

BleepingComputer

January 11, 2022

KCodes NetUSB bug exposes millions of routers to RCE attacks Full Text

Abstract A high-severity remote code execution flaw tracked as CVE-2021-45388 has been discovered in the KCodes NetUSB kernel module, used by millions of router devices from various vendors.

BleepingComputer

January 10, 2022

Microsoft Details macOS Bug That Could Let Attackers Gain Access to User Data Full Text

Abstract Microsoft on Monday disclosed details of a recently patched security vulnerability in Apple's macOS operating system that could be weaponized by a threat actor to expose users' personal information. Tracked as CVE-2021-30970, the flaw concerns a logic issue in the Transparency, Consent and Control (TCC) security framework, which enables users to configure the privacy settings of their apps and provide access to protected files and app data. The  Security & Privacy pane  in the macOS System Preferences app serves as the front end of TCC. Microsoft 365 Defender Research Team, which reported the vulnerability to Apple on July 15, 2021, dubbed the flaw " powerdir ." Apple  addressed  the issue as part of macOS 11.6 and 12.1 updates released in December 2021 with improved state management. While Apple does enforce a policy that limits access to TCC to only apps with full disk access, it's possible to orchestrate an attack wherein a malicious application could

The Hacker News

January 10, 2022

URL Parsing Bugs Allow DoS, RCE, Spoofing & More Full Text

Abstract Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications.

Threatpost

January 10, 2022

Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries Full Text

Abstract A study of 16 different Uniform Resource Locator ( URL ) parsing libraries has unearthed inconsistencies and confusions that could be exploited to bypass validations and open the door to a wide range of attack vectors. In a deep-dive analysis jointly conducted by cybersecurity firms Claroty   and Synk, eight security vulnerabilities were identified in as many third-party libraries written in C, JavaScript, PHP, Python, and Ruby languages and used by several web applications. "The confusion in URL parsing can cause unexpected behavior in the software (e.g., web application), and could be exploited by threat actors to cause denial-of-service conditions, information leaks, or possibly conduct remote code execution attacks," the researchers said in a report shared with The Hacker News. With URLs being a fundamental mechanism by which resources — located either locally or on the web — can be requested and retrieved, differences in how the parsing libraries interpret a URL requ

The Hacker News

January 10, 2022

Buffer overflow vulnerability spotted in AnyCubic Chitubox plugin Full Text

Abstract Cisco Talos recently discovered a heap-based buffer overflow flaw in the Chitubox AnyCubic plugin, which is an 3-D printing software for users to download, process, and send models to a 3-D printer.

Cisco Talos

January 10, 2022

Microsoft: powerdir bug gives access to protected macOS user data Full Text

Abstract Microsoft says threat actors could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology to access users' protected data.

BleepingComputer

January 10, 2022

WordPress 5.8.3 security update fixes SQL injection, XSS flaws Full Text

Abstract The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance.

BleepingComputer

January 8, 2022

Unauthenticated RCE in H2 Database Console is similar to Log4Shell Full Text

Abstract Researchers disclosed a critical RCE flaw in the H2 open-source Java SQL database which is similar to the Log4J vulnerability. Jfrog researchers discovered a critical vulnerability in the H2 open-source Java SQL database related to the Log4Shell Log4J...

Security Affairs

January 8, 2022

Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug Full Text

Abstract SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. Security vendor SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. According...

Security Affairs

January 07, 2022

Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console Full Text

Abstract Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last month. The issue, tracked as  CVE-2021-42392 , is the " first critical issue published since Log4Shell, on a component other than Log4j, that exploits the same root cause of the Log4Shell vulnerability, namely JNDI remote class loading," JFrog researchers Andrey Polkovnychenko and Shachar Menashe  said . H2  is an open-source relational database management system written in Java that can be embedded within applications or run in a client-server mode. According to the  Maven Repository , the H2 database engine is used by 6,807 artifacts. JNDI, short for Java Naming and Directory Interface, refers to an API that provides naming and directory functionality for Java applications, which can use the API in conjunction with LDAP to locate a specific resource that it migh

The Hacker News

January 07, 2022

SonicWall: Y2K22 bug hits Email Security, firewall products Full Text

Abstract SonicWall has confirmed today that some of its Email Security and firewall products have been hit by the Y2K22 bug, causing message log updates and junk box failures starting with January 1, 2022.

BleepingComputer

January 6, 2022

Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover Full Text

Abstract ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch.

Threatpost

January 6, 2022

Java RMI services often vulnerable to SSRF attacks Full Text

Abstract Java RMI services can be attacked through server-side request forgery (SSRF) attacks, according to a detailed analysis of the problem by security researcher Tobias Neitzel.

The Daily Swig

January 6, 2022

VMware fixed CVE-2021-22045 heap-overflow in Workstation, Fusion and ESXi Full Text

Abstract VMware addressed a heap-overflow issue (CVE-2021-22045) in Workstation, Fusion and CVE-2021-22045 products that can lead to code execution on the hypervisor. VMware released security updates to address a heap-overflow vulnerability, tracked as CVE-2021-22045,...

Security Affairs

January 05, 2022

VMware Patches Important Bug Affecting ESXi, Workstation and Fusion Products Full Text

Abstract VMWare has shipped updates to Workstation, Fusion, and ESXi products to address an "important" security vulnerability that could be weaponized by a threat actor to take control of affected systems. The issue relates to a heap-overflow vulnerability — tracked as  CVE-2021-22045  (CVSS score: 7.7) — that, if successfully exploited, results in the execution of arbitrary code. The company credited Jaanus Kääp, a security researcher with Clarified Security, for reporting the flaw. "A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine," VMware  said  in an advisory published on January 4. The error affects ESXi versions 6.5, 6.7, and 7.0; Workstation versions 16.x; and Fusion versions 12.x, with the company yet to release a patch for ESXi 7.0. In the interim, the company is  recommending  users to disable all

The Hacker News

January 5, 2022

Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails Full Text

Abstract A simple-to-exploit bug that allows bad actors to send emails from Uber’s official system – skating past email security – went unaddressed despite flagging by multiple researchers.

Threatpost

January 05, 2022

Google Releases New Chrome Update to Patch Dozens of New Browser Vulnerabilities Full Text

Abstract Google has rolled out the first round of updates to its Chrome web browser for 2022 to fix 37 security issues, one of which is rated Critical in severity and could be exploited to pass arbitrary code and gain control over a victim's system. Tracked as  CVE-2022-0096 , the flaw relates to a  use-after-free bug  in the Storage component, which could have devastating effects ranging from corruption of valid data to the execution of malicious code on a compromised machine. Security researcher Yangkang ( @dnpushme ) of Qihoo 360 ATA, who has previously disclosed  zero-day vulnerabilities  in Apple's WebKit, has been credited with discovering and reporting the flaw on November 30, 2021. It's also worth pointing out that 24 of the 37 uncovered flaws came from external researchers, including its Google Project Zero initiative, while the others were flagged as part of its ongoing internal security work. Of the 24 bugs, 10 are rated High, another 10 are rated Medium, and three

The Hacker News

January 04, 2022

SAILFISH System to Find State-Inconsistency Bugs in Smart Contracts Full Text

Abstract A group of academics from the University of California, Santa Barbara, has demonstrated what it calls a "scalable technique" to vet smart contracts and mitigate state-inconsistency bugs, discovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process. Smart contracts are  programs  stored on the blockchain that are automatically executed when predetermined conditions are met based on the encoded terms of the agreement. They allow trusted transactions and agreements to be carried out between anonymous parties without the need for a central authority. In other words, the code itself is meant to be the final arbiter of "the deal" it represents, with the program controlling all aspects of the execution, and providing an immutable evidentiary audit trail of transactions that are both trackable and irreversible. This also means that vulnerabilities in the code could result in hefty losses, as evidenced by hacks aimed at  the DAO  and more recently,

The Hacker News

January 04, 2022

Researchers Detail New HomeKit ‘doorLock’ Bug Affecting Apple iOS Full Text

Abstract A persistent denial-of-service (DoS) vulnerability has been discovered in Apple's iOS mobile operating system that's capable of sending affected devices into a crash or reboot loop upon connecting to an Apple Home-compatible appliance. The behavior, dubbed "doorLock," is trivial in that it can be triggered by simply changing the name of a HomeKit device to a string larger than 500,000 characters. This causes an iPhone or iPad that attempts to connect to the device to become unresponsive and enter an indefinite cycle of system failure and restart that can only be mitigated by restoring the affected device from Recovery or DFU (Device Firmware Update) Mode. HomeKit  is Apple's software framework that allows iOS and iPadOS users to configure, communicate with, and control connected accessories and smart-home appliances using Apple devices. "Any device with an affected iOS version installed that loads the string will be disrupted, even after rebooting,"

The Hacker News

January 4, 2022

Log4j flaw attack levels remain high, Microsoft warns Full Text

Abstract Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j 'Log4Shell' flaw through December.

ZDNet

January 4, 2022

Researcher discovers 70 web cache poisoning vulnerabilities, nets $40k in bug bounty rewards Full Text

Abstract In extensive research of many websites, including some high-traffic online services, security researcher Youstin ladunca recently discovered 70 cache poisoning vulnerabilities with various impacts.

The Daily Swig

January 03, 2022

Apple iOS vulnerable to HomeKit ‘doorLock’ denial of service bug Full Text

Abstract A novel persistent denial of service vulnerability named 'doorLock' was discovered in Apple HomeKit, affecting iOS 14.7 through 15.2.

BleepingComputer

January 3, 2022

HCL Technologies patches serious vulnerabilities in HCL DX Full Text

Abstract HCL Digital Experience (DX), a platform for building and managing web portals, contained multiple vulnerabilities that could potentially lead to remote code execution (RCE), researchers claim.

The Daily Swig

January 3, 2022

Microsoft rolled out emergency fix for Y2k22 bug in Exchange servers Full Text

Abstract Microsoft released an emergency patch to fix the Y2k22 bug that is breaking email delivery on on-premise Microsoft Exchange servers. Microsoft has rolled out an emergency fix that addresses the Y2k22 bug that is breaking email delivery on on-premise...

Security Affairs

January 3, 2022

Multiple Vulnerabilities Impact Netgear Nighthawk R6700 Routers Full Text

Abstract Netgear Nighthawk R6700v3 routers running latest firmware are affected by multiple vulnerabilities. Details of the flaws were disclosed last week by Tenable after the vendor failed to release patches.

Security Week

January 02, 2022

Microsoft Issues Fix for Exchange Y2K22 Bug That Crippled Email Delivery Service Full Text

Abstract Microsoft, over the weekend, rolled out a fix to address an issue that caused email messages to get stuck on its Exchange Server platforms due to what it blamed on a date validation error at around the turn of the year. "The problem relates to a date check failure with the change of the new year and it [is] not a failure of the [antivirus] engine itself," the company  said  in a blog post. "This is not an issue with malware scanning or the malware engine, and it is not a security-related issue. The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues." The Windows maker said the issue impacted on-premises versions of Exchange Server 2016 and Exchange Server 2019 but didn't specify how widespread the impact was. The issue began to  gain   attention  as the year 2022 kicked in, causing the servers to no longer deliver email messages while throwing the following erro

The Hacker News

January 02, 2022

Uber ignores vulnerability that lets you send any email from Uber.com Full Text

Abstract A vulnerability in Uber's email system allows just about anyone to send emails on behalf of Uber. Uber is aware of the flaw but has decided not to fix it for now.

BleepingComputer

January 1, 2022

Y2k22 bug in Microsoft Exchange causes failure in email delivery Full Text

Abstract Y2k22 bug is causing Microsoft Exchange on-premise servers to fail in delivering email starting on January 1st, 2022. Microsoft Exchange on-premise servers cannot deliver emails starting on January 1st, 2022, due to a bug in the FIP-FS anti-malware...

Security Affairs

December 31, 2021

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched Full Text

Abstract Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120)...

Security Affairs

December 31, 2021

Netgear leaves vulnerabilities unpatched in Nighthawk router Full Text

Abstract Researchers have found half a dozen high-risk vulnerabilities in the latest firmware version for the Netgear Nighthawk R6700v3 router. At publishing time the flaws remain unpatched.

BleepingComputer

December 30, 2021

Flaws in DataVault encryption software impact multiple storage devices Full Text

Abstract Researchers found several vulnerabilities in third-party encryption software that is used by multiple storage devices from major vendors. Researcher Sylvain Pelissier has discovered that the DataVault encryption software made by ENC Security and used...

Security Affairs

December 30, 2021

Firmware attack can drop persistent malware in hidden SSD area Full Text

Abstract Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that's beyond the reach of the user and security solutions.

BleepingComputer

December 29, 2021

Silent danger: One in five aged domains is malicious, risky, or unsafe Full Text

Abstract The number of malicious dormant domains is on the rise, and as researchers warn, roughly 22.3% of strategically aged domains pose some form of danger.

BleepingComputer

December 29, 2021

Apache Log4j 2.17.1 fixes new remote code execution flaw (CVE-2021-44832) Full Text

Abstract The Apache Software Foundation released Log4j 2.17.1 version to address recently discovered arbitrary code execution flaw tracked as CVE-2021-44832. The Apache Software Foundation released Log4j 2.17.1 version to address a recently discovered arbitrary...

Security Affairs

December 29, 2021

Storage Devices of Major Vendors Impacted by Encryption Software Flaws Full Text

Abstract Researcher Sylvain Pelissier has discovered that a crucial SanDisk software is affected by a couple of key derivation function issues that can allow an attacker to obtain user passwords.

Security Week

December 29, 2021

Microsoft Defender Log4j scanner triggers false positive alerts Full Text

Abstract Microsoft Defender for Endpoint is currently showing "sensor tampering" alerts linked to the company's newly deployed Microsoft 365 Defender scanner for Log4j processes.

BleepingComputer

December 28, 2021

New Apache Log4j Update Released to Patch Newly Discovered Vulnerability Full Text

Abstract The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as  CVE-2021-44832 , the vulnerability is rated 6.6 in severity on a scale of 10 and impacts all versions of the logging library from 2.0-alpha7 to 2.17.0 with the exception of 2.3.2 and 2.12.4. While Log4j versions 1.x are not affected, users are recommended to upgrade to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7), or 2.17.1 (for Java 8 and later). "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JND

The Hacker News

December 28, 2021

Log4j 2.17.1 out now, fixes new remote code execution bug Full Text

Abstract Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent version of Log4j and deemed the safest release to upgrade to, but that advice has now evolved.

BleepingComputer

December 27, 2021

New Flaws Expose EVlink Electric Vehicle Charging Stations to Remote Hacking Full Text

Abstract The flaws have been found to impact EVlink City (EVC1S22P4 and EVC1S7P4), Parking (EVW2, EVF2, and EVP2PE), and Smart Wallbox (EVB1A) devices, as well as some products that have reached end-of-life.

Security Week

December 27, 2021

Garrett Walk-Through Metal Detectors Can Be Hacked Remotely Full Text

Abstract A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary code on the devices. "An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been triggered or how many visitors have walked through," Cisco Talos  noted  in a disclosure publicized last week. "They could also make configuration changes, such as altering the sensitivity level of a device, which potentially poses a security risk to users who rely on these metal detectors." Talos security researcher Matt Wiseman has been credited with discovering and reporting these vulnerabilities on August 17, 2021. Patches have been released by the vendor on December 13, 2021. The flaws reside in Garrett  iC Module , which enables users to communicate to walk-through me

The Hacker News

December 27, 2021

Apache addressed a couple of severe vulnerabilities in Apache HTTP Server Full Text

Abstract The Apache Software Foundation released Apache HTTP Server 2.4.52 to address a couple of security flaws that can lead to remote code execution. The Apache Software Foundation has released the Apache HTTP Server 2.4.52 to address a couple of vulnerabilities,...

Security Affairs

December 27, 2021

Critical flaws in myPRO HMI/SCADA product could allow takeover vulnerable systems Full Text

Abstract A researcher found a dozen vulnerabilities in mySCADA myPRO product, some of which have been rated as critical. mySCADA myPRO is a multiplatform, human-machine interface (HMI) and supervisory control and data acquisition (SCADA) system that allows...

Security Affairs

December 26, 2021

Apple fixed macOS flaw that could allow to bypass Gatekeeper security feature Full Text

Abstract Apple recently addressed fixed a flaw in the macOS that could be potentially exploited by an attacker to bypass Gatekeeper security feature. Apple recently addressed a vulnerability in the macOS operating system, tracked as CVE-2021-30853, that could...

Security Affairs

December 24, 2021

NVIDIA, HPE Products Affected by Log4j Vulnerabilities Full Text

Abstract HPE has identified roughly 60 products that use the vulnerable library and has already published security notices (including patches and mitigations) and security bulletins for them.

Security Week

December 24, 2021

Hackable Infusion Pump, Ransomware Risks To Patients Full Text

Abstract A team of McAfee ATR threat researchers recently revealed the outcomes of a more than 18-month investigation into security vulnerabilities in medical equipment such as automatic infusion pumps.

Cybersecurity Ventures

December 24, 2021

Blackmagic fixes critical DaVinci Resolve code execution flaws Full Text

Abstract Blackmagic Software has recently addressed two security vulnerabilities in the highly popular DaVinci Resolve software that would allow attackers to gain code execution on unpatched systems.

BleepingComputer

December 24, 2021

NVIDIA informs customers of its products affected by Log4j flaws Full Text

Abstract NVIDIA released a security advisory to inform customers what products are affected by the recently disclosed Log4Shell vulnerability. NVIDIA has assessed its products to determine if they are vulnerable to the Log4shell vulnerability in Log4J library. The...

Security Affairs

December 23, 2021

Examining Log4j Vulnerabilities in Connected Cars and Charging Stations Full Text

Abstract Charging stations are not the only targets that could be affected by this vulnerability in the automotive industry. Cars’ IVI systems could also be subjected to real threats.

Trend Micro

December 23, 2021

Apple fixes macOS security flaw behind Gatekeeper bypass Full Text

Abstract Apple has addressed a macOS vulnerability that unsigned and unnotarized script-based apps could exploit to bypass all macOS security protection mechanisms even on fully patched systems.

BleepingComputer

December 23, 2021

Crooks bypass a Microsoft Office patch for CVE-2021-40444 to spread Formbook malware Full Text

Abstract Crooks discovered how to bypass the patch for a recent Microsoft Office vulnerability (CVE-2021-40444) and are using it to distribute Formbook malware. Cybercriminals have found a way to bypass the patch for a recent Microsoft Office vulnerability...

Security Affairs

December 23, 2021

Three trivial bugs in Microsoft Teams Software remain unpatched Full Text

Abstract Researchers disclosed four vulnerabilities in the Teams business communication software, but Microsoft will not address three of them. Researchers from cybersecurity firm Positive Security discovered four vulnerabilities in the Teams business communication...

Security Affairs

December 23, 2021

HackDHS bug bounty program accepts reports of Log4j-related flaws in DHS systems Full Text

Abstract The DHS has announced that it is expanding the 'Hack DHS' bug bounty program to report for Log4J impacting its systems. The Department of Homeland Security (DHS) announced that white hat hackers can now report the impact of the Log4J on its systems...

Security Affairs

December 23, 2021

A flaw in Microsoft Azure App Service exposes customer source code Full Text

Abstract A vulnerability in the Microsoft Azure App Service led to the exposure of customer source code for at least four years. Early this month, Microsoft has notified a small group of Azure customers that have been impacted by a recently discovered bug,...

Security Affairs

December 23, 2021

Popular WordPress platform Flywheel vulnerable to subdomain takeover Full Text

Abstract Using a subdomain takeover, attackers can send phishing emails from the legitimate domain, perform cross-site scripting attacks, or even damage the reputation of the brand associated with the domain.

The Daily Swig

December 22, 2021

All in One SEO Plugin Bug Threatens 3M Websites with Takeovers Full Text

Abstract A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.

Threatpost

December 22, 2021

Four Bugs in Microsoft Teams Left Platform Vulnerable Since March Full Text

Abstract Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack.

Threatpost

December 22, 2021

Anti-cheating browser extension fails web security examination Full Text

Abstract The Proctorio Google Chrome browser extension was vulnerable to a cross-site scripting (XSS) flaw, researchers at Sector 7, the research division of Dutch security consultancy Computest, discovered.

The Daily Swig

December 22, 2021

‘Hack DHS’ bug bounty program expands to Log4j security flaws Full Text

Abstract The Department of Homeland Security (DHS) has announced that the 'Hack DHS' program is now also open to bug bounty hunters willing to track down DHS systems impacted by Log4j vulnerabilities.

BleepingComputer

December 22, 2021

Multiple vulnerabilities in Microsoft Teams could spoof URLs, leak IP addresses Full Text

Abstract The four findings include an SSRF vulnerability and a URL preview spoofing bug in the web and desktop app, and for Android users, an IP address leak and a DoS vulnerability.

The Daily Swig

December 22, 2021

Microsoft Azure App Service flaw exposed customer source code Full Text

Abstract A security flaw found in Azure App Service, a Microsoft-managed platform for building and hosting web apps, led to the exposure of PHP, Node, Python, Ruby, or Java customer source code for at least four years, since 2017.

BleepingComputer

December 22, 2021

Microsoft Teams bug allowing phishing unpatched since March Full Text

Abstract Microsoft said it won't fix or is delaying patches for several security flaws impacting Microsoft Teams' link preview feature reported since March 2021.

BleepingComputer

December 21, 2021

New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw Full Text

Abstract A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware. "The attachments represent an escalation of the attacker's abuse of the CVE-2021-40444 bug and demonstrate that even a patch can't always mitigate the actions of a motivated and sufficiently skilled attacker," SophosLabs researchers Andrew Brandt and Stephen Ormandy  said  in a new report published Tuesday. CVE-2021-40444  (CVSS score: 8.8) relates to a remote code execution flaw in MSHTML that could be exploited using specially crafted Microsoft Office documents. Although Microsoft addressed the security weakness as part of its September 2021  Patch Tuesday updates , it has been put to use in  multiple attacks  ever since details pertaining to the flaw became public. That same month, the technology giant  uncov

The Hacker News

December 21, 2021

Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers Full Text

Abstract Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it  addressed in November  following the availability of a proof-of-concept (PoC) tool on December 12. The two vulnerabilities — tracked as  CVE-2021-42278  and  CVE-2021-42287  — have a severity rating of 7.5 out of a maximum of 10 and concern a privilege escalation flaw affecting the Active Directory Domain Services (AD DS) component. Credited with discovering and reporting both the bugs is Andrew Bartlett of Catalyst IT. Active Directory is a  directory service  that runs on Microsoft Windows Server and is used for identity and access management. Although the tech giant marked the shortcomings as " exploitation Less Likely " in its assessment, the public disclosure of the PoC has prompted renewed calls for applying the fixes to mitigate any potential exploitation by threat actors. While CVE-2021-42278 enables an attacker to tamper with the SAM-Account-Name

The Hacker News

December 21, 2021

Patch these 2 Active Directory flaws to prevent the takeover of Windows domains Full Text

Abstract Microsoft warns of a couple of Active Directory flaws fixed with the November 2021 Patch Tuesday updates that could allow takeover of Windows domains. Microsoft released an alert on a couple of Active Directory vulnerabilities, that have been fixed...

Security Affairs

December 21, 2021

Microsoft Urges Customers to Patch Recent Active Directory Vulnerabilities Full Text

Abstract Tracked as CVE-2021-42287 and CVE-2021-42278, the two security errors can be chained to impersonate domain controllers and gain administrative privileges on Active Directory.

Security Week

December 21, 2021

Secret Backdoors Found in German-made Auerswald VoIP System Full Text

Abstract Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol (VoIP) appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to gain full administrative access to the devices. "Two backdoor passwords were found in the firmware of the  COMpact 5500R PBX ," researchers from RedTeam Pentesting said in a  technical   analysis  published Monday. "One backdoor password is for the secret user ' Schandelah ', the other can be used for the highest-privileged user ' admin .' No way was discovered to disable these backdoors." The vulnerability has been assigned the identifier  CVE-2021-40859  and carries a critical severity rating of 9.8. Following responsible disclosure on September 10, Auerswald addressed the problem in a firmware update (version 8.2B) released in November 2021. "Firmware Update 8.2B contains important security updates that you

The Hacker News

December 21, 2021

More than 35,000 Java packages impacted by Log4j flaw, Google warns Full Text

Abstract Google found more than 35,000 Java packages in the Maven Central repository that are impacted by flaws in the Apache Log4j library. The Google Open Source Team scanned the Maven Central Java package repository and found that 35,863 packages (8% of the total)...

Security Affairs

December 21, 2021

Garrett walk-through metal detectors can be remotely manipulated Full Text

Abstract Two widely used walk-through metal detectors made by Garrett are vulnerable to many remotely exploitable flaws that could severely impair their functionality, thus rendering security checkpoints deficient.

BleepingComputer

December 21, 2021

Study finds “serious security risks” in K-12 school apps Full Text

Abstract Many apps used by schools contain features that can lead to the “unregulated and out of control” sharing of student data to advertising firms and other security issues, as per a Me2B Alliance report.

The Record

December 20, 2021

Third Log4J Bug Can Trigger DoS; Apache Issues Patch Full Text

Abstract The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI.

Threatpost

December 20, 2021

Microsoft warns of easy Windows domain takeover via Active Directory bugs Full Text

Abstract Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains.

BleepingComputer

December 20, 2021

New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G Full Text

Abstract Researchers have disclosed security vulnerabilities in handover, a fundamental mechanism that undergirds modern cellular networks, which could be exploited by adversaries to launch denial-of-service (DoS) and man-in-the-middle (MitM) attacks using low-cost equipment. The "vulnerabilities in the handover procedure are not limited to one handover case only but they impact all different handover cases and scenarios that are based on unverified measurement reports and signal strength thresholds," researchers Evangelos Bitsikas and Christina Pöpper from the New York University Abu Dhabi said in a  new paper . "The problem affects all generations since 2G (GSM), remaining unsolved so far." Handover , also known as handoff, is a process in telecommunications in which a phone call or a data session is transferred from one  cell site  (aka base station) to another cell tower without losing connectivity during the transmission. This method is crucial to establishing cellul

The Hacker News

December 20, 2021

Experts Discover Backdoor Deployed on the U.S. Federal Agency’s Network Full Text

Abstract A U.S. federal government commission associated with international rights has been targeted by a backdoor that reportedly compromised its internal network in what the researchers described as a "classic APT-type operation."  "This attack could have given total visibility of the network and complete control of a system and thus could be used as the first step in a multi-stage attack to penetrate this, or other networks more deeply," Czech security company Avast  said  in a report published last week. The name of the federal entity was not disclosed, but reports from  Ars Technica  and  The Record  tied it to the U.S. Commission on International Religious Freedom ( USCIRF ). Avast said it was making its findings public after unsuccessful attempts to directly notify the agency about the intrusion and through other channels put in place by the U.S. government. At this stage, only "parts of the attack puzzle" have been uncovered, leaving the door open for

The Hacker News

December 20, 2021

Log4j vulnerability now used to install Dridex banking malware Full Text

Abstract Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter.

BleepingComputer

December 20, 2021

A new attack vector exploits the Log4Shell vulnerability on servers locally Full Text

Abstract Security researchers devised a new attack vector exploiting the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. Researchers from cybersecurity firm Blumira devised a new attack vector that relies on a Javascript...

Security Affairs

December 18, 2021

New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability Full Text

Abstract Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. "This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their machine or local private network can browse a website and potentially trigger the vulnerability," Matthew Warner, CTO of Blumira,  said . "At this point, there is no proof of active exploitation. This vector significantly expands the attack surface and can impact services even running as localhost which were not exposed to any network." WebSockets  allow for two-way communications between a web browser (or other client application) and a server, unlike HTTP, which is unidirectional where the client sends the request and the server sends the response. While the issue can be resolved by updating all local development and internet-facing environments to Log4j 2.16.0, Apache o

The Hacker News

December 18, 2021

Western Digital warns customers to update their My Cloud devices Full Text

Abstract Western Digital is urging customers to update their WD My Cloud devices to the latest available firmware to keep receiving security updates on My Cloud OS firmware reaching the end of support.

BleepingComputer

December 18, 2021

Understanding the Impact of Apache Log4j Vulnerability Full Text

Abstract More than 35,000 Java packages, amounting to over 8% of the Maven Central repository, have been impacted by the recently disclosed log4j vulnerabilities (1, 2), with widespread fallout across the software industry.

Google

December 18, 2021

Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability Full Text

Abstract The issues with Log4j continued to stack up as the Apache Software Foundation (ASF) on Friday rolled out yet another patch — version 2.17.0 — for the widely used logging library that could be exploited by malicious actors to stage a denial-of-service (DoS) attack. Tracked as  CVE-2021-45105  (CVSS score: 7.5), the new vulnerability affects all versions of the tool from 2.0-beta9 to 2.16.0, which the open-source nonprofit shipped earlier this week to remediate a second flaw that could result in remote code execution ( CVE-2021-45046 ), which, in turn, stemmed from an "incomplete" fix for  CVE-2021-44228 , otherwise called the Log4Shell vulnerability. "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups," the ASF  explained  in a revised advisory. "When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control o

The Hacker News

December 18, 2021

Western Digital customers have to update their My Cloud devices to latest firmware version Full Text

Abstract My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Western Digital is urging customers to update their WD My Cloud devices to the latest firmware version to continues...

Security Affairs

December 18, 2021

Apache releases the third patch to address a new Log4j flaw Full Text

Abstract Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. 2.17 is the third fix issued in a week. While the experts were warning that threat actors are actively attempting to exploit...

Security Affairs

December 17, 2021

Federal agencies ordered to immediately patch systems against Apache vulnerability Full Text

Abstract Federal agencies on Friday were ordered to immediately investigate and patch systems to prevent exploitation of a massive vulnerability in Apache logging library log4j that has been increasingly used by nations and cybercriminals to target organizations around the world.

The Hill

December 17, 2021

Firefox fixes password leak via Windows Cloud Clipboard feature Full Text

Abstract At its core, the bug is related to Windows Cloud Clipboard, a feature added to Windows 10 v1809 release, a feature that allows users to sync their local clipboard history to their Microsoft accounts.

The Record

December 17, 2021

CISA urges VMware admins to patch critical flaw in Workspace ONE UEM Full Text

Abstract CISA has asked VMware admins and users today to patch a critical security vulnerability found in the Workspace ONE UEM console that threat actors could abuse to gain access to sensitive information.

BleepingComputer

December 17, 2021

VMware fixes critical SSRF flaw in Workspace ONE UEM Console Full Text

Abstract VMware released security patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console. VMware has addressed a critical server-side request forgery (SSRF) vulnerability, tracked as CVE-2021-22054, in the Workspace...

Security Affairs

December 17, 2021

All Log4j, logback bugs we know so far and why you MUST ditch 2.15 Full Text

Abstract Everyone's heard of the critical log4j zero-day by now. Dubbed 'Log4Shell,' the vulnerability has set the internet on fire. Below we summarize the four or more CVEs identified thus far, and pretty good reasons to ditch log4j version 2.15.0 for 2.16.0.

BleepingComputer

December 16, 2021

Officials point to Apache vulnerability in urging passage of cyber incident reporting bill Full Text

Abstract Key federal cybersecurity officials are pushing for passage of legislation to create mandates for certain organizations to report cyberattacks amid the fallout from a massive vulnerability in Apache logging package log4j, which has left organizations worldwide vulnerable.

The Hill

December 16, 2021

Researchers Uncover New Coexistence Attacks On Wi-Fi and Bluetooth Chips Full Text

Abstract Cybersecurity researchers have demonstrated a new attack technique that makes it possible to leverage a device's Bluetooth component to directly extract network passwords and manipulate traffic on a Wi-Fi chip. The novel attacks work against the so-called "combo chips," which are specialized chips that are equipped to handle different types of radio wave-based wireless communications, such as Wi-Fi, Bluetooth, and LTE. "We provide empirical evidence that coexistence, i.e., the coordination of cross-technology wireless transmissions, is an unexplored attack surface," a group of researchers from the Technical University of Darmstadt's Secure Mobile Networking Lab and the University of Brescia said in a  new paper . "Instead of escalating directly into the mobile [operating system], wireless chips can escalate their privileges into other wireless chips by exploiting the same mechanisms they use to arbitrate their access to the resources they share, i.e

The Hacker News

December 16, 2021

Flaws in Lenovo laptops allow escalating to admin privileges Full Text

Abstract The ImControllerService service of Lenovo laptops is affected by a privilege elevation bug that can allow to execute commands with admin privileges. Lenovo laptops, including ThinkPad and Yoga families, are affected by a privilege elevation issues...

Security Affairs

December 16, 2021

While attackers begin exploiting a second Log4j flaw, a third one emerges Full Text

Abstract Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting...

Security Affairs

December 16, 2021

Lenovo laptops vulnerable to bug allowing admin privileges Full Text

Abstract Lenovo laptops, including ThinkPad and Yoga models, are vulnerable to a privilege elevation bug in the ImControllerService service allowing attackers to execute commands with admin privileges.

BleepingComputer

December 15, 2021

SAP Kicks Log4Shell Vulnerability Out of 20 Apps Full Text

Abstract SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality.

Threatpost

December 15, 2021

Microsoft December 2021 Patch Tuesday fixes an actively exploited zero-day Full Text

Abstract Microsoft December 2021 Patch Tuesday addresses 67 vulnerabilities, including an actively exploited Windows Installer vulnerability. Microsoft December 2021 Patch Tuesday addressed 67 vulnerabilities in Microsoft Windows and Windows Components, ASP.NET...

Security Affairs

December 14, 2021

Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit Full Text

Abstract It took just 15 seconds to hack the latest, greatest, shiniest iPhone 13 Pro on stage at the Tianfu Cup in October, using a now-fixed iOS kernel bug.

Threatpost

December 14, 2021

Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware Full Text

Abstract Microsoft has rolled out  Patch Tuesday updates  to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. The latest monthly release for December fixes a total of 67 flaws, bringing the total number of bugs patched by the company this year to 887, according to the  Zero Day Initiative . Seven of the 67 flaws are rated Critical and 60 are rated as Important in severity, with five of the issues publicly known at the time of release. It's worth noting that this is in addition to the  21 flaws  resolved in the Chromium-based Microsoft Edge browser. The most critical of the lot is  CVE-2021-43890  (CVSS score: 7.1), a Windows AppX installer spoofing vulnerability that Microsoft said could be exploited to achieve arbitrary code execution. The lower severity rating is indicative of the fact that code execution hinges on the logged-on user level,

The Hacker News

December 14, 2021

Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released Full Text

Abstract The Apache Software Foundation (ASF) has pushed out a new fix for the Log4j logging utility after the previous patch for the recently disclosed  Log4Shell  exploit was deemed as "incomplete in certain non-default configurations." The second vulnerability — tracked as  CVE-2021-45046  — is rated 3.7 out of a maximum of 10 on the CVSS rating system and affects all versions of Log4j from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0, which the project maintainers shipped last week to address a critical remote code execution vulnerability (CVE-2021-44228) that could be abused to infiltrate and take over systems. The incomplete patch for  CVE-2021-44228  could be abused to "craft malicious input data using a  JNDI  Lookup pattern resulting in a denial-of-service (DoS) attack," the ASF  said  in a new advisory. The latest version of Log4j, 2.16.0 (for users requiring Java 8 or later), all but  removes  support for message lookups and disables JNDI by default, the

The Hacker News

December 14, 2021

DHS announces bug bounty program to hunt down cyber vulnerabilities Full Text

Abstract The Department of Homeland Security (DHS) on Tuesday announced a new bug bounty program meant to help tackle cyber vulnerabilities in the agency. 

The Hill

December 14, 2021

Adobe addresses over 60 vulnerabilities in multiple products Full Text

Abstract Adobe warns of threat actors that could exploit critical vulnerabilities in multiple products running on Windows and macOS systems. Adobe has issued critical warnings for more than 60 vulnerabilities in multiple products running on Windows and macOS...

Security Affairs

December 14, 2021

Microsoft fixes Windows AppX Installer zero-day used by Emotet Full Text

Abstract Microsoft has patched a high severity Windows zero-day vulnerability exploited in the wild to deliver Emotet malware payloads.

BleepingComputer

December 14, 2021

Google fixed the 17th zero-day in Chrome since the start of the year Full Text

Abstract Google has released Chrome 96.0.4664.110 to address a high-severity zero-day vulnerability, tracked as CVE-2021-4102, exploited in the wild. Google released security updates to address five vulnerabilities in the Chrome web browser, including...

Security Affairs

December 14, 2021

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws Full Text

Abstract Today is Microsoft's December 2021 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 67 flaws. These updates include a fix for an actively exploited Windows Installer vulnerability used in malware distribution campaigns.

BleepingComputer

December 14, 2021

Cyber experts express growing alarm over Apache vulnerability Full Text

Abstract A vulnerability in a widely used logging platform uncovered late last week has left security professionals and officials scrambling to respond and patch systems before other nations and cybercriminals can exploit the flaw.

The Hill

December 14, 2021

Zero-Day Vulnerability in Hillrom Cardiology Devices Could Allow Attackers to Seize Control Full Text

Abstract A high-severity vulnerability in several cardiac healthcare devices could allow attackers to access privileged accounts without a password and seize control of the devices.

The Daily Swig

December 14, 2021

Log4j: List of vulnerable products and vendor advisories Full Text

Abstract News about a critical vulnerability in the Apache Log4j logging library broke last week when proof-of-concept exploits started to emerge on Thursday.

BleepingComputer

December 13, 2021

Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones Full Text

Abstract Apple on Monday released updates to  iOS ,  macOS ,  tvOS , and  watchOS  with security patches for multiple vulnerabilities, including a remote jailbreak exploit chain as well as a number of critical issues in the Kernel and Safari web browser that were first demonstrated at the Tianfu Cup held in China two months ago. Tracked as CVE-2021-30955, the issue could have enabled a malicious application to execute arbitrary code with kernel privileges. Apple said it addressed the issue with "improved state handling." The flaw also impacts macOS devices. "The kernel bug CVE-2021-30955 is the one we tried [to] use to build our remote jailbreak chain but failed to complete on time," Kunlun Lab's chief executive, @mj0011sec,  said  in a tweet. A set of kernel vulnerabilities were eventually harnessed by the Pangu Team at the  Tianfu hacking contest  to break into an iPhone13 Pro running iOS 15, a feat that netted the white hat hackers $330,000 in cash rewards. Besid

The Hacker News

December 13, 2021

Update Google Chrome to Patch New Zero-Day Exploit Detected in the Wild Full Text

Abstract Google has rolled out fixes for five security vulnerabilities in its Chrome web browser, including one which it says is being exploited in the wild, making it the  17th such weakness  to be disclosed since the start of the year. Tracked as  CVE-2021-4102 , the flaw relates to a  use-after-free bug  in the V8 JavaScript and WebAssembly engine, which could have severe consequences ranging from corruption of valid data to the execution of arbitrary code. An anonymous researcher has been credited with discovering and reporting the flaw. As it stands, it's not known how the weakness is being abused in real-world attacks, but the internet giant issued a terse statement that said, "it's aware of reports that an exploit for CVE-2021-4102 exists in the wild." This is done so in an attempt to ensure that a majority of users are updated with a fix and prevent further exploitation by other threat actors. CVE-2021-4102 is the second use-after-free vulnerability in V8 the comp

The Hacker News

December 13, 2021

Google pushes emergency Chrome update to fix zero-day used in attacks Full Text

Abstract Google has released Chrome 96.0.4664.110 for Windows, Mac, and Linux, to address a high-severity zero-day vulnerability exploited in the wild.

BleepingComputer

December 13, 2021

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation Full Text

Abstract Boffins discovered bugs in WiFi chips that can be exploited to extract passwords and manipulate traffic by targeting a device's Bluetooth component. A group of researchers from the University of Darmstadt, University of Brescia, CNIT, and the Secure...

Security Affairs

December 13, 2021

CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog Full Text

Abstract The U.S. CISA added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including Apache Log4Shell Log4j and Fortinet FortiOS issues. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 13 new vulnerabilities...

Security Affairs

December 13, 2021

Log4Shell was in the wild at least nine days before public disclosure Full Text

Abstract Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks...

Security Affairs

December 13, 2021

Dell driver fix still allows Windows Kernel-level attacks Full Text

Abstract Dell's driver fix of the CVE-2021-21551 vulnerability leaves margin for catastrophic BYOVD attacks resulting in Windows kernel driver code execution.

BleepingComputer

December 13, 2021

Attackers can get root by crashing Ubuntu’s AccountsService Full Text

Abstract A local privilege escalation security vulnerability could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component.

BleepingComputer

December 13, 2021

Attackers can get root by crashing Ubuntu’s AccountsService Full Text

Abstract A local privilege escalation security vulnerability could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component.

BleepingComputer

December 13, 2021

Bugs in billions of WiFi, Bluetooth chips allow password, data theft Full Text

Abstract Researchers at the University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab, have published a paper that proves it's possible to extract passwords and manipulate traffic on a WiFi chip by targeting a device's Bluetooth component.

BleepingComputer

December 12, 2021

Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack Full Text

Abstract Threat actors are actively weaponizing unpatched servers affected by the newly identified " Log4Shell " vulnerability in Log4j to install cryptocurrency miners, Cobalt Strike, and recruit the devices into a botnet, even as telemetry signs point to exploitation of the flaw nine days before it even came to light. Netlab, the networking security division of Chinese tech giant Qihoo 360,  disclosed  threats such as  Mirai  and  Muhstik  (aka Tsunami) are setting their sights on vulnerable systems to spread the infection and grow its computing power to orchestrate distributed denial-of-service (DDoS) attacks with the goal of overwhelming a target and rendering it unusable. Muhstik was previously spotted exploiting a critical security flaw in Atlassian Confluence ( CVE-2021-26084 , CVSS score: 9.8) earlier this September. The latest development comes as it has emerged that the vulnerability has been under attack for at least more than a week prior to its public disclosure on D

The Hacker News

December 11, 2021

MANGA Found Targeting RCE Vulnerability in TP-Link Product Full Text

Abstract Botnet operator MANGA was spotted abusing a recently disclosed vulnerability to hijack TP-Link routers and add them to their network of hacked devices. Attackers started exploiting the flaw just two weeks after TP-Link released the firmware update. E xperts recommend always updating devices regu ... Read More

Cyware Alerts - Hacker News

December 11, 2021

Western Digital SanDisk SecureAccess flaws allow brute force and dictionary attacks Full Text

Abstract Vulnerabilities in the Western Digital SanDisk SecureAccess can be exploited to access user data through brute force and dictionary attacks. Western Digital has released updates for its SanDisk SecureAccess software to fix multiple vulnerabilities...

Security Affairs

December 10, 2021

What’s the Deal with the Log4Shell Security Nightmare? Full Text

Abstract The details behind a massive cyber problem.

Lawfare

December 10, 2021

Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks Full Text

Abstract Vulnerabilities in Microsoft and others’ popular OAuth2.0 implementations lead to redirection attacks that bypass most phishing detection solutions and email security solutions.

Proof Point

December 10, 2021

A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants Full Text

Abstract Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability,...

Security Affairs

December 10, 2021

Mozilla Patches High-Severity Vulnerabilities in Firefox, Thunderbird Full Text

Abstract If exploited, the most severe of these security bugs could allow attackers to execute arbitrary code within the context of the vulnerable application, which could lead to full system compromise.

Security Week

December 10, 2021

Minecraft rushes out patch for critical Log4j vulnerability Full Text

Abstract Swedish video game developer Mojang Studios has released an emergency Minecraft security update to address a critical bug in the Apache Log4j Java logging library used by the game's Java Edition client and multiplayer servers.

BleepingComputer

December 10, 2021

New zero-day exploit for Log4j Java library is an enterprise nightmare Full Text

Abstract Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike to ongoing remote code execution attacks.

BleepingComputer

December 10, 2021

Flaw in Widely Used Java-based Logging Utility Poses Grave Threat to Multiple Applications Full Text

Abstract Exploit code has been released for a serious code-execution vulnerability in Log4j, which is used by large enterprises and also in Java versions of Minecraft, several websites reported last Thursday.

ARS Technica

December 9, 2021

How MikroTik Routers Became a Cybercriminal Target Full Text

Abstract The powerful devices leveraged by the Meris botnet have weaknesses that make them easy to exploit, yet complex for organizations to track and secure, researchers said.

Threatpost

December 09, 2021

Over 300,000 MikroTik Devices Found Vulnerable to Remote Hacking Bugs Full Text

Abstract At least 300,000 IP addresses associated with MikroTik devices have been found vulnerable to multiple remotely exploitable security vulnerabilities that have since been patched by the popular supplier of routers and wireless ISP devices. The most affected devices are located in China, Brazil, Russia, Italy, Indonesia, with the U.S. coming in at number eight, cybersecurity firm Eclypsium said in a report shared with The Hacker News. "These devices are both powerful, [and] often highly vulnerable," the researchers  noted . "This has made MikroTik devices a favorite among threat actors who have commandeered the devices for everything from DDoS attacks, command-and-control (aka 'C2'), traffic tunneling, and more." MikroTik devices are an enticing target not least because there are more than two million of them deployed worldwide, posing a huge attack surface that can be leveraged by threat actors to mount an array of intrusions. Indeed, earlier this Septem

The Hacker News

December 9, 2021

Mozilla fixed high-severity bugs in Firefox and Thunderbird mail client Full Text

Abstract Mozilla released security updates for the Firefox browser and Thunderbird mail client to address multiple vulnerabilities. Mozilla released security updates to address multiple vulnerabilities in the Firefox browser and Thunderbird mail client. The company...

Security Affairs

December 09, 2021

Microsoft, Google OAuth flaws can be abused in phishing attacks Full Text

Abstract Researchers have discovered a set of previously unknown methods to launch URL redirection attacks against weak OAuth 2.0 implementations.

BleepingComputer

December 9, 2021

Critical web security flaws in Kaseya Unitrends backup appliances remediated after researchers’ disclosure Full Text

Abstract Each of the flaws (rated with a CVSS score of 9.8) posed a remote code execution risk to Kaseya Unitrends Backup Appliance running vulnerable versions of the software, ranging from 10.0.x-10.5.4.

The Daily Swig

December 9, 2021

Flaws in Tonga’s top-level domain left Google, Amazon, Tether web services vulnerable to takeover Full Text

Abstract Palisade researchers discovered an SQL injection vulnerability on the registrar website, abuse of which could enable attackers to obtain the plaintext DNS master passwords for '.to' domains.

The Daily Swig

December 09, 2021

SanDisk SecureAccess bug allows brute forcing vault passwords Full Text

Abstract Western Digital has fixed a security vulnerability that enabled attackers to brute force SanDisk SecureAccess passwords and access the users' protected files.

BleepingComputer

December 9, 2021

SSRF vulnerability patched in Jamf Pro mobile security platform Full Text

Abstract A vulnerability in Jamf Pro, a popular MDM platform for Apple devices, allowed attackers to stage SSRF attacks on the application’s servers, security researchers at Assetnote have found.

The Daily Swig

December 09, 2021

Hundreds of thousands of MikroTik devices still vulnerable to botnets Full Text

Abstract Approximately 300,000 MikroTik routers are vulnerable to critical vulnerabilities that malware botnets can exploit for cryptomining and DDoS attacks.

BleepingComputer

December 09, 2021

Windows ‘InstallerFileTakeOver’ zero-day bug gets free micropatch Full Text

Abstract An unofficial patch is available for a zero-day vulnerability that is actively exploited in the wild to gain administrator privileges.

BleepingComputer

December 8, 2021

SonicWall strongly urges customers to apply patches to SMA 100 devices Full Text

Abstract SonicWall strongly urges customers using SMA 100 series appliances to install security patches that address multiple security flaws, some of them rated as critical. Security vendor SonicWall urges customers using SMA 100 series appliances to apply...

Security Affairs

December 8, 2021

Salt Security Report Surfaces GraphQL API Vulnerabilities Full Text

Abstract Salt Security today released a report highlighting a vulnerability its researchers discovered in an API based on the GraphQL specification implemented by an undisclosed financial services firm.

Security Boulevard

December 08, 2021

SonicWall ‘strongly urges’ customers to patch critical SMA 100 bugs Full Text

Abstract SonicWall 'strongly urges' organizations using SMA 100 series appliances to immediately patch them against multiple security flaws rated with CVSS scores ranging from medium to critical.

BleepingComputer

December 8, 2021

Android Security Updates Patch 46 Vulnerabilities Full Text

Abstract The most severe of the fixed issues is an information leakage bug in the Media framework “that could lead to remote information disclosure with no additional execution privileges needed,” Google said.

Security Week

December 7, 2021

Windows 10 Drive-By RCE Triggered by Default URI Handler Full Text

Abstract There’s an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.

Threatpost

December 07, 2021

Eltima SDK Contain Multiple Vulnerabilities Affecting Several Cloud Service Provides Full Text

Abstract Cybersecurity researchers have disclosed multiple vulnerabilities in a third-party driver software developed by Eltima that have been "unwittingly inherited" by cloud desktop solutions like Amazon Workspaces, Accops, and NoMachine and could provide attackers a path to perform an array of malicious activities. "These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded," SentinelOne researchers  said  in a report shared with The Hacker News. The flaws have since been addressed in Amazon Nimble Studio AMI, Amazon NICE DCV, Amazon WorkSpaces, Amazon AppStream, NoMachine, Accops HyWorks, Accops HyWorks DVM Tools, Eltima USB Network Gate, Amzetta zPortal Windows zClient, Amzetta zPortal DVM Tools, FlexiHub, and Donglify. At its core, the issues reside in a product developed by Eltima that offers "USB over Ethernet&qu

The Hacker News

December 07, 2021

Grafana fixes zero-day vulnerability after exploits spread over Twitter Full Text

Abstract Open-source analytics and interactive visualization solution Grafana received an emergency update today to fix a high-severity, zero-day vulnerability that enabled remote access to local files.

BleepingComputer

December 07, 2021

27 flaws in USB-over-network SDK affect millions of cloud users Full Text

Abstract Researchers have discovered 27 vulnerabilities in Eltima SDK, a library used by numerous cloud providers to remotely mount a local USB device.

BleepingComputer

December 07, 2021

QNAP warns users of bitcoin miner targeting their NAS devices Full Text

Abstract QNAP warned customers today of ongoing attacks targeting their NAS (network-attached storage) devices with cryptomining malware, urging them to take measures to protect them immediately.

BleepingComputer

December 6, 2021

Kafdrop flaw allows data from Kafka clusters to be exposed Internet-wide Full Text

Abstract Researchers at Spectral discovered a security flaw in Kafdrop, a popular open-source UI and management interface for Apache Kafka clusters, that has been downloaded more than 20 million times.

Help Net Security

December 6, 2021

Critical vulnerabilities in open source forum software NodeBB could lead to RCE Full Text

Abstract Critical vulnerabilities in the JavaScript-based open source forum platform NodeBB could allow attackers to steal private information and access admin accounts, researchers have warned.

The Daily Swig

December 06, 2021

14 New XS-Leaks (Cross-Site Leaks) Attacks Affect All Modern Web Browsers Full Text

Abstract Researchers have discovered 14 new types of cross-site data leakage attacks against a number of modern web browsers, including Tor Browser, Mozilla Firefox, Google Chrome, Microsoft Edge, Apple Safari, and Opera, among others. Collectively known as "XS-Leaks," the browser bugs enable a malicious website to harvest personal data from its visitors as they interact with other websites in the background without the targets' knowledge. The  findings  are the result of a comprehensive study of cross-site attacks undertaken by a group of academics from Ruhr-Universität Bochum (RUB) and Niederrhein University. "XS-Leaks bypass the so-called  same-origin policy , one of a browser's main defences against various types of attacks," the researchers  said  in a statement. "The purpose of the same-origin policy is to prevent information from being stolen from a trusted website. In the case of XS-Leaks, attackers can nevertheless recognize individual, small details

The Hacker News

December 5, 2021

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users Full Text

Abstract Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. Security researchers and editors with the German IT magazine CHIP have discovered 226 potential security defects in nine...

Security Affairs

December 3, 2021

Critical Flaw in NSS Cryptographic Library Affects Several Popular Applications Full Text

Abstract The security defect may also impact applications that employ NSS for validating certificates, or for additional CRL, OCSP, TLS, or X.509 functionality, depending on how NSS is configured.

Security Week

December 03, 2021

Zoho: Patch new ManageEngine bug exploited in attacks ASAP Full Text

Abstract Business software provider Zoho urged customers today to update their Desktop Central and Desktop Central MSP installations to the latest available version.

BleepingComputer

December 02, 2021

Nine WiFi routers used by millions were vulnerable to 226 flaws Full Text

Abstract Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them, even when running the latest firmware.

BleepingComputer

December 2, 2021

Mozilla fixes critical flaw in Network Security Services (NSS) cryptography library Full Text

Abstract Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. Mozilla has addressed a heap-based buffer overflow vulnerability (CVE-2021-43527) in its cross-platform Network...

Security Affairs

December 1, 2021

80K Retail WooCommerce Sites Exposed by Plugin XSS Bug Full Text

Abstract The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.

Threatpost

December 01, 2021

Critical Bug in Mozilla’s NSS Crypto Library Potentially Affects Several Other Software Full Text

Abstract Mozilla has rolled out fixes to address a critical security weakness in its cross-platform Network Security Services ( NSS ) cryptographic library that could be potentially exploited by an adversary to crash a vulnerable application and even execute arbitrary code. Tracked as CVE-2021-43527, the flaw affects NSS versions prior to 3.73 or 3.68.1 ESR, and concerns a  heap overflow  vulnerability when verifying digital signatures such as  DSA  and  RSA-PSS  algorithms that are encoded using the  DER  binary format. Credited with reporting the issue is Tavis Ormandy of Google Project Zero, who codenamed it " BigSig ." "NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures," Mozilla  said  in an advisory published Wednesday. "Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted." NSS is a

The Hacker News

December 1, 2021

‘Over-permissive’ authentication checks left 190 Australian organizations vulnerable to business email compromise attacks Full Text

Abstract Email authentication checks could be hoodwinked by phishing emails impersonating nearly 200 Australian organizations due to a vulnerability discovered more than two years after its conception.

The Daily Swig

December 01, 2021

Mozilla fixes critical bug in cross-platform cryptography library Full Text

Abstract Mozilla has addressed a critical memory corruption vulnerability affecting its cross-platform Network Security Services (NSS) set of cryptography libraries.

BleepingComputer

December 1, 2021

Use-after-free condition in Google Chrome could lead to code execution Full Text

Abstract The use-after-free vulnerability in Chrome is triggered by opening a specially crafted webpage which could trigger the reuse of previously freed memory, which can lead to arbitrary code execution.

Cisco Talos

November 30, 2021

Microsoft Defender scares admins with Emotet false positives Full Text

Abstract Microsoft Defender for Endpoint is currently blocking Office documents from being opened and some executables from launching due to a false positive tagging the files as potentially bundling an Emotet malware payload.

BleepingComputer

November 30, 2021

Play the Opera Please – Opera patches a flaw in their turbo servers Full Text

Abstract Opera released a mini patch for a vulnerability in their turbo servers that dates back to 2018. Prior approval are taken from Opera security team before disclosing this issue! Before we get started there are few things which we need to understand...

Security Affairs

November 30, 2021

Critical Wormable Security Flaw Found in Several HP Printer Models Full Text

Abstract Cybersecurity researchers on Tuesday disclosed multiple security flaws affecting 150 different multifunction printers (MFPs) from HP Inc that could be potentially abused by an adversary to take control of vulnerable devices, pilfer sensitive information, and infiltrate enterprise networks to mount other attacks. The two weaknesses — collectively called  Printing Shellz  — were discovered and reported to HP by F-Secure Labs researchers Timo Hirvonen and Alexander Bolshev on April 29, 2021, prompting the PC maker to  issue   patches  earlier this month — CVE-2021-39237  (CVSS score: 7.1) - An information disclosure vulnerability impacting certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers. CVE-2021-39238  (CVSS score: 9.3) - A buffer overflow vulnerability impacting certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products. "The flaws are in the unit's communications board and font p

The Hacker News

November 30, 2021

Critical Printing Shellz flaws impact 150 HP multifunction printer models Full Text

Abstract Researchers discovered a critical wormable buffer overflow vulnerability that affects 150 different HP multifunction printer models (MFPs). Cybersecurity researchers from F-Secure have discovered two critical vulnerabilities, collectively tracked...

Security Affairs

November 30, 2021

Unpatched Unauthorized File Read Vulnerability Affects Microsoft Windows OS Full Text

Abstract Unofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation (LPE) on vulnerable systems. Tracked as  CVE-2021-24084  (CVSS score: 5.5), the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain unauthorized file system access and read arbitrary files. Security researcher Abdelhamid Naceri was credited with discovering and reporting the bug in October 2020, prompting Microsoft to address the issue as part of its February 2021 Patch Tuesday updates. But as  observed  by Naceri in June 2021, not only could the patch be bypassed to achieve the same objective, the researcher this month found that the incompletely patched vulnerability could also be  exploited  to gain administrator privileges and run malicious code on Windows 10 machines running the  latest security updates . "Name

The Hacker News

November 30, 2021

Project Zero Flags High-Risk Zoom Security Flaw Full Text

Abstract Video conferencing software giant Zoom has shipped patches for a pair of security defects that expose Windows, macOS, Linux, iOS, and Android users to malicious hacker attacks.

Security Week

November 30, 2021

8-year-old HP printer vulnerability affects 150 printer models Full Text

Abstract Researchers have discovered several vulnerabilities affecting at least 150 multi-function (print, scan, fax) printers made by Hewlett Packard.

BleepingComputer

November 29, 2021

Unpatched Windows Zero-Day Allows Privileged File Access Full Text

Abstract A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.

Threatpost

November 29, 2021

Google experts found 2 flaws in video conferencing software Zoom Full Text

Abstract Google Project Zero researchers have discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. Security researchers from Google Project Zero discovered two vulnerabilities in the video conferencing software...

Security Affairs

November 29, 2021

Zoom finally adds automatic updates to Windows, macOS clients Full Text

Abstract Zoom has announced today the launch of an automatic update feature designed to streamline the update process for desktop clients.

BleepingComputer

November 29, 2021

Experts warn of attacks exploiting CVE-2021-40438 flaw in Apache HTTP Server Full Text

Abstract Threat actors are exploiting the recently patched CVE-2021-40438 flaw in Apache HTTP servers, warns German Cybersecurity Agency and Cisco. Threat actors are exploiting a recently addressed server-side request forgery (SSRF) vulnerability, tracked...

Security Affairs

November 29, 2021

Recently Patched Apache HTTP Server Vulnerability Exploited in Attacks Full Text

Abstract Organizations are being advised to ensure that their Apache HTTP servers are up to date, after it came to light that a recently patched vulnerability has been exploited in attacks.

Security Week

November 28, 2021

0patch releases unofficial patches for CVE-2021-24084 Windows 10 zero-day Full Text

Abstract 0patch released free unofficial patches for Windows local privilege escalation zero-day (CVE-2021-24084) in Windows 10, version 1809 and later. 0patch released free unofficial patches for Windows local privilege escalation zero-day (CVE-2021-24084)...

Security Affairs

November 27, 2021

New Windows 10 zero-day gives admin rights, gets unofficial patch Full Text

Abstract Free unofficial patches have been released to protect Windows users from a local privilege escalation (LPE) zero-day vulnerability in the Mobile Device Management Service impacting all Windows 10 versions from v1809 to v21H1.

BleepingComputer

November 25, 2021

Common Cloud Misconfigurations can be Exploited in Minutes: Report Full Text

Abstract In an experiment by Palo Alto Network's Unit 42, a round 80% of the honeypots were compromised within 24 hours and the rest were compromised within a week, with SSH being the prime target.

Cyware Alerts - Hacker News

November 25, 2021

Microsoft Defender for Endpoint fails to start on Windows Server Full Text

Abstract Microsoft has confirmed a new issue impacting Windows Server devices preventing the Microsoft Defender for Endpoint security solution from launching on some systems.

BleepingComputer

November 25, 2021

WordPress security plugin Hide My WP addresses SQL injection, deactivation flaws Full Text

Abstract Hide My WP, a popular WordPress security plugin, contained a serious SQL injection (SQLi) vulnerability and a security flaw that enabled unauthenticated attackers to deactivate the software.

The Daily Swig

November 24, 2021

VMware Warns of Newly Discovered Vulnerabilities in vSphere Web Client Full Text

Abstract VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client. Tracked as CVE-2021-21980, the bug has been rated 7.5 out of a maximum of 10 on the CVSS scoring system, and impacts vCenter Server versions 6.5 and 6.7. "A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information," the company  noted  in an advisory published on November 23, crediting ch0wn of Orz lab for reporting the flaw. The second shortcoming remediated by VMware relates to an  SSRF  (Server-Side Request Forgery) vulnerability in the Virtual storage area network (vSAN) Web Client plug-in that could allow a malicious actor with network access to port 443 on vCenter Server to exploit the flaw by accessing an i

The Hacker News

November 24, 2021

Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally Full Text

Abstract Multiple security weaknesses have been disclosed in MediaTek system-on-chips (SoCs) that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a "massive eavesdrop campaign" without the users' knowledge. The discovery of the flaws is the result of reverse-engineering the Taiwanese company's audio digital signal processor ( DSP ) unit by Israeli cybersecurity firm Check Point Research, ultimately finding that by stringing them together with other flaws present in a smartphone manufacturer's libraries, the issues uncovered in the chip could lead to local privilege escalation from an Android application.  "A malformed inter-processor message could potentially be used by an attacker to execute and hide malicious code inside the DSP firmware," Check Point security researcher Slava Makkaveev  said  in a report. "Since the DSP firmware h

The Hacker News

November 24, 2021

VMware addresses File Read and SSRF flaws in vCenter Server Full Text

Abstract VMware addressed arbitrary file read and server-side request forgery (SSRF) vulnerabilities in its vCenter Server product. VMware this week addressed arbitrary file read and server-side request forgery (SSRF) vulnerabilities affecting its vCenter...

Security Affairs

November 24, 2021

A vulnerable honeypot exposed online can be compromised in 24 hours Full Text

Abstract Researchers deployed multiple instances of vulnerable systems and found that 80% of the 320 honeypots were compromised within 24 hours. Researchers from Palo Alto Networks deployed a honeypot infrastructure of 320 nodes to analyze how three actors...

Security Affairs

November 24, 2021

VMware addresses SSRF, arbitrary file read flaws in vCenter Server Full Text

Abstract With a CVSS rating of 7.5, the most severe is the arbitrary file read bug (CVE-2021-21980), abuse of which could potentially enable a malicious actor to gain access to sensitive information.

The Daily Swig

November 24, 2021

Expert discloses details of flaws in Oracle VirtualBox Full Text

Abstract A vulnerability in Oracle VM VirtualBox could be potentially exploited to compromise the hypervisor and trigger a denial-of-service (DoS) condition. A vulnerability in Oracle VM VirtualBox, tracked as CVE-2021-2442, could be potentially exploited...

Security Affairs

November 24, 2021

Mediatek eavesdropping bug impacts 30% of all Android smartphones Full Text

Abstract MediaTek fixed security vulnerabilities that could have allowed attackers to eavesdrop on Android phone calls, execute commands, or elevate their privileges to a higher level.

BleepingComputer

November 23, 2021

Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox Full Text

Abstract A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service (DoS) condition. "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox," the advisory  reads . "Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DoS) of Oracle VM VirtualBox" Tracked as  CVE-2021-2442  (CVSS score: 6.0), the flaw affects all versions of the product prior to 6.1.24. SentinelLabs researcher Max Van Amerongen has been credited with discovering and reporting the issue, following which  fixes have been rolled out  by Oracle as part of its Critical Patch Update for July 2021. Oracle VM  VirtualBox  is an open-source and cross-platform hypervisor and desktop virtualization software that enabl

The Hacker News

November 23, 2021

Common Cloud Misconfigurations Exploited in Minutes, Report Full Text

Abstract Opportunistic attackers instantly exploited insecurely exposed services deployed in honeypots by Unit 42 researchers, demonstrating the immediate danger of these typical mistakes.

Threatpost

November 23, 2021

Experts warn of RCE flaw in Imunify360 security platform Full Text

Abstract A flaw in CloudLinux’s Imunify360 security product could have been exploited by an attacker for remote code execution. Cisco’s Talos researchers discovered a remote code execution vulnerability, tracked as CVE-2021-21956, in CloudLinux’s Imunify360...

Security Affairs

November 23, 2021

Exchange Server Flaws Once Again Under Heavy Targeting Full Text

Abstract Attackers are targeting unpatched Exchange servers for vulnerabilities such as ProxyLogon and ProxyShell to breach corporate email servers and drop multiple malware. In one of the attacks, the researchers have seen the distribution of SquirrelWaffle loader, which then installs Qbot. O rganiza ... Read More

Cyware Alerts - Hacker News

November 23, 2021

Expert released PoC exploit code for Microsoft Exchange CVE-2021-42321 RCE bug Full Text

Abstract A researcher has released a proof-of-concept exploit code for an actively exploited vulnerability affecting Microsoft Exchange servers. The researcher Janggggg has published on Sunday a proof-of-concept exploit code for an actively exploited vulnerability,...

Security Affairs

November 23, 2021

Expert disclosed an exploit for a new Windows zero-day local privilege elevation issue Full Text

Abstract A researcher publicly disclosed an exploit for a new Windows zero-day local privilege elevation that can allow gaining admin privileges. A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability...

Security Affairs

November 23, 2021

Researchers warn of severe risks from ‘Printjack’ printer attacks Full Text

Abstract A team of Italian researchers has compiled a set of three attacks called 'Printjack,' warning users of the significant consequences of over-trusting their printer.

BleepingComputer

November 23, 2021

Severe Code Execution Vulnerabilities Affect OpenVPN-Based Applications Full Text

Abstract Security researchers at Claroty have raised the alarm for a series of severe code execution vulnerabilities affecting virtual private network (VPN) solutions relying on OpenVPN.

Security Week

November 23, 2021

Philips Working on Patches for Vulnerabilities Found in Medical Products Full Text

Abstract The flaws were identified by researchers at industrial cybersecurity firm Nozomi Networks in Philips IntelliBridge, Patient Information Center iX (PIC iX), and Efficia CM series products.

Security Week

November 22, 2021

New Windows zero-day with public exploit lets you become an admin Full Text

Abstract A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server.

BleepingComputer

November 22, 2021

Exploit released for Microsoft Exchange RCE bug, patch now Full Text

Abstract Proof-of-concept exploit code has been released online over the weekend for an actively exploited high severity vulnerability impacting Microsoft Exchange servers.

BleepingComputer

November 22, 2021

Hackers used this software flaw to steal credit card details from thousands of online retailers Full Text

Abstract Over 4,000 online retailers have been warned that their websites had been hacked by cybercriminals trying to steal payment information and other personal information from customers.

ZDNet

November 22, 2021

Biometric auth bypassed using fingerprint photo, printer, and glue Full Text

Abstract Researchers demonstrated that fingerprints could be cloned for biometric authentication for as little as $5 without using any sophisticated or uncommon tools.

BleepingComputer

November 22, 2021

Lack of API visibility undermines basic principle of security Full Text

Abstract The new visibility challenge, with many core business processes dependent on APIs, requires that companies need to know what APIs they expose externally and internally and how they should behave.

Help Net Security

November 21, 2021

Blacksmith Attack Bypasses Existing DDR4 Memory Defenses Full Text

Abstract Researchers from ComSec group have demonstrated that it is possible to trigger the Rowhammer exploit and target the associated DRAMs used in commercially available devices. Blacksmith (tracked as CVE-2021-42114 ) is a fuzzing-based technique, and unlike previous DRAM exploits, it works well for ... Read More

Cyware Alerts - Hacker News

November 21, 2021

New ETW Attacks May Blind Security Products Full Text

Abstract Researchers from Binarly have disclosed two Event Tracing for Windows (ETW) bypass techniques and demonstrated their effectiveness against Windows Defender and Process Monitor.

Cyware Alerts - Hacker News

November 20, 2021

Zero-day Flaws and Exploit-as-a-Service Trending Among Ransomware Groups Full Text

Abstract A recent analysis made by researchers from Digital Shadows indicates that an increasing amount of chatter has been observed on dark web message boards regarding the criminal market for zero-day vulnerabilities.

Cyware Alerts - Hacker News

November 20, 2021

Sky customers vulnerable to hackers after security flaw on six million routers Full Text

Abstract The security issue meant internet users with Sky routers were vulnerable to hacks and online attacks for well over a year, according to internet security company Pen Test Partners.

ITV News

November 19, 2021

Six million Sky routers exposed to takeover attacks for 17 months Full Text

Abstract Around six million Sky Broadband customer routers in the UK were affected by a critical vulnerability that took over 17 months to roll out a fix to customers.

BleepingComputer

November 19, 2021

Researcher finds SSRF bug in internal Google Cloud project, nabs $10,000 bug bounty Full Text

Abstract Now fixed, the bug, which researcher avid Schütz has documented in a comprehensive video and blog post, could have allowed an attacker to access sensitive resources and possibly run malicious code.

The Daily Swig

November 19, 2021

CKEditor vulnerabilities pose XSS threat to Drupal and other downstream applications Full Text

Abstract A pair of cross-site scripting (XSS) bugs, which are deemed ‘moderately critical’ by Drupal, could have a far-reaching impact since CKEditor is incorporated into numerous online applications.

The Daily Swig

November 18, 2021

Microsoft addresses a high-severity vulnerability in Azure AD Full Text

Abstract Microsoft recently addressed an information disclosure vulnerability, tracked as CVE-2021-42306, affecting Azure AD. Microsoft has recently addressed an information disclosure vulnerability, tracked as CVE-2021-42306, affecting Azure AD. "An information...

Security Affairs

November 18, 2021

Zero-Day flaw in FatPipe products actively exploited, FBI warns Full Text

Abstract The FBI is warning of a zero-day vulnerability in FatPipe products that has been under active exploitation since at least May 2021. FatPipe Software-Defined Wide Area Networking (SD-WAN) products provide solutions for an easy migration to Hybrid...

Security Affairs

November 18, 2021

Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models Full Text

Abstract Networking equipment company Netgear has  released  yet  another round  of  patches  to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Tracked as  CVE-2021-34991  (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office (SOHO) routers can lead to code execution with the highest privileges by taking advantage of an issue residing in the Universal Plug and Play ( UPnP ) feature that allows devices to discover each other's presence on the same local network and open ports needed to connect to the public Internet. Because of its ubiquitous nature, UPnP is used by a wide variety of devices, including personal computers, networking equipment, video game consoles and internet of things (IoT) devices. Specifically, the vulnerability stems from the fact that the UPnP daemon accepts unauthenticated HTTP SUBSCRIBE and UNSUBSCRI

The Hacker News

November 18, 2021

Netgear fixes code execution flaw in many SOHO devices Full Text

Abstract Netgear addressed a pre-authentication buffer overflow issue in its SOHO devices that can be exploited by an attacker on the local area network to execute code remotely with root privileges.

Security Affairs

November 17, 2021

Netgear fixes code execution flaw in many SOHO devices Full Text

Abstract Netgear addressed a code execution vulnerability, tracked as CVE-2021-34991, in its small office/home office (SOHO) devices. Netgear addressed a pre-authentication buffer overflow issue in its small office/home office (SOHO) devices that can be exploited...

Security Affairs

November 16, 2021

HTTP header smuggling attack against AWS API Gateway exposes systems to cache poisoning Full Text

Abstract The header smuggling method by Daniel Thatcher creates a mutation in a header request designed to be sent through to backend infrastructure without being processed by a trusted frontend service.

The Daily Swig

November 16, 2021

GitHub addressed two major vulnerabilities in the NPM package manager Full Text

Abstract Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed. GitHub disclosed two major vulnerabilities in the npm that have been already addressed. The first vulnerability...

Security Affairs

November 16, 2021

Intel addresses 2 high-severity issues in BIOS firmware of several processors Full Text

Abstract Intel disclosed two high-severity vulnerabilities, tracked as CVE-2021-0157 and CVE-2021-0158, that affect the BIOS firmware in several processor families. Intel disclosed two high-severity vulnerabilities that affect the BIOS firmware in several...

Security Affairs

November 16, 2021

Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion Full Text

Abstract Twelve of these vulnerabilities could allow a malicious user to manipulate the Web Manager in a way — for example, overflowing a fixed-size buffer — that would allow them to execute arbitrary code.

Cisco Talos

November 16, 2021

NPM fixes private package names leak, serious authorization bug Full Text

Abstract The largest software registry of Node.js packages, npm, has disclosed fixing multiple security flaws. The first flaw concerns leak of names of private npm packages on the npmjs.com's "replica" server. Whereas, the second flaw allows attackers to publish new versions of any existing npm package that they do not own or have rights to.

BleepingComputer

November 15, 2021

High-Severity Intel Processor Bug Exposes Encryption Keys Full Text

Abstract CVE-2021-0146, arising from a debugging functionality with excessive privileges, allows attackers to read encrypted files.

Threatpost

November 15, 2021

New Rowhammer technique bypasses existing DDR4 memory defenses Full Text

Abstract Researchers have developed a new fuzzing-based technique called 'Blacksmith' that revives Rowhammer vulnerability attacks against modern DRAM devices that bypasses existing mitigations.

BleepingComputer

November 15, 2021

High severity BIOS flaws affect numerous Intel processors Full Text

Abstract Intel has released an advisory to confirm the existence of two high-severity vulnerabilities that affect a wide range of Intel processor families.

BleepingComputer

November 15, 2021

Microsoft rolled out emergency updates to fix Windows Server auth failures Full Text

Abstract Microsoft has released out-of-band security updates to address authentication issues affecting Windows Server. Microsoft has released out-of-band updates to fix authentication failures related to Kerberos delegation scenarios impacting Domain Controllers...

Security Affairs

November 15, 2021

Diebold Nixdorf ATM Flaws Allowed Attackers to Modify Firmware, Steal Cash Full Text

Abstract Positive Technologies published information on a couple of vulnerabilities in Diebold Nixdorf ATMs that could have allowed for an attacker to replace the firmware on the system and withdraw cash.

Security Week

November 15, 2021

New Microsoft emergency updates fix Windows Server auth issues Full Text

Abstract Microsoft has released out-of-band updates to address authentication failures related to Kerberos delegation scenarios impacting Domain Controllers (DC) running supported versions of Windows Server.

BleepingComputer

November 15, 2021

Two Sony PS5 exploits disclosed the same day Full Text

Abstract Threat actors stole PS5 root keys using kernel exploits demonstrating the need to improve the security of the popular gaming console. Threat actors stole Sony PS5 root keys from the popular gaming console using two exploits for kernel vulnerabilities....

Security Affairs

November 12, 2021

Windows 10 Privilege-Escalation Zero-Day Gets an Unofficial Fix Full Text

Abstract Researchers warn that CVE-2021-34484 can be exploited with a patch bypass for a bug originally addressed in August by Microsoft.

Threatpost

November 12, 2021

Mac Zero Day Targets Apple Devices in Hong Kong Full Text

Abstract Google researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites.

Threatpost

November 12, 2021

Zero-day bug in all Windows versions gets free unofficial patch Full Text

Abstract A free and unofficial patch is now available for a zero-day local privilege escalation vulnerability in the Windows User Profile Service that lets attackers gain SYSTEM privileges under certain conditions.

BleepingComputer

November 12, 2021

Zoom Patches High-Risk Flaws in Meeting Connector, Keybase Client Full Text

Abstract Video messaging technology giant Zoom has shipped patches for high-severity vulnerabilities that expose enterprise users to remote code execution and command injection attacks.

Security Week

November 11, 2021

Windows 10 App Installer abused in BazarLoader malware attacks Full Text

Abstract The TrickBot gang operators are now abusing the Windows 10 App Installer to deploy their BazarLoader malware on the systems of targets who fall victim to a highly targeted spam campaign.

BleepingComputer

November 11, 2021

AMD fixes dozens of Windows 10 graphics driver security bugs Full Text

Abstract AMD has fixed a long list of security vulnerabilities found in its graphics driver for Windows 10 devices, allowing attackers to execute arbitrary code and elevate privileges on vulnerable systems.

BleepingComputer

November 11, 2021

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN Full Text

Abstract Palo Alto Networks warns of an easy exploitable Remote Code Execution vulnerability in its GlobalProtect VPN product. Palo Alto Networks disclosed a critical remote code execution vulnerability, tracked as CVE-2021-3064, in its GlobalProtect portal...

Security Affairs

November 11, 2021

Nearly 100 TCP/IP Stack Security Vulnerabilities Uncovered During 18-Month Research Project Full Text

Abstract Researchers have identified a total of 97 vulnerabilities across 14 TCP/IP stacks, including ones that can be exploited for remote code execution, DoS attacks, or to obtain sensitive information.

Security Week

November 10, 2021

Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN Full Text

Abstract A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges. Tracked as CVE-2021-3064 (CVSS score: 9.8), the security weakness impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Massachusetts-based cybersecurity firm Randori has been credited with discovering and reporting the issue. "The vulnerability chain consists of a method for bypassing validations made by an external web server (HTTP smuggling) and a stack-based buffer overflow," Randori researchers  said . "Exploitation of the vulnerability chain has been proven and allows for remote code execution on both physical and virtual firewall products." Technical details related to CVE-2021-3064 have been withheld for 30 days to prevent threat actors from abusing the vulnerability to stage real-world attacks. The security bug stems from a b

The Hacker News

November 10, 2021

Massive Zero-Day Hole Found in Palo Alto Security Appliances Full Text

Abstract UPDATE: Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects what Palo Alto clarified is an estimated 10,000 VPN/firewalls.

Threatpost

November 10, 2021

VMware discloses a severe flaw in vCenter Server that has yet to fix Full Text

Abstract VMware announced it is working on patches for an important severity privilege escalation vulnerability affecting vCenter Server. VMware announced it’s working on security patches to address an important severity privilege escalation vulnerability,...

Security Affairs

November 10, 2021

13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment Full Text

Abstract As many as 13 security vulnerabilities have been discovered in the Nucleus TCP/IP stack, a software library now maintained by Siemens and used in three billion operational technology and IoT devices that could allow for remote code execution, denial-of-service (DoS), and information leak. Collectively called " NUCLEUS:13 ," successful attacks abusing the flaws can "result in devices going offline and having their logic hijacked," and "spread[ing] malware to wherever they communicate on the network," researchers from Forescout and Medigate said in a technical report published Tuesday, with one proof-of-concept (PoC) successfully  demonstrating  a scenario that could potentially disrupt medical care and critical processes. Siemens has since released  security updates  to remediate the weaknesses in Nucleus ReadyStart versions 3 (v2017.02.4 or later) and 4 (v4.1.1 or later). Primarily deployed in automotive, industrial, and medical applications, Nucleus

The Hacker News

November 10, 2021

A flaw in WP Reset PRO WordPress plugin allows wiping the installation DB Full Text

Abstract A critical vulnerability in the WP Reset PRO WordPress plugin can allow an authenticated user to wipe the entire database of WordPress sites. Researchers from cybersecurity form Packstack have discovered a critical vulnerability in the WP Reset PRO WordPress...

Security Affairs

November 10, 2021

14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices Full Text

Abstract Cybersecurity researchers on Tuesday disclosed 14 critical vulnerabilities in the BusyBox Linux utility that could be exploited to result in a denial-of-service (DoS) condition and, in select cases, even lead to information leaks and remote code execution. The security weaknesses, tracked from CVE-2021-42373 through CVE-2021-42386, affect multiple versions of the tool ranging from 1.16-1.33.1, DevOps company JFrog and industrial cybersecurity company Claroty  said  in a joint report. Dubbed "the Swiss Army Knife of Embedded Linux,"  BusyBox  is a widely used software suite combining a variety of common Unix utilities or applets (e.g.,  cp ,  ls ,  grep ) into a single executable file that can run on Linux systems such as programmable logic controllers (PLCs), human-machine interfaces (HMIs), and remote terminal units (RTUs). A quick list of the flaws and the applets they impact is below — man  - CVE-2021-42373 lzma/unlzma  - CVE-2021-42374 ash  - CVE-2021-42375 hus

The Hacker News

November 10, 2021

Citrix addresses a critical flaw in ADC, Gateway Full Text

Abstract Citrix addressed two vulnerabilities affecting Citrix ADC, Gateway, and SD-WAN, one of them is a critical issue leading to DoS. Citrix has released security updates to address two vulnerabilities in ADC, Gateway, and SD-WAN, including a critical...

Security Affairs

November 10, 2021

Researchers show that Apple’s CSAM scanning can be fooled easily Full Text

Abstract A team of researchers at the Imperial College in London have presented a simple method to evade detection by image content scanning mechanisms, such as Apple's CSAM.

BleepingComputer

November 10, 2021

Experts found 14 new flaws in BusyBox, millions of devices at risk Full Text

Abstract Researchers have identified a total of 14 new vulnerabilities in BusyBox that expose million of Unix-based devices to cyberattacks. Researchers from software development company JFrog and industrial cybersecurity firm Claroty have identified a total...

Security Affairs

November 10, 2021

Ironic twist: WP Reset PRO bug lets hackers wipe WordPress sites Full Text

Abstract A high severity security flaw in the WP Reset PRO WordPress plugin can let authenticated attackers wipe vulnerable websites, as revealed by Patchstack security researchers.

BleepingComputer

November 10, 2021

Apache Storm maintainers patch two pre-auth RCE vulnerabilities Full Text

Abstract The first vulnerability was found in one of the functions of Nimbus, which runs on top of a Thrift server. The second bug was found in Storm’s supervisor service, which runs on top of a Netty server.

The Daily Swig

November 10, 2021

Microsoft patches Excel zero-day used in attacks, asks Mac users to wait Full Text

Abstract During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors.

BleepingComputer

November 10, 2021

SAP Patches Critical Vulnerability in ABAP Platform Kernel Full Text

Abstract SAP on Tuesday announced the release of five new and two updated security notes as part of its November 2021 Security Patch Day, including one on a critical vulnerability in ABAP Platform Kernel.

Security Week

November 09, 2021

Microsoft Issues Patches for Actively Exploited Excel, Exchange Server 0-Day Bugs Full Text

Abstract Microsoft has released security updates as part of its monthly  Patch Tuesday  release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused to take control of an affected system. Of the 55 glitches, six are rated Critical and 49 are rated as Important in severity, with four others listed as publicly known at the time of release.  The most critical of the flaws are  CVE-2021-42321  (CVSS score: 8.8) and  CVE-2021-42292  (CVSS score: 7.8), each concerning a  post-authentication remote code execution flaw  in Microsoft Exchange Server and a security bypass vulnerability impacting Microsoft Excel versions 2013-2021 respectively. The Exchange Server issue is also one of the bugs that was demonstrated at the  Tianfu Cup  held in China last month. However, the Redmond-based tech giant did not provide any details on how the two aforem

The Hacker News

November 09, 2021

NUCLEUS:13 TCP security bugs impact critical healthcare devices Full Text

Abstract Researchers today published details about a suite of 13 vulnerabilities in the Nucleus real-time operating system (RTOS) from Siemens that powers devices used in the medical, industrial, automotive, and aerospace sectors.

BleepingComputer

November 9, 2021

Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs Full Text

Abstract Experts urged users to prioritize patches for Microsoft Exchange and Excel, those favorite platforms so frequently targeted by cybercriminals and nation-state actors.

Threatpost

November 09, 2021

Microsoft urges Exchange admins to patch bug exploited in the wild Full Text

Abstract Microsoft warned admins today to immediately patch a high severity Exchange Server vulnerability that may allow authenticated attackers to execute code remotely on vulnerable servers.

BleepingComputer

November 9, 2021

Microsoft Patch Tuesday security updates for November 2021 fix 2 Zero-Days actively exploited Full Text

Abstract Microsoft Patch Tuesday security updates for November 2021 address 55 vulnerabilities in multiple products and warn of two actively exploited issues. Microsoft Patch Tuesday security updates for November 2021 addressed a total of 55 vulnerabilities...

Security Affairs

November 9, 2021

12 New Flaws Used in Ransomware Attacks in Q3 Full Text

Abstract The Q3 2021 report revealed a 4.5% increase in CVEs associated with ransomware and a 3.4% increase in ransomware families compared with Q2 2021.

Threatpost

November 09, 2021

Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws Full Text

Abstract Today is Microsoft's November 2021 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 55 flaws. The actively exploited vulnerabilities are for Microsoft Exchange and Excel, with the Exchange zero-day used as part of the Tianfu hacking contest.

BleepingComputer

November 9, 2021

Clop gang exploiting CVE-2021-35211 RCE in SolarWinds Serv-U in recent attack Full Text

Abstract The Clop ransomware gang is exploiting CVE-2021-35211 vulnerability in SolarWinds Serv-U to compromise corporate networks. Threat actors always look for new ways to compromise target networks, Clop ransomware gang (aka TA505, FIN11) is exploiting...

Security Affairs

November 9, 2021

New Critical Vulnerabilities Found on Nucleus TCP/IP Stack Full Text

Abstract Forescout Research Labs, with support from Medigate Labs, have discovered a set of 13 new vulnerabilities affecting the Nucleus TCP/IP stack, which are collectively being referred to as NUCLEUS:13.

Forescout

November 08, 2021

Critical Flaws in Philips TASY EMR Could Expose Patient Data Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of critical vulnerabilities affecting Philips Tasy electronic medical records (EMR) system that could be exploited by remote threat actors to extract sensitive patient data from patient databases. "Successful exploitation of these vulnerabilities could result in patients' confidential data being exposed or extracted from Tasy's database, give unauthorized access, or create a denial-of-service condition," CISA  said  in a medical bulletin issued on November 4. Used by over 950 healthcare institutions primarily in Latin America, Philips Tasy EMR is designed as an  integrated healthcare informatics  solution that enables centralized management of clinical, organizational and administrative processes, including incorporating analytics, billing, and inventory and supply management for medical prescriptions. The  SQL injection  flaws — CVE-2021-39375 and CVE-2021-39376 — affect Tasy EMR HTML5

The Hacker News

November 08, 2021

Sitecore XP RCE flaw patched last month now actively exploited Full Text

Abstract The Australian Cyber Security Center (ACSC) is alerting web admins of the active exploitation of CVE-2021-42237, a remote code execution flaw in the Sitecore Experience Platform (Sitecore XP).

BleepingComputer

November 6, 2021

Philips Tasy EMR healthcare infomatics solution vulnerable to SQL injection Full Text

Abstract The Philips Tasy EMR comprehensive healthcare informatics solution is affected by two critical SQL injection vulnerabilities. The Philips Tasy EMR is a comprehensive healthcare informatics solution that is used by thousands of hospitals and healthcare...

Security Affairs

November 5, 2021

Linux Foundation Fixes ‘Dangerous’ Code Execution Kernel Bug Full Text

Abstract Researchers are calling attention to a newly discovered security defect in a kernel module that ships with all major Linux distributions, warning that remote attackers can exploit the bug to take complete control of a vulnerable system.

Security Week

November 05, 2021

Philips healthcare infomatics solution vulnerable to SQL injection Full Text

Abstract The Philips Tasy EMR, used by hundreds of hospitals as a medical record solution and healthcare management system, is vulnerable to two critical SQL injection flaws.

BleepingComputer

November 5, 2021

Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware Full Text

Abstract A new threat actor is exploiting ProxyShell flaws in attacks aimed at Microsoft Exchange servers to deploy the Babuk Ransomware in corporate networks. Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting...

Security Affairs

November 05, 2021

Mozilla Thunderbird 91.3 released to fix high impact flaws Full Text

Abstract ​Mozilla released  Thunderbird 91.3 to fix several high-impact vulnerabilities that can cause a denial of service, spoof the origin, bypass security policies, and allow arbitrary code execution.

BleepingComputer

November 04, 2021

Critical RCE Vulnerability Reported in Linux Kernel’s TIPC Module Full Text

Abstract Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication ( TIPC ) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. The heap overflow vulnerability "can be exploited locally or remotely within a network to gain kernel privileges, and would allow an attacker to compromise the entire system," cybersecurity firm SentinelOne  said  in a report published today and shared with The Hacker News. TIPC is a transport layer  protocol   designed  for nodes running in dynamic cluster environments to reliably communicate with each other in a manner that's more efficient and fault-tolerant than other protocols such as TCP. The vulnerability identified by SentinelOne has to do with a new message type called " MSG_CRYPTO " that was introduced in September 2020 and enables peer nodes in the cluster to

The Hacker News

November 4, 2021

Cisco warns of hard-coded credentials and default SSH key issues in some products Full Text

Abstract Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH keys. Cisco has released security updates to address two critical vulnerabilities that could have allowed...

Security Affairs

November 4, 2021

Expert found a critical remote code execution bug in Linux Kernel Full Text

Abstract A critical heap-overflow vulnerability, tracked as CVE-2021-43267, in Linux Kernel can allow remote attackers to takeover vulnerable installs. A SentinelOne researcher discovered a critical remote code execution vulnerability, tracked as CVE-2021-43267,...

Security Affairs

November 04, 2021

Cisco fixes hard-coded credentials and default SSH key issues Full Text

Abstract Cisco has released security updates to address critical security flaws allowing unauthenticated attackers to log in using hard-coded credentials or default SSH keys to take over unpatched devices.

BleepingComputer

November 04, 2021

Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware Full Text

Abstract A new threat actor is hacking Microsoft Exchange servers and breaching corporate networks using the ProxyShell vulnerability to deploy the Babuk Ransomware.

BleepingComputer

November 04, 2021

Samsung Galaxy S21 hacked on second day of Pwn2Own Austin Full Text

Abstract Contestants hacked the Samsung Galaxy S21 smartphone during the second day of the Pwn2Own Austin 2021 competition, as well as routers, NAS devices, speakers, and printers from Cisco, TP-Link, Western Digital, Sonos, Canon, Lexmark, and HP.

BleepingComputer

November 3, 2021

‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks Full Text

Abstract The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new “Tortilla” threat actor.

Threatpost

November 03, 2021

Federal agencies ordered to patch hundreds of vulnerabilities Full Text

Abstract The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday ordered all federal agencies to immediately begin work on patching hundreds of cyber vulnerabilities, warning that malicious actors are continuing to target U.S. critical infrastructure. 

The Hill

November 3, 2021

Mozilla fixes security vulnerabilities in Firefox 94 Full Text

Abstract In a security advisory, Mozilla’s announced that several security issues in its Firefox browser have been fixed. Several of these vulnerabilities were listed as having a high impact.

Malwarebytes Labs

November 3, 2021

Google fixes actively exploited Zero-Day Kernel flaw in Android Full Text

Abstract Google’s Android November 2021 security updates address a zero-day vulnerability in the Kernel that is actively exploited in the wild. Google’s Android November 2021 security updates addressed 18 vulnerabilities in the framework and system components...

Security Affairs

November 2, 2021

Android Patches Actively Exploited Zero-Day Kernel Bug Full Text

Abstract Google’s Android November 2021 security updates plug 18 flaws in the framework and system components and 18 more in the kernel and vendor components.

Threatpost

November 2, 2021

Apple macOS Flaw Allows Kernel-Level Compromise Full Text

Abstract ‘Shrootless’ allows bypass of System Integrity Protection IT security measures to install a malicious rootkit that goes undetected and performs arbitrary device operations.

Threatpost

November 02, 2021

Google Warns of New Android 0-Day Vulnerability Under Active Targeted Attacks Full Text

Abstract Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks. Tracked as CVE-2021-1048 , the zero-day bug is described as a  use-after-free vulnerability  in the kernel that can be exploited for local privilege escalation. Use-after-free issues are dangerous as it could enable a threat actor to access or referencing memory after it has been freed, leading to a " write-what-where " condition that results in the execution of arbitrary code to gain control over a victim's system. "There are indications that CVE-2021-1048 may be under limited, targeted exploitation," the company  noted  in its November advisory without revealing technical details of the vulnerability, the nature of the intrusions, and the identities of the attackers that may have abused the flaw. Also remediated in the security patch are two critical re

The Hacker News

November 02, 2021

Alert! Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild Full Text

Abstract A now-patched critical remote code execution (RCE) vulnerability in GitLab's web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as  CVE-2021-22205 , the issue relates to an improper validation of user-provided images that results in arbitrary code execution. The vulnerability, which affects all versions starting from 11.9, has since been  addressed  by GitLab on April 14, 2021 in versions 13.8.8, 13.9.6, and 13.10.3. In one of the real-world attacks  detailed  by HN Security last month, two user accounts with admin privileges were registered on a publicly-accessible GitLab server belonging to an unnamed customer by exploiting the aforementioned flaw to upload a malicious payload that leads to remote execution of arbitrary commands, including obtaining elevated permissions. Although the flaw was initially deemed to be a case of authentica

The Hacker News

November 02, 2021

Over 30,000 GitLab servers still unpatched against critical bug Full Text

Abstract A critical unauthenticated, remote code execution GitLab flaw fixed on April 14, 2021, remains exploitable, with over 50% of deployments remaining unpatched.

BleepingComputer

November 2, 2021

Google triples bounty for new Linux Kernel exploitation techniques Full Text

Abstract Google is going to increase the bounty for finding and exploiting privilege escalation vulnerabilities in the Linux kernel. Good news for white hat hackers, Google is going to increase the bounty for demonstrating privilege escalation vulnerabilities...

Security Affairs

November 2, 2021

50% of internet-facing GitLab installations are still affected by a RCE flaw Full Text

Abstract Researchers warn of a now-fixed critical remote code execution (RCE) vulnerability in GitLab 's web interface actively exploited in the wild. Cybersecurity researchers warn of a now-patched critical remote code execution (RCE) vulnerability, tracked...

Security Affairs

November 02, 2021

Android November patch fixes actively exploited kernel bug Full Text

Abstract Google has released the Android November 2021 security updates, which address 18 vulnerabilities in the framework and system components, and 18 more flaws in the kernel and vendor components.

BleepingComputer

November 01, 2021

‘Trojan Source’ attack method can hide bugs into open-source code Full Text

Abstract Academic researchers have released details about a new attack method they call "Trojan Source" that allows injecting vulnerabilities into the source code of a software project in a way that human reviewers can't detect.

BleepingComputer

November 01, 2021

Critical Flaws Uncovered in Pentaho Business Analytics Software Full Text

Abstract Multiple vulnerabilities have been disclosed in Hitachi Vantara's Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were  reported  by researchers Alberto Favero from German cybersecurity firm Hawsec and Altion Malka from Census Labs earlier this year, prompting the company to  issue  necessary patches to address the issues. Pentaho is a Java-based business intelligence platform that offers data integration, analytics, online analytical processing (OLAP), and mining capabilities, and  counts  major  companies and organizations  like Bell, CERN, Cipal, Logitech, Nasdaq, Telefonica, Teradata, and the National September 11 Memorial and Museum among its customers. The list of flaws, which affect Pentaho Business Analytics versions 9.1 and lower, is as follows - CVE-2021-31599  (CVSS score: 9.9) - Remote Code Executi

The Hacker News

November 1, 2021

GoCD patches ‘Highly Critical’ authentication vulnerability Full Text

Abstract GoCD is an open-source Continuous Integration and Continuous Delivery system (CI/CD) tool that is used by software developers and organizations for automating software delivery.

Secure Zoo

November 1, 2021

Researchers Discover Flaw in Unicode’s Bidi Algorithm Affecting Most Code Compilers and Software Development Environments Full Text

Abstract The weakness involves Unicode’s bi-directional or “Bidi” algorithm, which handles displaying text that includes mixed scripts with different display orders, such as Arabic and English.

Krebs on Security

November 1, 2021

Microsoft warns of an increase in password spraying attacks Full Text

Abstract The Microsoft Detection and Response Team (DART) warns of a rise in password spray attacks targeting valuable cloud accounts. The Microsoft Detection and Response Team (DART) observed a worrisome rise in password spray attacks targeting privileged...

Security Affairs

October 30, 2021

War-Driving - Still an Easy Bet for Household Wi-Fi Attacks Full Text

Abstract A researcher from CyberArk demonstrated how a cheap device can be exploited to break into over 70% of Wi-Fi networks in one Tel Aviv community. According to researchers , the sniffing technique used in the experiment only works with routers supporting roaming features. U sers should use complex p ... Read More

Cyware Alerts - Hacker News

October 30, 2021

Chrome 95 Update Patches Exploited Zero-Days, Flaws Disclosed at Tianfu Cup Full Text

Abstract A Chrome 95 update released by Google patches two actively exploited Chrome vulnerabilities, as well as flaws that were disclosed recently at Tianfu Cup, a Chinese hacking contest.

Security Week

October 30, 2021

Apple fixes security feature bypass in macOS Full Text

Abstract Apple has delivered a barrage of updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection bypass in macOS, and CVE-2021-30883, an iOS flaw that’s actively exploited by attackers.

Help Net Security

October 29, 2021

New ‘Shrootless’ Bug Could Let Attackers Install Rootkit on macOS Systems Full Text

Abstract Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. Dubbed " Shrootless " and tracked as  CVE-2021-30892 , the "vulnerability lies in how Apple-signed packages with post-install scripts are installed," Microsoft 365 Defender Research Team's Jonathan Bar Or  said  in a technical write-up. "A malicious actor could create a specially crafted file that would hijack the installation process." System Integrity Protection ( SIP ) aka "rootless" is a  security feature  introduced in OS X El Capitan that's designed to protect the macOS operating system by restricting a  root user  from executing unauthorized code or performing operations that may compromise system integrity. Specifically, SIP allows modification of prote

The Hacker News

October 29, 2021

Google Chromebooks failing to enroll due to network issue Full Text

Abstract Since Thursday evening, Google has been investigating reports of customers having issues enrolling their Chromebooks with a network error.

BleepingComputer

October 29, 2021

Google fixes 2 new actively exploited zero-day flaws in Chrome Full Text

Abstract Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to address two actively exploited zero-day vulnerabilities. Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to address two zero-day vulnerabilities, tracked as CVE-2021-38000...

Security Affairs

October 28, 2021

Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs Full Text

Abstract Google on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild. Tracked as  CVE-2021-38000  and  CVE-2021-38003 , the weaknesses relate to insufficient validation of untrusted input in a feature called Intents as well as a case of inappropriate implementation in V8 JavaScript and WebAssembly engine. The internet giant's Threat Analysis Group (TAG) has been credited with discovering and reporting the two flaws on September 15, 2021, and October 26, 2021, respectively. "Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild," the company  noted  in an advisory without delving into technical specifics about how the two vulnerabilities were used in attacks or the threat actors that may have weaponized them. Also addressed as part of this stable channel update is a  use-after-free  vulnerability in the Web Transport component

The Hacker News

October 28, 2021

Emergency Google Chrome update fixes zero-days used in attacks Full Text

Abstract Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to fix two zero-day vulnerabilities that attackers have actively exploited.

BleepingComputer

October 28, 2021

Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection Full Text

Abstract Microsoft finds a flaw in macOS, dubbed Shrootless (CVE-2021-30892), that can allow attackers to bypass System Integrity Protection (SIP). Microsoft discovered a vulnerability in macOS, dubbed Shrootless (CVE-2021-30892), that can allow attackers...

Security Affairs

October 28, 2021

All Windows versions impacted by new LPE zero-day vulnerability Full Text

Abstract A security researcher has disclosed technical details for a Windows zero-day privilege elevation vulnerability and a public proof-of-concept (PoC) exploit that gives SYSTEM privileges under certain conditions.

BleepingComputer

October 28, 2021

Attackers Targeting a Zero-Day Bug in BillQuick Billing System Full Text

Abstract Researchers have disclosed details about a now-patched critical vulnerability in a time and billing system called BillQuick that was being by a new ransomware group. It can be triggered simply by using login requests with invalid characters in the username field. It's recommended to apply the ... Read More

Cyware Alerts - Hacker News

October 28, 2021

Over 1 million WordPress sites affected by OptinMonster plugin flaws Full Text

Abstract A vulnerability in the popular the OptinMonster plugin allows unauthorized API access and sensitive information disclosure. A high-severity vulnerability (CVE-2021-39341) in The OptinMonster plugin can allow unauthorized API access and sensitive...

Security Affairs

October 28, 2021

Microsoft: Shrootless bug lets hackers install macOS rootkits Full Text

Abstract Attackers could use a new macOS vulnerability discovered by Microsoft to bypass System Integrity Protection (SIP) and perform arbitrary operations, elevate privileges to root, and install rootkits on vulnerable devices.

BleepingComputer

October 28, 2021

WordPress plugin bug impacts 1M sites, allows malicious redirects Full Text

Abstract The OptinMonster plugin is affected by a high-severity flaw that allows unauthorized API access and sensitive information disclosure on roughly a million WordPress sites.

BleepingComputer

October 27, 2021

WordPress Plugin Bug Lets Subscribers Wipe Sites Full Text

Abstract The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable WordPress site, deleting nearly all database content and uploaded media.

Threatpost

October 27, 2021

Adobe’s Surprise Security Bulletin Dominated by Critical Patches Full Text

Abstract Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure.

Threatpost

October 27, 2021

War-Driving Technique Allows Wi-Fi Password-Cracking at Scale Full Text

Abstract A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood.

Threatpost

October 27, 2021

Apple Patches Critical iOS Bugs; One Under Attack Full Text

Abstract Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks.

Threatpost

October 27, 2021

Fuji Electric Patches Vulnerabilities in Factory Monitoring Software Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday published an advisory to inform organizations about these flaws and the availability of fixes.

Security Week

October 25, 2021

New Attack Let Attacker Collect and Spoof Browser’s Digital Fingerprints Full Text

Abstract A "potentially devastating and hard-to-detect threat" could be abused by attackers to collect users' browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy. Academics from Texas A&M University dubbed the attack system " Gummy Browsers ," likening it to a nearly 20-year-old " Gummy Fingers " technique that can impersonate a user's fingerprint biometrics.  "The idea is that the attacker 𝐴 first makes the user 𝑈 connect to his website (or to a well-known site the attacker controls) and transparently collects the information from 𝑈 that is used for fingerprinting purposes (just like any fingerprinting website 𝑊 collects this information)," the researchers outlined. "Then, 𝐴 orchestrates a browser on his own machine to replicate and transmit the same fingerprinting information when connecting to 𝑊, fooling 𝑊 to think that 𝑈 is the one re

The Hacker News

October 25, 2021

CISA Urges Sites to Patch Critical RCE in Discourse Full Text

Abstract The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazon’s Seller Central.

Threatpost

October 25, 2021

A critical RCE flaw affects Discourse software, patch it now! Full Text

Abstract US CISA urges administrators to address a critical remote code execution flaw, tracked as CVE-2021-41163, in Discourse installs. Discourse is a popular open-source Internet forum and mailing list management software application. The US CISA published...

Security Affairs

October 25, 2021

Researcher Earns $2 Million for Critical Vulnerability in Polygon Full Text

Abstract A security researcher found a critical vulnerability in Polygon’s Plasma Bridge that could have allowed a malicious user to submit the same withdrawal transaction 224 times, with different exit IDs.

Security Week

October 25, 2021

Red TIM Research found two rare flaws in Ericsson OSS-RC component Full Text

Abstract The Red Team Research (RTR), the bug’s research division from Italian Telecommunication firm TIM, found 2 new vulnerabilities affecting the Ericsson OSS-RC. What is the OSS (Operations Support System)? The Operations Support System – Radio...

Security Affairs

October 25, 2021

Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now! Full Text

Abstract Cisco addressed a high-severity OS command-injection vulnerability, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution.

Security Affairs

October 23, 2021

Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now! Full Text

Abstract Cisco fixes an OS command-injection flaw, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco addressed a high-severity OS command-injection vulnerability, tracked as CVE-2021-1529,...

Security Affairs

October 22, 2021

Facebook SSRF Dashboard allows hunting SSRF vulnerabilities Full Text

Abstract Facebook developed a new tool that allows security experts to look for Server-Side Request Forgery (SSRF) vulnerabilities in their software. Facebook announced to have designed a new tool, named SSRF Dashboard, that allows security researchers to search...

Security Affairs

October 21, 2021

Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer Full Text

Abstract A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems, underscoring how vulnerabilities in such software could beсome a gateway for a roster of attacks. Tracked as CVE-2021-35052, the bug impacts the trial version of the software running version 5.70. "This vulnerability allows an attacker to intercept and modify requests sent to the user of the application," Positive Technologies' Igor Sak-Sakovskiy  said  in a technical write-up. "This can be used to achieve remote code execution (RCE) on a victim's computer." Sak-Sakovskiy noted that investigation into WinRAR began after observing a JavaScript error rendered by MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in Office to render web content inside Word, Excel, and PowerPoint documents, leading to the discov

The Hacker News

October 21, 2021

A flaw in WinRAR could lead to remote code execution Full Text

Abstract A vulnerability in the WinRAR is a trialware file archiver utility for Windows could be exploited by a remote attacker to hack a system. Positive Technologies researcher Igor Sak-Sakovskiy discovered a remote code execution vulnerability, tracked...

Security Affairs

October 21, 2021

Historic scientific notation bug foils WAF defenses Full Text

Abstract Security researchers have discovered that a historic vulnerability affecting both MySQL and MariaDB databases caused serious flaws for security technologies from Amazon Web Services.

The Daily Swig

October 21, 2021

Google launches Android Enterprise bug bounty program Full Text

Abstract Google has announced the launch of its first vulnerability rewards program for Android Enterprise with bounties of up to $250,000.

BleepingComputer

October 20, 2021

Oracle’s October 2021 CPU Includes 419 Security Patches Full Text

Abstract Oracle on Tuesday announced the release of its latest quarterly Critical Patch Update (CPU), which includes a total of 419 security patches for vulnerabilities across the company’s portfolio.

Security Week

October 20, 2021

Political-themed actor using old MS Office flaw to drop multiple RATs Full Text

Abstract A novel threat actor with unclear motives has been discovered running a crimeware campaign which delivers multiple Windows and Android RATs (remote access tools) through the exploitation of CVE-2017-11882.

BleepingComputer

October 20, 2021

Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices Full Text

Abstract Microsoft has published a new advisory warning of a security bypass vulnerability affecting Surface Pro 3 convertible laptops that could be exploited by an adversary to introduce malicious devices within enterprise networks and defeat the device attestation mechanism. Tracked as  CVE-2021-42299  (CVSS score: 5.6), the issue has been codenamed " TPM Carte Blanche " by Google software engineer Chris Fenner, who is credited with discovering and reporting the attack technique. As of writing, other Surface devices, including the Surface Pro 4 and Surface Book, have been deemed unaffected, although other non-Microsoft machines using a similar BIOS may be vulnerable. "Devices use Platform Configuration Registers ( PCRs ) to record information about device and software configuration to ensure that the boot process is secure," the Windows maker noted in a bulletin. "Windows uses these PCR measurements to determine device health. A vulnerable device can masquerade as

The Hacker News

October 20, 2021

Zerodium is looking for zero-day exploits in ExpressVPN, NordVPN, and Surfshark Windows VPN clients Full Text

Abstract Zero-day exploit broker Zerodium announced it is looking for zero-day vulnerabilities in the Windows clients of ExpressVPN, NordVPN, and Surfshark. Zerodium is looking to pay for zero-day exploits for vulnerabilities in the Windows clients of three...

Security Affairs

October 20, 2021

PoC Exploit that Bypass macOS Security is Out and Being Exploited Full Text

Abstract Experts found a PoC exploit for a macOS Gatekeeper bypass flaw that was being exploited in the wild. Tracked as CVE-2021-1810, t he vulnerability exploits the way in which Archive Utility handles file paths in MacOS systems. If any malware bypass this, it could be a massive compromise for a targete ... Read More

Cyware Alerts - Hacker News

October 19, 2021

Zerodium wants zero-day exploits for Windows VPN clients Full Text

Abstract In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in three popular virtual private network (VPN) service providers on the market.

BleepingComputer

October 19, 2021

PurpleFox Adds New Vulnerability Exploit, Rootkit Capabilities, and .NET Backdoor Full Text

Abstract The new backdoor leverages WebSockets to communicate with its command-and-control (C&C) servers, resulting in a more robust and secure means of communication compared to regular HTTP traffic.

Trend Micro

October 19, 2021

Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services Full Text

Abstract Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine.  Tracked as CVE-2021-41556 , the issue occurs when a game library referred to as Squirrel Engine is used to execute untrusted code and affects stable release branches 3.x and 2.x of Squirrel. The vulnerability was responsibly disclosed on August 10, 2021. Squirrel is an open-source, object-oriented programming language that's used for scripting video games and as well as in IoT devices and distributed transaction processing platforms such as Enduro/X. "In a real-world scenario, an attacker could embed a malicious Squirrel script into a community map and distribute it via the trusted Steam Workshop," researchers Simon Scannell and Niklas Breitfeld said in a report shared with

The Hacker News

October 19, 2021

Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services Full Text

Abstract The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in cloud services such as Twilio Electric Imp.

Threatpost

October 19, 2021

Microsoft issues advisory for Surface Pro 3 TPM bypass vulnerability Full Text

Abstract Microsoft has published an advisory regarding a security feature bypass vulnerability impacting Surface Pro 3 tablets which could allow threat actors to introduce malicious devices within enterprise environments.

BleepingComputer

October 18, 2021

Prometheus endpoint unprotected installs could expose sensitive data Full Text

Abstract Experts discovered several unprotected installs of open source event monitoring solution Prometheus that may expose sensitive data. JFrog researchers have discovered multiple unprotected instances of open source event monitoring solution Prometheus...

Security Affairs

October 18, 2021

Microsoft asks admins to patch PowerShell to fix WDAC bypass Full Text

Abstract Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC) enforcements and gain access to plain text credentials.

BleepingComputer

October 18, 2021

Credit card PINs can be guessed even when covering the ATM pad Full Text

Abstract Researchers have proven it's possible to train a special-purpose deep-learning algorithm that can guess 4-digit card PINs 41% of the time, even if the victim is covering the pad with their hands. 

BleepingComputer

October 17, 2021

Windows 10, Linux, iOS, Chrome and Many Others at Hacked Tianfu Cup 2021 Full Text

Abstract Windows 10, iOS 15, Google Chrome, Apple Safari, Microsoft Exchange Server, and Ubuntu 20 were successfully broken into using original, never-before-seen exploits at the Tianfu Cup 2021, the fourth edition of the international cybersecurity contest held in the city of Chengdu, China. Targets this year  included  Google Chrome running on Windows 10 21H1, Apple Safari running on Macbook Pro, Adobe PDF Reader, Docker CE, Ubuntu 20/CentOS 8, Microsoft Exchange Server 2019, Windows 10, VMware Workstation, VMware ESXi, Parallels Desktop, iPhone 13 Pro running iOS 15, domestic mobile phones running Android, QEMU VM, Synology DS220j DiskStation, and ASUS RT-AX56U router. The Chinese version of Pwn2Own was  started  in 2018 in the wake of government regulation in the country that barred security researchers from participating in international hacking competitions because of national security concerns. With the exception of Synology DS220j NAS, Xiaomi Mi 11 smartphone, and an unnamed Chine

The Hacker News

October 16, 2021

Juniper Networks Patches Over 70 Vulnerabilities Full Text

Abstract Networking and cybersecurity solutions provider Juniper Networks this week released more than 40 security advisories to describe over 70 vulnerabilities that affect the company’s products.

Security Week

October 15, 2021

Juniper Networks released +40 security advisories to fix +70 vulnerabilities Full Text

Abstract Cybersecurity provider Juniper Networks released more than 40 security advisories to address over 70 vulnerabilities that affect its solutions. Cybersecurity provider Juniper Networks released more than 40 security advisories to address more than...

Security Affairs

October 14, 2021

Rickroll Grad Prank Exposes Exterity IPTV Bug Full Text

Abstract IPTV and IP video security is increasingly under scrutiny, even by high school kids.

Threatpost

October 14, 2021

Intel, VMware Join Patch Tuesday Parade Full Text

Abstract Intel released two advisories to fix privilege escalation and information disclosure vulnerabilities in the SGX software development kit and Hardware Accelerated Execution Manager software products.

Security Week

October 14, 2021

Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones Full Text

Abstract Multiple security vulnerabilities have been disclosed in softphone software from Linphone and MicroSIP that could be exploited by an unauthenticated remote adversary to crash the client and even extract sensitive information like password hashes by simply making a malicious call. The vulnerabilities, which were discovered by Moritz Abrell of German pen-testing firm SySS GmbH, have since been addressed by the respective manufacturers following responsible disclosure. Softphones are essentially software-based phones that mimic desk phones and allow for making telephone calls over the Internet without the need for using dedicated hardware. At the core of the issues are the SIP services offered by the clients to connect two peers to facilitate telephony services in IP-based mobile networks. SIP aka Session Initiation Protocol is a  signaling protocol  that's used to control interactive communication sessions, such as voice, video, chat and instant messaging, as well as games and v

The Hacker News

October 14, 2021

Experts Warn of Unprotected Prometheus Endpoints Exposing Sensitive Information Full Text

Abstract A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research. "Due to the fact that authentication and encryption support is relatively new, many organizations that use Prometheus haven't yet enabled these features and thus many Prometheus endpoints are completely exposed to the Internet (e.g. endpoints that run earlier versions), leaking metric and label dat," JFrog researchers Andrey Polkovnychenko and Shachar Menashe  said  in a report. Prometheus  is an open-source system monitoring and alerting toolkit used to collect and process metrics from different endpoints, alongside enabling easy observation of software metrics such as memory usage, network usage, and software-specific defined metrics, such as the number of failed logins to a web application. Support for Transport

The Hacker News

October 13, 2021

Critical Flaw in OpenSea Could Have Let Hackers Steal Cryptocurrency From Wallets Full Text

Abstract A now-patched critical vulnerability in OpenSea, the world's largest non-fungible token ( NFT ) marketplace, could've been abused by malicious actors to drain cryptocurrency funds from a victim by sending a specially-crafted token, opening a new attack vector for exploitation. The findings come from cybersecurity firm Check Point Research, which began an investigation into the platform following public reports of stolen cryptocurrency wallets triggered by free airdropped NFTs. The issues were fixed in less than one hour of responsible disclosure on September 26, 2021. "Left unpatched, the vulnerabilities could allow hackers to hijack user accounts and steal entire cryptocurrency wallets by crafting malicious NFTs," Check Point researchers  said . As the name indicates, NFTs are unique digital assets such as photos, videos, audio, and other items that can be sold and traded on the blockchain, using the technology as a certificate of authenticity to establish a ver

The Hacker News

October 13, 2021

Apple silently fixed iOS zero-day without crediting the expet who reported it Full Text

Abstract Apple has silently addressed a zero-day vulnerability that could allow attackers to gain access to sensitive user data. Apple has silently addressed zero-day vulnerability with the release of iOS 15.0.2, the vulnerability could allow attackers gain...

Security Affairs

October 13, 2021

Apple silently fixes iOS zero-day, asks bug reporter to keep quiet Full Text

Abstract Apple has silently fixed a gamed zero-day vulnerability with the release of iOS 15.0.2, on Monday, a security flaw that could let attackers gain access to sensitive user information.

BleepingComputer

October 13, 2021

Two Flaws in Apache Servers are Under Attack Full Text

Abstract Apache, the open-source cross-platform web server software, rolled out patches to fix two security vulnerabilities that were being abused by criminals. While the first flaw can be exploited for RCE, the other moderate flaw can enable DoS attacks on the server. Experts recommend following proper pat ... Read More

Cyware Alerts - Hacker News

October 13, 2021

OpenSea NFT platform bugs let hackers steal crypto wallets Full Text

Abstract Security researchers found that an attacker could leave OpenSea account owners with an empty cryptocurrency balance by luring them to click on malicious NFT art.

BleepingComputer

October 13, 2021

Siemens and Schneider Electric Address Over 50 Vulnerabilities for Patch Tuesday Full Text

Abstract Industrial giants Siemens and Schneider Electric on Tuesday released nearly a dozen security advisories describing a total of more than 50 vulnerabilities affecting their products.

Security Week

October 12, 2021

Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack Full Text

Abstract Microsoft on Tuesday rolled out  security patches  to contain a total of 71 vulnerabilities in Microsoft Windows and other software, including a fix for an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take control over vulnerable systems. Two of the addressed security flaws are rated Critical, 68 are rated Important, and one is rated Low in severity, with three of the issues listed as publicly known at the time of the release. The four zero-days are as follows — CVE-2021-40449  (CVSS score: 7.8) - Win32k Elevation of Privilege Vulnerability CVE-2021-41335  (CVSS score: 7.8) - Windows Kernel Elevation of Privilege Vulnerability CVE-2021-40469  (CVSS score: 7.2) - Windows DNS Server Remote Code Execution Vulnerability CVE-2021-41338  (CVSS score: 5.5) - Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability At the top of the list is CVE-2021-40449, a use-after-free vulnerability

The Hacker News

October 12, 2021

Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice Full Text

Abstract The maintainers of LibreOffice and OpenOffice have shipped security updates to their productivity software to remediate multiple vulnerabilities that could be weaponized by malicious actors to alter documents to make them appear as if they are digitally signed by a trusted source. The list of the three flaws is as follows — CVE-2021-41830  /  CVE-2021-25633  - Content and Macro Manipulation with Double Certificate Attack CVE-2021-41831  /  CVE-2021-25634  - Timestamp Manipulation with Signature Wrapping CVE-2021-41832  /  CVE-2021-25635  - Content Manipulation with Certificate Validation Attack Successful exploitation of the vulnerabilities could permit an attacker to  manipulate the timestamp  of signed ODF documents, and worse,  alter the contents  of a document or  self-sign a document  with an untrusted signature, which is then tweaked to change the  signature algorithm  to an invalid or unknown algorithm.  In both the latter two attack scenarios — stemming as a result o

The Hacker News

October 12, 2021

PyPI removes ‘mitmproxy2’ over code execution concerns Full Text

Abstract The PyPI repository has removed a Python package called 'mitmproxy2' that was an identical copy of the official "mitmproxy" library, but with an "artificially introduced" code execution vulnerability. The 'mitmproxy' Python package is a free and open-source interactive HTTPS proxy

BleepingComputer

October 12, 2021

GitHub Revoked Insecure SSH Keys Generated by a Popular git Client Full Text

Abstract Code hosting platform GitHub has  revoked  weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said it's building safeguards to prevent vulnerable versions of GitKraken from adding newly generated weak keys. The problematic dependency, called " keypair ," is an open-source SSH key generation library that allows users to create RSA keys for authentication-related purposes. It has been found to impact  GitKraken  versions 7.6.x, 7.7.x, and 8.0.0, released between May 12, 2021, and September 27, 2021. The flaw — tracked as CVE-2021-41117 (CVSS score: 8.7) — concerns a bug in the pseudo-random number generator used by the library, resulting in the creation of a weaker form of public SSH keys, which, owing to their low entropy — i.e., the measure of randomness — could boost

The Hacker News

October 12, 2021

Adobe addresses four critical flaws in its products Full Text

Abstract Adobe addressed ten vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products. Adobe has released security updates to address ten vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign...

Security Affairs

October 12, 2021

Microsoft October 2021 Patch Tuesday fixes 4 zero-days, 71 flaws Full Text

Abstract Today is Microsoft's October 2021 Patch Tuesday, and with it comes fixes for four zero-day vulnerabilities and a total of 74 flaws.

BleepingComputer

October 12, 2021

GitKraken flaw lead to the generation of weak SSH keys Full Text

Abstract Git GUI client GitKraken team fixed a flaw that lead to the generation of weak SSH keys, users are recommended to revoke and renew their keys. The development team behind the Git GUI client GitKraken has fixed a vulnerability that was leading to the generation...

Security Affairs

October 12, 2021

InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks Full Text

Abstract Several serious vulnerabilities discovered by researchers in industrial routers made by InHand Networks could expose many organizations to remote attacks, and patches do not appear to be available.

Security Week

October 12, 2021

Vulnerabilities Expose exacqVision Video Surveillance Systems to Remote Attacks Full Text

Abstract Researchers at Tenable discovered critical and high-severity vulnerabilities in video surveillance systems made by Exacq Technologies, which is owned by building technology giant Johnson Controls.

Security Week

October 12, 2021

Microsoft revokes insecure SSH keys for Azure DevOps customers Full Text

Abstract Microsoft revoked insecure SSH keys some Azure DevOps have generated using a GitKraken git GUI client version impacted by an underlying issue found in one of its dependencies.

BleepingComputer

October 11, 2021

Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability Full Text

Abstract Apple on Monday released a security update for iOS and iPad to address a critical vulnerability that it says is being exploited in the wild, making it the 17th zero-day flaw the company has addressed in its products since the start of the year.' The weakness, assigned the identifier  CVE-2021-30883 , concerns a memory corruption issue in the "IOMobileFrameBuffer" component that could allow an application to execute arbitrary code with kernel privileges. Crediting an anonymous researcher for reporting the vulnerability, Apple said it's "aware of a report that this issue may have been actively exploited." Technical specifics about the flaw and the nature of the attacks remain unavailable as yet, as is the identity of the threat actor, so as to allow a majority of the users to apply the patch and prevent other adversaries from weaponizing the vulnerability. The iPhone maker said it addressed the issue with improved memory handling. Security researcher Saar

The Hacker News

October 11, 2021

GitHub revokes duplicate SSH auth keys linked to library bug Full Text

Abstract GitHub has revoked weak SSH authentication keys generated using a library that incorrectly created duplicate RSA keypairs.

BleepingComputer

October 11, 2021

Apple released emergency update to fix zero-day actively exploited Full Text

Abstract Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the wild. Apple has released iOS 15.0.2 and iPadOS 15.0.2 to address a zero-day flaw, tracked as CVE-2021-30883, that is actively exploited...

Security Affairs

October 11, 2021

Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks Full Text

Abstract Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability that is actively exploited in the wild in attacks targeting Phones and iPads.

BleepingComputer

October 11, 2021

LibreOffice, OpenOffice bug allows hackers to spoof signed docs Full Text

Abstract LibreOffice and OpenOffice have pushed updates to address a vulnerability that makes it possible for an attacker to manipulate documents to appear as signed by a trusted source. 

BleepingComputer

October 11, 2021

Improper Certificate Validation issue in LibreOffice and OpenOffice allows signed docs spoofing Full Text

Abstract LibreOffice and OpenOffice released security updates to address a vulnerability that can be exploited by an attacker to spoof signed documents.  LibreOffice and OpenOffice released security updates to address a moderate-severity flaw that...

Security Affairs

October 10, 2021

Medtronic recalls some controllers used with some of its insulin pumps over cyberattack risks Full Text

Abstract Medical device maker Medtronic recalled the remote controllers used with some of its insulin pumps because of dangerous vulnerabilities. Medical device maker Medtronic has recalled the remote controllers used with some of its insulin pumps because...

Security Affairs

October 9, 2021

Google addresses four high-severity flaws in Chrome Full Text

Abstract Google has addressed a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac, and Linux. Google released security updates to address a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac,...

Security Affairs

October 9, 2021

Security expert published NMAP script for Apache CVE-2021-41773 vulnerability Full Text

Abstract Security expert Dhiraj Mishra published an NMAP script for the CVE-2021-41773 Path Traversal vulnerability affecting Apache Web Server version 2.4.49. Security researcher Dhiraj Mishra released an NMAP script for the CVE-2021-41773 path...

Security Affairs

October 8, 2021

Google Patches Four Severe Vulnerabilities in Chrome Full Text

Abstract Google this week announced the release of an updated Chrome version for Windows, Mac, and Linux, to address a total of four high-severity security vulnerabilities in the browser.

Security Week

October 8, 2021

Apache rolled out a new update in a few days to fix incomplete patch for an actively exploited flaw Full Text

Abstract Apache Software Foundation has released HTTP Web Server 2.4.51 to completely address a vulnerability that has been actively exploited in the wild. Apache Software Foundation has released HTTP Web Server 2.4.51 to address an actively exploited path...

Security Affairs

October 07, 2021

New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks Full Text

Abstract The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an "incomplete fix" for an  actively exploited  path traversal and remote code execution flaw that it patched earlier this week. CVE-2021-42013 , as the new vulnerability is identified as, builds upon  CVE-2021-41773 , a flaw that impacted Apache web servers running version 2.4.49 and involved a  path normalization  bug that could enable an adversary to access and view arbitrary files stored on a vulnerable server. Although the flaw was addressed by the maintainers in version 2.4.50, a day after the patches were released it became known that the weakness could also be abused to gain remote code execution if the "mod_cgi" module was loaded and the configuration "require all denied" was absent, prompting Apache to issue another round of emergency updates. "It was found that the fix for CVE-2021-41773 in Apache HT

The Hacker News

October 07, 2021

Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects Full Text

Abstract A high-severity code injection vulnerability has been disclosed in 23andMe's Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code. The flaw, tracked as  CVE-2021-38305  (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution. Particularly, the  issue  resides in the schema parsing function, which allows any input passed to be evaluated and executed, resulting in a scenario where a specially-crafted string within the schema can be abused for the injection of system commands. Yamale is a Python package that allows developers to validate YAML — a data serialization language often used for writing configuration files — from the command line. The package is used by at least  224 repositories  on GitHub.  "This gap allows attackers that can provide an input schema file to perform Python code injection that leads to code execut

The Hacker News

October 7, 2021

PoC exploit for 2 flaws in Dahua cameras leaked online Full Text

Abstract A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. Experts warn of the availability of proof of concept (PoC) exploit code for a couple...

Security Affairs

October 07, 2021

Apache emergency update fixes incomplete patch for exploited bug Full Text

Abstract Apache Software Foundation has released HTTP Web Server 2.4.51 after researchers discovered that a previous security update didn't correctly fix an actively exploited vulnerability.

BleepingComputer

October 7, 2021

Cisco Patches High-Severity Vulnerabilities in Security Appliances, Business Switches Full Text

Abstract Cisco this week released patches for multiple high-severity vulnerabilities affecting its Web Security Appliance (WSA), Intersight Virtual Appliance, Small Business 220 switches, and other products.

Security Week

October 07, 2021

Microsoft fixes bug blocking Azure Virtual Desktops security updates Full Text

Abstract Microsoft has fixed a bug blocking some Azure Virtual Desktop (AVD) devices from downloading and installing monthly security via Windows Server Update Services (WSUS) since early July.

BleepingComputer

October 07, 2021

Unpatched Dahua cams vulnerable to unauthenticated remote access Full Text

Abstract Unpatched Dahua cameras are prone to two authentication bypass vulnerabilities, and a proof of concept exploit that came out today makes the case of upgrading pressing. 

BleepingComputer

October 6, 2021

Canopy Parental Control App Wide Open to Unpatched XSS Bugs Full Text

Abstract The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users.

Threatpost

October 06, 2021

Actively exploited Apache 0-day also allows remote code execution Full Text

Abstract Proof-of-Concept (PoC) exploits for the Apache web server zero-day surfaced on the internet revealing that the vulnerability is far more critical than originally disclosed. These exploits show that the scope of the vulnerability transcends path traversal, allowing attackers remote code execution (RCE) abilities.

BleepingComputer

October 06, 2021

Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday  released  an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code execution and denial-of-service (DoS) conditions. "A Control Component Library (CCL) may be modified by a bad actor and loaded to a controller such that malicious code is executed by the controller," Honeywell  noted  in an independent security notification published earlier this February. Credited with discovering and reporting the flaws are Rei Henigman and Nadav Erez of industrial cybersecurity firm Claroty. Experion Process Knowledge System (PKS) is a distributed control system ( DCS ) that's designed to control large industrial processes spanning a variety of sectors ranging from petrochemical refineries to nuclear power plants where high reliability and security is imp

The Hacker News

October 06, 2021

Medtronic urgently recalls insulin pump controllers over hacking concerns Full Text

Abstract Medtronic is urgently recalling remote controllers for insulin pumps belonging to its 'MiniMed Paradigm' family of products, due to potential cybersecurity risks.

BleepingComputer

October 5, 2021

IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft Full Text

Abstract Three security vulnerabilities in Axis video products could open up the door to a bevy of different cyberattacks on businesses.

Threatpost

October 5, 2021

Apache Web Server Zero-Day Exposes Sensitive Data Full Text

Abstract The open-source project has rolled out a security fix for CVE-2021-41773, for which public cyberattack exploit code is circulating.

Threatpost

October 5, 2021

Apache patch a zero-day flaw exploited in the wild Full Text

Abstract Apache has addressed two vulnerabilities, one of which is a path traversal and file disclosure flaw in its HTTP server actively exploited in the wild. Apache has rolled out security patches to address two flaws, including a path traversal and file...

Security Affairs

October 05, 2021

Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now! Full Text

Abstract Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root," the open-source project maintainers  noted  in an advisory published Tuesday. "If files outside of the document root are not protected by 'require all denied' these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts." The flaw, tracked as  CVE-2021-41773 , affects only Apache HTTP server version 2.4.49. Ash Daulton and cPanel Security Team have been credited with discovering and reporting the issue on September 29, 2021. Source: PT SWARM Also resolved by Apache is a null pointer dereference vulnerability observed during pr

The Hacker News

October 05, 2021

Apache fixes actively exploited zero-day vulnerability, patch now Full Text

Abstract The Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited path traversal and file disclosure flaw.

BleepingComputer

October 05, 2021

Android October patch fixes three critical bugs, 41 flaws in total Full Text

Abstract Google has released the Android October security updates, addressing 41 vulnerabilities, all ranging between high and critical severity.

BleepingComputer

October 5, 2021

Misconfigured Apache Airflow servers leak thousands of credentials Full Text

Abstract Experts discovered many misconfigured Apache Airflow servers exposed online that were leaking sensitive information from prominent tech firms. Apache Airflow is an open-source workflow management platform used by many organizations worldwide for automating...

Security Affairs

October 04, 2021

Creating Wireless Signals with Ethernet Cable to Steal Data from Air-Gapped Systems Full Text

Abstract A newly discovered data exfiltration mechanism employs Ethernet cables as a "transmitting antenna" to stealthily siphon highly-sensitive data from air-gapped systems, according to the latest research. "It's interesting that the wires that came to protect the air-gap become the vulnerability of the air gap in this attack," Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, told The Hacker News. Dubbed " LANtenna Attack ," the novel technique enables malicious code in air-gapped computers to amass sensitive data and then encode it over radio waves emanating from Ethernet cables just as if they are antennas. The transmitted signals can then be intercepted by a nearby software-defined radio (SDR) receiver wirelessly, decode the data, and send it to an attacker who is in an adjacent room. "Notably, the malicious code can run in an ordinary user-mode process and successf

The Hacker News

October 4, 2021

PoC Exploit Released for macOS Gatekeeper Bypass Full Text

Abstract Rasmus Sten, a software engineer with cybersecurity firm F-Secure, has released proof-of-concept (PoC) exploit code for a macOS Gatekeeper bypass that Apple patched in April this year.

Security Week

October 04, 2021

Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services Full Text

Abstract Cybersecurity researchers on Monday discovered misconfigurations across older versions of Apache Airflow instances belonging to a number of high-profile companies across various sectors, resulting in the exposure of sensitive credentials for popular platforms and services such as Amazon Web Services (AWS), Binance, Google Cloud Platform (GCP), PayPal, Slack, and Stripe. "These unsecured instances expose sensitive information of companies across the media, finance, manufacturing, information technology (IT), biotech, e-commerce, health, energy, cybersecurity, and transportation industries," Intezer said in a report shared with The Hacker News. Originally launched in June 2015,  Apache Airflow  is an open-source workflow management platform that enables programmatic scheduling and monitoring of workflows on AWS, GCP, Microsoft Azure, and other third-party services. It's also one of the most popular task orchestration tools, followed by Luigi, Kubeflow, and MLflow. So

The Hacker News

October 3, 2021

CVE-2021-38647 OMIGOD flaw impacts IBM QRadar Azure Full Text

Abstract Experts warn that CVE-2021-38647 OMIGOD flaws affect IBM QRadar Azure and can be exploited by remote attackers to execute arbitrary code. The Open Management Infrastructure RPM package in the IBM QRadar Azure marketplace images is affected by a remote...

Security Affairs

October 2, 2021

Tim’s RED Team Research reports 3 new CVEs, two of which in 4G/5G Full Text

Abstract Telecom Italia Red Team Research (RTR) laboratory led by Massimiliano Brolli reported three new flaws in Oracle GlassFish and Nokia NetAct. Telecom Italia Red Team Research (RTR) laboratory led by Massimiliano Brolli, reported three new vulnerabilities...

Security Affairs

October 01, 2021

Apple Pay Can be Abused to Make Contactless Payments From Locked iPhones Full Text

Abstract Cybersecurity researchers have disclosed an unpatched flaw in Apple Pay that attackers could abuse to make an unauthorized Visa payment with a locked iPhone by taking advantage of the Express Travel mode set up in the device's wallet. "An attacker only needs a stolen, powered on iPhone. The transactions could also be relayed from an iPhone inside someone's bag, without their knowledge," a group of academics from the University of Birmingham and University of Surrey  said . "The attacker needs no assistance from the merchant and backend fraud detection checks have not stopped any of our test payments." Express Travel  is a feature that allows users of iPhone and Apple Watch to make quick contactless payments for public transit without having to wake or unlock the device, open an app, or even validate with Face ID, Touch ID or a passcode. The man-in-the-middle ( MitM ) replay and  relay attack , which involves bypassing the lock screen to make a payment t

The Hacker News

October 1, 2021

Google fixes 2 new actively exploited zero-day flaws in Chrome Full Text

Abstract Google rolled out urgent security updates to address two new actively exploited zero-day vulnerabilities in its Chrome browser. Google this week rolled out urgent security updates for the Chrome browser to address four security flaws, including two new zero-day...

Security Affairs

October 1, 2021

Report highlights cybersecurity dangers of Elastic Stack implementation mistakes Full Text

Abstract Researchers from cybersecurity firm Salt Security discovered widespread mistakes that allowed them to launch attacks where any user could extract sensitive customer and system data.

ZDNet

September 30, 2021

Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws Full Text

Abstract Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of two new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone. The issues, designed as  CVE-2021-37975 and CVE-2021-37976 , are part of a total of four patches, and concern a  use-after-free flaw  in V8 JavaScript and WebAssembly engine as well as an information leak in core. As is usually the case, the tech giant has refrained from sharing any additional details regarding how these zero-day vulnerabilities were used in attacks until a majority of users are updated with the patches, but noted that it's aware that "exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild." An anonymous researcher has been credited with reporting CVE-2021-37975. The discovery of CVE-2021-37976, on the other hand, involves Clément Lecigne from Google Threat Analysis Group, who was also credit

The Hacker News

September 30, 2021

QNAP fixes bug that let attackers run malicious commands remotely Full Text

Abstract Taiwan-based network-attached storage (NAS) maker QNAP has released security patches for multiple vulnerabilities that could allow attackers to inject and execute malicious code and commands remotely on vulnerable NAS devices.

BleepingComputer

September 30, 2021

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught Full Text

Abstract Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks. "This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory ( Azure AD ) without generating sign-in events in the targeted organization's tenant," researchers from Secureworks Counter Threat Unit (CTU)  said  in a report published on Wednesday. Azure Active Directory is Microsoft's enterprise cloud-based identity and access management (IAM) solution designed for single sign-on (SSO) and multi-factor authentication. It's also a core component of Microsoft 365 (formerly Office 365), with capabilities to provide authentication to other applications via OAuth. The weakness resides in the  Seamless Single Sign-On  feature that allows employees to automatically sign when using their corporate devices that ar

The Hacker News

September 30, 2021

Google Emergency Update Fixes Two Chrome Zero Days Full Text

Abstract This is the second pair of zero days that Google’s fixed this month, all four of which have been actively exploited in the wild.

Threatpost

September 30, 2021

Google pushes emergency Chrome update to fix two zero-days Full Text

Abstract Google has released Chrome 94.0.4606.71 for Windows, Mac, and Linux, to fix two zero-day vulnerabilities that have been exploited by attackers.

BleepingComputer

September 30, 2021

Threat actors use recently discovered CVE-2021-26084 Atlassian Confluence Full Text

Abstract Threat actors are actively exploiting the recently disclosed CVE-2021-26084 RCE vulnerability in Atlassian Confluence deployments. Trend Micro researchers have spotted crypto-mining campaigns that are actively exploiting a recently disclosed critical...

Security Affairs

September 29, 2021

Apple Pay with VISA lets hackers force payments on locked iPhones Full Text

Abstract Academic researchers have found a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet set as a transit card.

BleepingComputer

September 29, 2021

Expert discloses new iPhone lock screen vulnerability in iOS 15 Full Text

Abstract The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed. The security researcher Jose Rodriguez (@VBarraquito) discovered a new lock screen vulnerability for iOS 15 (&...

Security Affairs

September 29, 2021

RCE vulnerabilities in open source software Cachet could put users at risk Full Text

Abstract Multiple security vulnerabilities in open source status page system Cachet could allow an attacker to execute arbitrary code and steal sensitive data, researchers have warned.

The Daily Swig

September 28, 2021

Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns Full Text

Abstract Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems. Tracked as  CVE-2021-26084  (CVSS score: 9.8), the vulnerability concerns an OGNL (Object-Graph Navigation Language) injection flaw that could be exploited to achieve arbitrary code execution on a Confluence Server or Data Center instance. "A remote attacker can exploit this vulnerability by sending a crafted HTTP request containing a malicious parameter to a vulnerable server," researchers from Trend Micro  noted  in a technical write-up detailing the weakness. "Successful exploitation can result in arbitrary code execution in the security context of the affected server." The vulnerability, which resides in the Webwork module of Atlassian Confluence Server and Data Center, stems from an insufficient valid

The Hacker News

September 28, 2021

Trend Micro fixes a critical flaw in ServerProtec Solution, patch it now! Full Text

Abstract Trend Micro has addressed a critical authentication bypass vulnerability, tracked as CVE-2021-36745, affecting the ServerProtect solution. Trend Micro has released security patches to address a critical authentication bypass vulnerability, tracked...

Security Affairs

September 28, 2021

A complete PoC exploit for CVE-2021-22005 in VMware vCenter is available online Full Text

Abstract An exploit for the recently disclosed CVE-2021-22005 vulnerability in VMware vCenter was publicly released, threat actors are already using it. A working exploit for the CVE-2021-22005 vulnerability in VMware vCenter is publicly available, and attackers...

Security Affairs

September 28, 2021

New Microsoft Exchange service mitigates high-risk bugs automatically Full Text

Abstract Microsoft has added a new Exchange Server feature that automatically applies interim mitigations for high-risk (and likely actively exploited) security flaws to secure on-premises servers against incoming attacks and give admins more time to apply security updates.

BleepingComputer

September 28, 2021

Working exploit released for VMware vCenter CVE-2021-22005 bug Full Text

Abstract A complete exploit for the remote code execution vulnerability in VMware vCenter tracked as CVE-2021-22005 is now widely available, and threat actors are taking advantage of it.

BleepingComputer

September 27, 2021

Expert found RCE flaw in Visual Studio Code Remote Development Extension Full Text

Abstract Researchers from the Italian cybersecurity firm Shielder found a remote code execution vulnerability in Visual Studio Code Remote Development Extension. Visual Studio Code Remote Development allows users to adopt a container, remote machine, or the Windows...

Security Affairs

September 27, 2021

QNAP fixes critical bugs in QVR video surveillance solution Full Text

Abstract Network-attached storage (NAS) maker QNAP has patched its QVR video management system against two critical-severity issues that could be exploited to run arbitrary commands.

BleepingComputer

September 25, 2021

Microsoft WPBT flaw lets hackers install rootkits on Windows devices Full Text

Abstract Security researchers have found a flaw in the Microsoft Windows Platform Binary Table (WPBT) that could be exploited in easy attacks to install rootkits on all Windows computers shipped since 2012.

BleepingComputer

September 25, 2021

Threat actors are attempting to exploit VMware vCenter CVE-2021-22005 flaw Full Text

Abstract Immediately after the public release of the exploit code for the VMware vCenter CVE-2021-22005 flaw threat actors started using it. Researchers warn that immediately after the release of the exploit code for the recently addressed CVE-2021-22005 flaw...

Security Affairs

September 25, 2021

Google addressed the eleventh Chrome zero-day flaw this year Full Text

Abstract Google released a Chrome emergency update for Windows, Mac, and Linux that addresses a high-severity zero-day flaw exploited in the wild. Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux that addresses a high-severity zero-day...

Security Affairs

September 25, 2021

A new zero-day is being exploited to compromise Macs Full Text

Abstract Flagged by researchers Erye Hernandez and Clément Lecigne of Google’s Threat Analysis Group and Ian Beer of Google Project Zero, the vulnerability is a type confusion issue found in XNU, the kernel of Apple’s macOS and iOS operating systems.

Help Net Security

September 25, 2021

SonicWall warns users to patch critical vulnerability “as soon as possible” Full Text

Abstract The vulnerability could potentially allow a remote unauthenticated attacker the ability to delete arbitrary files from an SMA 100 series appliance and gain administrator access to the device.

Malwarebytes Labs

September 24, 2021

Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability Full Text

Abstract Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild. Tracked as  CVE-2021-37973 , the vulnerability has been described as  use after free  in  Portals API , a web page navigation system that enables a page to show another page as an inset and "perform a seamless transition to a new state, where the formerly-inset page becomes the top-level document." Clément Lecigne of Google Threat Analysis Group (TAG) has been credited with reporting the flaw. Additional specifics pertaining to the weakness have not been disclosed in light of active exploitation and to allow a majority of the users to apply the patch, but the internet giant said it's "aware that an exploit for CVE-2021-37973 exists in the wild." The update arrives a day after Apple moved to close an actively exploited security hole in older versions of iOS and macOS ( CVE-2021-30869 ), which the TAG no

The Hacker News

September 24, 2021

Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords Full Text

Abstract Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.

Threatpost

September 24, 2021

SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices Full Text

Abstract Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as  CVE-2021-20034 , the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system, and could allow an adversary to bypass path traversal checks and delete any file, causing the devices to reboot to factory default settings. "The vulnerability is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as 'nobody,'" the San Jose-based firm  noted  in an advisory published Thursday. "There is no evidence that this vulnerability is being exploited in the wild." SonicWall credited Wenxu Yin of Alpha Lab, Qihoo 360, with reporting the security shortcoming, which impacts SMA 100 Series — SMA 200, SMA 210,

The Hacker News

September 24, 2021

CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now! Full Text

Abstract SonicWall fixed a critical security flaw, tracked as CVE-2021-20034, that impacts some Secure Mobile Access (SMA) 100 series products that can allow device takeover. SonicWall has addressed a critical security vulnerability, tracked as CVE-2021-20034,...

Security Affairs

September 24, 2021

Emergency Google Chrome update fixes zero-day exploited in the wild Full Text

Abstract Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux, an emergency update addressing a high-severity zero-day vulnerability exploited in the wild.

BleepingComputer

September 24, 2021

Developers fix multitude of vulnerabilities in Apache HTTP Server Full Text

Abstract Numerous security vulnerabilities have been identified and fixed in Apache HTTP Server 2.4, including high-impact server-side request forgery (SSRF) and request smuggling bugs.

The Daily Swig

September 24, 2021

Researcher drops three iOS zero-days that Apple refused to fix Full Text

Abstract Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher.

BleepingComputer

September 24, 2021

Researcher released PoC exploit code for 3 iOS zero-day issues Full Text

Abstract Researcher release PoC exploit code for three iOS zero-day flaws after Apple delayed addressing them and did not credit him. An unknown researcher publicly released on GitHub proof-of-concept exploit code for three iOS zero-day vulnerabilities and one flaw...

Security Affairs

September 24, 2021

Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN Full Text

Abstract Unauthenticated cyberattackers can also wreak havoc on networking device configurations.

Threatpost

September 24, 2021

Cisco fixes highly critical vulnerabilities in IOS XE Software Full Text

Abstract Cisco has patched three critical vulnerabilities affecting components in its IOS XE internetworking operating system powering routers and wireless controllers, or products running with a specific configuration.

BleepingComputer

September 24, 2021

Cisco addresses 3 critical vulnerabilities in IOS XE Software Full Text

Abstract Cisco fixed three critical flaws impacting IOS XE operating system powering some of its devices, such as routers and wireless controllers. Cisco has addressed three critical vulnerabilities impacting its IOS XE operating system powering multiple products,...

Security Affairs

September 24, 2021

Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software Full Text

Abstract Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service (DoS) condition on vulnerable devices. The list of three flaws is as follows - CVE-2021-34770  (CVSS score: 10.0) - Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability CVE-2021-34727  (CVSS score: 9.8) - Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability CVE-2021-1619  (CVSS score: 9.8) - Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability The most severe of the issues is CVE-2021-34770, which Cisco calls a "logic error" that occurs during the processing of  CAPWAP  (Control And Provisioning of Wireless Access Points) packets that enable a central wireless Controller to manage a group of wire

The Hacker News

September 24, 2021

SonicWall fixes critical bug allowing SMA 100 device takeover Full Text

Abstract SonicWall has patched a critical security flaw impacting several Secure Mobile Access (SMA) 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices.

BleepingComputer

September 23, 2021

Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days Full Text

Abstract Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of  iOS  and  macOS  that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Group's Pegasus surveillance tool to target iPhone users. Chief among them is CVE-2021-30869, a type confusion flaw that resides in the kernel component  XNU  developed by Apple that could cause a malicious application to execute arbitrary code with the highest privileges. The Cupertino-based tech giant said it addressed the bug with improved state handling. Google's Threat Analysis Group, which is credited with reporting the flaw, said it detected the vulnerability being "used in conjunction with a N-day remote code execution targeting WebKit." Two other flaws include  CVE-2021-30858 and CVE-2021-30860 , both of which were resolved by the company earlier this month following disclosure from the

The Hacker News

September 23, 2021

Apple addresses a new zero-day exploited to deploy the NSO Pegasus spyware Full Text

Abstract Apple has addressed three zero-day vulnerabilities exploited by threat actors in attacks in the wild to take over iPhones and Macs. Apple has released security updates to address three zero-day vulnerabilities exploited in attacks in the wild to compromise...

Security Affairs

September 23, 2021

Apple patches new zero-day bug used to hack iPhones and Macs Full Text

Abstract Apple has released security updates to fix a zero-day vulnerability exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions.

BleepingComputer

September 23, 2021

A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit Full Text

Abstract Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. "These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables," researchers from Eclypsium  said  in a report published on Monday. "These tables can be exploited by attackers with direct physical access, with remote access, or through manufacturer supply chains. More importantly, these motherboard-level flaws can obviate initiatives like  Secured-core  because of the ubiquitous usage of  ACPI  [Advanced Configuration and Power Interface] and WPBT." WPBT, introduced with Windows 8 in 2012, is a  feature  that enables "boot firmware to provide Windows with a platform binary that the operating system can execute."  In other words, it allows

The Hacker News

September 23, 2021

Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products Full Text

Abstract Once available only to the cybersecurity community, Acronis has opened its bug-hunting program to the public and aims to double the total bounties paid.

Threatpost

September 23, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution Full Text

Abstract CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers...

Security Affairs

September 23, 2021

Beego patches severe XSS vulnerability in open source web framework Full Text

Abstract Last month, security researcher Omri Inbar disclosed the vulnerability. Tracked as CVE-2021-39391, the vulnerability was found in the administration panel of Beego v2.0.1.

The Daily Swig

September 23, 2021

Cisco Patches Critical Vulnerabilities in IOS XE Software Full Text

Abstract The most severe of these vulnerabilities is CVE-2021-34770 (CVSS score of 10), which could lead to remote code execution without authentication, with administrator privileges.

Security Week

September 22, 2021

Hackers are scanning for VMware CVE-2021-22005 targets, patch now! Full Text

Abstract Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution.

BleepingComputer

September 22, 2021

Netgear SOHO Security Bug Allows RCE, Corporate Attacks Full Text

Abstract The issue lies in a parental-control function that’s always enabled by default, even if users don’t configure for child security.

Threatpost

September 22, 2021

New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures Full Text

Abstract As many as 11 security vulnerabilities have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and phishing attacks.  Industrial cybersecurity firm Claroty, which discovered the flaws, said flaws in tools such as Nagios make them an attractive target owing to their "oversight of core servers, devices, and other critical components in the enterprise network." The issues have since been fixed in updates released in August with Nagios XI 5.8.5 or above, Nagios XI Switch Wizard 2.5.7 or above, Nagios XI Docker Wizard 1.13 or above, and Nagios XI WatchGuard 1.4.8 or above. " SolarWinds  and  Kaseya  were likely targeted not only because of their large and influential customer bases, but also because of their respective technologies' access to enterprise networks, whether it was managing IT, operational technology (OT), or

The Hacker News

September 22, 2021

Hikvision cameras could be remotely hacked due to critical flaw Full Text

Abstract A critical issue, tracked as CVE-2021-36260, affects more than 70 Hikvision device models and can allow attackers to take over them. A critical vulnerability, tracked as CVE-2021-36260, affects more than 70 Hikvision camera and NVR models and can allow...

Security Affairs

September 22, 2021

TikTok, GitHub, Facebook Join Open-Source Bug Bounty Full Text

Abstract The initiative, run by HackerOne, aims to uncover dangerous code repository bugs that end up going viral across the application supply-chain.

Threatpost

September 22, 2021

Flaws in Nagios Network Management systems pose risk to companies Full Text

Abstract Researchers found multiple flaws in widely used network management products from Nagios that pose serious risk to organizations. Researchers from industrial cybersecurity firm Claroty have discovered eleven vulnerabilities in widely used network...

Security Affairs

September 22, 2021

VMware addressed a critical flaw in vCenter Server. Patch it now! Full Text

Abstract VMware addressed a critical arbitrary file upload vulnerability that affects the default configuration of vCenter Server 6.7 and 7.0 deployments. VMware addressed a critical arbitrary file upload vulnerability, tracked as CVE-2021-22005, that impacts...

Security Affairs

September 21, 2021

The Gap in Your Zero Trust Implementation Full Text

Abstract Over the last several years, there have been numerous high-profile security breaches. These breaches have underscored the fact that traditional cyber defenses have become woefully inadequate and that stronger defenses are needed. As such, many organizations have transitioned toward a zero trust security model. A zero trust security model is based on the idea that no IT resource should be trusted implicitly. Prior to the introduction of zero trust security, a user who authenticated into a network was trustworthy for the duration of their session, as was the user's device. In a zero trust model, a user is no longer considered to be trustworthy just because they entered a password at the beginning of their session. Instead, the user's identity is verified through multi-factor authentication, and the user may be prompted to re-authenticate if they attempt to access resources that are particularly sensitive or if the user attempts to do something out of the ordinary. How Complic

The Hacker News

September 21, 2021

High-Severity RCE Flaw Disclosed in Several Netgear Router Models Full Text

Abstract Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Traced as  CVE-2021-40847  (CVSS score: 8.1), the security weakness impacts the following models - R6400v2 (fixed in firmware version 1.0.4.120) R6700 (fixed in firmware version 1.0.2.26) R6700v3 (fixed in firmware version 1.0.4.120) R6900 (fixed in firmware version 1.0.2.26) R6900P (fixed in firmware version 3.3.142_HOTFIX) R7000 (fixed in firmware version 1.0.11.128) R7000P (fixed in firmware version 1.3.3.142_HOTFIX) R7850 (fixed in firmware version 1.0.5.76) R7900 (fixed in firmware version 1.0.4.46) R8000 (fixed in firmware version 1.0.4.76) RS400 (fixed in firmware version 1.5.1.80) According to GRIMM security researcher Adam Nichols, the vulnerability resides within  Circle , a third-party component included in the firmware that offe

The Hacker News

September 21, 2021

VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server Full Text

Abstract VMware on Tuesday published a new bulletin warning of as many as 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that a remote attacker could exploit to take control of an affected system. The most urgent among them is an arbitrary file upload vulnerability in the Analytics service (CVE-2021-22005) that impacts vCenter Server 6.7 and 7.0 deployments. "A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file," the company  noted ,  adding  "this vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server." Although VMware has published  workarounds  for the flaw, the company cautioned that they are "meant to be a temporary solution until updates […] can be deployed." The complete list of flaws patched by the virtualization services

The Hacker News

September 21, 2021

New macOS zero-day bug lets attackers run commands remotely Full Text

Abstract Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run arbitrary commands on Macs running any macOS version up to the latest release, Big Sur.

BleepingComputer

September 21, 2021

Researcher discloses iPhone lock screen bypass on iOS 15 launch day Full Text

Abstract On the day Apple released iOS 15, a Spanish security researcher disclosed an iPhone lock screen bypass method that can be exploited to grant attackers access to a user’s notes.

The Record

September 21, 2021

Unpatched High-Severity Vulnerability Affects Apple macOS Computers Full Text

Abstract Cybersecurity researchers on Tuesday disclosed details of an unpatched vulnerability in macOS Finder that could be abused by remote adversaries to trick users into running arbitrary commands on the machines. "A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands, these files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user," SSD Secure Disclosure  said  in a write-up published today. Park Minchan, an independent security researcher, has been credited with reporting the vulnerability which affects macOS versions of Big Sur and prior. The weakness arises due to the manner macOS processes INETLOC files — shortcuts to internet locations such as RSS feeds or Telnet connections containing username and password for SSH — resulting in a scenario that allows commands embedded in those files to be executed without any warni

The Hacker News

September 21, 2021

A zero-day flaw allows to run arbitrary commands on macOS systems Full Text

Abstract Security researchers disclosed a new zero-day flaw in Apple's macOS Finder that can allow attackers to run arbitrary commands on Macs. Independent security researcher Park Minchan disclosed a zero-day vulnerability in Apple's macOS Finder that can be exploited...

Security Affairs

September 21, 2021

VMware warns of critical bug in default vCenter Server installs Full Text

Abstract VMware warns customers to immediately patch a critical arbitrary file upload vulnerability in the Analytics service, impacting all appliances running default vCenter Server 6.7 and 7.0 deployments.

BleepingComputer

September 21, 2021

46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe? Full Text

Abstract Are organizations neglecting the security of their data? An unprecedented five-year study reveals that internal databases are riddled with vulnerabilities – some even years old.

Threatpost

September 21, 2021

Netgear fixes dangerous code execution bug in multiple routers Full Text

Abstract Netgear has fixed a high severity remote code execution (RCE) vulnerability found in the Circle parental control service, which runs with root permissions on almost a dozen modern Small Offices/Home Offices (SOHO) Netgear routers.

BleepingComputer

September 21, 2021

Mirai Exploits OMIGOD Flaws in the Wild Full Text

Abstract Azure customers are requested to urgently address the OMIGOD flaw exploited by Mirai botnet operators. Microsoft has released additional guidance on securing Linux machines impacted by the critical flaw that concerns thousands of Azure customers and millions of endpoints. Due to no auto-update mech ... Read More

Cyware Alerts - Hacker News

September 21, 2021

Apache OpenOffice is currently impacted by a remote code execution flaw Full Text

Abstract Apache OpenOffice (AOO) is currently impacted by a remote code execution flaw, tracked as CVE-2021-33035, that has yet to be fixed in the official release. Security researcher Eugene Lim (@spaceraccoonsec) recently revealed technical details about...

Security Affairs

September 21, 2021

Apache OpenOffice can be hijacked by malicious documents, fix still in beta Full Text

Abstract Apache OpenOffice is currently vulnerable to a remote code execution vulnerability and while the app's source code has been patched, the fix has only been made available as beta software.

The Register

September 20, 2021

How to fix the Windows 0x0000011b network printing error Full Text

Abstract A Windows security update released in January and now fully enforced this month is causing Windows users to experience 0x0000011b errors when printing to network printers.

BleepingComputer

September 20, 2021

EventBuilder misconfiguration exposes Microsoft event registrant data Full Text

Abstract Personal details of registrants to virtual events available through the EventBuilder platform have stayed accessible over the public internet, open to indexing by various engines.

BleepingComputer

September 18, 2021

Researchers compile list of vulnerabilities abused by ransomware gangs Full Text

Abstract Security researchers are working on compiling an easy to follow list of initial access attack vectors ransomware gangs and their affiliates are using to breach victims' networks.

BleepingComputer

September 18, 2021

Expert discloses details and PoC code for Netgear Seventh Inferno bug Full Text

Abstract A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and take over impacted devices. Researchers provided technical details about a recently addressed critical vulnerability,...

Security Affairs

September 18, 2021

AMD Chipset Driver flaw allows obtaining sensitive data Full Text

Abstract Chipmaker AMD has addressed a medium severity issue in Platform Security Processor (PSP) chipset driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system.

Security Affairs

September 17, 2021

CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data Full Text

Abstract Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system. Chipmaker AMD has addressed a medium severity issue in Platform Security...

Security Affairs

September 17, 2021

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems Full Text

Abstract A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved...

Security Affairs

September 17, 2021

OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners Full Text

Abstract Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month's Patch Tuesday.

BleepingComputer

September 17, 2021

Microsoft asks Azure Linux admins to manually patch OMIGOD bugs Full Text

Abstract Microsoft has issued additional guidance on securing Azure Linux machines impacted by recently addressed critical OMIGOD vulnerabilities.

BleepingComputer

September 17, 2021

How to fix printers asking for admins creds after PrintNightmare patch Full Text

Abstract Some printers will request administrator credentials every time users try to print in Windows Point and Print environments due to a known issue caused by KB5005033 or later security updates addressing the PrintNightmare vulnerability.

BleepingComputer

September 16, 2021

Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug Full Text

Abstract Microsoft revealed that multiple threat actors are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444). Microsoft warns of multiple threat actors, including ransomware operators, that are exploiting...

Security Affairs

September 16, 2021

New Windows security updates break network printing Full Text

Abstract Windows administrators report wide-scale network printing problems after installing this week's September 2021 Patch Tuesday security updates.

BleepingComputer

September 16, 2021

New Windows security updates break network printing Full Text

Abstract Windows administrators report wide-scale network printing problems after installing this week's September 2021 Patch Tuesday security updates.

BleepingComputer

September 16, 2021

Several Access Bypass, CSRF Vulnerabilities Patched in Drupal Full Text

Abstract Drupal developers informed users that updates released for Drupal 8.9, 9.1, and 9.2 patch five vulnerabilities that can be exploited for cross-site request forgery (CSRF) and access bypass.

Security Week

September 16, 2021

Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects Full Text

Abstract Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue — tracked as  CVE-2021-41077  — concerns unauthorized access and plunder of secret environment data associated with a public open-source project during the software build process. The problem is said to have lasted during an eight-day window between September 3 and September 10. Felix Lange of Ethereum has been credited with discovering the leakage on September 7, with the company's Péter Szilágyi  pointing out  that "anyone could exfiltrate these and gain lateral movement into 1000s of [organizations]." Travis CI is a hosted CI/CD (short for continuous integration and continuous deployment) solution used to build and test software projects hosted on source code repository systems like GitHub and Bitbucket. "The desired b

The Hacker News

September 16, 2021

Third Critical Bug Affects Netgear Smart Switches — Details and PoC Released Full Text

Abstract New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices. The flaw — dubbed " Seventh Inferno " (CVSS score: 9.8) — is part of a trio of security weaknesses, called Demon's Cries (CVSS score: 9.8) and Draconian Fear (CVSS score: 7.8), that Google security engineer Gynvael Coldwind reported to the networking, storage, and security solutions provider. The disclosure comes weeks after Netgear  released patches  to address the vulnerabilities earlier this month, on September 3. Successful exploitation of  Demon's Cries and Draconian Fear  could grant a malicious party the ability to change the administrator password without actually having to know the previous password or hijack the session bootstrapping information, resulting in a full compromise of the device. Now, in a new post sharing technical spe

The Hacker News

September 16, 2021

Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks Full Text

Abstract Microsoft on Wednesday disclosed details of a targeted phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems. "These attacks used the vulnerability, tracked as  CVE-2021-40444 , as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders," Microsoft Threat Intelligence Center  said  in a technical write-up. "These loaders communicated with an infrastructure that Microsoft associates with multiple cybercriminal campaigns, including human-operated ransomware." Details about CVE-2021-40444 (CVSS score: 8.8) first  emerged  on September 7 after researchers from EXPMON alerted the Windows maker about a "highly sophisticated zero-day attack" aimed at Microsoft Office users by taking advantage of a remote code execution vulnerability in MSHTML (aka Trident), a proprietary browser engine for the now

The Hacker News

September 15, 2021

Critical Flaws Discovered in Azure App That Microsoft Secretly Installed on Linux VMs Full Text

Abstract Microsoft on Tuesday addressed a quartet of security flaws as part of its  Patch Tuesday updates  that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure that's automatically deployed in many Azure services - CVE-2021-38647  (CVSS score: 9.8) - Open Management Infrastructure Remote Code Execution Vulnerability CVE-2021-38648  (CVSS score: 7.8) - Open Management Infrastructure Elevation of Privilege Vulnerability CVE-2021-38645  (CVSS score: 7.8) - Open Management Infrastructure Elevation of Privilege Vulnerability CVE-2021-38649  (CVSS score: 7.0) - Open Management Infrastructure Elevation of Privilege Vulnerability Open Management Infrastructure ( OMI ) is an open-source  analogous equivalent  of Windows Management Infrastructure (WMI

The Hacker News

September 15, 2021

No Patch for High-Severity Bug in Legacy IBM System X Servers Full Text

Abstract Two of IBM’s aging flagship server models, retired in 2020, won’t be patched for a command-injection flaw.

Threatpost

September 15, 2021

Microsoft fixes critical bugs in secretly installed Azure Linux app Full Text

Abstract Microsoft has addressed four critical vulnerabilities collectively known as OMIGOD, found in the Open Management Infrastructure (OMI) software agent silently installed on Azure Linux machines accounting for more than half of Azure instances.

BleepingComputer

September 15, 2021

Remote code execution flaw allowed hijack of Motorola Halo+ baby monitors Full Text

Abstract On Tuesday, cybersecurity researcher Randy Westergren discovered a pre-authentication RCE security flaw and the means to obtain a full root shell of the Motorola Halo+, a popular baby monitor.

The Daily Swig

September 15, 2021

OMIGOD vulnerabilities expose thousands of Azure users to hack Full Text

Abstract OMIGOD - Microsoft addressed four vulnerabilities in the Open Management Infrastructure (OMI) software agent that could expose Azure users to attacks. Recently released September 2021 Patch Tuesday security updates have addressed four severe vulnerabilities,...

Security Affairs

September 15, 2021

Microsoft Patch Tuesday fixes CVE-2021-40444 MSHTML zero-day Full Text

Abstract Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day flaw actively exploited in targeted attacks. Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day RCE actively...

Security Affairs

September 14, 2021

Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability Full Text

Abstract A day after  Apple  and  Google  rolled out urgent security updates, Microsoft has  pushed software fixes  as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an  actively exploited zero-day  in its MSHTML Platform that came to light last week.  Of the 66 flaws, three are rated Critical, 62 are rated Important, and one is rated Moderate in severity. This is aside from the  20 vulnerabilities  in the Chromium-based Microsoft Edge browser that the company addressed since the start of the month. The most important of the updates concerns a patch for  CVE-2021-40444  (CVSS score: 8.8), an actively exploited remote code execution vulnerability in MSHTML that leverages malware-laced Microsoft Office documents, with EXPMON researchers noting "the exploit uses logical flaws so the exploitation is perfectly reliable." Also addressed is a publicly disclose

The Hacker News

September 14, 2021

Microsoft fixes remaining Windows PrintNightmare vulnerabilities Full Text

Abstract Microsoft has released a security update to fix the last remaining PrintNightmare zero-day vulnerabilities that allowed attackers to gain administrative privileges on Windows devices quickly.

BleepingComputer

September 14, 2021

Adobe Snuffs Critical Bugs in Acrobat, Experience Manager Full Text

Abstract Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop.

Threatpost

September 14, 2021

Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug Full Text

Abstract Microsoft today fixed a high severity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office and Office 365 on Windows 10 computers.

BleepingComputer

September 14, 2021

HP OMEN Gaming Hub Flaw Affects Millions of Windows Computers Full Text

Abstract Cybersecurity researchers on Tuesday disclosed details about a high-severity flaw in the HP OMEN driver software that impacts millions of gaming computers worldwide, leaving them open to an array of attacks. Tracked as  CVE-2021-3437  (CVSS score: 7.8), the vulnerabilities could allow threat actors to escalate privileges to kernel mode without requiring administrator permissions, allowing them to disable security products, overwrite system components, and even corrupt the operating system. Cybersecurity firm SentinelOne, which discovered and reported the shortcoming to HP on February 17, said it found no evidence of in-the-wild exploitation. The computer hardware company has since released a security update to its customers to address these vulnerabilities. The issues themselves are rooted in a component called  OMEN Command Center  that comes pre-installed on HP OMEN-branded laptops and desktops and can also be downloaded from the Microsoft Store. The software, in addition to mon

The Hacker News

September 14, 2021

Millions of HP OMEN gaming PCs impacted by CVE-2021-3437 driver flaw Full Text

Abstract A high severity vulnerability, tracked as CVE-2021-3437, in HP OMEN laptop and desktop gaming computers exposes millions of systems to DoS and privilege escalation attacks. Millions of HP OMEN laptop and desktop gaming computers are exposed to multiple...

Security Affairs

September 14, 2021

Microsoft September 2021 Patch Tuesday fixes 2 zero-days, 60 flaws Full Text

Abstract Today is Microsoft's September 2021 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 61 flaws.

BleepingComputer

September 14, 2021

Google addresses a new Chrome zero-day flaw actively exploited in the wild Full Text

Abstract Google Chrome 93.0.4577.82 for Windows, Mac, and Linux that addressed eleven security issues, including two zero-days actively exploited. Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security issues, including...

Security Affairs

September 14, 2021

Unpatched Bugs Plague Databases; Your Data Is Probably Not Secure – Podcast Full Text

Abstract Imperva’s Elad Erez discusses findings that 46 percent of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws.

Threatpost

September 14, 2021

Millions of HP OMEN gaming PCs impacted by driver vulnerability Full Text

Abstract Millions of HP OMEN laptop and desktop gaming computers are exposed to attacks by a high severity vulnerability that can let threat actors trigger denial of service states or escalate privileges and disable security solutions.

BleepingComputer

September 14, 2021

Close to half of on-prem databases contain vulnerabilities, with many critical flaws Full Text

Abstract Imperva released the results of the study on Tuesday, which analyzed roughly 27,000 databases and their security posture. In total, 46% of on-premises databases worldwide, accounted for in the scan, contained known vulnerabilities.

ZDNet

September 14, 2021

Popular NPM package Pac-Resolver affected by a critical flaw Full Text

Abstract Experts found a critical flaw, tracked as CVE-2021-23406, in the popular NPM package 'Pac-Resolver' that has millions of downloads every week. The development team behind a popular NPM package called 'Pac-Resolver' for the JavaScript programming...

Security Affairs

September 13, 2021

Apple Issues Urgent Updates to Fix New Zero-Day Linked to Pegasus Spyware Full Text

Abstract Apple has released  iOS 14.8, iPadOS 14.8 ,  watchOS 7.6.2 ,  macOS Big Sur 11.6 , and  Safari 14.1.2  to fix two actively exploited vulnerabilities, one of which defeated extra security protections built into the operating system. The list of two flaws is as follows - CVE-2021-30858  (WebKit) - A use after free issue that could result in arbitrary code execution when processing maliciously crafted web content. The flaw has been addressed with improved memory management. CVE-2021-30860  (CoreGraphics) - An integer overflow vulnerability that could lead to arbitrary code execution when processing a maliciously crafted PDF document. The bug has been remediated with improved input validation. "Apple is aware of a report that this issue may have been actively exploited," the iPhone maker noted in its advisory. The updates arrive weeks after researchers from the University of Toronto's Citizen Lab revealed details of a zero-day exploit called " FORCEDENTRY "

The Hacker News

September 13, 2021

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack Full Text

Abstract Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as  CVE-2021-30632  and  CVE-2021-30633 , the  vulnerabilities  concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API respectively, with the internet giant crediting anonymous researchers for reporting the bugs on September 8. As is typically the case, the company said it's "aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild" without sharing additional specifics about how, when, and where the vulnerabilities were exploited, or the threat actors that may be abusing them. With these two security shortcomings, Google has addressed a total of 11 zero-day vulnerabilities in Chrome since the start of the year — CVE-2021-21148  - Heap buffer overflow in V8 CVE-2021-21166  - Object recycle issue in audio CVE-2021-21193  -

The Hacker News

September 13, 2021

Google patches 10th Chrome zero-day exploited in the wild this year Full Text

Abstract Google has released Chrome 93.0.4577.82 for Windows, Mac, and Linux to fix eleven security vulnerabilities, two of them being zero-days exploited in the wild.

BleepingComputer

September 13, 2021

Apple issues emergency updates over vulnerability enabling spyware Full Text

Abstract Apple on Monday released a series of emergency security updates following the discovery of a vulnerability that allowed Israeli company NSO Group to infect Apple products with spyware.

The Hill

September 13, 2021

Apple fixes actively exploited FORCEDENTRY zero-day flaws Full Text

Abstract Apple released security patches to fix two zero-day vulnerabilities in iOS and macOS that are actively exploited in attacks in the wild. Apple rolled out security patches to fix a couple of zero-day flaws in iOS and macOS (CVE-2021-30860, CVE-2021-30858),...

Security Affairs

September 13, 2021

WhatsApp’s End-to-End Encryption Isn’t Actually Broken Full Text

Abstract WhatsApp’s moderators sent messages flagged by intended recipients. Researchers say this isn’t concerning — yet.

Threatpost

September 13, 2021

Apple fixes iOS zero-day used to deploy NSO iPhone spyware Full Text

Abstract Apple has released security updates to fix two zero-day vulnerabilities that have been seen exploited in the wild to attack iPhones and Macs. One is known to be used to install the Pegasus spyware on iPhones.

BleepingComputer

September 13, 2021

Critical Bug Reported in NPM Package With Millions of Downloads Weekly Full Text

Abstract A widely used NPM package called ' Pac-Resolver ' for the JavaScript programming language has been remediated with a fix for a high-severity remote code execution vulnerability that could be abused to run malicious code inside Node.js applications whenever HTTP requests are sent.  The flaw, tracked as  CVE-2021-23406 , has a severity rating of 8.1 on the CVSS vulnerability scoring system and affects Pac-Resolver versions before 5.0.0. A Proxy Auto-Configuration ( PAC ) file is a JavaScript function that determines whether web browser requests should be routed directly to the destination or forwarded to a web proxy server for a given hostname. PAC files are how proxy rules are distributed in enterprise environments. "This package is used for PAC file support in  Pac-Proxy-Agent , which is used in turn in  Proxy-Agent , which then used all over the place as the standard go-to package for HTTP proxy auto-detection and configuration in Node.js," Tim Perry  said  in a

The Hacker News

September 12, 2021

Windows MSHTML zero-day exploits shared on hacking forums Full Text

Abstract Threat actors are sharing working Windows CVE-2021-40444 MSHTML zero-day exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks.

BleepingComputer

September 11, 2021

Cisco released security patches for High-Severity flaws in IOS XR software Full Text

Abstract Cisco fixed multiple high-severity flaws in the IOS XR software that can allow attackers to trigger a DoS condition, elevate privileges, overwrite/read arbitrary files. Cisco released security updates to address multiple high-severity vulnerabilities...

Security Affairs

September 11, 2021

New York State fixes vulnerability in COVID-19 passport app that allowed storage of fake vaccine credentials Full Text

Abstract The bug allowed someone to create and store fake vaccine credentials in their NYS Excelsior Pass Wallet that might allow them to gain access to physical spaces where they would not be allowed without a legitimate vaccine credential.

ZDNet

September 11, 2021

GitHub Patches Security Flaws in Core Node.js Dependencies Full Text

Abstract Four of the identified security holes impact the npm CLI when a malicious or untrusted npm package is installed and could lead to code execution even when using the --ignore-scripts argument.

Security Week

September 11, 2021

Cisco Patches High-Severity Security Flaws in IOS XR Full Text

Abstract Cisco this week released patches for multiple high-severity vulnerabilities in the IOS XR software and warned that attackers could exploit these bugs to reboot devices, elevate privileges, or overwrite and read arbitrary files.

Security Week

September 10, 2021

Microsoft fixes Azurescape flaw in Azure Container Instances Full Text

Abstract Microsoft has fixed the Azurescape issue, a flaw in Azure Container Instances that allows to take over containers of other platform users. Microsoft has addressed a vulnerability in Azure Container Instances (ACI) called Azurescape that could have...

Security Affairs

September 10, 2021

Spook.js – New side-channel attack can bypass Google Chrome’s protections against Spectre-style exploits Full Text

Abstract A newly discovered side-channel attack targeting Google Chrome can allow an attacker to overcome the web browser’s security defenses to retrieve sensitive information using a Spectre-style attack.

The Daily Swig

September 09, 2021

Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances Full Text

Abstract Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances ( ACI ) services that could have been exploited by a malicious actor "to access other customers' information" in what the researcher described as the "first cross-account container takeover in the public cloud." An attacker exploiting the weakness could execute malicious commands on other users' containers, steal customer secrets and images deployed to the platform. The Windows maker did not share any additional specifics related to the flaw, save that  affected customers  "revoke any privileged credentials that were deployed to the platform before August 31, 2021." Azure Container Instances is a managed service that allows users to run Docker  containers  directly in a serverless cloud environment, without requiring the use of virtual machines, clusters, or orchestrators. Palo Alto Networks' Unit 42 threat intelligence team dubbed the vulnerability

The Hacker News

September 09, 2021

Windows MSHTML zero-day defenses bypassed as new info emerges Full Text

Abstract New details have emerged about the recent Windows CVE-2021-40444 zero-day vulnerability, how it is being exploited in attacks, and the threat actor's ultimate goal of taking over corporate networks.

BleepingComputer

September 09, 2021

Microsoft fixes bug letting hackers take over Azure containers Full Text

Abstract Microsoft has fixed a vulnerability in Azure Container Instances called Azurescape that allowed a malicious container to take over containers belonging to other customers on the platform.

BleepingComputer

September 9, 2021

Millions of Microsoft web servers powered by vulnerable legacy software Full Text

Abstract CyberNews researchers identified more than 2 million web servers worldwide still running on outdated and vulnerable versions of Microsoft Internet Information Services software. These legacy versions are no longer supported by Microsoft, which makes...

Security Affairs

September 9, 2021

Google Android Security Update Patches 40 Vulnerabilities Full Text

Abstract A total of 16 issues were patched with the first part of this month’s security updates – the 2021-09-01 security patch level – including one critical issue in the Framework component.

Security Week

September 9, 2021

Zoho warns of zero-day authentication bypass flaw actively exploited Full Text

Abstract Zoho urges customers to address an authentication bypass vulnerability in its ManageEngine ADSelfService Plus that is actively exploited in the wild. Zoho has released a security patch to address an authentication bypass vulnerability, tracked as CVE-2021-40539,...

Security Affairs

September 08, 2021

GitHub finds 7 code execution vulnerabilities in ‘tar’ and npm CLI Full Text

Abstract GitHub security team has identified several high-severity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI. The tar package receives 20 million weekly downloads on average, whereas arborist gets downloaded over 300,000 times every week.

BleepingComputer

September 8, 2021

DEV-0322 Behind the SolarWinds Zero-Day Attacks in July Full Text

Abstract Last month, experts identified a severe zero-day RCE exploit aimed at SolarWinds Serv-U FTP software. Researchers have now linked a limited and highly targeted attack on SolarWinds with a Chinese actor dubbed DEV-0322. Flaws in SolarWinds products have been exploited by Chinese threat actors even e ... Read More

Cyware Alerts - Hacker News

September 08, 2021

Zoho patches actively exploited critical ADSelfService Plus bug Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical vulnerability in Zoho's ManageEngine ADSelfService Plus password management solution that allows them to take control of the system.

BleepingComputer

September 08, 2021

HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack Full Text

Abstract A critical security vulnerability has been disclosed in  HAProxy , a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks. Tracked as  CVE-2021-40346 , the Integer Overflow vulnerability has a severity rating of 8.6 on the CVSS scoring system and has been rectified in HAProxy versions 2.0.25, 2.2.17, 2.3.14 and 2.4.4. HTTP Request Smuggling, as the name implies, is a web application attack that tampers the manner a website processes sequences of HTTP requests received from more than one user. Also called HTTP desynchronization, the technique takes advantage of parsing inconsistencies in how front-end servers and back-end servers process requests from the senders. Front-end servers are typically load balancers or reverse proxies that are used by websites to manage a chai

The Hacker News

September 8, 2021

Microsoft warns of a zero-day in Internet Explorer that is actively exploited Full Text

Abstract Microsoft warns of a zero-day vulnerability in Internet Explorer that is actively exploited by threat actors using weaponized Office docs. Microsoft warns of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited...

Security Affairs

September 7, 2021

Netgear Smart Switches Open to Complete Takeover Full Text

Abstract The Demon’s Cries, Draconian Fear and Seventh Inferno security bugs are high-severity entryways to corporate networks.

Threatpost

September 07, 2021

New 0-Day Attack Targeting Windows Users With Microsoft Office Documents Full Text

Abstract Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. Tracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in Office to render web content inside Word, Excel, and PowerPoint documents. "Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents," the company  said . "An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users who

The Hacker News

September 07, 2021

Microsoft shares temp fix for ongoing Office 365 zero-day attacks Full Text

Abstract Microsoft today shared mitigation for a remote code execution vulnerability in Windows that is being exploited in targeted attacks against Office 365 and Office 2019 on Windows 10.

BleepingComputer

September 7, 2021

PoC released for Ghostscript vulnerability that exposed Airbnb, Dropbox Full Text

Abstract Security researcher Emil Lerner demonstrated an unpatched vulnerability for Ghostscript version 9.50 at the ZeroNights X conference in Saint Petersburg, Russia last month.

The Daily Swig

September 7, 2021

Researcher published PoC exploit for Ghostscript zero-day Full Text

Abstract A researcher published the PoC exploit code for a Ghostscript zero-day vulnerability that could allow completely compromise a server. Security researcher Nguyen The Duc published on GitHub the proof-of-concept exploit code for a Ghostscript zero-day...

Security Affairs

September 07, 2021

Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server Full Text

Abstract The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The "successful attack," which is believed to have occurred last week, was mounted against its Confluence service that had been deprecated since October 2019, leading the team to take the server offline, rotate privileged credentials, and reset passwords for developer accounts. "At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected," the company  said  in a statement published over the weekend. The disclosure comes as the U.S. Cyber Command  warned  of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments. Tracked as CVE-2

The Hacker News

September 6, 2021

This NPM package with millions of weekly downloads has fixed a remote code execution flaw Full Text

Abstract A very popular NPM package called 'pac-resolver' for the JavaScript programming language has been fixed to address a remote code execution flaw that could affect a lot of Node.js applications.

ZDNet

September 6, 2021

Netgear addresses severe security flaws in 20 of its products Full Text

Abstract Netgear has released security updates to address high-severity vulnerabilities affecting several of its smart switches used by businesses. Netgear has released firmware updates to address high-severity vulnerabilities in more than a dozen of its smart...

Security Affairs

September 06, 2021

Netgear fixes severe security bugs in over a dozen smart switches Full Text

Abstract Netgear has released firmware updates for more than a dozen of its smart switches used on corporate networks to address high-severity vulnerabilities.

BleepingComputer

September 06, 2021

Critical Auth Bypass Bug Affect NETGEAR Smart Switches — Patch and PoC Released Full Text

Abstract Networking, storage and security solutions provider Netgear on Friday  issued patches  to address three security vulnerabilities affecting its smart switches that could be abused by an adversary to gain full control of a vulnerable device. The flaws, which were discovered and reported to Netgear by Google security engineer Gynvael Coldwind, impact the following models - GC108P (fixed in firmware version 1.0.8.2) GC108PP (fixed in firmware version 1.0.8.2) GS108Tv3 (fixed in firmware version 7.0.7.2) GS110TPP (fixed in firmware version 7.0.7.2) GS110TPv3 (fixed in firmware version 7.0.7.2) GS110TUP (fixed in firmware version 1.0.5.3) GS308T (fixed in firmware version 1.0.3.2) GS310TP (fixed in firmware version 1.0.3.2) GS710TUP (fixed in firmware version 1.0.5.3) GS716TP (fixed in firmware version 1.0.4.2) GS716TPP (fixed in firmware version 1.0.4.2) GS724TPP (fixed in firmware version 2.0.6.3) GS724TPv2 (fixed in firmware version 2.0.6.3) GS728TPPv2 (fixed in firmware

The Hacker News

September 5, 2021

Saving Private Networks from DNS Rebinding Full Text

Abstract Attackers use the DNS rebinding technique to exploit private networks. It can take over victims' browsers and exposes the attack surface of internal web applications to malicious websites, which can be dangerous. Web browser vendors, web application owners, and DNS resolvers need to apply appropria ... Read More

Cyware Alerts - Hacker News

September 05, 2021

Google’s TensorFlow drops YAML support due to code execution flaw Full Text

Abstract TensorFlow, a popular Python-based machine learning and artificial intelligence project developed by Google has dropped support for YAML, to patch a critical code execution vulnerability. YAML is a convenient choice among developers looking for a human-readable data serialization language.

BleepingComputer

September 04, 2021

U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw Full Text

Abstract The U.S. Cyber Command on Friday warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments that could be abused by unauthenticated attackers to take control of a vulnerable system. "Mass exploitation of Atlassian Confluence  CVE-2021-26084  is ongoing and expected to accelerate," the Cyber National Mission Force (CNMF)  said  in a tweet. The warning was also echoed by the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) and  Atlassian itself  in a series of independent advisories. Bad Packets  noted  on Twitter it "detected mass scanning and exploit activity from hosts in Brazil, China, Hong Kong, Nepal, Romania, Russia and the U.S. targeting Atlassian Confluence servers vulnerable to remote code execution." Atlassian Confluence is a widely popular web-based documentation platform that allows teams to create, collaborate, and organize on different pro

The Hacker News

September 3, 2021

USCYBERCOM and CISA warn organizations to fix CVE-2021-26084 Confluence flaw Full Text

Abstract USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the Labor Day weekend.  US Cyber Command (USCYBERCOM) has issued an alert to warn US organizations to address Atlassian...

Security Affairs

September 03, 2021

Over 60,000 parked domains were vulnerable to AWS hijacking Full Text

Abstract Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking. The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.

BleepingComputer

September 2, 2021

Bluetooth Bugs Open Billions of Devices to DoS, Code Execution Full Text

Abstract The BrakTooth set of security vulnerabilities impacts at least 11 vendors’ chipsets.

Threatpost

September 2, 2021

Cisco Patches Critical Authentication Bug With Public Exploit Full Text

Abstract There’s proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug, but Cisco hasn’t seen any malicious exploit yet.

Threatpost

September 02, 2021

Cisco Issues Patch for Critical Enterprise NFVIS Flaw — PoC Exploit Available Full Text

Abstract Cisco has patched a critical security vulnerability impacting its Enterprise Network Function Virtualization Infrastructure Software (NFVIS) that could be exploited by an attacker to take control of an affected system. Tracked as  CVE-2021-34746 , the weakness has been rated 9.8 out of a maximum of 10 on the Common Vulnerability Scoring System (CVSS) and could allow a remote attacker to circumvent authentication and log in to a vulnerable device as an administrator. The network equipment maker said it's aware of a publicly available proof-of-concept (PoC) exploit code targeting the vulnerability, but added it's not detected any successful weaponization attempts in the wild. CVE-2021-34746 issue is caused due to an incomplete validation of user-supplied input that's passed to an authentication script during the sign-in process, enabling an attacker to inject parameters into an authentication request. "A successful exploit could allow the attacker to bypass authenti

The Hacker News

September 02, 2021

Bluetooth BrakTooth bugs could affect billions of devices Full Text

Abstract Vulnerabilities collectively referred to as BrakTooth are affecting Bluetooth stacks implemented on system-on-a-chip (SoC) circuits from over a dozen vendors.

BleepingComputer

September 2, 2021

Node.js archives serious tar handling vulnerabilities with software update Full Text

Abstract Developers of Node.js have released a significant update to the technology that resolves five troublesome security vulnerabilities, including some that present a remote code execution risk.

The Daily Swig

September 2, 2021

WhatsApp CVE-2020-1910 bug could have led to user data exposure Full Text

Abstract The now-fixed CVE-2020-1910 vulnerability in WhatApp 's image filter feature could have exposed user data to remote attackers. A high-severity security vulnerability in WhatApp's image filter feature, tracked as CVE-2020-1910, could have been exploited...

Security Affairs

September 02, 2021

New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable Full Text

Abstract A set of new security vulnerabilities has been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and, worse, crash the devices via denial-of-service (DoS) attacks.  Collectively dubbed " BrakTooth " (referring to the Norwegian word "Brak" which translates to "crash"), the 16 security weaknesses span across 13 Bluetooth chipsets from 11 vendors such as Intel, Qualcomm, Zhuhai Jieli Technology, and Texas Instruments, covering an estimated 1,400 or more commercial products, including laptops, smartphones, programmable logic controllers, and IoT devices. The flaws were disclosed by researchers from the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD). "All the vulnerabilities […] can be triggered without any previous pairing or authentication," the researchers noted. "The impact of our discovered vulnerabilities is categorized into

The Hacker News

September 2, 2021

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices Full Text

Abstract Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth,...

Security Affairs

September 02, 2021

WhatsApp Photo Filter Bug Could Have Exposed Your Data to Remote Attackers Full Text

Abstract A now-patched high-severity security vulnerability in WhatApp's image filter feature could have been abused to send a malicious image over the messaging app to read sensitive information from the app's memory. Tracked as  CVE-2020-1910  (CVSS score: 7.8), the flaw concerns an out-of-bounds read/write and stems from applying specific image filters to a rogue image and sending the altered image to an unwitting recipient, thereby enabling an attacker to access valuable data stored the app's memory. "A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially-crafted image and sent the resulting image," WhatsApp  noted  in its advisory published in February 2021. Cybersecurity firm Check Point Research, which disclosed the issue to the Facebook-owned platform on November 10, 2020, said it was able to

The Hacker News

September 2, 2021

Cisco fixes a critical flaw in Enterprise NFVIS for which PoC exploit exists Full Text

Abstract Cisco released patches for a critical authentication bypass issue in Enterprise NFV Infrastructure Software (NFVIS) for which PoC exploit code is available. Cisco announced the availability of security patches for a critical authentication bypass...

Security Affairs

September 02, 2021

Cisco fixes critical authentication bypass bug with public exploit Full Text

Abstract Cisco has addressed an almost maximum severity authentication bypass Enterprise NFV Infrastructure Software (NFVIS) vulnerability with public proof-of-concept (PoC) exploit code.

BleepingComputer

September 2, 2021

Google paid over $130K in bounty rewards for the issues addressed with the release of Chrome 93 Full Text

Abstract Google announced the release of Chrome 93 that addresses 27 security vulnerabilities, 19 issues were reported through its bug bounty program. Google announced the release of Chrome 93 for Windows, Mac and Linux that addresses a total of 27 flaws,...

Security Affairs

September 01, 2021

Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices Full Text

Abstract Cybersecurity researchers on Tuesday disclosed details about a zero-click security vulnerability in Linphone Session Initiation Protocol ( SIP ) stack that could be remotely exploited without any action from a victim to crash the SIP client and cause a denial-of-service (DoS) condition. Tracked as  CVE-2021-33056  (CVSS score: 7.5), the issue concerns a NULL pointer dereference vulnerability in the " belle-sip " component, a C-language library used to implement SIP transport, transaction, and dialog layers, with all versions prior to  4.5.20  affected by the flaw. The weakness was discovered and reported by industrial cybersecurity company Claroty. Linphone is an open-source and cross-platform SIP client with support for voice and video calls, end-to-end encrypted messaging, and audio conference calls, among others. SIP, on the other hand, is a signaling protocol used for initiating, maintaining, and terminating real-time multimedia communication sessions for voice, video

The Hacker News

September 1, 2021

QNAP will patche OpenSSL flaws in its NAS devices Full Text

Abstract Network-attached storage (NAS) appliance maker QNAP is working on security patches for its products affected by recently fixed OpenSSL flaws. Taiwanese Network-attached storage (NAS) appliance maker QNAP announced that it is assessing the potential...

Security Affairs

September 1, 2021

New Mirai Variant Abuses WebSVN Vulnerability Full Text

Abstract A new variant of  Mirai botnet  is exploiting a previously disclosed command injection vulnerability affecting WebSVN. The main purpose of this new version of the botnet is to perform a variety of DDoS attacks. O rganizations are strongly recommended to have a robust patch manag ... Read More

Cyware Alerts - Hacker News

September 1, 2021

Vulnerability Allows Remote DoS Attacks Against Apps Using Linphone SIP Stack Full Text

Abstract A flaw affecting the Linphone Session Initiation Protocol (SIP) client suite can allow malicious actors to remotely crash applications, industrial cybersecurity firm Claroty warned on Tuesday.

Security Week

September 01, 2021

QNAP Working on Patches for OpenSSL Flaws Affecting its NAS Devices Full Text

Abstract Network-attached storage (NAS) appliance maker QNAP said it's  currently   investigating  two recently patched security flaws in OpenSSL to determine their potential impact, adding it will release security updates should its products turn out to be vulnerable. Tracked as CVE-2021-3711 (CVSS score: 7.5) and CVE-2021-3712 (CVSS score: 4.4), the  weaknesses  concern a high-severity buffer overflow in SM2 decryption function and a buffer overrun issue when processing ASN.1 strings that could be abused by adversaries to run arbitrary code, cause a denial-of-service condition, or result in disclosure of private memory contents, such as private keys, or sensitive plaintext — CVE-2021-3711  - OpenSSL SM2 decryption buffer overflow CVE-2021-3712  - Read buffer overruns processing ASN.1 strings "A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the c

The Hacker News

September 1, 2021

Cyberattacks Use Office 365 to Target Supply Chain Full Text

Abstract Supply chain attacks starting in Office 365 can take on many different forms. For instance, spear phishers can use a compromised Office 365 account to scout out a targeted employee’s ongoing emails.

Security Intelligence

August 31, 2021

Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms Full Text

Abstract New vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim's knowledge. The two unpatched issues, tracked under the identifiers CVE-2021-39276 (CVSS score: 5.3) and CVE-2021-39277 (CVSS score: 5.7), were discovered and reported by cybersecurity firm Rapid7 in May 2021 with a 60-day deadline to fix the weaknesses. The Fortress S03 Wi-Fi Home Security System is a do-it-yourself (DIY) alarm system that enables users to secure their homes and small businesses from burglars, fires, gas leaks, and water leaks by leveraging Wi-Fi and RFID technology for keyless entry. The company's security and surveillance systems are used by "thousands of clients and continued customers,"  according  to its website. Calling the vulnerabilities "trivially easy to exploit," Rapid7 re

The Hacker News

August 31, 2021

Proxyware Services Open Orgs to Abuse – Report Full Text

Abstract Services that let consumers resell their bandwidth for money are ripe for abuse, researchers warn.

Threatpost

August 31, 2021

WooCommerce Pricing Plugin Allows Malicious Code-Injection Full Text

Abstract The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers.

Threatpost

August 31, 2021

HPE wars customers of Sudo flaw in Aruba AirWave Management Platform Full Text

Abstract Hewlett Packard Enterprise (HPE) warns of a vulnerability in Sudo open-source program used in its Aruba AirWave management platform. Hewlett Packard Enterprise (HPE) is warning of a high-severity privilege escalation vulnerability in Sudo open-source...

Security Affairs

August 31, 2021

QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout Full Text

Abstract The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL.

Threatpost

August 31, 2021

Microsoft Exchange ProxyToken flaw can allow attackers to read your emails Full Text

Abstract ProxyToken is a serious vulnerability in Microsoft Exchange Server that could allow unauthentication attackers to access emails from a target account. Technical details of a serious vulnerability in the Microsoft Exchange Server, dubbed ProxyToken...

Security Affairs

August 31, 2021

Vulnerabilities Can Allow Hackers to Disarm Fortress Home Security Systems Full Text

Abstract Rapid7 researchers discovered that the product is affected by two vulnerabilities — both rated medium severity based on their CVSS score — that can be exploited remotely.

Security Week

August 31, 2021

Deserialization bug in TensorFlow machine learning framework allowed arbitrary code execution Full Text

Abstract According to an advisory on GitHub, both TensorFlow and Keras, a wrapper library for TensorFlow, used an unsafe function to deserialize YAML-encoded machine learning models.

The Daily Swig

August 30, 2021

New Microsoft Exchange ‘ProxyToken’ Flaw Lets Attackers Reconfigure Mailboxes Full Text

Abstract Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information (PII). The issue, tracked as  CVE-2021-33766  (CVSS score: 7.3) and coined " ProxyToken ," was discovered by Le Xuan Tuyen, a researcher at the Information Security Center of Vietnam Posts and Telecommunications Group (VNPT-ISC), and reported through the Zero-Day Initiative (ZDI) program in March 2021. "With this vulnerability, an unauthenticated attacker can perform configuration actions on mailboxes belonging to arbitrary users," the ZDI  said  Monday. "As an illustration of the impact, this can be used to copy all emails addressed to a target and account and forward them to an account controlled by the attacker." Microsoft addressed the issue as part of its  Patch Tuesday updates  for July 2021

The Hacker News

August 30, 2021

QNAP works on patches for OpenSSL bugs impacting its NAS devices Full Text

Abstract Network-attached storage (NAS) maker QNAP is investigating and working on security updates to address remote code execution (RCE) and denial-of-service (DoS) vulnerabilities patched by OpenSSL last week.

BleepingComputer

August 30, 2021

HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform Full Text

Abstract HPE joins Apple in warning customers of a high-severity Sudo vulnerability.

Threatpost

August 30, 2021

Microsoft Exchange ProxyToken bug can let hackers steal user email Full Text

Abstract Technical details have emerged on a serious vulnerability in Microsoft Exchange Server dubbed ProxyToken that does not require authentication to access emails from a target account.

BleepingComputer

August 30, 2021

New Mirai Variant Targets WebSVN Command Injection Vulnerability Full Text

Abstract The critical command injection vulnerability was discovered and patched in May 2021. A PoC was released and within a week, attackers exploited the vulnerability to deploy variants of Mirai.

Palo Alto Networks

August 30, 2021

ProxyToken vulnerability can modify Exchange server configs Full Text

Abstract Nicknamed ProxyToken, the security vulnerability allows a remote attacker to bypass authentication and make changes to a Microsoft Exchange email server’s backend configuration.

The Record

August 29, 2021

Some Synology products impacted by recently disclosed OpenSSL flaws Full Text

Abstract Taiwan vendor Synology announced that recently disclosed vulnerabilities (CVE-2021-3711 and CVE-2021-3712) in the OpenSSL impact some of its products. Taiwanese company Synology revealed that the recently disclosed remote code execution (RCE) and denial-of-service...

Security Affairs

August 28, 2021

Cisco says it will not release software update for critical 0-day in EOL VPN routers Full Text

Abstract Cisco announced recently that it will not be releasing software updates for a vulnerability with its Universal Plug-and-Play (UPnP) service in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers.

ZDNet

August 28, 2021

Atlassian released security patches to fix a critical flaw in Confluence Full Text

Abstract Atlassian released patches to fix a critical flaw, tracked as CVE-2021-26084, affecting the Confluence enterprise collaboration product. Atlassian released security patches to address a critical vulnerability, tracked as CVE-2021-26084, affecting...

Security Affairs

August 28, 2021

Azure Cosmos DB alert: This critical vulnerability puts users at risk Full Text

Abstract Microsoft has recently become aware of a vulnerability in Azure Cosmos DB that could potentially allow a user to gain access to another customer's resources by using the account's primary read-write key.

ZDNet

August 27, 2021

An RCE in Annke video surveillance product allows hacking the device Full Text

Abstract Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical flaw affecting...

Security Affairs

August 27, 2021

ChaosDB, a Critical Cosmos DB flaw affected thousands of Microsoft Azure Customers Full Text

Abstract Microsoft has fixed a critical flaw in Cosmos DB that allowed any Azure user to remotely take over other users' databases without any authorization. Researchers from Cloud security company Wiz disclosed technical details of a now-fixed Azure Cosmos...

Security Affairs

August 27, 2021

Annke network video recorder vulnerability could see attackers seize control of security cameras Full Text

Abstract The critical flaw (CVE-2021-32941) was discovered in the playback functionality of NVR model N48PBB, which captures and records live streams from up to eight IP security cameras.

The Daily Swig

August 27, 2021

Top Strategies That Define the Success of a Modern Vulnerability Management Program Full Text

Abstract Modern vulnerability management programs require a strategy that defines what success means for your organization’s cybersecurity goals. By incorporating a few simple cyber hygiene routines to your daily security routine, you’ll set up your IT teams to be better equipped to steer off cyberattacks.

Threatpost

August 27, 2021

Microsoft warns Azure customers of critical Cosmos DB vulnerability Full Text

Abstract Microsoft has warned thousands of Azure customers that a now-fixed critical vulnerability found in Cosmos DB allowed any user to remotely take over other users' databases by giving them full admin access without requiring authorization.

BleepingComputer

August 27, 2021

Researchers Bypass Security PINs for Mastercard and Maestro Contactless Payments Full Text

Abstract The now-patched vulnerability would have allowed cybercriminals to use stolen Mastercard and Maestro cards to pay for expensive products without needing to provide PINs on contactless payments.

The Record

August 27, 2021

Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers Full Text

Abstract U.S. technology firm Kaseya has  released  security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. The two weaknesses are part of a  trio of vulnerabilities  discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) on July 3, 2021. The IT infrastructure management solution provider has addressed the issues in server software version 10.5.5-2 released on August 12, DIVD said. An as-yet-undisclosed client-side vulnerability in Kaseya Unitrends remains unpatched, but the company has published  firewall rules  that can be applied to filter traffic to and from the client and mitigate any risk associated with the flaw. As an additional precaution, it's  recommended  not to leave the servers accessible over the internet. Although specifics related to the vulnerabilities are sparse, the shortcomin

The Hacker News

August 27, 2021

B. Braun Infusomat pumps could be hacked to alter medication doses Full Text

Abstract Researchers disclosed five vulnerabilities in B. Braun 's Infusomat Space Large Volume Pump and SpaceStation that could be remotely hacked. Cybersecurity researchers from McAfee disclosed five vulnerabilities in B. Braun's Infusomat Space Large...

Security Affairs

August 27, 2021

Critical Cosmos Database Flaw Affected Thousands of Microsoft Azure Customers Full Text

Abstract Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization. The flaw, which grants read, write, and delete privileges, has been dubbed " ChaosDB ," with Wiz researchers noting that "the vulnerability has a trivial exploit that doesn't require any previous access to the target environment, and impacts thousands of organizations, including numerous Fortune 500 companies." Cosmos DB is Microsoft's proprietary  NoSQL database  that's advertised as "a fully managed service" that "takes database administration off your hands with automatic management, updates and patching." The Wiz Research Team reported the issue to Microsoft on August 12, after which the Windows maker took steps to mitigate the issue within 48 hours of r

The Hacker News

August 26, 2021

Synology: Multiple products impacted by OpenSSL RCE vulnerability Full Text

Abstract Taiwan-based NAS maker Synology has revealed that recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities impact some of its products.

BleepingComputer

August 26, 2021

Cisco fixed a critical flaw in Cisco APIC for Nexus 9000 series switches Full Text

Abstract Cisco addressed a critical security vulnerability in the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches. Cisco has released security updates to address a critical security vulnerability, tracked...

Security Affairs

August 26, 2021

F5 Bug Could Lead to Complete System Takeover Full Text

Abstract The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode.

Threatpost

August 26, 2021

Kaseya fixed two of the three Kaseya Unitrends zero-days found in July Full Text

Abstract Software firm Kaseya addressed Kaseya Unitrends zero-day vulnerabilities that were reported by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). Kaseya released security updates address server-side Kaseya Unitrends...

Security Affairs

August 26, 2021

Kaseya patches Unitrends server zero-days, issues client mitigations Full Text

Abstract American software company Kaseya has issued a security updates to patch server side Kaseya Unitrends vulnerabilities found by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD).

BleepingComputer

August 26, 2021

‘Trilateration’ vulnerability in dating app Bumble leaked users’ exact location Full Text

Abstract Robert Heaton, software engineer at payments processor Stripe, said his find could have empowered attackers to discover victims’ home addresses or, to some degree, track their movements.

The Daily Swig

August 26, 2021

The Increased Liability of Local In-home Propagation Full Text

Abstract Today I discuss an attack vector conducive to cross-organizational spread, in-home local propagation. Though often overlooked, this vector is especially relevant today, as many corporate employees remain working from home. In this post, I contrast in-home local propagation with traditional vectors through which a threat (ransomware in particular) spreads throughout an organization. I discuss the reasons this type of spread is problematic for employees and corporations alike. Finally, I offer simple solutions to mitigate the risk of such tactics.  Why Should IT and Security Stakeholders Care? Today's long cycle attacks are often reconnoitering the victim environment for weeks, if not months. In this time, the attacker gains a tremendous amount of knowledge about systems in the victim's footprint. This additional loiter time in the victim's environment, coupled with ad-hoc maintained work-from-home environments, presents both an  ingress avenue  for attacks into their net

The Hacker News

August 26, 2021

F5 Releases Critical Security Patches for BIG-IP and BIG-IQ Devices Full Text

Abstract Enterprise security and network appliance vendor F5 has released patches for more than  two dozen security vulnerabilities  affecting multiple versions of BIG-IP and BIG-IQ devices that could potentially allow an attacker to perform a wide range of malicious actions, including accessing arbitrary files, escalating privileges, and executing JavaScript code. Of the 29 bugs addressed, 13 are high-severity flaws, 15 are rated medium, and one is rated low in severity. Chief among them is  CVE-2021-23031  (CVSS score: 8.8), a vulnerability affecting BIG-IP Advanced Web Application Firewall and BIG-IP Application Security Manager that allows an authenticated user to perform a privilege escalation. "When this vulnerability is exploited, an authenticated attacker with access to the Configuration utility can execute arbitrary system commands, create or delete files, and/or disable services. This vulnerability may result in complete system compromise," F5 said in its advisory. It&

The Hacker News

August 26, 2021

VMware addressed 4 High-Severity flaws in vRealize Operations Full Text

Abstract VMware released security patches to address multiple vulnerabilities in vRealize Operations, including four high severity flaws. VMware addressed multiple vulnerabilities in vRealize Operations, including four high severity flaws. The most severe...

Security Affairs

August 26, 2021

VMware Issues Patches to Fix New Flaws Affecting Multiple Products Full Text

Abstract VMware on Wednesday shipped  security updates  to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses (from CVE-2021-22022 through CVE-2021-22027, CVSS scores: 4.4 - 8.6) affect VMware vRealize Operations (prior to version 8.5.0), VMware Cloud Foundation (versions 3.x and 4.x), and vRealize Suite Lifecycle Manager (version 8.x), as listed below - CVE-2021-22022  (CVSS score: 4.4) - Arbitrary file read vulnerability in vRealize Operations Manager API, leading to information disclosure CVE-2021-22023  (CVSS score: 6.6) - Insecure direct object reference vulnerability in vRealize Operations Manager API, enabling an attacker with administrative access to alter other users' information and seize control of an account CVE-2021-22024  (CVSS score: 7.5) - Arbitrary log-file read vulnerability in vRealize Operations Manager API, resulting in sensitive information disclosure

The Hacker News

August 26, 2021

Top Vulnerabilities exploited to Hack Linux Systems Full Text

Abstract According to Trend Micro, which identified around 15 million malware events targeting Linux-based cloud, coin miners and ransomware make up 54% of all malware, and web shells account for 29% of them.

voiceofciso

August 25, 2021

Critical Flaw Discovered in Cisco APIC for Switches — Patch Released Full Text

Abstract Cisco Systems on Wednesday issued patches to address a critical security vulnerability affecting the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches that could be potentially abused to read or write arbitrary files on a vulnerable system. Tracked as  CVE-2021-1577  (CVSS score: 9.1), the issue — which is due to improper access control — could enable an unauthenticated, remote attacker to upload a file to the appliances. " A successful exploit could allow the attacker to read or write arbitrary files on an affected device," the company  said  in an advisory. The APIC appliance is a centralized, clustered controller that programmatically automates network provisioning and control based on the application requirements and policies across physical and virtual environments. Cisco said it discovered the vulnerability during internal security testing by the Cisco Advanced Security Initiatives Group (ASIG). Additionally, the

The Hacker News

August 25, 2021

Microsoft: ProxyShell bugs “might be exploited,” patch servers now! Full Text

Abstract Microsoft has finally published guidance today for the actively exploited ProxyShell vulnerabilities impacting multiple on-premises Microsoft Exchange versions.

BleepingComputer

August 25, 2021

F5 addressed a flaw in BIG-IP devices rated as critical severity under specific conditions Full Text

Abstract F5 has addressed more than a dozen severe vulnerabilities in its BIG-IP networking device, including one rated as critical severity under specific conditions. Security vendor F5 has addressed more than a dozen high-severity vulnerabilities in its BIG-IP...

Security Affairs

August 25, 2021

Cisco Issues Critical Fixes for High-End Nexus Gear Full Text

Abstract Networking giant issues two critical patches and six high-severity patches.

Threatpost

August 25, 2021

Researchers Uncover FIN8’s New Backdoor Targeting Financial Institutions Full Text

Abstract A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed " Sardonic " by Romanian cybersecurity technology company Bitdefender, which it encountered during a  forensic investigation  in the wake of an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution located in the U.S. Said to be under active development, "Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components," Bitdefender researchers Eduard Budaca and Victor Vrabie said in a report shared with The Hacker News. Since emerging on the scene in January 2016, FIN8 has

The Hacker News

August 25, 2021

Critical F5 BIG-IP bug impacts customers in sensitive sectors Full Text

Abstract BIG-IP application services company F5 has fixed more than a dozen high-severity vulnerabilities in its networking device, one of them being elevated to critical severity under specific conditions.

BleepingComputer

August 25, 2021

B.Braun Infusomat Pumps Could Let Attackers Remotely Alter Medication Dosages Full Text

Abstract Cybersecurity researchers have disclosed five previously unreported security vulnerabilities affecting B. Braun's Infusomat Space Large Volume Pump and SpaceStation that could be abused by malicious parties to tamper with medication doses without any prior authentication. McAfee, which discovered and reported the flaws to the German medical and pharmaceutical device company on January 11, 2021,  said  the "modification could appear as a device malfunction and be noticed only after a substantial amount of drug has been dispensed to a patient, since the infusion pump displays exactly what was prescribed, all while dispensing potentially lethal doses of medication." The issues have been addressed by B. Braun in SpaceCom L82 or later, Battery Pack SP with WiFi:L82 or later, and DataModule compactplus version A12 or later. Infusion pumps are medical devices used to deliver intravenous fluids, such as nutrients and medications, into a patient's body in controlled amoun

The Hacker News

August 25, 2021

Ethereum urges Go devs to fix severe chain-split vulnerability Full Text

Abstract Ethreum project is urging developers to apply a hotfix to squash a high-severity vulnerability. The chain-split vulnerability tracked as CVE-2021-39137, impacts "Geth," the official Golang implementation of the Ethereum protocol.

BleepingComputer

August 24, 2021

CVE-2021-3711 in OpenSSL can allow to change an application’s behavior Full Text

Abstract The OpenSSL Project patched a high-severity vulnerability, tracked as CVE-2021-3711, that can allow an attacker to change an application’s behavior or cause the app to crash. The OpenSSL Project released the OpenSSL 1.1.1l version that addresses...

Security Affairs

August 24, 2021

Samsung can remotely disable their TVs worldwide using TV Block Full Text

Abstract Samsung says that it can disable any of its Samsung TV sets remotely using TV Block, a feature built into all television products sold worldwide.

BleepingComputer

August 24, 2021

New zero-click exploit used to target Bahraini activists’ iPhones with NSO spyware Full Text

Abstract Citizen Lab uncovered a new zero-click iMessage exploit that was used to deploy the NSO Group's Pegasus spyware on devices belonging to Bahraini activists. Researchers from Citizen Lab spotted a zero-click iMessage exploit that was used to deploy...

Security Affairs

August 24, 2021

SteelSeries bug gives Windows 10 admin rights by plugging in a device Full Text

Abstract The official app for installing SteelSeries devices on Windows 10 can be exploited to obtain administrator rights, a security researcher has found.

BleepingComputer

August 24, 2021

New zero-click iPhone exploit used to deploy NSO spyware Full Text

Abstract Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging to Bahraini activists.

BleepingComputer

August 23, 2021

Windows 10 Admin Rights Gobbled by Razer Devices Full Text

Abstract So much for Windows 10’s security: A zero-day in the device installer software grants admin rights just by plugging in a mouse or other compatible device. UPDATE: Microsoft is investigating.

Threatpost

August 23, 2021

Are you using a Sophos UTM appliance? Be sure it is up to date! Full Text

Abstract A researcher disclosed technical details of a critical remote code execution vulnerability, tracked as CVE-2020-25223, patched last year. In September, Sophos addressed a remote code execution vulnerability (CVE-2020-25223) in the WebAdmin of SG UTM that...

Security Affairs

August 23, 2021

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems Full Text

Abstract Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. That's according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro , detailing the top threats and vulnerabilities affecting the operating system in the first half of 2021, based on data amassed from honeypots, sensors, and anonymized telemetry. The company, which detected nearly 15 million malware events aimed at Linux-based cloud environments, found coin miners and ransomware to make up 54% of all malware, with web shells accounting for a 29% share. In addition, by dissecting over 50 million events reported from 100,000 unique Linux hosts during the same time period, the researchers found 15 different security weaknesses that are known to be actively exploited in the wild o

The Hacker News

August 23, 2021

LPE zero-day flaw in Razer Synapse allows attackers to take over Windows PCs Full Text

Abstract A zero-day vulnerability in Razer Synapse could allow threat actors to gain Windows admin privileges by plugging in a Razer mouse or keyboard. Razer is a popular manufacturer of computer accessories, including gaming mouses and keyboards. A local...

Security Affairs

August 23, 2021

Details Disclosed for Critical Vulnerability in Sophos Appliances Full Text

Abstract Organizations using security appliances from Sophos have been advised to make sure their devices are up to date after a researcher disclosed the details of a critical vulnerability patched last year.

Security Week

August 23, 2021

CISA warns admins to urgently patch Exchange ProxyShell bugs Full Text

Abstract The US Cybersecurity and Infrastructure Security Agency (CISA) issued its first alert tagged as "urgent," warning admins to patch on-premises Microsoft Exchange servers against actively exploited ProxyShell vulnerabilities.

BleepingComputer

August 22, 2021

Razer bug lets you become a Windows 10 admin by plugging in a mouse Full Text

Abstract A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard.

BleepingComputer

August 22, 2021

Google discloses unpatched Microsoft WFP Default Rules AppContainer Bypass EoP Full Text

Abstract Google disclosed the details of a Windows ​​AppContainer vulnerability because Microsoft initially had no plans to fix it. Google Project Zero experts disclosed the details of a Windows ​​AppContainer flaw after Microsoft announced it had no plans...

Security Affairs

August 21, 2021

Google shares details of unpatched Windows AppContainer vulnerability Full Text

Abstract Google Project Zero researcher James Forshaw shared details of a Windows AppContainer vulnerability after Microsoft backtracked on its previous stance of not fixing the flaw and announcing to address it soon.

Hackread

August 21, 2021

Internet Systems Consortium (ISC) fixes High-Severity DoS flaw in BIND DNS Software Full Text

Abstract The Internet Systems Consortium (ISC) has released security updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2021-25218, that affects its BIND DNS software.

Security Affairs

August 20, 2021

Cloud load balancer snafu leads to 3D printer user printing on a stranger’s kit Full Text

Abstract Just over 70 of The Spaghetti Detective's users were able to control others' 3D printing devices as a result – something the service said it doesn't normally allow to happen.

The Register

August 20, 2021

Cisco warns of Server Name Identification data exfiltration flaw in multiple products Full Text

Abstract Unauthenticated attackers could bypass TLS inspection filtering solution in multiple products to exfiltrate data from previously compromised servers, Cisco warns. Cisco warns of a vulnerability in Server Name Identification (SNI) request filtering...

Security Affairs

August 20, 2021

Pegasus iPhone hacks used as lure in extortion scheme Full Text

Abstract A new extortion scam is underway that attempts to capitalize on the recent Pegasus iOS spyware attacks to scare people into paying a blackmail demand.

BleepingComputer

August 20, 2021

637 flaws in industrial control system (ICS) products were published in H1 2021 Full Text

Abstract During the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76 vendors. Industrial cybersecurity firm Claroty published its third Biannual ICS Risk & Vulnerability...

Security Affairs

August 19, 2021

Critical Flaw Found in Older Cisco Small Business Routers Won’t Be Fixed Full Text

Abstract A critical vulnerability in Cisco Small Business Routers will not be patched by the networking equipment giant, since the devices reached end-of-life in 2019. Tracked as CVE-2021-34730 (CVSS score: 9.8), the issue resides in the routers' Universal Plug-and-Play (UPnP) service, enabling an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability, which the company said is due to improper validation of incoming UPnP traffic, could be abused to send a specially-crafted UPnP request to an affected device, resulting in remote code execution as the root user on the underlying operating system. "Cisco has not released and will not release software updates to address the vulnerability," the company  noted  in an advisory published Wednesday. "The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have  entered the end-of-life process .

The Hacker News

August 19, 2021

New unofficial Windows patch fixes more PetitPotam attack vectors Full Text

Abstract A second unofficial patch for the Windows PetitPotam NTLM relay attack has been released to fix further issues not addressed by Microsoft's official security update.

BleepingComputer

August 19, 2021

Cisco will not patch critical flaw CVE-2021-34730 in EoF routers Full Text

Abstract Cisco has no plan to fix a critical code execution flaw (CVE-2021-34730) in small business RV110W, RV130, RV130W, and RV215W routers Cisco has no plan to address a critical code execution vulnerability, tracked as CVE-2021-34730, that affects small...

Security Affairs

August 19, 2021

Hackers can bypass Cisco security products in data theft attacks Full Text

Abstract Cisco said that unauthenticated attackers could bypass TLS inspection filtering tech in multiple products to exfiltrate data from previously compromised servers inside customers' networks.

BleepingComputer

August 19, 2021

Critical Cisco Bug in Small Business Routers to Remain Unpatched Full Text

Abstract The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life.

Threatpost

August 19, 2021

Windows EoP Bug Detailed by Google Project Zero Full Text

Abstract Microsoft first dismissed the elevation of privilege flaw but decided yesterday that attackers injecting malicious code is worthy of attention.

Threatpost

August 19, 2021

Cisco won’t fix zero-day RCE vulnerability in end-of-life VPN routers Full Text

Abstract In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched because the devices have reached end-of-life.

BleepingComputer

August 18, 2021

STARTTLS Flaws Affecting Major Email Clients and Servers Full Text

Abstract Security researchers have identified around 40 different vulnerabilities in a TLS encryption mechanism that could lead to targeted Man-in-the-Middle (MitM) attacks.  Upgrading email communication protocols connections via STARTTLS is insecure and exposes the system to a number of security vuln ... Read More

Cyware Alerts - Hacker News

August 18, 2021

Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices Full Text

Abstract A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK), which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution. Tracked as CVE-2021-28372 (CVSS score: 9.6) and  discovered  by FireEye Mandiant in late 2020, the weakness concerns an improper access control flaw in ThroughTek point-to-point (P2P) products, successful exploitation of which could result in the "ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality." "Successful exploitation of this vulnerability could permit remote code execution and unauthorized access to sensitive information, such as to camera audio/video feeds," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  noted  in an advisory. There are believed to be 83 million active devices on the Kala

The Hacker News

August 18, 2021

Kerberos Authentication Spoofing: Don’t Bypass the Spec Full Text

Abstract Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS.

Threatpost

August 18, 2021

BadAlloc Flaw Affects BlackBerry QNX Used in Millions of Cars and Medical Devices Full Text

Abstract A major vulnerability affecting older versions of BlackBerry's QNX Real-Time Operating System (RTOS) could allow malicious actors to cripple and gain control of a variety of products, including cars, medical, and industrial equipment. The shortcoming (CVE-2021-22156, CVSS score: 9.0) is part of a broader collection of flaws, collectively dubbed  BadAlloc , that was originally disclosed by Microsoft in April 2021, which could open a backdoor into many of these devices, allowing attackers to commandeer them or disrupt their operations. "A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code on affected devices," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said  in a Tuesday bulletin. As of writing, there is no evidence of active exploitation of the vulnerability. BlackBerry QNX technology is  used  worldwide by over 195 million vehicles and embedded systems across a wide range of industries,

The Hacker News

August 18, 2021

Adobe addresses two critical vulnerabilities in Photoshop Full Text

Abstract Adobe has addressed two critical security vulnerabilities affecting its Photoshop image manipulation software. Adobe released security updates to address two critical security vulnerabilities, tracked as CVE-2021-36065 and CVE-2021-36066, affecting...

Security Affairs

August 18, 2021

Memory Bugs in BlackBerry’s QNX Embedded OS Open Devices to Attacks Full Text

Abstract The once-dominant handset maker BlackBerry is busy squashing BadAlloc bugs in its QNX real-time operating system used in cars in medical devices.

Threatpost

August 17, 2021

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop Full Text

Abstract A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices.

Threatpost

August 17, 2021

Unpatched Remote Hacking Flaw Disclosed in Fortinet’s FortiWeb WAF Full Text

Abstract Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall (WAF) appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page," cybersecurity firm Rapid7  said  in an advisory published Tuesday. "This vulnerability appears to be related to  CVE-2021-22123 , which was addressed in  FG-IR-20-120 ." Rapid7 said it discovered and reported the issue in June 2021. Fortinet is expected to release a patch at the end of August with version Fortiweb 6.4.1. The command injection flaw is yet to be assigned a CVE identifier, but it has a severity rating of 8.7 on the CVSS scoring system. Successful exploitation of the vulnerability can allow auth

The Hacker News

August 17, 2021

Memory corruption vulnerability found in Daemon Tools Pro Full Text

Abstract CVE-2021-21832 can cause memory corruption in the application if the user opens an adversary-created ISO file that causes an integer overflow. This flaw exists in the way the application parses ISOs.

Cisco Talos

August 17, 2021

Kalay cloud platform flaw exposes millions of IoT devices to hack Full Text

Abstract FireEye Mandiant researchers have discovered a critical vulnerability in the Kalay cloud platform that exposes millions of IoT devices to attacks. Researchers at FireEye’s Mandiant have discovered a critical vulnerability, tracked as CVE-2021-28372,...

Security Affairs

August 17, 2021

Fortinet FortiWeb OS Command Injection allows takeover servers remotely Full Text

Abstract Fortinet addresses a command injection vulnerability that can allow attackers to take complete control of servers running vulnerable FortiWeb WAF installs. An authenticated attacker could execute arbitrary commands as the root user on the underlying...

Security Affairs

August 17, 2021

CISA: BadAlloc impacts critical infrastructure using BlackBerry QNX Full Text

Abstract CISA today warned that IoT and OT security flaws known as BadAlloc impact BlackBerry's QNX Real Time Operating System (RTOS) used by critical infrastructure organizations.

BleepingComputer

August 17, 2021

Google Awards $42,000 for Two Serious Chrome Vulnerabilities Full Text

Abstract The most severe of these are CVE-2021-30598 and CVE-2021-30599, two type confusion issues in the V8 JavaScript engine that were identified and reported in July by Manfred Paul.

Security Week

August 17, 2021

Fortinet delays patching zero-day allowing remote server takeover Full Text

Abstract Fortinet has delayed patching a zero-day command injection vulnerability found in the FortiWeb web application firewall (WAF) until the end of August.

BleepingComputer

August 17, 2021

Multiple integer overflow vulnerabilities in GPAC Project on Advanced Content Full Text

Abstract An attacker could exploit these flaws by sending a specially crafted MP4 file. This could cause an integer overflow eventually resulting in a heap-based buffer overflow that causes memory corruption.

Cisco Talos

August 17, 2021

Fortinet patches bug letting attackers takeover servers remotely Full Text

Abstract Fortinet has released security updates to address a command injection vulnerability that can let attackers take complete control of servers running vulnerable FortiWeb web application firewall (WAF) installations.

BleepingComputer

August 16, 2021

XSS Bug in SEOPress WordPress Plugin Allows Site Takeover Full Text

Abstract The bug would allow a number of malicious actions, up to and including full site takeover. The vulnerable plugin is installed on 100,000 websites.

Threatpost

August 16, 2021

Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices Full Text

Abstract Taiwanese chip designer Realtek is warning of  four security vulnerabilities  in three software development kits (SDKs) accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors. The flaws, which affect Realtek SDK v2.x, Realtek "Jungle" SDK v3.0/v3.1/v3.2/v3.4.x/v3.4T/v3.4T-CT, and Realtek "Luna" SDK up to version 1.3.2, could be abused by attackers to fully compromise the target device and execute arbitrary code with the highest level of privilege — CVE-2021-35392  (CVSS score: 8.1) - Heap buffer overflow vulnerability in 'WiFi Simple Config' server due to unsafe crafting of SSDP NOTIFY messages CVE-2021-35393  (CVSS score: 8.1) - Stack buffer overflow vulnerability in 'WiFi Simple Config' server due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header CVE-2021-35394  (CVSS score: 9.8) - Multiple buffer overflow vulnerabilities and an arbitrary command injection vulnerability in 'UD

The Hacker News

August 16, 2021

65 vendors affected by severe vulnerabilities in Realtek chips Full Text

Abstract A security vulnerability within the Realtek RTL819xD module allows attackers to gain complete access to the device, installed operating systems, and other network devices.

Help Net Security

August 16, 2021

Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets Full Text

Abstract Valve plugs an API bug found in its Steam platform that that abused the Smart2Pay system to add unlimited funds to gamer digital wallets.

Threatpost

August 16, 2021

Magniber and Vice Society Actors Exploiting PrintNightmare Flaws Full Text

Abstract Ransomware operators, including Magniber and Vice Society, were found exploiting flaws in Windows Print Spooler to compromise systems and spread laterally across networks.

Cyware Alerts - Hacker News

August 16, 2021

Research: Hundreds of high-traffic web domains vulnerable to same-site attacks Full Text

Abstract The underrated threat of related-domain attacks can enable malicious actors to circumvent many advanced website protection mechanisms, according to researchers from TU Wien and Ca’ Foscari University.

The Daily Swig

August 16, 2021

Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients Full Text

Abstract Security researchers have disclosed as many as 40 different vulnerabilities associated with an opportunistic encryption mechanism in mail clients and servers that could open the door to targeted man-in-the-middle (MitM) attacks, permitting an intruder to forge mailbox content and steal credentials. The now-patched flaws, identified in various STARTTLS implementations, were  detailed  by a group of researchers Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel at the 30th USENIX Security Symposium. In an Internet-wide scan conducted during the study, 320,000 email servers were found vulnerable to what's called a command injection attack. Some of the popular clients affected by the bugs include Apple Mail, Gmail, Mozilla Thunderbird, Claws Mail, Mutt, Evolution, Exim, Mail.ru, Samsung Email, Yandex, and KMail. The attacks require that the malicious party can tamper connections established between an email client and the email server of a provider and has login cr

The Hacker News

August 16, 2021

Valve promptly resolves Steam ‘unlimited funds’ gaming wallet cheat Full Text

Abstract In a write-up published after the bug was resolved, the researcher describes how an attacker would first have to modify their Steam account email to an address that includes the term “amount100”.

The Daily Swig

August 14, 2021

Dumping user’s Microsoft Azure credentials in plaintext from Windows 365 Full Text

Abstract A security expert devised a method to retrieve a user's Microsoft Azure credentials in plaintext from Microsoft's new Windows 365 Cloud PC service using Mimikatz. Benjamin Delpy, the popular security researcher and author of the Mimikatz tool, has devised...

Security Affairs

August 14, 2021

Microsoft confirms another Windows Print Spooler bug, offers workaround Full Text

Abstract A day after the August 2021 Patch Tuesday, Microsoft has released an out-of-band security advisory acknowledging the existence of yet another Print Spooler vulnerability (CVE-2021-36958).

Help Net Security

August 13, 2021

Windows 365 exposes Microsoft Azure credentials in plaintext Full Text

Abstract A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz.

BleepingComputer

August 13, 2021

‘Unpatched’ vulnerabilities in Wodify fitness management platform allow attackers to steal gym payments, extract member data Full Text

Abstract Security researchers have uncovered three vulnerabilities in Wodify app that could allow an authenticated user to modify production data and extract sensitive personal information.

The Daily Swig

August 12, 2021

Microsoft Exchange servers are getting hacked via ProxyShell exploits Full Text

Abstract Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access.

BleepingComputer

August 12, 2021

Trend Micro warns customers of zero-day attacks against its products Full Text

Abstract Security firms Trend Micro is warning its customers of attacks exploiting zero-day vulnerabilities in its Apex One and Apex One as a Service products. On July 28, Trend Micro released security patches for multiple incorrect permission assignment...

Security Affairs

August 12, 2021

Node.js developers fix high-risk vulnerability that could allow remote domain hijacking Full Text

Abstract The maintainers of the JavaScript runtime environment have released a security advisory today (August 12) warning users to update to the latest version to protect against a series of bugs.

The Daily Swig

August 12, 2021

August 2021 ICS Patch Tuesday: Siemens, Schneider Address Over 50 Flaws Full Text

Abstract Siemens and Schneider Electric on Tuesday released 18 security advisories addressing a total of more than 50 vulnerabilities affecting their products used in industrial settings.

Security Week

August 12, 2021

Microsoft warns of a new unpatched Windows Print Spooler RCE zero-day Full Text

Abstract Microsoft is warning of another zero-day Windows print spooler vulnerability, tracked as CVE-2021-36958, that could allow local attackers to gain SYSTEM privileges. Microsoft published a security advisory to warn its customers of another remote code...

Security Affairs

August 11, 2021

Microsoft Warns of Another Unpatched Windows Print Spooler RCE Vulnerability Full Text

Abstract A day after releasing  Patch Tuesday updates , Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it's working to remediate the issue in an upcoming security update. Tracked as  CVE-2021-36958  (CVSS score: 7.3), the unpatched flaw is the latest to join a  list  of  bugs  collectively known as  PrintNightmare  that have plagued the printer service and come to light in recent months. Victor Mata of FusionX, Accenture Security, who has been credited with reporting the flaw,  said  the issue was disclosed to Microsoft in December 2020. "A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations," the company said in its out-of-band bulletin, echoing the vulnerability details for  CVE-2021-34481 . "An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then

The Hacker News

August 11, 2021

Microsoft confirms another Windows print spooler zero-day bug Full Text

Abstract Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer.

BleepingComputer

August 11, 2021

Nine Critical and High-Severity Vulnerabilities Patched in SAP Products Full Text

Abstract German enterprise software giant SAP has released 19 new and updated security notes, including for nine new vulnerabilities that have been rated critical or high severity.

Security Week

August 11, 2021

Intel Addresses High-Severity Flaws in NUC 9 Extreme Laptops, Ethernet Linux Drivers Full Text

Abstract Intel on Tuesday released six new security advisories to inform customers about the availability of firmware and software updates that address a total of 15 vulnerabilities across several products.

Security Week

August 11, 2021

ProxyShell - Another MS Exchange Flaw Gaining Traction Among Attackers Full Text

Abstract A cybersecurity researcher recently spotted threat actors actively trying to exploit Microsoft Exchange servers by targeting ProxyShell vulnerabilities. The newly discovered vulnerabilities could be exploited via the Client Access Service (CAS), which runs in IIS on port 443. Experts recommend appl ... Read More

Cyware Alerts - Hacker News

August 11, 2021

SAP Patches Nine Critical & High-Severity Bugs Full Text

Abstract Experts urged enterprises to patch fast: SAP vulnerabilities are being weaponized in a matter of hours.

Threatpost

August 11, 2021

Multiple vulnerabilities discovered in AT&T Labs’ Xmill utility Full Text

Abstract An attacker could take advantage of these issues to carry out a variety of malicious actions, including corrupting the application’s memory and gaining the ability to execute remote code.

Cisco Talos

August 11, 2021

Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic Full Text

Abstract Cybersecurity researchers have disclosed a new class of vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to exfiltrate sensitive information from corporate networks. "We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google," researchers Shir Tamari and Ami Luttwak from infrastructure security firm Wiz  said . Calling it a "bottomless well of valuable intel," the treasure trove of information contains internal and external IP addresses, computer names, employee names and locations, and details about organizations' web domains. The findings were  presented  at the Black Hat USA 2021 security conference last week. "The traffic that leaked to us from internal network traffic provides malicious actors all the intel they would ever need to launch a successful attack," the researchers added. "More than t

The Hacker News

August 11, 2021

Adobe fixes critical flaws in Magento, patch it immediately Full Text

Abstract Adobe security updates for August 2021 have addressed critical vulnerabilities in Magento and important bugs in Adobe Connect. Adobe security updates for August 2021 address a total of 29 flaws, including critical vulnerabilities in Magento and important...

Security Affairs

August 11, 2021

A Flaw with DNSaaS Providers Exploited for Intelligence Gathering Full Text

Abstract A set of DNS vulnerabilities was found impacting DNS-as-a-Service (DNSaaS) providers. It enables cybercriminals to rip off sensitive corporate data. The flaws could allow intelligence harvesting simply by using a domain registration technique. There are mitigation steps available that can be f ... Read More

Cyware Alerts - Hacker News

August 11, 2021

Microsoft patch Tuesday security updates fix PrintNightmare flaws Full Text

Abstract Microsoft released patch Tuesday security updates for August that address 120 CVEs in Microsoft products including a zero-day actively exploited in the wild. Microsoft released patch Tuesday security updates for August that address 120 CVEs in multiple...

Security Affairs

August 10, 2021

Magento Update Released to Fix Critical Flaws Affecting E-Commerce Sites Full Text

Abstract Adobe on Tuesday shipped  security updates  to remediate multiple critical vulnerabilities in its Magento e-commerce platform that could be abused by an attacker to execute arbitrary code and take control of a vulnerable system. The  issues  affect 2.3.7, 2.4.2-p1, 2.4.2, and earlier versions of Magento Commerce, and 2.3.7, 2.4.2-p1, and all prior versions of Magento Open Source edition. Of the 26 flaws addressed, 20 are rated critical, and six are rated Important in severity. None of the vulnerabilities fixed this month by Adobe are listed as publicly known or under active attack at the time of release. The most concerning of the bugs are as follows - CVE-2021-36021, CVE-2021-36024, CVE-2021-36025, CVE-2021-36034, CVE-2021-36035, CVE-2021-36040, CVE-2021-36041, and CVE-2021-36042  (CVSS score: 9.1) - Arbitrary code execution due to improper input validation CVE-2021-36022 and CVE-2021-36023  (CVSS score: 9.1) - Arbitrary code execution due to OS command injection CVE-2021-3602

The Hacker News

August 10, 2021

Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability Full Text

Abstract Microsoft on Tuesday rolled out  security updates  to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild. The update, which is the smallest release since December 2019, squashes seven Critical and 37 Important bugs in Windows, .NET Core & Visual Studio, Azure, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, Microsoft Windows Codecs Library, Remote Desktop Client, among others. This is in addition to  seven security flaws  it patched in the Microsoft Edge browser on August 5. Chief among the patched issues is  CVE-2021-36948  (CVSS score: 7.8), an elevation of privilege flaw affecting Windows Update Medic Service — a service that enables remediation and protection of Windows Update components — which could be abused to run malicious programs with escalated permissions. Microsoft's Threat Intelligence Center has been credited with reporting the flaw

The Hacker News

August 10, 2021

Microsoft revives deprecated RDCMan after fixing security flaw Full Text

Abstract Microsoft has revived the Remote Desktop Connection Manager (RDCMan) app that was deprecated last year due to an important severity information disclosure bug the company decided not to fix.

BleepingComputer

August 10, 2021

Adobe fixes critical preauth vulnerabilities in Magento Full Text

Abstract Adobe has released a large Patch Tuesday security update that fixes critical vulnerabilities in Magento and important bugs in Adobe Connect.

BleepingComputer

August 10, 2021

Microsoft August 2021 Patch Tuesday fixes 3 zero-days, 44 flaws Full Text

Abstract Today is Microsoft's August 2021 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 44 flaws, so please be nice to your Windows admins as they scramble to installed patches.

BleepingComputer

August 10, 2021

Microsoft fixes Windows Print Spooler PrintNightmare vulnerability Full Text

Abstract Microsoft has fixed the PrintNightmare vulnerability in the Windows Print Spooler by requiring users to have administrative privileges when using the Point and Print feature to install printer drivers.

BleepingComputer

August 9, 2021

Auth Bypass Bug Exploited, Affecting Millions of Routers Full Text

Abstract A mere three days after disclosure, cyberattackers are hijacking home routers from 20 vendors & ISPs to add them to a Mirai-variant botnet used for carrying out DDoS attacks.

Threatpost

August 09, 2021

A Critical Random Number Generator Flaw Affects Billions of IoT Devices Full Text

Abstract A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things (IoT) devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks. "It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," Bishop Fox researchers Dan Petro and Allan Cecil  said  in an analysis published last week. "In fact, in many cases, devices are choosing encryption keys of 0 or worse. This can lead to a catastrophic collapse of security for any upstream use." Random number generation ( RNG ) is a  crucial process  that undergirds several cryptographic applications, including key generation, nonces, and salting. On traditional operating systems, it's derived from a cryptographically secure pseudorandom number generator (CSPRNG) that uses entropy obtained from a high-quality seed source.

The Hacker News

August 09, 2021

Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw Full Text

Abstract Pulse Secure has shipped a fix for a critical post-authentication remote code execution (RCE) vulnerability in its Connect Secure virtual private network (VPN) appliances to address an incomplete patch for an actively exploited flaw it previously resolved in October 2020. "The Pulse Connect Secure appliance suffers from an uncontrolled archive extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in Remote Code Execution as root," NCC Group's Richard Warren  disclosed  on Friday. "This vulnerability is a bypass of the patch for  CVE-2020-8260 ." "An attacker with such access will be able to circumvent any restrictions enforced via the web application, as well as remount the filesystem, allowing them to create a persistent backdoor, extract and decrypt credentials, compromise VPN clients, or pivot into the internal network," Warren added. The disclosure comes days after Ivanti, the company behind Pulse Secure,  p

The Hacker News

August 8, 2021

PwnedPiper: Serious Flaws in Pneumatic Tubing System Full Text

Abstract Security experts discovered a set of nine vulnerabilities, aka PwnedPiper, in the TransLogic Pneumatic Tube Systems from Swisslog Healthcare. The flaws impact around 80% of U.S. hospitals, with a possibility of complete system takeover. The vendor urged institutions to patch flaws and also provided ... Read More

Cyware Alerts - Hacker News

August 8, 2021

A zero-day RCE in Cisco ADSM has yet to be fixed Full Text

Abstract A remote code execution (RCE) vulnerability in the Cisco Adaptive Security Device Manager (ADSM) Launcher disclosed in July has yet to be addressed. Cisco provided an update on a remote code execution (RCE) vulnerability (CVE-2021-1585) in the Adaptive...

Security Affairs

August 07, 2021

Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now Full Text

Abstract Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference.

BleepingComputer

August 07, 2021

Actively exploited bug bypasses authentication on millions of routers Full Text

Abstract Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads.

BleepingComputer

August 07, 2021

Go, Rust “net” library affected by critical IP address validation vulnerability Full Text

Abstract The commonly used "net" library in Go and Rust languages is also impacted by the mixed-format IP address validation vulnerability. The bug has to do with how "net" treats IP addresses as decimal, even when they are provided in a mixed (octal-decimal) format, and therefore making applications vulnerable to SSRF and RFI.

BleepingComputer

August 7, 2021

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide Full Text

Abstract Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090,...

Security Affairs

August 06, 2021

New Amazon Kindle Bug Could’ve Let Attackers Hijack Your eBook Reader Full Text

Abstract Amazon earlier this April addressed a critical vulnerability in its Kindle e-book reader platform that could have been potentially exploited to take full control over a user's device, resulting in the theft of sensitive information by just deploying a malicious e-book. "By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from Amazon account credentials to billing information," Yaniv Balmas, head of cyber research at Check Point, said in an emailed statement. "The security vulnerabilities allow an attacker to target a very specific audience." In other words, if a threat actor wanted to single out a specific group of people or demographic, it's possible for the adversary to choose a popular e-book in a language or dialect that's widely spoken among the group to tailor and orchestrate a highly targeted cyber attack. Upon responsibly disclosing the issue to Amazon in February 2021, t

The Hacker News

August 06, 2021

Windows PetitPotam vulnerability gets an unofficial free patch Full Text

Abstract A free unofficial patch is now available to block attackers from taking over domain controllers and compromising entire Windows domains via PetitPotam NTLM relay attacks.

BleepingComputer

August 06, 2021

Cisco: Firewall manager RCE bug is a zero-day, patch incoming Full Text

Abstract In a Thursday security advisory update, Cisco revealed that a remote code execution (RCE) vulnerability in the Adaptive Security Device Manager (ADSM) Launcher disclosed last month is a zero-day bug that has yet to receive a security update.

BleepingComputer

August 6, 2021

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN Full Text

Abstract Security firm Ivanti addressed a critical vulnerability in its Pulse Connect Secure VPN appliances that could be exploited to execute arbitrary code with root privileges. IT firm Ivanti released security updates to address multiple vulnerabilities...

Security Affairs

August 6, 2021

VMware addresses critical flaws in its products Full Text

Abstract VMware has addressed a critical vulnerability that affects multiple products that could be exploited to gain access to confidential information. VMware has released security updates to address multiple flaws in its products, including a critical...

Security Affairs

August 06, 2021

India’s Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks Full Text

Abstract Koo, India's homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users, spreading the attack across the platform. The vulnerability involves a  stored cross-site scripting flaw  (also known as persistent XSS) in Koo's web application that allows malicious scripts to be embedded directly into the affected web application. To carry out the attack, all a malicious actor had to do was log into the service via the web application and post an XSS-encoded payload to its timeline, which automatically gets executed on behalf of all users who saw the post. The issue was discovered by security researcher  Rahul Kankrale  in July, following which a fix was rolled out by Koo on July 3. Using cross-site scripting, an attacker can perform actions on behalf of users with the same privileges as the user and steal web browser's secrets, such as authentication

The Hacker News

August 06, 2021

VMware Issues Patches to Fix Critical Bugs Affecting Multiple Products Full Text

Abstract VMware has released security updates for multiple products to address a critical vulnerability that could be exploited to gain access to confidential information. Tracked as  CVE-2021-22002  (CVSS score: 8.6) and  CVE-2021-22003  (CVSS score: 3.7), the flaws affect VMware Workspace One Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. CVE-2021-22002 concerns an issue with how VMware Workspace One Access and Identity Manager allow the "/cfg" web app and diagnostic endpoints to be accessed via port 443 by tampering with a host header, resulting in a server-side request. "A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication," the company  said  in its advisory. Suleyman Bayir of Trendyol has been credited with

The Hacker News

August 05, 2021

New DNS vulnerability allows ‘nation-state level spying’ on companies Full Text

Abstract Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks.

BleepingComputer

August 05, 2021

New Windows PrintNightmare zero-days get free unofficial patch Full Text

Abstract A free unofficial patch has been released to protect Windows users from all new PrintNightmare zero-day vulnerabilities discovered since June.

BleepingComputer

August 5, 2021

Twelve Year-old Vulnerability Impacting at Least 20 Router Models Could Allow Network Compromise Full Text

Abstract Discovered by Evan Grant of Tenable, the critical path traversal flaw is tracked as CVE-2021–20090, with a CVSS of 9.8, and is exploitable by unauthenticated, remote attackers.

The Daily Swig

August 05, 2021

Telegram for Mac bug lets you save self-destructing messages forever Full Text

Abstract ​Researchers have discovered a way for users on Telegram for Mac to keep specific self-destructing messages forever or view them without the sender ever knowing.

BleepingComputer

August 05, 2021

Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks Full Text

Abstract Multiple unpatched security vulnerabilities have been disclosed in Mitsubishi safety programmable logic controllers (PLCs) that could be exploited by an adversary to acquire legitimate user names registered in the module via a brute-force attack, unauthorized login to the CPU module, and even cause a denial-of-service (DoS) condition. The security weaknesses, disclosed by  Nozomi Networks , concern the implementation of an authentication mechanism in the  MELSEC communication protocol  that's used to exchange data with the target devices that is used for communication with target devices by reading and writing data to the CPU module. A quick summary of the flaws is listed below - Username Brute-force (CVE-2021-20594, CVSS score: 5.9) - Usernames used during authentication are effectively brute-forceable Anti-password Brute-force Functionality Leads to Overly Restrictive Account Lockout Mechanism (CVE-2021-20598, CVSS score: 3.7) - The implementation to thwart brute-force at

The Hacker News

August 5, 2021

Security company warns of Mitsubishi industrial control vulnerabilities Full Text

Abstract Industrial cybersecurity company Nozomi Networks Labs has warned the industrial control system (ICS) security community about five vulnerabilities affecting Mitsubishi safety PLCs.

ZDNet

August 5, 2021

Cisco fixes critical, high severity vulnerabilities in VPN routers Full Text

Abstract Cisco fixed critical, high severity pre-auth security vulnerabilities impacting multiple Small Business VPN routers. Cisco addressed critical and high severity pre-auth security vulnerabilities that impact multiple Small Business VPN routers. An...

Security Affairs

August 04, 2021

Cisco Issues Critical Security Patches to Fix Small Business VPN Router Bugs Full Text

Abstract Networking equipment major Cisco has rolled out patches to address critical vulnerabilities impacting its Small Business VPN routers that could be abused by a remote attacker to execute arbitrary code and even cause a denial-of-service (DoS) condition. The issues, tracked as CVE-2021-1609 (CVSS score: 9.8) and CVE-2021-1610 (CVSS score: 7.2), reside in the web-based management interface of the Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers running a firmware release prior to version 1.0.03.22. Both the issues stem from a lack of proper validation of HTTP requests, thus permitting a bad actor to send a specially-crafted HTTP request to a vulnerable device. Successful exploitation of CVE-2021-1609 could allow an unauthenticated, remote attacker to execute arbitrary code on the device or cause the device to reload, resulting in a DoS condition. CVE-2021-1610, concerns a command injection vulnerability that, if exploited, could permit an authenticated adve

The Hacker News

August 04, 2021

Cisco fixes critical, high severity pre-auth flaws in VPN routers Full Text

Abstract Cisco has addressed pre-auth security vulnerabilities impacting multiple Small Business VPN routers and allowing remote attackers to trigger a denial of service condition or execute commands and arbitrary code on vulnerable devices.

BleepingComputer

August 4, 2021

Vulnerability in dating site OkCupid could be used to trick users into ‘liking’ or messaging other profiles Full Text

Abstract A security vulnerability in popular dating site OkCupid meant an attacker could dupe users into unknowingly ‘liking’ or sending messages to other profiles. The flaw has now been patched.

The Daily Swig

August 4, 2021

AWS S3 can be a security risk for your business Full Text

Abstract As the use of AWS S3 increases, so have the content types that are stored and shared on it. AWS S3 buckets are now exposed via additional channels and APIs, which create new security blind spots that

Help Net Security

August 4, 2021

Use-after-free discovered vulnerability in Tinyobjloader Full Text

Abstract A use-after-free vulnerability exists in the LoadObj() functionality of tinyobjloader v0.9.25 and v1.0.6. A specially crafted file can cause a use-after-free, leading to code execution.

Cisco Talos

August 04, 2021

INFRA:HALT security bugs impact critical industrial control devices Full Text

Abstract High-severity and critical vulnerabilities collectively referred to as INFRA:HALT are affecting all versions of NicheStack below 4.3, a proprietary TCP/IP stack used by at least 200 industrial automation vendors, many in the leading segment of the market.

BleepingComputer

August 4, 2021

INFRA:HALT flaws impact OT devices from hundreds of vendors Full Text

Abstract INFRA:HALT is a set of vulnerabilities affecting a popular TCP/IP library commonly OT devices manufactured by more than 200 vendors. Security researchers from security teams at Forescout and JFrog have disclosed today 14 vulnerabilities that impact...

Security Affairs

August 04, 2021

New Cobalt Strike bugs allow takedown of attackers’ servers Full Text

Abstract Security researchers have discovered Cobalt Strike denial of service (DoS) vulnerabilities that allow blocking beacon command-and-control (C2) communication channels and new deployments.

BleepingComputer

August 3, 2021

Cisco fixed Remote Code Execution issue in Firepower Device Manager On-Box software Full Text

Abstract Cisco addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that allows attackers to execute arbitrary code on vulnerable devices. Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software,...

Security Affairs

August 3, 2021

Code Execution Flaw Found in Cisco Firepower Device Manager On-Box Software Full Text

Abstract Networking giant Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that could be exploited to gain code execution on vulnerable devices.

Security Week

August 3, 2021

Experts found potential remote code execution in PyPI Full Text

Abstract A flaw in the GitHub Actions workflow for PyPI ’s source repository could be exploited to potentially execute arbitrary code on pypi.org. Security researcher RyotaK disclosed three flaws in PyPI, the most severe one could potentially lead to the compromise...

Security Affairs

August 02, 2021

PwnedPiper PTS Security Flaws Threaten 80% of Hospitals in the U.S. Full Text

Abstract Cybersecurity researchers on Monday disclosed a set of nine vulnerabilities known as " PwnedPiper " that left a widely-used pneumatic tube system (PTS) vulnerable to critical attacks, including a possibility of complete takeover. The security weaknesses, disclosed by American cybersecurity firm Armis, impact the Translogic PTS system by Swisslog Healthcare, which is installed in about 80% of all major hospitals in North America and in no fewer than 3,000 hospitals worldwide. "These vulnerabilities can enable an unauthenticated attacker to take over Translogic PTS stations and essentially gain complete control over the PTS network of a target hospital," Armis researchers Ben Seri and Barak Hadad said. "This type of control could enable sophisticated and worrisome ransomware attacks, as well as allow attackers to leak sensitive hospital information." Pneumatic tube systems are internal logistics and transport solutions that are used to transport blood s

The Hacker News

August 2, 2021

‘PwnedPiper’: Devastating Bugs in >80% of Hospital Pneumatics Full Text

Abstract Podcast: Blood samples aren’t martinis. You can’t shake them. But bugs in pneumatic control systems could lead to that, RCE or ransomware.

Threatpost

August 2, 2021

PwnedPiper flaws in PTS systems affect 80% of major US hospitals Full Text

Abstract Cybersecurity researchers disclosed multiple flaws, dubbed PwnedPiper, that left a widely-used pneumatic tube system (PTS) vulnerable to attacks. Researchers from cybersecurity Armis disclosed a set of nine vulnerabilities collectively tracked as PwnedPiper...

Security Affairs

August 02, 2021

PyPI Python Package Repository Patches Critical Supply Chain Flaw Full Text

Abstract The maintainers of Python Package Index (PyPI) last week issued fixes for three vulnerabilities, one among which could be abused to achieve arbitrary code execution and take full control of the official third-party software repository. The security weaknesses were  discovered  and reported by Japanese security researcher RyotaK, who in the past has disclosed critical vulnerabilities in the  Homebrew Cask repository  and Cloudflare's  CDNJS library . He was awarded a total of $3,000 as part of the bug bounty program. The list of three vulnerabilities is as follows - Vulnerability in Legacy Document Deletion on PyPI  - An exploitable vulnerability in the mechanisms for deleting legacy documentation hosting deployment tooling on PyPI, which would allow an attacker to remove documentation for projects not under their control. Vulnerability in Role Deletion on PyPI  - An exploitable vulnerability in the mechanisms for deleting roles on PyPI was discovered by a security researcher

The Hacker News

August 2, 2021

WordPress Download Manager Plugin was affected by two flaws Full Text

Abstract An attacker could exploit a vulnerability in the WordPress Download Manager plugin, tracked as CVE-2021-34639, to execute arbitrary code under specific configurations. Researchers from Wordfence team discovered a vulnerability, tracked as CVE-2021-34639,...

Security Affairs

July 31, 2021

Remote print server gives anyone Windows admin privileges on a PC Full Text

Abstract A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver.

BleepingComputer

July 30, 2021

Node.js fixes severe HTTP bug that could let attackers crash apps Full Text

Abstract Node.js has released updates for a high severity vulnerability that could be exploited by attackers to crash the process and cause unexpected behaviors. The use-after-free vulnerability, tracked as CVE-2021-22930 is to do with how HTTP2 streams are handled in the language.

BleepingComputer

July 30, 2021

Python team fixes bug that allowed takeover of PyPI repository Full Text

Abstract The Python security team has fixed today three vulnerabilities impacting the Python Package Index (PyPI), including one that could have allowed a threat actor to take full control over the portal.

The Record

July 30, 2021

Remote Code Execution Flaws Patched in WordPress Download Manager Plugin Full Text

Abstract A vulnerability patched recently in the WordPress Download Manager plugin could be abused to execute arbitrary code under specific configurations, the Wordfence team at Defiant warns.

Security Week

July 30, 2021

CVE-2021-3490 – Pwning Linux kernel eBPF on Ubuntu machines Full Text

Abstract Researcher published an exploit code for a high-severity privilege escalation flaw (CVE-2021-3490) in Linux kernel eBPF on Ubuntu machines. The security researcher Manfred Paul of the RedRocket CTF team released the exploit code for a high-severity...

Security Affairs

July 30, 2021

Linux eBPF bug gets root privileges on Ubuntu - Exploit released Full Text

Abstract A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) that can give an attacker increased privileges on Ubuntu machines.

BleepingComputer

July 29, 2021

Serious Vulnerabilities Found in Firmware Used by Many IP Camera Vendors Full Text

Abstract IP cameras offered by a dozen vendors are exposed to remote attacks due to several serious vulnerabilities found in the firmware they all share, according to French cybersecurity firm RandoriSec.

Security Week

July 29, 2021

RCE bug in Moodle e-learning platform could be abused to steal data, manipulate results Full Text

Abstract A critical security vulnerability in a popular e-learning platform could be abused to allow access to students’ data and test papers – and possibly even manipulate exam results.

The Daily Swig

July 29, 2021

Critical flaw in Microsoft Hyper-V could allow RCE and DoS Full Text

Abstract Experts disclose details about a critical flaw in Microsoft Hyper-V, tracked as CVE-2021-28476, that can allow executing arbitrary code on it. Researchers Peleg Hadar of SafeBreach and Ophir Harpaz of Guardicore disclose details...

Security Affairs

July 29, 2021

Top 30 Critical Security Vulnerabilities Most Exploited by Hackers Full Text

Abstract Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to weaponize publicly disclosed flaws to their advantage swiftly. "Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide," the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom's National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI)  noted . "However, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management system." The top 30 vulnerabilities span a wide range of software, including remote work, virtual pri

The Hacker News

July 28, 2021

Google Play Protect fails Android security tests once more Full Text

Abstract Google Play Protect, the Android built-in malware defense system, has failed the real-world tests of antivirus testing lab AV-TEST after detecting just over two thirds out of more than 20,000 malicious apps it was pitted against.

BleepingComputer

July 28, 2021

Critical Microsoft Hyper-V bug could haunt orgs for a long time Full Text

Abstract Technical details are now available for a vulnerability that affects Hyper-V, Microsoft's native hypervisor for creating virtual machines on Windows systems and in Azure cloud computing environment.

BleepingComputer

July 27, 2021

New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email Full Text

Abstract Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. The flaws — tracked as CVE-2021-35208 and CVE-2021-35208 — were discovered and reported in Zimbra 8.8.15 by researchers from code quality and security solutions provider SonarSource in May 2021. Mitigations have since been  released  in Zimbra versions 8.8.15 Patch 23 and 9.0.0 Patch 16. CVE-2021-35208  (CVSS score: 5.4) - Stored XSS Vulnerability in ZmMailMsgView.java CVE-2021-35209  (CVSS score: 6.1) - Proxy Servlet Open Redirect Vulnerability "A combination of these vulnerabilities could enable an unauthenticated attacker to compromise a complete Zimbra webmail server of a targeted organization,"  said  SonarSource vulnerability researcher, Simon Scannell, who identif

The Hacker News

July 27, 2021

Flaws in Zimbra could allow to takeover webmail server of a targeted organization Full Text

Abstract Researchers discovered flaws in Zimbra email collaboration software that could allow attackers to compromise email accounts by sending a malicious email. Cybersecurity researchers have discovered multiple security vulnerabilities, tracked as CVE-2021-35208 and CVE-2021-35208,...

Security Affairs

July 27, 2021

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers Full Text

Abstract The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP.

Threatpost

July 27, 2021

Google launches new Bug Hunters vulnerability rewards platform Full Text

Abstract Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof.

BleepingComputer

July 27, 2021

Several Bugs Found in 3 Open-Source Software Used by Several Businesses Full Text

Abstract Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects —  EspoCRM ,  Pimcore , and  Akaunting  — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework v3.0.0, Pimcore AdminBundle v6.8.0, and Akaunting v2.1.12, were fixed within a day of responsible disclosure, researchers Wiktor Sędkowski of Nokia and Trevor Christiansen of Rapid7 noted. Six of the nine flaws were uncovered in the Akaunting project. EspoCRM is an open-source customer relationship management (CRM) application, while Pimcore is an open-source enterprise software platform for customer data management, digital asset management, content management, and digital commerce. Akaunting, on the other hand, is an open-source and online accounting software designed for invoice and expe

The Hacker News

July 27, 2021

Apple Patches Actively Exploited Zero-Day in iOS, MacOS Full Text

Abstract Company urges iPhone, iPad and Mac users to install updates to fix a critical memory corruption flaw that can allow for attackers to take over a system.

Threatpost

July 27, 2021

DIVD discloses three new unpatched Kaseya Unitrends zero-days Full Text

Abstract Experts found three new zero-day flaws in the Kaseya Unitrends service and warn users to avoid exposing the service to the Internet. Security researchers warn of three new zero-day vulnerabilities in the Kaseya Unitrends service. The vulnerabilities...

Security Affairs

July 27, 2021

Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices Full Text

Abstract Apple on Monday rolled out an urgent security update for  iOS, iPadOS , and  macOS  to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. The updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory corruption issue ( CVE-2021-30807 ) in the IOMobileFrameBuffer component, a kernel extension for managing the screen  framebuffer , that could be abused to execute arbitrary code with kernel privileges. The company said it addressed the issue with improved memory handling, noting it's "aware of a report that this issue may have been actively exploited." As is typically the case, additional details about the flaw have not been disclosed to prevent the weaponization of the vulnerability for additional attacks. Apple credited an anonymous researcher for discovering and reporting the

The Hacker News

July 27, 2021

Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attack Full Text

Abstract The bug, CVE-2021-30807, was found in the iGiant's IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device.

The Register

July 26, 2021

Apple fixes CVE-2021-30807 flaw, the 13th zero-day this year Full Text

Abstract Apple released a security update that addresses CVE-2021-30807 flaw in macOS and iOS that may have been actively exploited to deliver malware Apple addressed a security flaw, tracked as CVE-2021-30807, in macOS and iOS that may have been actively...

Security Affairs

July 26, 2021

Apple fixes zero-day affecting iPhones and Macs, exploited in the wild Full Text

Abstract Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs.

BleepingComputer

July 26, 2021

Security vulnerabilities in IDEMIA access control devices could allow attackers to ‘remotely open doors’ Full Text

Abstract Vulnerabilities in biometric access control devices manufactured by IDEMIA could lead to remote code execution (RCE), denial of service, and arbitrary file read/write, researchers have warned.

The Daily Swig

July 26, 2021

How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability Full Text

Abstract Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack.  Attackers can exploit this vulnerability to obtain hashed passwords stored in the Security Account Manager (SAM) and Registry, and ultimately run arbitrary code with SYSTEM privileges. SeriousSAM vulnerability, tracked as CVE-2021-36934 , exists in the default configuration of Windows 10 and Windows 11, specifically due to a setting that allows 'read' permissions to the built-in user's group that contains all local users. As a result, built-in local users have access to read the SAM files and the Registry, where they can also view the hashes. Once the attacker has 'User' access, they can use a tool such as Mimikatz to gain access to the Re

The Hacker News

July 26, 2021

Researchers warn of unpatched Kaseya Unitrends backup vulnerabilities Full Text

Abstract Security researchers warn of new zero-day vulnerabilities in the Kaseya Unitrends service and advise users not to expose the service to the Internet.

BleepingComputer

July 26, 2021

Signal fixes bug that sent random images to wrong contacts Full Text

Abstract Signal has fixed a serious bug in its Android app that, in some cases, sent random unintended pictures to contacts without an obvious explanation. Although the issue was reported in December 2020, given the difficulty of reproducing the bug, it isn't until this month that a fix was pushed out.

BleepingComputer

July 23, 2021

Apple fixes bug that breaks iPhone WiFi when joining rogue hotspots Full Text

Abstract Apple has rolled out iOS 14.7 earlier this week with security updates to address dozens of iOS and macOS vulnerabilities, including a severe iOS bug dubbed WiFiDemon that could lead to denial of service or arbitrary code execution.

BleepingComputer

July 23, 2021

Dozens of web apps vulnerable to DNS cache poisoning via ‘forgot password’ feature Full Text

Abstract In a study of 146 web applications, Timo Longin, security researcher at SEC Consult, found misconfigurations that malicious actors could exploit to redirect password reset emails to their own servers.

The Daily Swig

July 23, 2021

Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code Full Text

Abstract After more than 20 years in the making, now it's official: APIs are everywhere. In a 2021 survey,  73% of enterprises reported that they already publish more than 50 APIs , and this number is constantly growing. APIs have crucial roles to play in virtually every industry today, and their importance is increasing steadily, as they move to the forefront of business strategies. This comes as no surprise: APIs seamlessly connect disparate apps and devices, bringing business synergies and efficiencies never witnessed before.  However, APIs have vulnerabilities just like any other component of the software. Adding to that, if they aren't rigorously tested from a security standpoint, they can also introduce a whole new array of attack surfaces and expose you to unprecedented risks. If you wait until production to discover API vulnerabilities, you can incur substantial delays. APIs are attractive to attackers, not just businesses Keep in mind that APIs do more than simply connect

The Hacker News

July 23, 2021

Popular Wi‑Fi routers still using default passwords making them susceptible to attacks Full Text

Abstract A recent study by technology website Comparitech revealed one in 16 home Wi-Fi routers is still using the manufacturer’s default admin password and leaving the door open to cybercriminals.

ESET Security

July 22, 2021

Oracle fixes critical RCE vulnerabilities in Weblogic Server Full Text

Abstract Oracle released its Critical Patch Update for July 2021, it fixes hundreds of flaws, including Critical Remotely Exploitable vulnerabilities in Weblogic Server. Oracle this week released its quarterly Critical Patch Update for July 2021 that contains...

Security Affairs

July 22, 2021

Industrial Networks Exposed Through Cloud-Based Operational Tech Full Text

Abstract Critical ICS vulnerabilities can be exploited through leading cloud-management platforms.

Threatpost

July 22, 2021

Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day Full Text

Abstract Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware.

Threatpost

July 22, 2021

MITRE updates list of top 25 most dangerous software bugs Full Text

Abstract MITRE has shared this year's top 25 list of most common and dangerous weaknesses plaguing software throughout the previous two years.

BleepingComputer

July 22, 2021

Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug Full Text

Abstract A privilege elevation bug in Windows 10 opens all systems to attackers to access data and create new accounts on systems.

Threatpost

July 22, 2021

Atlassian asks customers to patch critical Jira vulnerability Full Text

Abstract Atlassian is prompting its enterprise customers to patch a critical vulnerability in multiple versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers code execution abilities, due to a missing authentication flaw in Ehcache RMI.

BleepingComputer

July 22, 2021

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws Full Text

Abstract Oracle on Tuesday released its quarterly  Critical Patch Update for July 2021  with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is  CVE-2019-2729 , a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without authentication. It's worth noting that the weakness was originally addressed as part of an  out-of-band security update  in June 2019. Oracle WebLogic Server is an application server that functions as a platform for developing, deploying, and running enterprise Java-based applications. The flaw, which is rated 9.8 out of a maximum of 10 on the CVSS severity scale, affects WebLogic Server versions 11.1.2.4 and 11.2.5.0 and exists within the Oracle Hyperion Infrastructure Technology. Also fixed in WebLogic Server are six other flaws, three of which have been assigned a CVSS score of 9.8 out

The Hacker News

July 22, 2021

cURL developers take a second shot at fixing information disclosure flaw Full Text

Abstract The attempted resolution of the flaw (CVE-2021-22898) failed to address an almost identical bug in the software which also presented an information disclosure or potential data leak vulnerability.

The Daily Swig

July 22, 2021

Ongoing Campaign Leveraging Exchange Vulnerability Potentially Linked to Iran Full Text

Abstract Analysis by Secureworks CTU researchers suggests that an Iranian threat group, possibly Oilrig, was responsible for the activity that started with the compromise of the Exchange Servers.

Secure Works

July 21, 2021

Microsoft shares workaround for Windows 10 SeriousSAM vulnerability Full Text

Abstract Microsoft has shared a workaround for a Windows 10 zero-day vulnerability dubbed SeriousSAM that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges.

BleepingComputer

July 21, 2021

Microsoft shares workarounds for SeriousSAM Windows 10 zero-day bug Full Text

Abstract Microsoft has shared workarounds for a Windows 10 zero-day vulnerability that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges.

BleepingComputer

July 21, 2021

Adobe Patches 21 Vulnerabilities Across Seven Products Full Text

Abstract Seven vulnerabilities have been addressed in Adobe After Effects for Windows and macOS. Five of them can allow arbitrary code execution and they have been rated critical.

Security Week

July 21, 2021

Linux Systemd Security Hole Can Enable Unprivileged Users to Cause Denial of Service Full Text

Abstract Successful exploitation of this newest vulnerability enables any unprivileged user to cause a denial of service via a kernel panic. Systemd is used in almost all modern Linux distributions.

ZDNet

July 21, 2021

Vulnerability Exposes MicroLogix PLCs to Remote DoS Attacks Full Text

Abstract A high-severity vulnerability affecting Rockwell Automation’s MicroLogix 1100 programmable logic controllers (PLCs) can be exploited to cause a device to enter a persistent fault condition.

Security Week

July 21, 2021

Researchers Found Flaws in Telegram’s Cryptographic Protocol Full Text

Abstract These flaws could have enabled attackers to alter the sequences of the messages sent, identify encrypted messages of a client or a server, recover some plaintext from encrypted messages, and wage man-in-the-middle attacks.

Info Risk Today

July 21, 2021

Several New Critical Flaws Affect CODESYS Industrial Automation Software Full Text

Abstract Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure. The flaws can be turned "into innovative attacks that could put threat actors in position to remotely control a company's cloud OT implementation, and threaten any industrial process managed from the cloud," the New York-headquartered industrial security company Claroty said in a report shared with The Hacker News, adding they "can be used to target a cloud-based management console from a compromised field device, or take over a company's cloud and attack PLCs and other devices to disrupt operations." CODESYS is a development environment for programming controller applications, enabling easy configuration of PLCs in industrial control systems. WAGO PFC100/200 is

The Hacker News

July 21, 2021

MacOS Being Picked Apart by $49 XLoader Data Stealer Full Text

Abstract Cheap, easy & prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes.

Threatpost

July 21, 2021

Microsoft shares workarounds for new Windows 10 zero-day bug Full Text

Abstract Microsoft has shared workarounds for a Windows 10 zero-day vulnerability that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges.

BleepingComputer

July 21, 2021

Microsoft shares permissions fix for new Windows 10 zero-day Full Text

Abstract Microsoft has shared a temporary fix for a Windows 10 zero-day vulnerability that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges.

BleepingComputer

July 21, 2021

LPE flaw in Linux kernel allows attackers to get root privileges on most distros Full Text

Abstract Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros. Qualys researchers discovered a local privilege escalation (LPE) tracked as CVE-2021-33909, aka Sequoia,...

Security Affairs

July 20, 2021

Zero-Day Flaws Ubiquitous in Active Attack Campaigns Full Text

Abstract Google discovered four zero-day vulnerabilities existing in popular web browsers such as Chrome, Safari, and Internet Explorer. State-sponsored threat groups were observed exploiting these flaws in separate campaigns. Today, nation-state cybercriminals appear more interested in finding and exploiti ... Read More

Cyware Alerts - Hacker News

July 20, 2021

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers Full Text

Abstract Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005. Tracked as  CVE-2021-3438  (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named "SSPORT.SYS" that can enable remote privilege and arbitrary code execution. Hundreds of millions of printers have been released worldwide to date with the vulnerable driver in question. However, there is no evidence that the flaw was abused in real-world attacks. "A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege," according to an advisory published in May. The issue was reported to HP by threat intelligence researchers from SentinelLabs on February 18, 2021, following which  remedies  have been  published  for the affected printers as of May 19, 2021. Specific

The Hacker News

July 20, 2021

A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide Full Text

Abstract Experts warn of a 16-year-old vulnerability (CVE-2021-3438) in an HP, Xerox, and Samsung printers driver that an attacker could exploit to gain admin rights on systems. Researchers from SentinelOne discovered a 16-year-old security vulnerability in an HP, Xerox,...

Security Affairs

July 20, 2021

New Linux kernel bug lets you get root on most modern distros Full Text

Abstract Unprivileged attackers can gain root privileges by exploiting a local privilege escalation (LPE) vulnerability in default configurations of the Linux Kernel's filesystem layer on vulnerable devices.

BleepingComputer

July 20, 2021

A bug in Fortinet FortiManager and FortiAnalyzer allows unauthenticated hackers to run code as root Full Text

Abstract Fortinet fixes a serious bug in its FortiManager and FortiAnalyzer network management solutions that could be exploited to execute arbitrary code as root. Fortinet has released security updates to address a serious bug, tracked as CVE-2021-32589,...

Security Affairs

July 20, 2021

16 Years In Hiding – Millions of Printers Worldwide Vulnerable by Newly Discovered Flaw Full Text

Abstract SentinelLabs has discovered a high severity flaw in HP, Samsung, and Xerox printer drivers. Since 2005 HP, Samsung, and Xerox have released millions of printers worldwide with the vulnerable driver.

Sentinel One

July 20, 2021

16-year-old bug in printer software gives hackers admin rights Full Text

Abstract A 16-year-old security vulnerability found in HP, Xerox, and Samsung printers drivers allows attackers to gain admin rights on systems using the vulnerable driver software.

BleepingComputer

July 20, 2021

Fortinet fixes bug letting unauthenticated hackers run code as root Full Text

Abstract Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges.

BleepingComputer

July 20, 2021

WiFiDemon – Recently discovered iPhone Wi-Fi bug could also allow RCE Full Text

Abstract A recently discovered iPhone Wi-Fi bug that could crash the WiFi connectivity could be exploited by attackers to achieve remote code execution. In June, the researcher Carl Schou discovered a new bug in iPhone that can permanently break users’...

Security Affairs

July 19, 2021

Experts disclose critical flaws in Advantech router monitoring tool Full Text

Abstract Cisco Talos experts disclose details of several critical flaws in a router monitoring application developed by industrial and IoT firm Advantech. Cisco Talos researchers discovered multiple critical vulnerabilities in the R-SeeNet application developed...

Security Affairs

July 19, 2021

Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely Full Text

Abstract The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability,  which came to light last month , stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any up-to-date iPhone that connected to any wireless access points with percent symbols in their names such as "%p%s%s%s%s%n." While the issue is remediable by resetting the network settings (Settings > General > Reset > Reset Network Settings), Apple is  expected to push a patch  for the bug in its iOS 14.7 update, which is currently available to developers and public beta testers. But in what could have had far-reaching consequences, researchers from mobile security automation firm ZecOps found that the same bug could be exploited to achieve remote code execution (RCE) on

The Hacker News

July 19, 2021

Experts show how to bypass Windows Hello feature to login on Windows 10 PCs Full Text

Abstract Security researchers demonstrated how to bypass the Windows Hello facial recognition that is used in Windows 10 as a login mechanism. Security researchers at CyberArk Labs discovered a security bypass vulnerability, tracked as CVE-2021-34466, affecting...

Security Affairs

July 19, 2021

15 Yr-Old Linux Netfilter Bug Let Hackers Bypass All Security Mitigations Full Text

Abstract An Information Security Engineer, Andy Nguyen has recently detected a 15-Year-Old Linux Netfilter vulnerability that allows any attackers to bypass all the modern security measures.

GB Hackers

July 19, 2021

Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments Full Text

Abstract According to a report by Citizen Lab, the spyware, code-named DevilsTongue by Microsoft, exploited at least a pair of zero-day holes in Windows to infect particular targets' machines.

The Register

July 18, 2021

Researcher Uncover Yet Another Unpatched Windows Printer Spooler Vulnerability Full Text

Abstract Merely days after Microsoft sounded the alarm on an  unpatched security vulnerability  in the Windows Print Spooler service, yet another zero-day flaw in the same component has come to light, making it the fourth printer-related flaw to be discovered in recent weeks. "Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print," CERT Coordination Center's Will Dormann  said  in an advisory published Sunday. "Printers installed via this technique also install queue-specific files, which can be arbitrary libraries to be loaded by the privileged Windows Print Spooler process." An exploit for the vulnerability was disclosed by security researcher and  Mimikatz creator   Benjamin Delpy . #printnightmare - Episode 4 You know what is better than a Legit Kiwi Printer ? 🥝Another Legit Kiwi Printer...👍 No prerequiste at all, you even don't need to sign drivers/package🤪 pic.twitter.com/oInb5jm3tE — 🥝 Benjamin Delpy (

The Hacker News

July 18, 2021

New Windows print spooler zero day exploitable via remote print servers Full Text

Abstract Another zero day vulnerability in Windows Print Spooler can give a threat actor administrative privileges on a Windows machine through a remote server under the attacker's control and the 'Queue-Specific Files' feature.

BleepingComputer

July 18, 2021

Chinese government issues new vulnerability disclosure regulations Full Text

Abstract Cyberspace Administration of China (CAC) issued new vulnerability disclosure regulations that oblige experts to report zero-days to the government. The Cyberspace Administration of China (CAC) has issued a new exacerbated vulnerability disclosure...

Security Affairs

July 17, 2021

Cryptographers unearth vulnerabilities in Telegram’s encryption protocol Full Text

Abstract An international team of computer scientists and researchers reported that they found four cryptographic security vulnerabilities in the popular encrypted message app Telegram.

Cyberscoop

July 17, 2021

Cisco fixes high-risk DoS flaw in ASA, FTD Software Full Text

Abstract Cisco addressed a high severity DoS vulnerability in the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco this week released security updates for a high severity vulnerability in the Adaptive Security Appliance...

Security Affairs

July 17, 2021

CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks Full Text

Abstract Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that's  used by 12.7% of all websites  on the internet. CDNJS is a free and open-source content delivery network (CDN) that serves about  4,041 JavaScript and CSS libraries , making it the  second most popular  CDN for JavaScript after Google Hosted Libraries. The weakness concerned an issue in the CDNJS library update server that could potentially allow an attacker to execute arbitrary commands, leading to a complete compromise. The vulnerability was discovered and reported by security researcher RyotaK on April 6, 2021. There is no evidence of in-the-wild attacks abusing this flaw. Specifically, the vulnerability works by publishing packages to Cloudflare's CDNJS using GitHub and npm, using it to trigger a  path traversal vulnerability , and ultimately trick the server into executing arbitrary code, thus achieving remote code execution. It's wor

The Hacker News

July 17, 2021

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers Full Text

Abstract Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities...

Security Affairs

July 17, 2021

Another privilege escalation bug found in Windows Print Spooler service Full Text

Abstract Microsoft has shared guidance revealing yet another vulnerability, identified as CVE-2021-34481, connected to its Windows Print Spooler service, saying it is "developing a security update."

The Register

July 16, 2021

Critical Cloudflare CDN flaw allowed compromise of 12% of all sites Full Text

Abstract Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN.

BleepingComputer

July 16, 2021

Critical Juniper Bug Allows DoS, RCE Against Carrier Networks Full Text

Abstract Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited.

Threatpost

July 16, 2021

Several Vulnerabilities Patched in ‘MDT AutoSave’ Industrial Automation Product Full Text

Abstract The product is used by some of the world’s biggest manufacturers, including major car makers (Tesla, Kia, BMW, Hyundai, Honda), Coca Cola, P&G, Johnson & Johnson, AstraZeneca, and Nestlé Purina.

Security Week

July 16, 2021

Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware Full Text

Abstract Candiru, aka Sourgum, allegedly sells the DevilsTongue surveillance malware to governments around the world.

Threatpost

July 16, 2021

D-Link issues hotfix for hard-coded password router vulnerabilities Full Text

Abstract D-Link has issued a hotfix to address multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router that can allow attackers to execute arbitrary code on unpatched routers, gain access to sensitive information, or crash the routers after triggering a denial of service state.

BleepingComputer

July 16, 2021

Multiple vulnerabilities spotted in in D-LINK DIR-3040 wireless routers Full Text

Abstract These vulnerabilities could allow an attacker to carry out a variety of malicious actions, including exposing sensitive information, causing a denial of service, and execute arbitrary code.

Cisco Talos

July 16, 2021

Microsoft alerts about a new Windows Print Spooler vulnerability Full Text

Abstract Microsoft published guidance to mitigate the impact of a new Windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed today. Microsoft published a security advisory for a new Windows Print Spooler vulnerability, tracked as CVE-2021-34481,...

Security Affairs

July 16, 2021

Cloudflare fixes CDN code execution bug affecting 12.7% of all sites Full Text

Abstract Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN.

BleepingComputer

July 16, 2021

Google Chrome 91.0.4472.164 fixes a new zero-day exploited in the wild Full Text

Abstract Google Chrome 91.0.4472.164 addresses seven security vulnerabilities, including a high severity zero-day flaw exploited in the wild. Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux that addresses seven vulnerabilities, including...

Security Affairs

July 16, 2021

Google patches 8th Chrome zero-day exploited in the wild this year Full Text

Abstract Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux to fix seven security vulnerabilities, one of them a high severity zero-day vulnerability exploited in the wild.

BleepingComputer

July 16, 2021

Are Your Employees’ Old Phone Numbers Creating Vulnerabilities? Full Text

Abstract A study by Princeton University found that 100 of the 259 phone numbers they tested had linked login credentials online and that mobile carriers have weaknesses that make recycled numbers vulnerable.

Security Intelligence

July 15, 2021

Microsoft shares guidance on new Windows Print Spooler vulnerability Full Text

Abstract Microsoft is sharing mitigation guidance on a new Windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed tonight.

BleepingComputer

July 15, 2021

Update Your Chrome Browser to Patch New Zero‑Day Bug Exploited in the Wild Full Text

Abstract Google has pushed out a new security update to Chrome browser for Windows, Mac, and Linux with multiple fixes, including a zero-day that it says is being exploited in the wild. The latest patch resolves a total of eight issues, one of which concerns a type confusion issue in its V8 open-source and JavaScript engine ( CVE-2021-30563 ). The search giant credited an anonymous researcher for reporting the flaw on July 12. As is usually the case with actively exploited flaws, the company issued a terse statement acknowledging that "an exploit for CVE-2021-30563 exists in the wild" while refraining from sharing full details about the underlying vulnerability used in the attacks due to its serious nature and the possibility that doing so could lead to further abuse. CVE-2021-30563 also marks the ninth zero-day addressed by Google to combat real-world attacks against Chrome users since the start of the year — CVE-2021-21148  - Heap buffer overflow in V8 CVE-2021-21166  - Obje

The Hacker News

July 15, 2021

Microsoft Warns of New Unpatched Windows Print Spooler Vulnerability Full Text

Abstract Microsoft on Thursday shared fresh guidance on yet another vulnerability affecting the Windows Print Spooler service, stating that it's working to address it in an upcoming security update. Tracked as  CVE-2021-34481  (CVSS score: 7.8), the issue concerns a local privilege escalation flaw that could be abused to perform unauthorized actions on the system. The company credited security researcher Jacob Baines for discovering and reporting the bug. "An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges," the Windows maker said in its advisory. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights." However, it's worth pointing out that successful exploitation of the vulnerability requires the attacker to have t

The Hacker News

July 15, 2021

Windows print nightmare continues with malicious driver packages Full Text

Abstract Microsoft's print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers.

BleepingComputer

July 15, 2021

Exploit broker Zerodium is looking for VMware vCenter Server exploits Full Text

Abstract Zero-day exploit broker Zerodium is looking for 0day exploits for the VMware vCenter Server Zero-day exploit broker Zerodium announced it is looking for zero-day exploits for VMware vCenter Server. vCenter Server is the centralized management utility...

Security Affairs

July 15, 2021

WooCommerce fixes vulnerability exposing 5 million sites to data theft Full Text

Abstract WooCommerce, the popular e-commerce plugin for the WordPress content management system has been updated to patch a serious vulnerability that could be exploited without authentication.

BleepingComputer

July 15, 2021

Multiple vulnerabilities spotted in Advantech R-SeeNet Full Text

Abstract Cisco Talos recently discovered multiple vulnerabilities in the Advantech R-SeeNet monitoring software. The vulnerabilities exist in various scripts inside of R-SeeNet's web applications.

Cisco Talos

July 15, 2021

Software maker removes “backdoor” giving root access to radio devices Full Text

Abstract The author of a popular software-defined radio (SDR) project has removed a "backdoor" from radio devices that granted root-level access. The backdoor had been, according to the author, present in all versions of KiwiSDR devices for the purposes of remote administration and debugging.

BleepingComputer

July 15, 2021

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products Full Text

Abstract SonicWall has issued an urgent security alert to warn customers of “an imminent ransomware campaing” targeting EOL equipment. SonicWall has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some...

Security Affairs

July 15, 2021

Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild Full Text

Abstract Threat intelligence researchers from Google on Wednesday  shed more light  on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year. What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an uptick in real-world attacks. The list of now-patched vulnerabilities is as follows - CVE-2021-1879 : Use-After-Free in QuickTimePluginReplacement (Apple WebKit) CVE-2021-21166 : Chrome Object Lifecycle Issue in Audio CVE-2021-30551 : Chrome Type Confusion in V8 CVE-2021-33742 : Internet Explorer out-of-bounds write in MSHTML Both Chrome zero-days — CVE-2021-21166 and CVE-2021-30551 — are believed to have been used by the same actor, and were delivered as one-time links sent via email to targets located in Armenia, with the links redirecting unsuspecting users to attacker-controlled

The Hacker News

July 15, 2021

Ransomware Attacks Targeting Unpatched Firmware Flaws in EOL SonicWall SMA and SRA Appliances Full Text

Abstract Anyone using SRA 4600/1600 (EOL 2019), SRA 4200/1200 (EOL 2016), or SSL-VPN 200/2000/400 (EOL 2013/2014) should disconnect their appliances immediately and change all associated passwords.

ZDNet

July 15, 2021

macOS: Bashed Apples of Shlayer and Bundlore Full Text

Abstract These malware are the most predominant malware in macOS, also with a history of evading and bypassing the built-in Xprotect, Gatekeeper, Notarization, and File Quarantine security features of macOS.

Security Affairs

July 14, 2021

Google: four zero-day flaws have been exploited in the wild Full Text

Abstract Google security experts revealed that Russia-linked APT group targeted LinkedIn users with Safari zero-day. Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been...

Security Affairs

July 14, 2021

Microsoft warns zero-day in SolarWinds Serv-U software being exploited by Chinese threat group Full Text

Abstract Microsoft says the flaw impacts the way Serv-U implements SSH and exploitation gives an attacker remote code execution privileges.

SCMagazine

July 14, 2021

SonicWall warns of ‘critical’ ransomware risk to EOL SMA 100 VPN appliances Full Text

Abstract SonicWall has issued an "urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.

BleepingComputer

July 14, 2021

SolarWinds Zero-Day Vulnerability Under Active Attack Full Text

Abstract SolarWinds has been notified by Microsoft of a critical zero-day vulnerability in its Serv-U product line. The research found a limited number of impacted customers. Organizations are suggested to follow the recommendations provided by security agencies and keep reviewing their cybersecurity p ... Read More

Cyware Alerts - Hacker News

July 14, 2021

VMware Patches Vulnerabilities in ESXi, ThinApp Full Text

Abstract VMware on Tuesday announced the availability of patches for vulnerabilities impacting its ESXi hypervisor, Cloud Foundation hybrid cloud platform, and ThinApp application virtualization tool.

Security Week

July 14, 2021

Chinese government lays out new vulnerability disclosure rules Full Text

Abstract The Cyberspace Administration of China (CAC) has published new regulations on Tuesday laying out stricter rules for vulnerability disclosure procedures inside the country’s borders.

The Record

July 14, 2021

Encryption issues account for minority of flaws in encryption libraries – research Full Text

Abstract An analysis of cryptographic libraries and the vulnerabilities affecting them has concluded that memory handling issues give rise to more vulnerabilities than encryption implementation errors.

The Daily Swig

July 13, 2021

Microsoft Crushes 116 Bugs, Three Actively Exploited Full Text

Abstract Microsoft tackles 12 critical bugs, part of its July 2021 Patch Tuesday roundup, capping a ‘PrintNightmare’ month of headaches for system admins.

Threatpost

July 13, 2021

Update Your Windows PCs to Patch 117 New Flaws, Including 9 Zero-Days Full Text

Abstract Microsoft rolled out  Patch Tuesday updates  for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild, potentially enabling an adversary to take control of affected systems.  Of the 117 issues, 13 are rated Critical, 103 are rated Important, and one is rated as Moderate in severity, with six of these bugs publicly known at the time of release.  The updates span across several of Microsoft's products, including Windows, Bing, Dynamics, Exchange Server, Office, Scripting Engine, Windows DNS, and Visual Studio Code. July also marks a dramatic jump in the volume of vulnerabilities, surpassing the number Microsoft collectively addressed as part of its updates in  May  (55) and  June  (50). Chief among the security flaws actively exploited are as follows — CVE-2021-34527  (CVSS score: 8.8) - Windows Print Spooler Remote Code Execution Vulnerability (publicly disclosed

The Hacker News

July 13, 2021

Microsoft fixes 117 vulnerabilities, four exploited in the wild Full Text

Abstract This month’s Patch Tuesday from Microsoft comes just days after out-of-band updates were released to address PrintNightmare and other vulnerabilities.

SCMagazine

July 13, 2021

Adobe Patches 11 Critical Bugs in Popular Acrobat PDF Reader Full Text

Abstract Adobe July patch roundup includes fixes for its ubiquitous and free PDF reader Acrobat 2020 and other software such as Illustrator and Bridge.

Threatpost

July 13, 2021

Adobe patches critical vulnerabilities in Reader, Acrobat, and Illustrator Full Text

Abstract Adobe addressed multiple critical vulnerabilities in several products, including Adobe Acrobat and Reader application. Adobe addressed multiple critical remote code execution and privilege escalation vulnerabilities in multiple products running on both...

Security Affairs

July 13, 2021

Adobe updates fix 28 vulnerabilities in 6 programs Full Text

Abstract Adobe has released a giant Patch Tuesday security update release that fixes vulnerabilities in Adobe Dimension, Illustrator, Framemaker, Acrobat, Reader, and Bridge.

BleepingComputer

July 13, 2021

Critical Flaws Reported in Etherpad — a Popular Google Docs Alternative Full Text

Abstract Cybersecurity researchers have disclosed new security vulnerabilities in the Etherpad text editor (version 1.8.13) that could potentially enable attackers to hijack administrator accounts, execute system commands, and even steal sensitive documents. The two flaws — tracked as CVE-2021-34816 and CVE-2021-34817 — were discovered and reported on June 4 by researchers from SonarSource, following which patches have been shipped for the latter in  version 1.8.14  of Etherpad released on July 4. Etherpad is a real-time collaborative interface that enables a document to be edited simultaneously by multiple authors. It is an open-source alternative to Google Docs that can be self-hosted or used through one of the many third-party public instances available. "The XSS vulnerability allows attackers to take over Etherpad users, including admins. This can be used to steal or manipulate sensitive data," SonarSource vulnerability researcher Paul Gerste  said  in a report shared with T

The Hacker News

July 13, 2021

Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems Full Text

Abstract The attack pairs a new vulnerability with older flaws that can be leveraged in new ways to attack a popular controller used across critical infrastructure sectors.

SCMagazine

July 13, 2021

Microsoft fixes Windows Hello authentication bypass vulnerability Full Text

Abstract Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech, letting threat actors spoof a target's identity and trick the face recognition mechanism into giving them access to the system.

BleepingComputer

July 13, 2021

Microsoft July 2021 Patch Tuesday fixes 9 zero-days, 117 flaws Full Text

Abstract Today is Microsoft's July 2021 Patch Tuesday, and with it comes fixes for nine zero-day vulnerabilities and a total of 117 flaws, so Windows admins will be pulling their hair out as they scramble to get devices patched and secured.

BleepingComputer

July 13, 2021

ModiPwn flaw in Modicon PLCs bypasses security mechanisms Full Text

Abstract ModiPwn flaw (CVE-2021-22779) in some of Schneider Electric’s Modicon PLCs can allow attackers to bypass authentication mechanisms and take over the device. Researchers at IoT security firm Armis discovered an authentication bypass vulnerability,...

Security Affairs

July 13, 2021

Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities Full Text

Abstract A vulnerability in Schneider Electric computer control systems popular in heating, air conditioning and other building systems could allow hackers to take control of them, researchers at Armis warned.

Cyberscoop

July 12, 2021

Kaseya Patches Zero-Days Used in REvil Attacks Full Text

Abstract The security update addresses three VSA vulnerabilities used by the ransomware gang to launch a worldwide supply-chain attack on MSPs and their customers.

Threatpost

July 12, 2021

Critical RCE Flaw in ForgeRock Access Manager Under Active Attack Full Text

Abstract Cybersecurity agencies in Australia and the U.S. are  warning  of an actively exploited vulnerability impacting ForgeRock's OpenAM access management solution that could be leveraged to execute arbitrary code on an affected system remotely. "The [Australian Cyber Security Centre] has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools," the organization  said  in an alert. ACSC didn't disclose the nature of the attacks, how widespread they are, or the identities of the threat actors exploiting them. Tracked as  CVE-2021-35464 , the issue concerns a pre-authentication remote code execution (RCE) vulnerability in ForgeRock Access Manager identity and access management tool, and stems from an  unsafe Java deserialization  in the Jato framework used by the software. "An attacker exploiting the vulnerability will execute commands in the context of the current user, not as the root user (unless ForgeRo

The Hacker News

July 12, 2021

A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack Full Text

Abstract SolarWinds, the Texas-based company that became the epicenter of a  massive supply chain attack  late last year, has issued patches to contain a remote code execution flaw in its Serv-U managed file transfer service. The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP products, arrive after Microsoft notified the IT management and remote monitoring software maker that the flaw was being exploited in the wild. The threat actor behind the exploitation remains unknown as yet, and it isn't clear exactly how the attack was carried out. "Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability," SolarWinds  said  in an advisory published Friday, adding it's "unaware of the identity of the potentially affected customers." Affecting Serv-U version 15.2.3 HF1 and before, a successful exploitation of the sho

The Hacker News

July 12, 2021

SolarWinds fixes critical Serv-U zero-day exploited in the wild Full Text

Abstract SolarWinds confirmed that a threat actor is actively exploiting a new zero-day vulnerability in Serv-U products and urges customers to fix it. SolarWinds addressed a zero-day remote code execution flaw in Serv-U products which is actively...

Security Affairs

July 12, 2021

WordPress File Management Plugin Riddled with Critical Bugs Full Text

Abstract The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution.

Threatpost

July 12, 2021

SolarWinds patches critical Serv-U vulnerability exploited in the wild Full Text

Abstract SolarWinds is urging customers to patch a Serv-U remote code execution vulnerability exploited in the wild by "a single threat actor" in attacks targeting a limited number of customers.

BleepingComputer

July 12, 2021

PACS vulnerabilities, data breach spur lawsuit against radiology specialists Full Text

Abstract A lawsuit against Northeast Radiology and Alliance HealthCare alleges negligence and inadequate security, following a nine-month data breach caused by PACS flaws.

SCMagazine

July 12, 2021

Mitsubishi Electric Patches Vulnerabilities in Air Conditioning Systems Full Text

Abstract Mitsubishi Electric recently patched several vulnerabilities affecting many of its air conditioning products, mainly centralized controllers. CISA published advisories on the flaws this month.

Security Week

July 12, 2021

Kaseya releases patches for flaws exploited in massive ransomware supply-chain attack Full Text

Abstract Kaseya has released a security update to address the VSA zero-day vulnerabilities exploited by REvil gang in the massive ransomware supply chain attack. Software vendor Kaseya has released a security update to fix the zero-day vulnerabilities in its VSA software...

Security Affairs

July 12, 2021

Flaw in preprocessor language Less.js causes website to leak AWS secret keys Full Text

Abstract A vulnerability in popular preprocessor language Less.js could be exploited to achieve remote code execution (RCE) against websites that allow users to input Less.js code, researchers have warned.

The Daily Swig

July 11, 2021

Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack Full Text

Abstract Florida-based software vendor Kaseya on Sunday rolled out urgent updates to address critical security vulnerabilities in its Virtual System Administrator (VSA) solution that was used as a jumping off point to target as many as 1,500 businesses across the globe as part of a widespread supply-chain ransomware attack . Following the incident, the company had urged on-premises VSA customers to shut down their servers until a patch was available. Now, almost 10 days later the firm has shipped VSA version 9.5.7a (9.5.7.2994) with fixes for three new security flaws —  CVE-2021-30116 - Credentials leak and business logic flaw CVE-2021-30119 - Cross-site scripting vulnerability CVE-2021-30120 - Two-factor authentication bypass The security issues are part of a total of seven vulnerabilities that were discovered and reported to Kaseya by the Dutch Institute for Vulnerability Disclosure ( DIVD ) earlier in April, of which four other weaknesses were remediated in previous releases —

The Hacker News

July 11, 2021

Kaseya patches VSA vulnerabilities used in REvil ransomware attack Full Text

Abstract Kaseya has released a security update for the VSA zero-day vulnerabilities used by the REvil ransomware gang to attack MSPs and their customers.

BleepingComputer

July 10, 2021

Philips Vue Vulnerabilities Could Let a Hacker to Perform Remote Code Execution Full Text

Abstract 15 Philips Vue Vulnerabilities located in the Philips Clinical Collaboration Platform Portal represent dangerous tools in the hands of a hacker as they could cause remote code execution cyberattacks.

Heimdal Security

July 10, 2021

Dutch researchers shed new light on Kaseya vulnerabilities Full Text

Abstract A team of researchers at the Dutch Institute for Vulnerability Disclosure posted a pair of articles outlining how and when they found a series of vulnerabilities in the tools Kaseya provides to managed service providers (MSPs).

Tech Target

July 9, 2021

Four vulnerabilities found in Sage X3 ERP software could allow threat actors to run commands at will Full Text

Abstract The vulnerabilities were fixed according to Rapid7’s vulnerability disclosure process and were patched in recent releases of Sage X3 Version 9.

SCMagazine

July 09, 2021

Microsoft: PrintNightmare security updates work, start patching! Full Text

Abstract Microsoft says the emergency security updates released at the start of the week correctly patch the PrintNightmare Print Spooler vulnerability for all supported Windows versions and urges users to start applying the updates as soon as possible.

BleepingComputer

July 09, 2021

Critical Flaws Reported in Philips Vue PACS Medical Imaging Systems Full Text

Abstract Multiple security vulnerabilities have been disclosed in Philips Clinical Collaboration Platform Portal (aka Vue PACS), some of which could be exploited by an adversary to take control of an affected system. "Successful exploitation of these vulnerabilities could allow an unauthorized person or process to eavesdrop, view or modify data, gain system access, perform code execution, install unauthorized software, or affect system data integrity in such a way as to negatively impact the confidentiality, integrity, or availability of the system," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  noted  in an advisory. The 15 flaws impact: VUE Picture Archiving and Communication Systems (versions 12.2.x.x and prior), Vue MyVue (versions 12.2.x.x and prior), Vue Speech (versions 12.2.x.x and prior), and Vue Motion (versions 12.2.1.5 and prior) Four of the issues (CVE-2020-1938, CVE-2018-12326, CVE-2018-11218, CVE-2020-4670, and CVE-2018-8014) have been given a C

The Hacker News

July 9, 2021

Microsoft says that the emergency patch recently released correctly fix the PrintNightmare flaw Full Text

Abstract Microsoft confirmed that the emergency security updates (KB5005010) correctly address the PrintNightmare Print Spooler vulnerability (CVE-2021-34527). Microsoft says that the emergency security patches released early this week correctly address the PrintNightmare...

Security Affairs

July 9, 2021

Cisco fixes High Severity issue in BPA and WSA Full Text

Abstract Cisco released security patches for high severity vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation attacks.

Security Affairs

July 9, 2021

Coursera API vulnerabilities disclosed by researchers Full Text

Abstract Checkmarx revealed multiple security flaws in the Coursera platform, including a BOLA flaw that may expose endpoints that handle object identifiers, potentially opening the door to wider attacks.

ZDNet

July 8, 2021

Multiple Sage X3 vulnerabilities expose systems to hack Full Text

Abstract Rapid7 researchers discovered security vulnerabilities in the Sage X3 ERP product that could allow to take control of vulnerable systems. Researchers from Rapid7 discovered a total of four security vulnerabilities in the Sage X3 enterprise resource...

Security Affairs

July 08, 2021

Windows security update KB5004945 breaks printing on Zebra printers Full Text

Abstract Microsoft's recent out-of-band KB5004945 PrintNightmare security updates are preventing Windows users from printing to certain Zebra printers.

BleepingComputer

July 8, 2021

Android Updates for July 2021 Patch Tens of High-Severity Vulnerabilities Full Text

Abstract The most severe vulnerabilities affect the System component and could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

Security Week

July 8, 2021

Information disclosure, privilege escalation vulnerabilities spotted in IOBit Advanced SystemCare Ultimate Full Text

Abstract Researchers from Cisco Talos recently discovered multiple vulnerabilities in IOBit Advanced SystemCare Ultimate. These vulnerabilities all exist in a monitoring driver in the software.

Cisco Talos

July 08, 2021

Critical Flaws Reported in Sage X3 Enterprise Management Software Full Text

Abstract Four security vulnerabilities have been uncovered in the  Sage X3  enterprise resource planning (ERP) product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems. These issues were discovered by researchers from Rapid7, who notified Sage Group of their findings on Feb. 3, 2021. The vendor has since rolled out  fixes  in recent releases for Sage X3 Version 9 (Syracuse 9.22.7.2), Sage X3 HR & Payroll Version 9 (Syracuse 9.24.1.3), Sage X3 Version 11 (Syracuse 11.25.2.6), and Sage X3 Version 12 (Syracuse 12.10.2.8) that were shipped in March. The list of vulnerabilities is as follows - CVE-2020-7388  (CVSS score: 10.0) - Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component CVE-2020-7389  (CVSS score" 5.5) - System "CHAINE" Variable Script Command Injection (No fix planned) CVE-2020-7387  (CVSS score: 5.3) - Sage X3 Ins

The Hacker News

July 08, 2021

How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare Full Text

Abstract This week, PrintNightmare - Microsoft's Print Spooler vulnerability (CVE-2021-34527) was upgraded from a 'Low' criticality to a 'Critical' criticality. This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers. As we reported earlier , Microsoft already released a patch in June 2021, but it wasn't enough to stop exploits. Attackers can still use Print Spooler when connecting remotely. You can find all you need to know about this vulnerability in this article and how you can mitigate it (and you can).  Print Spooler in a nutshell:  Print Spooler is Microsoft's service for managing and monitoring files printing. This service is among Microsoft's oldest and has had minimal maintenance updates since it was released.  Every Microsoft machine (servers and endpoints) has this feature enabled by default. PrintNightmare vulnerability:  As soon as an attacker gains limited user

The Hacker News

July 8, 2021

New PrintNightmare Patch Can Be Bypassed, Say Researchers Full Text

Abstract Point and Print function appears to be the problem

Infosecurity Magazine

July 8, 2021

From Microsoft to QNAP, Multiple Firms Warn Against High-Severity Flaws Full Text

Abstract Researchers are urging everyone to patch multiple critical and high-severity vulnerabilities found in Windows Print Spooler, QNAP devices, and other systems.

Cyware Alerts - Hacker News

July 07, 2021

Microsoft’s Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability Full Text

Abstract Even as Microsoft  expanded patches  for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios, effectively defeating the security protections and permitting attackers to run arbitrary code on infected systems. On Tuesday, the Windows maker issued an  emergency out-of-band update  to address  CVE-2021-34527  (CVSS score: 8.8) after the flaw was accidentally disclosed by researchers from Hong Kong-based cybersecurity firm Sangfor late last month, at which point it emerged that the issue was different from another bug — tracked as  CVE-2021-1675  — that was patched by Microsoft on June 8. "Several days ago, two security vulnerabilities were found in Microsoft Windows' existing printing mechanism," Yaniv Balmas, head of cyber research at Check Point, told The Hacke

The Hacker News

July 07, 2021

Microsoft: PrintNightmare now patched on all Windows versions Full Text

Abstract Microsoft has released the KB5004948 emergency security update to address the Windows Print Spooler PrintNightmare vulnerability on all editions of Windows 10 1607 and Windows Server 2016.

BleepingComputer

July 7, 2021

Emergency ‘PrintNightmare’ patch said to fix RCEs, but not privilege escalation on Windows servers Full Text

Abstract Failure to patch could lead to what one researcher described as “a catastrophic security incident such as data theft, financial fraud, or ransomware.”

SCMagazine

July 07, 2021

Cybersecurity researchers say they warned Kaseya of flaw in April Full Text

Abstract The Miami-based technology firm at the center of the worldwide security breach carried out by Russia-linked hackers was warned in early April of the cybersecurity vulnerability that was ultimately taken advantage of by the cyber criminal gang.

The Hill

July 7, 2021

Critical vulnerabilities in Philips Vue PACS devices could allow remote takeover Full Text

Abstract Philips reported a range of 15 vulnerabilities in its Vue platform to CISA, four of which were ranked critical. A successful exploit could allow an attacker to take control of the PACS system.

SCMagazine

July 07, 2021

Microsoft’s incomplete PrintNightmare patch fails to fix vulnerability Full Text

Abstract Researchers have bypassed Microsoft's emergency patch for the PrintNightmare vulnerability to achieve remote code execution and local privilege escalation with the official fix installed.

BleepingComputer

July 7, 2021

Kaspersky Password Manager caught out making easily bruteforced passwords Full Text

Abstract The big mistake made by KPM was using the current system time in seconds as the seed into a Mersenne Twister PRNG, meaning different instances will generate the same password at a given time.

ZDNet

July 07, 2021

Dozens of Vulnerable NuGet Packages Allow Attackers to Target .NET Platform Full Text

Abstract An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities, once again underscoring the threat posed by third-party dependencies to the software development process. In light of the growing number of cyber incidents that target the software supply chain, there is an urgent need to assess such third-party modules for any security risks and minimize the attack surface, ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. NuGet  is a Microsoft-supported mechanism for the .NET platform and functions as a package manager designed to enable developers to share reusable code. The framework maintains a central repository of over 264,000 unique packages that have collectively produced more than 109 billion package downloads. "All identified precompiled software components in our research were different versions of 7Zip, WinSCP and PuT

The Hacker News

July 7, 2021

Microsoft rolled out emergency update for Windows PrintNightmare zero-day Full Text

Abstract Microsoft rolled out KB5004945 emergency update to address the actively exploited PrintNightmare zero-day vulnerability (CVE-2021-34527) in Print Spooler service. Microsoft has released the KB5004945 emergency security update to address the actively...

Security Affairs

July 06, 2021

Microsoft pushes emergency update for Windows PrintNightmare zero-day Full Text

Abstract Microsoft has released the KB5004945 emergency security update to address the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. However, the patch is incomplete and the vulnerability can still be locally exploited to gain SYSTEM privileges.

BleepingComputer

July 6, 2021

HHS urges providers to secure PACS vulnerabilities exposing medical images Full Text

Abstract Following SC Media’s report on PACS vulnerabilities exposing millions of medical images, HHS is urging health care entities to review device inventories and secure system flaws.

SCMagazine

July 6, 2021

SonicWall addresses critical CVE-2021-20026 flaw in NSM devices Full Text

Abstract Positive Technologies experts provide details about potential impact of a recently fixes command injection flaw in SonicWall NSM devices. Positive Technologies researcher Nikita Abramov has provided details about the CVE-2021-20026 command injection...

Security Affairs

July 6, 2021

Western Digital Users Face Another RCE Full Text

Abstract Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices.

Threatpost

July 06, 2021

Microsoft 365 to let SecOps lock hacked Active Directory accounts Full Text

Abstract Microsoft is updating Microsoft Defender for Identity to allow security operations (SecOps) teams to block attacks by locking a compromised user's Active Directory account.

BleepingComputer

July 6, 2021

Kaseya Patches Imminent After Zero-Day Exploits, 1,500 Impacted Full Text

Abstract REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116.

Threatpost

July 6, 2021

WAF bypass: ‘Severe’ OWASP ModSecurity Core Rule Set bug was present for several years Full Text

Abstract A vulnerability in the OWASP ModSecurity Core Rule Set (CRS) project that could allow attackers to bypass security mechanisms was present for several years, the maintainers have admitted.

The Daily Swig

July 6, 2021

GitLab triages bug bounty-reported flaws with latest release Full Text

Abstract GitLab has resolved a raft of vulnerabilities, including two high-impact web security flaws – a CSRF vulnerability and a DoS vulnerability, with an update to its software development platform.

The Daily Swig

July 6, 2021

QNAP addressed a critical flaw that allows compromising NAS devices Full Text

Abstract Taiwanese vendor QNAP addressed a critical flaw, tracked as CVE-2021-28809, that could be exploited to compromise vulnerable NAS devices. Taiwanese vendor QNAP fixed a critical vulnerability, tracked as CVE-2021-28809, that could be exploited by attackers...

Security Affairs

July 05, 2021

QNAP fixes critical bug in NAS backup, disaster recovery app Full Text

Abstract Taiwan-based network-attached storage (NAS) maker QNAP has addressed a critical security vulnerability enabling attackers to compromise vulnerable NAS devices' security.

BleepingComputer

July 5, 2021

A speciifc network name can completely disable Wi-Fi on your iPhone Full Text

Abstract Researcher Carl Schou tweeted that if an iPhone comes in range of a Wi-Fi network named ‘%secretclub%power’, then that iPhone will no longer be able to use Wi-Fi or Wi-Fi related features.

9to5 Mac

July 04, 2021

Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw Full Text

Abstract Microsoft is urging Azure users to  update  the PowerShell command-line tool as soon as possible to protect against a critical remote code execution vulnerability impacting .NET Core. The issue, tracked as  CVE-2021-26701  (CVSS score: 8.1), affects PowerShell versions 7.0 and 7.1 and have been remediated in versions 7.0.6 and 7.1.3, respectively. Windows PowerShell 5.1 isn't impacted by the flaw. Built on the .NET Common Language Runtime (CLR),  PowerShell  is a cross-platform task automation utility that consists of a command-line shell, a scripting language, and a configuration management framework. "A remote code execution vulnerability exists in .NET 5 and .NET Core due to how text encoding is performed," the company  noted in an advisory  published earlier this April, adding that the problem resides in the " System.Text.Encodings.Web " package, which provides types for encoding and escaping strings for use in JavaScript, HTML, and URLs. System.Text.

The Hacker News

July 04, 2021

REvil Used 0-Day in Kaseya Ransomware Attack, Demands $70 Million Ransom Full Text

Abstract Amidst the massive  supply-chain ransomware attack  that triggered an infection chain compromising thousands of businesses on Friday, new details have emerged about how the notorious Russia-linked REvil cybercrime gang may have pulled off the unprecedented hack. The Dutch Institute for Vulnerability Disclosure (DIVD) on Sunday  revealed  it had alerted Kaseya to a number of zero-day vulnerabilities in its VSA software (CVE-2021-30116) that it said were being exploited as a conduit to deploy ransomware. The non-profit entity said the company was in the process of resolving the issues as part of a coordinated vulnerability disclosure when the July 2 attacks took place. More specifics about the flaws were not shared, but DIVD chair Victor Gevers  hinted  that the zero-days are trivial to exploit. At least 1,000 businesses are said to have been affected by the attacks, with victims identified in at least 17 countries, including the U.K., South Africa, Canada, Argentina, Mexico, Indonesi

The Hacker News

July 3, 2021

Microsoft confirms presence of vulnerable code in all versions of Windows Full Text

Abstract Microsoft has assigned CVE-2021-34527 to the print spooler remote code execution vulnerability known as "PrintNightmare" and confirmed that the offending code is lurking in all versions of Windows.

The Register

July 2, 2021

Microsoft urges Azure users to update PowerShell to fix RCE flaw Full Text

Abstract Microsoft is urging Azure users to update PowerShell to address a remote code execution vulnerability that was fixed earlier this year. Microsoft is recommending its Azure users to update PowerShell versions 7.0 and 7.1 to protect against a high severity...

Security Affairs

July 02, 2021

Actively exploited PrintNightmare zero-day gets unofficial patch Full Text

Abstract Free micropatches addressing the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service are now available through the 0patch platform.

BleepingComputer

July 02, 2021

Microsoft warns of critical PowerShell 7 code execution vulnerability Full Text

Abstract Microsoft warns of a critical .NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in in .NET 5 and .NET Core.

BleepingComputer

July 02, 2021

Microsoft shares mitigations for Windows PrintNightmare zero-day bug Full Text

Abstract Microsoft has provided mitigation guidance to block attacks on systems vulnerable to exploits targeting the Windows Print Spooler zero-day vulnerability known as PrintNightmare.

BleepingComputer

July 01, 2021

Microsoft Warns of Critical “PrintNightmare” Flaw Being Exploited in the Wild Full Text

Abstract Microsoft on Thursday officially confirmed that the "PrintNightmare" remote code execution (RCE) vulnerability affecting Windows Print Spooler is different from the issue the company addressed as part of its Patch Tuesday update released earlier this month, while warning that it has detected exploitation attempts targeting the flaw. The company is tracking the security weakness under the identifier  CVE-2021-34527 . "A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations," Microsoft said in its advisory. "An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights." "An attack must involve an authenticated user calling RpcAddPrinterDriverEx()," the Redmond-based firm added. The acknowledgment comes after r

The Hacker News

July 1, 2021

Major Linux RPM problem uncovered Full Text

Abstract Dmitry Antipov, a Linux developer at CloudLinux, AlmaLinux OS's parent company, first spotted the problem in March 2021. Antipov found that RPM would work with unauthorized RPM packages.

ZDNet

July 1, 2021

Microsoft found auth bypass, system hijack flaws in Netgear routers Full Text

Abstract Microsoft experts have disclosed a series of vulnerabilities in the firmware of Netgear routers which could lead to data leaks and full system takeover. Microsoft researchers discovered multiple vulnerabilities in the firmware of the Netgear DGN-2200v1...

Security Affairs

June 30, 2021

Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers Full Text

Abstract Cybersecurity researchers have detailed critical security vulnerabilities affecting  NETGEAR DGN2200v1 series routers , which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three  HTTPd  authentication security weaknesses (CVSS scores: 7.1 – 9.4) impact routers running firmware versions prior to v1.0.0.60, and have since been  fixed by the company  in December 2020 as part of a coordinated vulnerability disclosure process. "The rising number of firmware attacks and ransomware attacks via VPN devices and other internet-facing systems are examples of attacks initiated outside and below the operating system layer," Microsoft 365 Defender Research Team's Jonathan Bar Or  said . "As these types of attacks become more common, users must look to secure even the single-purpose software that run their hardware—like routers." In a nutshell, the flaws allow accessing router management pa

The Hacker News

June 30, 2021

Windows Print Spooler flaw could make a bad compromise much worse Full Text

Abstract A flaw in Windows Print Spooler is causing alarm in the information security community after new research found it leaves domain controllers susceptible to remote code execution.

SCMagazine

June 30, 2021

Microsoft finds Netgear router bugs enabling corporate breaches Full Text

Abstract Attackers could use critical firmware vulnerabilities discovered by Microsoft in some NETGEAR router models as a stepping stone to move laterally within enterprise networks.

BleepingComputer

June 30, 2021

Public Windows PrintNightmare 0-day exploit allows domain takeover Full Text

Abstract Technical details and proof-of-concept (PoC) exploit have been accidentally leaked for a currently unpatched vulnerability in Windows that allows remote code execution.

BleepingComputer

June 30, 2021

Multiple vulnerabilities in WordPress plugin pose website remote code execution risk Full Text

Abstract The plugin in question is ProfilePress (formerly named WP User Avatar) which facilitates the uploading of WordPress user profile images. The plugin has a total of more than 40,000 installs.

The Daily Swig

June 30, 2021

Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability Full Text

Abstract A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down. Identified as  CVE-2021-1675 , the security issue could grant remote attackers full control of vulnerable systems.  Print Spooler  manages the printing process in Windows, including loading the appropriate printer drivers, and scheduling the print job for printing, among others. Print Spooler flaws are concerning, not least because of the wide attack surface, but also owing to the fact that it runs at the highest privilege level and is capable of dynamically loading third-party binaries. "Either the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., tricking a legitimate

The Hacker News

June 30, 2021

EA ignored domain vulnerabilities for months despite warnings and breaches Full Text

Abstract Officials from Cyberpion approached EA late last year to inform them of multiple domains that could be subject to takeovers as well as misconfigured and potentially unknown assets.

ZDNet

June 29, 2021

NFC flaws let researchers hack an ATM by waving a phone Full Text

Abstract Researcher Josep Rodriguez has reported several security vulnerabilities in the near-field communications (NFC) reader chips used in millions of ATMs and point-of-sale systems worldwide.

Ars Technica

June 29, 2021

PoC exploit for CVE-2021-1675 RCE started circulating online Full Text

Abstract Proof-of-concept exploit code for CVE-2021-1675 flaw, an attacker could exploit it to compromise Windows systems. Proof-of-concept exploit code for the CVE-2021-1675 flaw has been published online, the flaw impacts the Windows Print Spooler service...

Security Affairs

June 29, 2021

Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks Full Text

Abstract The bug in Edge’s auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.

Threatpost

June 29, 2021

Malvuln Project Catalogues 260 Vulnerabilities Found in Malware Full Text

Abstract Malvuln, a project started by security researcher John Page (aka hyp3rlinx), has enlisted vulnerabilities across 105 individual malware families and shown how they can be exploited.

Security Week

June 29, 2021

Administration to release attribution for Microsoft vulnerabilities in ‘coming weeks’ Full Text

Abstract The Biden administration is working to formally attribute the exploitation of vulnerabilities in Microsoft’s Exchange Server application, which left thousands of organizations vulnerable to attack, “in the coming weeks,” a top official said Tuesday.

The Hill

June 29, 2021

High-Severity Vulnerabilities Found in Several Phoenix Contact Industrial Products Full Text

Abstract The industrial solutions provider Phoenix Contact alerted its customers of 10 security vulnerabilities in its TC router, FL MGUARD modules, ILC 2050 BI building controllers, and PLCNext products.

Security Week

June 29, 2021

Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine Full Text

Abstract An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network. "This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in an  analysis  published Friday. "By mounting this exploit, the attacker can grant access to themselves over SSH (public key authentication) so then they can login as the root user." Google Compute Engine ( GCE ) is an infrastructure-as-a-service (IaaS) component of Google Cloud Platform that enables users to create and launch virtual machines (VMs) on demand. GCE provides a method for storing and retrieving metadata in the form of the  metadata server , which offers a central point to set metadata in the form of key-value pairs that's then provided to virtual machines at runtime. According to the researcher, the issue is a consequence of weak pseudo-random

The Hacker News

June 29, 2021

GitHub paid out over $500K through its bug bounty program for 203 flaws in 2020 Full Text

Abstract Code repository hosting service GitHub announced that it has paid out more than $1.5 million through its bug bounty program since 2016. Code repository hosting service GitHub announced that it has paid $524,250 through its bug bounty program for 203 vulnerabilities...

Security Affairs

June 28, 2021

NVIDIA Patches High-Severity GeForce Spoof-Attack Bug Full Text

Abstract A vulnerability in NVIDIA’s GeForce Experience software opens the door to remote data access, manipulation and deletion.

Threatpost

June 28, 2021

Zero-day Exploit Found in Adobe Experience Manager Full Text

Abstract Ethical hackers find bug in popular content management solution

Infosecurity Magazine

June 28, 2021

Microsoft Edge Bug Could’ve Let Hackers Steal Your Secrets for Any Site Full Text

Abstract Microsoft last week rolled out updates for the Edge browser with  fixes for two security issues , one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as  CVE-2021-34506  (CVSS score: 5.4), the weakness stems from a universal cross-site scripting (UXSS) issue that's triggered when automatically translating web pages using the browser's  built-in feature via Microsoft Translator . Credited for discovering and reporting CVE-2021-34506 are Ignacio Laurence as well as Vansh Devgan and Shivam Kumar Singh with CyberXplore Private Limited.  "Unlike the common XSS attacks, UXSS is a type of attack that exploits client-side vulnerabilities in the browser or browser extensions in order to generate an XSS condition, and execute malicious code," CyberXplore researchers  said  in a write-up shared with The Hacker News. "When such vulnerabilities are found and exploited,

The Hacker News

June 27, 2021

Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online Full Text

Abstract A security vulnerability in Cisco Adaptive Security Appliance (ASA) that was addressed by the company last October and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept (PoC) exploit code. The PoC was  published  by researchers from cybersecurity firm Positive Technologies on June 24, following which reports emerged that attackers are chasing after an exploit for the bug. "Tenable has also received a report that attackers are exploiting CVE-2020-3580 in the wild," the cyber exposure company  said . Tracked as  CVE-2020-3580  (CVSS score: 6.1), the issue concerns multiple vulnerabilities in the web services interface of Cisco ASA software and Cisco Firepower Threat Defense (FTD) software that could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks on an affected device. As of July 2020, there were a little over  85,000 ASA/FTD devices , 398 of which are spread across

The Hacker News

June 27, 2021

Cisco ASA vulnerability actively exploited after exploit released Full Text

Abstract Hackers are scanning for and actively exploiting a vulnerability in Cisco ASA devices after a PoC exploit was published on Twitter.

BleepingComputer

June 26, 2021

MyBook Users Urged to Unplug Devices from Internet Full Text

Abstract Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw.

Krebs on Security

June 26, 2021

Epsilon Red – our research reveals more than 3.5 thousand servers are still vulnerable Full Text

Abstract CyberNews researchers analyzed the recently discovered Epsilon Red operations and found that more than 3.5K servers are still vulnerable Several weeks later, security researchers from Sophos have discovered a new ransomware variant known...

Security Affairs

June 25, 2021

Western Digital: Disconnect My Book Live drives immediately Full Text

Abstract Western Digital is asking customers to disconnect My Book Live hard drives from the internet to prevent malware from wiping them of data.

SCMagazine

June 25, 2021

Vulnerabilities Expose Fortinet Firewalls to Remote Attacks Full Text

Abstract A high-severity vulnerability patched recently by Fortinet in its FortiWeb web application firewall (WAF) can be exploited to execute arbitrary commands and can be chained with other security holes.

Security Week

June 25, 2021

Flaws in FortiWeb WAF expose Fortinet devices to remote hack Full Text

Abstract Fortinet has recently fixed a high-severity vulnerability affecting its FortiWeb web application firewall (WAF) that can be exploited by remote attackers to execute arbitrary commands. Fortinet has recently addressed a high-severity vulnerability...

Security Affairs

June 25, 2021

Newly Discovered Dell Bugs Impact 30 Million PCs Full Text

Abstract Four vulnerabilities could enable complete remote control of 129 models

Infosecurity Magazine

June 25, 2021

Report picks holes in the Linux kernel release signing process Full Text

Abstract A report has highlighted a range of areas for improvement, from failing to mandate the use of hardware security keys for authentication to the use of static keys for SSH access.

The Register

June 24, 2021

Flaws in Dell BIOSConnect feature affect 128 device models Full Text

Abstract Flaws affecting the BIOSConnect feature of Dell Client BIOS could be exploited by a privileged attacker to execute arbitrary code at the BIOS/UEFI level of the impacted device. Researchers from cybersecurity firm Eclypsium discovered multiple vulnerabilities...

Security Affairs

June 24, 2021

New BIOS vulnerabilities impact tens of millions of Dell computer hardware Full Text

Abstract The vulnerabilities, discovered by security researchers at Eclypsium, attack the BIOSConnect feature within Dell Client BIOS and affects 30 million devices across 128 different Dell models, including laptops, desktops and tablets.

SCMagazine

June 24, 2021

Atlassian Bugs Could Have Led to 1-Click Takeover Full Text

Abstract A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.

Threatpost

June 24, 2021

VMware releases patches for critical flaw in Carbon Black App Control Full Text

Abstract VMware released security patches to address an authentication bypass vulnerability in VMware Carbon Black App Control (AppC) for Windows. VMware released security patches for an authentication bypass vulnerability, tracked as CVE-2021-21998, in Carbon...

Security Affairs

June 24, 2021

BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models Full Text

Abstract Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device. "As the attacker has the ability to remotely execute code in the pre-boot environment, this can be used to subvert the operating system and undermine fundamental trust in the device," researchers from enterprise device security firm Eclypsium said . "The virtually unlimited control over a device that this attack can provide makes the fruit of the labor well worth it for the attacker." In all, the flaws affect 128 Dell models spanning across consumer and business laptops, desktops, and tablets, totalling an estimated 30 million individual devices. Worse, the weaknesses also impact computers that have  Secure Boot  enabled, a security feature designed to prevent  rootkits from being installed  at boot

The Hacker News

June 24, 2021

A Google Drive security update will break some of your shared links Full Text

Abstract An upcoming security update for Google Drive will increase the security of your shared documents but likely break many of your shared links.

BleepingComputer

June 24, 2021

Critical VMware Carbon Black Bug Allows Authentication Bypass Full Text

Abstract The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.

Threatpost

June 24, 2021

One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account Full Text

Abstract Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on ( SSO ) capability. "With just one click, an attacker could have used the flaws to get access to Atlassian's publish Jira system and get sensitive information, such as security issues on Atlassian cloud, Bitbucket and on premise products," Check Point Research said in an analysis shared with The Hacker News. After the issues were reported to Atlassian on Jan. 8, 2021, the Australian company deployed a fix as part of its  updates  rolled out on  May 18 . The sub-domains affected by the flaws include -  jira.atlassian.com confluence.atlassian.com getsupport.atlassian.com partners.atlassian.com developer.atlassian.com support.atlassian.com training.atlassian.com Successful exploitation of these flaws could result in a supply-ch

The Hacker News

June 24, 2021

Dell SupportAssist bugs put over 30 million PCs at risk Full Text

Abstract Security researchers have found four major security vulnerabilities in the BIOSConnect feature of Dell SupportAssist, allowing attackers to remotely execute code within the BIOS of impacted devices.

BleepingComputer

June 24, 2021

Critical Auth Bypass Bug Affects VMware Carbon Black App Control Full Text

Abstract VMware has rolled out security updates to resolve a critical flaw affecting Carbon Black App Control that could be exploited to bypass authentication and take control of vulnerable systems. The vulnerability, identified as CVE-2021-21998, is rated 9.4 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and affects App Control (AppC) versions 8.0.x, 8.1.x, 8.5.x, and 8.6.x. Carbon Black App Control  is a security solution designed to lock down critical systems and servers to prevent unauthorized changes in the face of cyber-attacks and ensure compliance with regulatory mandates such as PCI-DSS, HIPAA, GDPR, SOX, FISMA, and NERC. "A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate," the California-based cloud computing and virtualization technology company  said  in an advisory. CVE-2021-21998 is th

The Hacker News

June 24, 2021

Researchers Discover New DNS Name Server Hijack Attack That Exposes Businesses, Government Agencies Full Text

Abstract Researchers found a novel class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers.

Dark Reading

June 23, 2021

Dangers Posed by Evidentiary Software—and What to Do about It Full Text

Abstract It's well known the code is buggy; that's why software updates for anything from apps to operating systems are now the norm. But if the public understands this, the courts have not followed suit.

Lawfare

June 23, 2021

Dangers Posed by Evidentiary Software—and What to Do about It Full Text

Abstract It's well known the code is buggy; that's why software updates for anything from apps to operating systems are now the norm. But if the public understands this, the courts have not followed suit.

Lawfare

June 23, 2021

VMware fixes authentication bypass in Carbon Black App Control Full Text

Abstract VMware Carbon Black App Control has been updated this week to fix a critical-severity vulnerability that allows access to the server without authentication.

BleepingComputer

June 23, 2021

OIG: CMS lacks protocol to assess networked medical device cybersecurity in hospitals Full Text

Abstract A lack of real-time data on inventories, connections, and device communications, combined with reliance on legacy platforms and slow patch management processes have resulted in many providers leaving the door open to attackers.

SCMagazine

June 23, 2021

VMware fixes privilege escalation issue in VMware Tools for Windows Full Text

Abstract VMware patched a high-severity vulnerability in VMware Tools for Windows that attackers could exploit to execute arbitrary code with elevated privileges. VMware patched a high-severity local privilege escalation vulnerability, tracked as CVE-2021-21999,...

Security Affairs

June 23, 2021

SonicWall ‘Botches’ October Patch for VPN Bug Full Text

Abstract Company finally rolls out the complete fix this week for a flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.

Threatpost

June 23, 2021

Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE Full Text

Abstract A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts — with no patches in sight.

Threatpost

June 23, 2021

Palo Alto Networks fixes critical flaw (CVE-2021-3044) in Cortex XSOAR Full Text

Abstract Palo Alto Networks addresses a critical improper authorization vulnerability (CVE-2021-3044) affecting its Cortex XSOAR security orchestration solution, automation and response (SOAR) platform. Researchers from Palo Alto Networks discovered and addresses...

Security Affairs

June 23, 2021

Patch Tor Browser Bug to Prevent Tracking of Your Online Activities Full Text

Abstract Open-source Tor browser has been updated to version 10.0.18 with fixes for multiple issues, including a privacy-defeating bug that could be used to uniquely fingerprint users across different browsers based on the apps installed on a computer. In addition to  updating  Tor to 0.4.5.9, the browser's Android version has been upgraded to Firefox to version 89.1.1, alongside incorporating patches rolled out by Mozilla for several  security vulnerabilities  addressed in Firefox 89. Chief among the rectified issues is a new fingerprinting attack that came to light last month. Dubbed  scheme flooding , the vulnerability enables a malicious website to leverage information about installed apps on the system to assign users a permanent unique identifier even when they switch browsers, use incognito mode, or a VPN. Put differently, the  weakness  takes advantage of custom URL schemes in apps as an attack vector, allowing a bad actor to track a device's user between different browsers

The Hacker News

June 23, 2021

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day Full Text

Abstract A critical vulnerability, tracked as CVE-2021-20019, in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. In October last year, experts reported a critical stack-based Buffer...

Security Affairs

June 22, 2021

SonicWall bug affecting 800K firewalls was only partially fixed Full Text

Abstract New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which affected over 800,000 VPN firewalls and was initially thought to have been patched. Tracked as CVE-2020-5135, when exploited, the bug allows unauthenticated remote attackers to execute arbitrary code on the impacted devices.

BleepingComputer

June 22, 2021

SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks Full Text

Abstract A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. The shortcoming was rectified in an update rolled out to SonicOS on June 22.  Tracked as  CVE-2021-20019  (CVSS score: 5.3), the vulnerability is the consequence of a memory leak when sending a specially-crafted unauthenticated HTTP request, culminating in information disclosure. It's worth noting that SonicWall's decision to hold back the patch comes amid  multiple   zero-day   disclosures  affecting its remote access VPN and email security products that have been exploited in a series of in-the-wild attacks to deploy backdoors and a new strain of ransomware called FIVEHANDS. Howevere, there is no evidence that the flaw is being exploited in the wild. Memory Dump PoC "SonicWal

The Hacker News

June 22, 2021

Unpatched Supply-Chain Flaw Affects ‘Pling Store’ Platforms for Linux Users Full Text

Abstract Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply chain attacks and achieve remote code execution (RCE). "Linux marketplaces that are based on the Pling platform are vulnerable to a wormable [cross-site scripting] with potential for a supply chain attack," Positive Security co-founder Fabian Bräunlein  said  in a technical write-up published today. "The native PlingStore application is affected by an RCE vulnerability, which can be triggered from any website while the app is running." The Pling-based app stores impacted by the flaw include — appimagehub.com store.kde.org gnome-look.org xfce-look.org pling.com PlingStore allows users to search and install Linux software, themes, icons, and other add-ons that may not be available for download through the distribution's software center.  T

The Hacker News

June 22, 2021

SonicWall bug that affected 800K firewalls was only partially fixed Full Text

Abstract New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which affected over 800,000 VPN firewalls and was initially thought to have been patched. Tracked as CVE-2020-5135, when exploited, the bug allows unauthenticated remote attackers to execute arbitrary code on the impacted devices.

BleepingComputer

June 22, 2021

Zephyr RTOS fixes Bluetooth bugs that may lead to code execution Full Text

Abstract The Zephyr real-time operating system (RTOS) for embedded devices received an update earlier this month that fixes multiple vulnerabilities that can cause a denial-of-service (DoS) condition and potentially lead to remote code execution.

BleepingComputer

June 22, 2021

Email Bug Allows Message Snooping, Credential Theft Full Text

Abstract A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.

Threatpost

June 22, 2021

Lexmark Printers Open to Arbitrary Code-Execution Zero-Day Full Text

Abstract “No remedy available as of June 21, 2021,” according to the researcher who discovered the easy-to-exploit, no-user-action-required bug.

Threatpost

June 22, 2021

Complex supply chain logistics are leaving defense contractors vulnerable Full Text

Abstract An evaluation of 300 small and medium defense companies suggests contractors have prioritized interoperability with outside systems over security.

SCMagazine

June 22, 2021

NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws Full Text

Abstract U.S. graphics chip specialist NVIDIA has released  software updates  to address a total of 26 vulnerabilities impacting its Jetson system-on-module (SOM) series that could be abused by adversaries to escalate privileges and even lead to denial-of-service and information disclosure. Tracked from CVE‑2021‑34372 through CVE‑2021‑34397, the flaws affect products Jetson TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, and Nano and Nano 2GB running all Jetson Linux versions prior to 32.5.1. The company credited Frédéric Perriot of Apple Media Products for reporting all the issues. The  NVIDIA Jetson  line consists of embedded Linux AI and computer vision compute modules and developer kits that primarily caters to AI-based computer vision applications and autonomous systems such as mobile robots and drones. Chief among the vulnerabilities is CVE‑2021‑34372 (CVSS score: 8.2), a buffer overflow flaw in its  Trusty  trusted execution environment (TEE) that could result in informatio

The Hacker News

June 22, 2021

Tor Browser 10.0.18 fixes a bug that allows to track users by fingerprinting installed apps Full Text

Abstract The Tor Project released Tor Browser 10.0.18 that addresses a flaw that allows sites to track users by fingerprinting the installed apps. The Tor Project has released Tor Browser 10.0.18, the new version of the popular browser addresses multiple flaws,...

Security Affairs

June 22, 2021

Intent redirection vulnerabilities in popular Android apps spotlight danger of dynamic code loading, warn researchers Full Text

Abstract App developers have been urged not to load code dynamically because of the heightened risk of code execution vulnerabilities. Recently, one such intent redirection flaw was fixed in the Google app.

The Daily Swig

June 21, 2021

Tor Browser fixes vulnerability that tracks you using installed apps Full Text

Abstract The Tor Project has released Tor Browser 10.0.18 to fix numerous bugs, including a vulnerability that allows sites to track users by fingerprinting the applications installed on their devices.

BleepingComputer

June 21, 2021

iPhone Wi-Fi Crushed by Weird Network Full Text

Abstract … until you reset network settings and stop connecting to a weirdly named network, that is. FUD is spreading. iOS Wi-Fi demolition is not.

Threatpost

June 21, 2021

Security Vulnerability in Wire Messaging App Allowed Attackers to Fully Control User Accounts Full Text

Abstract The maintainers of the Wire secure messaging app have patched the software against two security vulnerabilities, one of which could have allowed an attacker to “fully control” user accounts.

The Daily Swig

June 21, 2021

Researcher Finds Several Vulnerabilities in Cisco Small Business Switches Full Text

Abstract A researcher has identified several vulnerabilities in Cisco’s Small Business 220 series smart switches. The company this week informed customers about the availability of patches for these flaws.

Security Week

June 21, 2021

A security bug in Google’s Android app put users’ data at risk Full Text

Abstract Google’s Android app, which has more than five billion installs to date, had a vulnerability that could have allowed an attacker to quietly steal personal data from a victim’s device.

TechCrunch

June 21, 2021

DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps Full Text

Abstract A new research published by a group of academics has found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware, in what could pose a serious risk as malicious actors evolve their toolsets to better evade analysis. "Malware writers use stealthy mutations (morphing/obfuscations) to continuously develop malware clones, thwarting detection by signature based detectors," the researchers  said . "This attack of clones seriously threatens all the mobile platforms, especially Android." The findings were published in a study last week by researchers from Adana Science and Technology University, Turkey, and the National University of Science and Technology, Islamabad, Pakistan. Unlike iOS, apps can be downloaded from third-party sources on Android devices, raising the possibility that unwitting users can install unverified and lookalike apps that clone a legitimate app's functionality but are built to trick tar

The Hacker News

June 21, 2021

Vulnerabilities in Open Design Alliance SDK Impact Siemens, Other Vendors Full Text

Abstract Eight security vulnerabilities discovered in the Drawings software development kit (SDK) made by Open Design Alliance (ODA) impact products from Siemens and likely other vendors.

Security Week

June 20, 2021

A specific network name can completely disable Wi-Fi on your iPhone Full Text

Abstract A security researcher has found that a carefully crafted network name causes a bug in the networking stack of iOS and can completely disable your iPhone’s ability to connect to Wi-Fi.

9to5 Mac

June 20, 2021

This bug can permanently break iPhone WiFi connectivity Full Text

Abstract A new bug in iPhone can permanently break users' WiFi by disabling it, the issue could be triggered by simply connecting to a rogue hotspot. The researcher Carl Schou discovered a new bug in iPhone that can permanently break users' WiFi by disabling...

Security Affairs

June 19, 2021

iPhone bug breaks WiFi when you join hotspot with unusual name Full Text

Abstract A new iPhone bug has come to light that breaks your iPhone's wireless functionality by merely connecting to a certain WiFi hotspot.. Once triggered, the bug would render your iPhone unable to establish a WiFi connection, even if it is rebooted or the WiFi hotspot is renamed.

BleepingComputer

June 18, 2021

North Korea Exploited VPN Flaw to Hack South’s Nuclear Research Institute Full Text

Abstract South Korea's state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a  total of 13 IP addresses , one of which — "27.102.114[.]89" — has been previously linked to a state-sponsored threat actor dubbed  Kimsuky . KAERI, established in 1959 and situated in the city of Daejeon, is a government-funded research institute that designs and develops nuclear technologies related to reactors, fuel rods, radiation fusion, and nuclear safety. Following the intrusion, the think tank said it took steps to block the attacker's IP addresses in question and applied necessary security patches to the vulnerable VPN solution. "Currently, the Atomic Energy Research Institute is investigating the subject of the ha

The Hacker News

June 18, 2021

Expert found multiple flaws in Cisco Small Business 220 series Full Text

Abstract A researcher discovered multiple vulnerabilities in smart switches of Cisco’s Small Business 220 series, including some issues rated as high severity. Security researcher Jasper Lievisse Adriaanse has discovered multiple vulnerabilities Cisco’s...

Security Affairs

June 17, 2021

Update‌ ‌Your Chrome Browser to Patch Yet Another 0-Day Exploit‌ed ‌in‌-the‌-Wild Full Text

Abstract Google has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that's being exploited in the wild. Tracked as  CVE-2021-30554 , the high severity flaw concerns a  use after free vulnerability  in WebGL (aka Web Graphics Library), a JavaScript API for rendering interactive 2D and 3D graphics within the browser. Successful exploitation of the flaw could mean corruption of valid data, leading to a crash, and even execution of unauthorized code or commands. The issue was reported to Google anonymously on June 15, Chrome technical program manager Srinivas Sista  noted , adding the company is "aware that an exploit for CVE-2021-30554 exists in the wild." While it's usually the norm to limit details of the vulnerability until a majority of users are updated with the fix, the development comes less than 10 days after Google addressed another zero-day vulnerability exploited in act

The Hacker News

June 17, 2021

Google fixes seventh Chrome zero-day exploited in the wild this year Full Text

Abstract Google has released Chrome 91.0.4472.114 for Windows, Mac, and Linux to fix four security vulnerabilities, with one of them a high severity zero-day vulnerability exploited in the wild.

BleepingComputer

June 17, 2021

Cisco Smart Switches Riddled with Severe Security Holes Full Text

Abstract The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.

Threatpost

June 17, 2021

Hackers Can Spy on Peloton Workouts Full Text

Abstract Researchers find flaw enabling hackers to remotely access Peloton bike screens

Infosecurity Magazine

June 17, 2021

Critical flaws in defibrillator management tool pose account takeover, credential risk for hospitals Full Text

Abstract The half-dozen flaws are found in all versions of the ZOLL Defibrillator Dashboard prior to 2.2. It would take a low-skill level to exploit and could enable an attacker to gain access to credentials or impact the confidentiality, integrity, and availability of the application.

SCMagazine

June 16, 2021

Vulnerability in Peloton bikes one example of a more widespread security issue Full Text

Abstract Many Android device OEMs may have offerings with similar flaws, any of which could provide an avenue in to home networks and even enterprise resources.

SCMagazine

June 16, 2021

We’ve found another reason not to use Microsoft’s Paint 3D – researchers Full Text

Abstract The vulnerability, designated CVE-2021-31946, could let miscreants execute arbitrary code on affected versions of Paint 3D when visiting a malicious page or opening a malicious file.

The Register

June 16, 2021

Cybersecurity vulnerability discovered in Peloton products Full Text

Abstract A cybersecurity vulnerability in some Peloton bike products may have enabled hackers to install malware and potentially spy on riders, according to software security company McAfee.

The Hill

June 16, 2021

A flaw in Peloton Bike+ could allow hackers to control it Full Text

Abstract A flaw in the Peloton Bike+ could be exploited by an attacker with initial physical access to gain root entry to the interactive tablet, taking complete control of the system. A vulnerability in the popular Peloton Bike+ could have allowed an attacker...

Security Affairs

June 16, 2021

Instagram Flaw Allowed Anyone to View Private or Archived Posts, Stories of Users Without Following Them Full Text

Abstract Researcher Mayur Fartade has found a vulnerability in Instagram that allowed anyone to access private accounts, viewing archived posts and stories without having to follow them.

Security Affairs

June 16, 2021

CISA Warns Manufacturers of ThroughTek P2P Vulnerability Which Could Leak to Data and Video Leakage Full Text

Abstract CISA has released a new ICS advisory about a vulnerability found in a widely-used ThroughTek tool that gives attackers access to audio and video feeds as well as other sensitive information.

ZDNet

June 16, 2021

Critical ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday issued an advisory regarding a critical software supply-chain flaw impacting ThroughTek's software development kit (SDK) that could be abused by an adversary to gain improper access to audio and video streams. "Successful exploitation of this vulnerability could permit unauthorized access to sensitive information, such as camera audio/video feeds," CISA  said  in the alert. ThroughTek's point-to-point ( P2P ) SDK is widely used by IoT devices with video surveillance or audio/video transmission capability such as IP cameras, baby and pet monitoring cameras, smart home appliances, and sensors to provide remote access to the media content over the internet. Tracked as CVE-2021-32934 (CVSS score: 9.1), the shortcoming affects ThroughTek P2P products, versions 3.1.5 and before as well as SDK versions with nossl tag, and stems from a lack of sufficient protection when transferring data between

The Hacker News

June 16, 2021

Peloton Bike+ vulnerability allowed complete takeover of devices Full Text

Abstract A vulnerability in the Peloton Bike+fitness machine has been fixed that could have allowed a threat actor to gain complete control over the device, including its video camera and microphone.

BleepingComputer

June 15, 2021

Instagram‌ ‌Bug Allowed Anyone to View Private Accounts Without Following Them Full Text

Abstract Instagram has patched a new flaw that allowed anyone to view archived posts and stories posted by private accounts without having to follow them. "This bug could have allowed a malicious user to view targeted media on Instagram," Mayur Fartade  said  in a Medium post today. "An attacker could have been able to see details of private/archived posts, stories, reels, IGTV without following the user using Media ID." Fartade disclosed the issue to Facebook's security team on April 16, 2021, following which the shortcoming was patched on June 15. He was also awarded $30,000 as part of the company's bug bounty program. Although the attack requires knowing the media ID associated with an image, video, or album, by brute-forcing the identifiers, Fartade demonstrated that it was possible to craft a POST request to a GraphQL endpoint and retrieve sensitive data. As a consequence of the flaw, details such as like/comment/save count, display_url, and image.uri c

The Hacker News

June 15, 2021

Apple fixes ninth zero-day bug exploited in the wild this year Full Text

Abstract Apple has fixed two iOS zero-day vulnerabilities that "may have been actively exploited" to hack into older iPhone, iPad, and iPod devices.

BleepingComputer

June 14, 2021

Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild Full Text

Abstract Apple on Monday shipped out-of-band security patches to address two zero-day vulnerabilities in iOS 12.5.3 that it says are being actively exploited in the wild. The latest update,  iOS 12.5.4 , comes with three security fixes, including a memory corruption issue in the  ASN.1 decoder  (CVE-2021-30737) and two flaws concerning the WebKit browser engine that could be abused to achieve remote code execution — CVE-2021-30761  - A memory corruption issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was addressed with improved state management. CVE-2021-30762  - A use-after-free issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was resolved with improved memory management. Both CVE-2021-30761 and CVE-2021-30762 were reported to Apple anonymously, with the Cupertino-based company stating in its advisory that it's aware of reports that the v

The Hacker News

June 14, 2021

Security Vulnerability in Facebook’s Messenger Rooms Could Expose Users’ Private Photos and Videos Full Text

Abstract A security vulnerability in Facebook’s Messenger Rooms video chat feature meant attackers could access a victim’s private Facebook photos and videos, and submit posts, via their locked Android screen.

The Daily Swig

June 14, 2021

VW Vendor Leaves Data Unsecured Full Text

Abstract Breach of unsecured data stored by Volkswagen vendor affects 3.3 million people in North America

Infosecurity Magazine

June 14, 2021

Apple fixed 2 WebKit flaws exploited to target older iPhones Full Text

Abstract Apple released an out-of-band iOS update for older iPhones and iPads and warned that threat actors are actively exploiting two flaws in WebKit. Apple released an out-of-band iOS update ( iOS 12.5.4 patch) for older iPhones and iPad, the IT giant...

Security Affairs

June 14, 2021

Codecov to retire the Bash script responsible for supply chain attack wave Full Text

Abstract The San Francisco-based DevOps tool provider said in a blog post that the new NodeJS-based uploader will be shipped as a static binary executable suitable for Windows, Linux, Alpine Linux, and macOS.

ZDNet

June 12, 2021

CVE-2021-3560 flaw in polkit auth system service affects most of Linux distros Full Text

Abstract An authentication bypass flaw in the polkit auth system service used on most Linux distros can allow to get a root shell. An authentication bypass vulnerability in the polkit auth system service, tracked as CVE-2021-3560, which is used on most...

Security Affairs

June 12, 2021

GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability Full Text

Abstract The vulnerability, classified as high severity and tracked as CVE-2021-3560, impacts polkit, an authorization service that is present by default in many Linux distributions.

Security Week

June 11, 2021

Unpatched Bugs Found Lurking in Provisioning Platform Used with Cisco UC Full Text

Abstract A trio of security flaws open the door to remote-code execution and a malware tsunami.

Threatpost

June 11, 2021

Google fixes actively exploited Chrome zero‑day Full Text

Abstract Google has rolled out an update for its Chrome web browser to fix a bunch of security flaws, including a zero-day vulnerability that is known to be actively exploited by threat actors.

ESET Security

June 11, 2021

Linux system service bug lets you get root on most modern distros Full Text

Abstract Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions.

BleepingComputer

June 11, 2021

Unknown Attacker Chains Chrome and Windows Zero-Days Full Text

Abstract Kaspersky has branded the threat actor “PuzzleMaker”

Infosecurity Magazine

June 11, 2021

7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access Full Text

Abstract A seven-year-old privilege escalation vulnerability discovered in the polkit system service could be exploited by a malicious unprivileged local attacker to bypass authorization and escalate permissions to the root user. Tracked as  CVE-2021-3560  (CVSS score: 7.8), the flaw affects polkit versions between 0.113 and 0.118 and was discovered by GitHub security researcher Kevin Backhouse, who said the issue was  introduced in a code commit  made on Nov. 9, 2013. Red Hat's Cedric Buissart  noted  that Debian-based distributions, based on polkit 0.105, are also vulnerable. Polkit  (née PolicyKit) is a toolkit for defining and handling authorizations in Linux distributions, and is used for allowing unprivileged processes to communicate with privileged processes. "When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileg

The Hacker News

June 11, 2021

Cisco Smart Install Protocol Still Abused in Attacks, 5 Years After First Warning Full Text

Abstract Cisco’s Smart Install protocol is still being abused in attacks — five years since it issued its first warning — and there are still 18,000 internet-exposed devices that could be targeted by hackers.

Security Week

June 10, 2021

Chrome Browser Bug Under Active Attack Full Text

Abstract Google has patched its Chrome browser, fixing one critical cache issue and a second bug being actively exploited in the wild.

Threatpost

June 10, 2021

STEM Audio Table Rife with Business-Threatening Bugs Full Text

Abstract The desktop conferencing IoT gadget allows remote attackers to install all kinds of malware and move laterally to other parts of enterprise networks.

Threatpost

June 10, 2021

Google Patches Chrome zero-day actively exploited Full Text

Abstract Google this week addressed 14 vulnerabilities in the Chrome browser, including a zero-day flaw that has been exploited in the wild. Google released security updates to address 14 vulnerabilities in the Chrome browser, including a zero-day issue that...

Security Affairs

June 10, 2021

Most mobile finance apps vulnerable to data breaches Full Text

Abstract The Intertrust report comes at a time where finance mobile app usage has rapidly accelerated, with the number of user sessions in finance apps increasing by up to 49% over the first half of 2020.

Help Net Security

June 09, 2021

New Chrome 0-Day Bug Under Active Attacks – Update Your Browser ASAP! Full Text

Abstract Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today. Google on Wednesday rolled out an urgent update for Chrome browser to address 14 newly discovered security issues, including a zero-day flaw that it says is being actively exploited in the wild. Tracked as  CVE-2021-30551 , the vulnerability stems from a type confusion issue in its V8 open-source and JavaScript engine. Sergei Glazunov of Google Project Zero has been credited with discovering and reporting the flaw. Although the search giant's Chrome team issued a terse statement acknowledging "an exploit for CVE-2021-30551 exists in the wild," Shane Huntley, Director of Google's Threat Analysis Group,  hinted  that the vulnerability was leveraged by the same actor that abused  CVE-2021-33742 , an actively exploited remote code execution flaw in Windows MSHTML platform that was ad

The Hacker News

June 09, 2021

Google fixes sixth Chrome zero-day exploited in the wild this year Full Text

Abstract Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities, with one zero-day vulnerability exploited in the wild and tracked as CVE-2021-30551.

BleepingComputer

June 9, 2021

Microsoft fixes 50 vulnerabilities for June, but patch first the six exploited in the wild Full Text

Abstract Allan Liska of Recorded Future’s computer security incident response team, lists out the reasons why security teams should take the six exploited vulnerabilities seriously.

SCMagazine

June 9, 2021

Siemens, Schneider Electric Inform Customers About Tens of Vulnerabilities Full Text

Abstract Industrial automation giants Siemens and Schneider Electric on Tuesday released several security advisories to inform customers about tens of vulnerabilities affecting their products.

Security Week

June 9, 2021

Google fixes a critical Android RCE flaw in the System component Full Text

Abstract Google’s June security bulletin addresses more than 90 vulnerabilities in Android and Pixel devices, including a Critical RCE (CVE-2021-0507). Google’s June security bulletin addresses more than 90 vulnerabilities in Android and Pixel devices,...

Security Affairs

June 9, 2021

Adobe Patches Major Security Flaws in PDF Reader, Photoshop Full Text

Abstract Adobe’s product security response machine revved into high gear this week with the release of multiple patches for gaping security holes in widely deployed software products.

Security Week

June 9, 2021

Microsoft June 2021 Patch Tuesday addresses 6 zero-days actively exploited Full Text

Abstract Microsoft's June 2021 Patch Tuesday addressed 50 vulnerabilities, including six zero-day issues that are being actively exploited in the wild. Microsoft's June 2021 Patch Tuesday addresses 50 vulnerabilities in Microsoft Windows, .NET Core and Visual...

Security Affairs

June 9, 2021

Microsoft Fixes Seven Zero-Days This Patch Tuesday Full Text

Abstract The 50 security fixes will resolve critical issues, including actively exploited seven-day vulnerabilities

Infosecurity Magazine

June 09, 2021

GitHub now scans for accidentally-exposed PyPI, RubyGems secrets Full Text

Abstract GitHub has recently expanded its secrets scanning capabilities to repositories containing PyPI and RubyGems registry secrets. The move helps protect millions of applications built by Ruby and Python developers who may inadvertently be committing secrets and credentials to their public GitHub repos.

BleepingComputer

June 08, 2021

Update Your Windows Computers to Patch 6 New In-the-Wind Zero-Day Bugs Full Text

Abstract Microsoft on Tuesday released another round of  security updates  for Windows operating systems and other supported software, squashing 50 vulnerabilities, including 6 zero-days that are said to be under active attack. The flaws were identified and resolved in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code - Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop. Of these 50 bugs, five are rated Critical, and 45 are rated Important in severity, with three of the issues publicly known at the time of release. The vulnerabilities that being actively exploited are listed below - CVE-2021-33742  (CVSS score: 7.5) - Windows MSHTML Platform Remote Code Execution Vulnerability CVE-2021-33739  (CVSS score: 8.4) - Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2021-31199  (CVSS score: 5.2) - Microsoft Enhanced Cryptographic Provider Elevation o

The Hacker News

June 8, 2021

Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits, 50 Flaws Full Text

Abstract Researchers discovered a highly targeted malware campaign launched in April, in which a new, unknown threat actor used two of the vulnerabilities that Microsoft said are under active attack.

Threatpost

June 8, 2021

4 issues in Microsoft Office component allow weaponizing docs Full Text

Abstract Experts found four security flaws in the Microsoft Office suite that cloud allow attackers to weaponize Word and Excel docs. Experts from Check Point discovered four security vulnerabilities in the Microsoft Office suite that an attacker could exploit...

Security Affairs

June 08, 2021

Intel fixes 73 vulnerabilities in June 2021 Platform Update Full Text

Abstract Intel has addressed 73 security vulnerabilities as part of the June 2021 Patch Tuesday, including high severity ones impacting some versions of Intel's Security Library and the BIOS firmware for Intel processors.

BleepingComputer

June 8, 2021

Google Patches Critical Android RCE Bug Full Text

Abstract Google’s June security bulletin addresses 90+ bugs in Android and Pixel devices.

Threatpost

June 08, 2021

Windows 10 targeted by PuzzleMaker hackers using Chrome zero-days Full Text

Abstract Kaspersky security researchers discovered a new threat actor dubbed PuzzleMaker, who has used a chain of Google Chrome and Windows 10 zero-day exploits in highly-targeted attacks against multiple companies worldwide.

BleepingComputer

June 08, 2021

Microsoft June 2021 Patch Tuesday fixes 6 exploited zero-days, 50 flaws Full Text

Abstract Today is Microsoft's June 2021 Patch Tuesday, and with it comes fixes for seven zero-day vulnerabilities and a total of 50 flaws, so Windows admins will be scrambling to get devices secured.

BleepingComputer

June 08, 2021

Microsoft June 2021 Patch Tuesday fixes 6 exploited zero-days Full Text

Abstract Today is Microsoft's June 2021 Patch Tuesday, and with it comes seven zero-day vulnerabilities, so Windows admins will be scrambling to get devices secured.

BleepingComputer

June 8, 2021

WAGO Controller Flaws Can Allow Hackers to Disrupt Industrial Processes Full Text

Abstract Two flaws discovered in WAGO industrial controllers can be exploited to disrupt technological processes, which in some cases could lead to industrial accidents, according to Positive Technologies.

Security Week

June 08, 2021

Adobe issues security updates for 41 vulnerabilities in 10 products Full Text

Abstract Adobe has released a giant Patch Tuesday security update release that fixes vulnerabilities in ten applications, including Adobe Acrobat, Reader, and Photoshop.

BleepingComputer

June 08, 2021

Microsoft Office MSGraph vulnerability could lead to code execution Full Text

Abstract Microsoft today will release a patch for a vulnerability affecting the Microsoft Office MSGraph component, responsible for displaying graphics and charts, that could be exploited to execute code on a target machine.

BleepingComputer

June 8, 2021

Organizations without vulnerability disclosure policies failing to address researchers’ security warnings Full Text

Abstract Up to a third of all security flaws reported to organizations with no vulnerability disclosure policy (VDP) are not being patched due to failings in the disclosure process, a new report suggests.

The Daily Swig

June 8, 2021

Security vulnerability in Hyperkitty could expose private data Full Text

Abstract Hyperkitty, a web interface for the popular open source mailing list and newsletter management service Mailman, has patched a critical bug that revealed private mailing lists while importing them.

The Daily Swig

June 08, 2021

New UAF Vulnerability Affecting Microsoft Office to be Patched Today Full Text

Abstract Four security vulnerabilities discovered in the Microsoft Office suite, including Excel and Office online, could be potentially abused by bad actors to deliver attack code via Word and Excel documents. "Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook," researchers from Check Point research said in a report published today. Three of the four flaws — tracked as CVE-2021-31174, CVE-2021-31178, CVE-2021-31179 — have been fixed by Microsoft as part of its Patch Tuesday update for May 2021, with the fourth patch (CVE-2021-31939) to be issued in June's update rolling out later today. In a hypothetical attack scenario, the researchers said the vulnerability could be triggered as simply as opening a malicious Excel (.XLS) file that's served via a download link or an email. Arising out of parsing mistakes made in legacy code found in Excel 9

The Hacker News

June 7, 2021

NSW Health confirms data breached due to Accellion vulnerability Full Text

Abstract The Accellion FTA file sharing system was widely used to share and store files by organizations around the world, including NSW Health, the government entity said on Friday afternoon.

ZDNet

June 7, 2021

Critical zero-day vulnerabilities found in ‘unsupported’ Fedena school management software Full Text

Abstract Fedena, an open-source school and college management system, contains seven security vulnerabilities, including two critical vulnerabilities that can be exploited without authentication.

The Daily Swig

June 7, 2021

Experts found an RCE vulnerability in QNAP Q’center Full Text

Abstract Researchers at cybersecurity firm Shielder discovered a remote code execution on QNAP Q’center through a manipulated QPKG installation package. Researchers at cybersecurity firm Shielder discovered a remote code execution flaw on QNAP Q’center...

Security Affairs

June 05, 2021

ALERT: Critical RCE Bug in VMware vCenter Server Under Active Attack Full Text

Abstract Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month. The ongoing activity was detected by Bad Packets on June 3 and corroborated  yesterday  by security researcher Kevin Beaumont. "Mass scanning activity detected from 104.40.252.159 checking for VMware vSphere hosts vulnerable to remote code execution,"  tweeted  Troy Mursch, chief research officer at Bad Packets. The development follows the publication of a proof-of-concept (PoC) RCE exploit code targeting the VMware vCenter bug. Tracked as  CVE-2021-21985  (CVSS score 9.8), the issue is a consequence of a lack of input validation in the Virtual SAN (vSAN) Health Check plug-in, which could be abused by an attacker to execute commands with unrestricted privileges on the underlying operating system that hosts the vCenter Server. Although the flaw was rectified by VMwar

The Hacker News

June 5, 2021

Hackers scan for VMware vCenter servers vulnerable to CVE-2021-21985 RCE Full Text

Abstract The flaw is caused by the lack of input validation in the Virtual SAN (vSAN) Health Check plug-in, which is enabled by default in the vCenter Server. The vulnerability has received a CVSS score of 9.8 and impacts vCenter Server 6.5, 6.7, and 7.0.

Security Affairs

June 04, 2021

Attackers are scanning for vulnerable VMware servers, patch now! Full Text

Abstract Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago.

BleepingComputer

June 4, 2021

Hackers scan for VMware vCenter servers vulnerable to CVE-2021-21985 RCE Full Text

Abstract Hackers are actively scanning the Internet for VMware vCenter servers vulnerable against a critical RCE flaw recently fixed by VMware. Threat actors are actively scanning the Internet for VMware vCenter servers affected by a critical remote code execution...

Security Affairs

June 04, 2021

Attackers scan for unpatched VMware vCenter servers, PoC exploit available Full Text

Abstract Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago.

BleepingComputer

June 04, 2021

10 Critical Flaws Found in CODESYS Industrial Automation Software Full Text

Abstract Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to remote code execution on programmable logic controllers (PLCs). "To exploit the vulnerabilities, an attacker does not need a username or password; having network access to the industrial controller is enough," researchers from Positive Technologies  said . "The main cause of the vulnerabilities is insufficient verification of input data, which may itself be caused by failure to comply with the secure development recommendations." The Russian cybersecurity firm noted that it detected the vulnerabilities on a PLC offered by WAGO, which, among other automation technology companies such as Beckhoff, Kontron, Moeller, Festo, Mitsubishi, and HollySys, use CODESYS software for  programming and configuring  the controllers. CODESYS offers a development environment for programming controller applications for use in indus

The Hacker News

June 4, 2021

Trend Micro details CVE-2021-30724 privilege escalation flaw in macOS, iOS Full Text

Abstract Trend Micro disclosed technical details of a patched privilege escalation issue, tracked as CVE-2021-30724, that impacts macOS, iOS and iPadOS. Trend Micro researchers disclosed technical details of a patched privilege escalation vulnerability, tracked...

Security Affairs

June 4, 2021

Apache Pulsar bug allowed account takeovers in certain configurations Full Text

Abstract The bug was initially reported as high severity. But Sijie Guo, a member of the Apache Pulsar Project Management Committee (PMC), told The Daily Swig that the real-world impact of the bug is minimal.

The Daily Swig

June 3, 2021

Chinese hackers used Pulse Secure zero day vulnerability to infiltrate MTA systems Full Text

Abstract Hackers used vulnerabilities in the Pulse Secure VPN to plant web shells on servers in MTA’s environment.

SCMagazine

June 03, 2021

WordPress force installs Jetpack security update on 5 million sites Full Text

Abstract Automattic, the company behind the WordPress content management system, force deploys a security update on over five million websites running the Jetpack WordPress plug-in.

BleepingComputer

June 3, 2021

Cisco fixes High-severity issues in Webex, SD-WAN, ASR 5000 software Full Text

Abstract Cisco addressed multiple security flaws, including high-severity vulnerabilities, in Webex Player, SD-WAN software, and ASR 5000 series software. Cisco has addressed multiple vulnerabilities in its products, including high-risk flaws in Webex Player,...

Security Affairs

June 3, 2021

Flaws in Realtek RTL8170C Wi-Fi module allow hijacking wireless communications Full Text

Abstract Researchers found multiple flaws in the Realtek RTL8170C Wi-Fi module that could be exploited to elevate privileges and hijack wireless communications. Researchers from Israeli IoT security firm Vdoo found multiple vulnerabilities in the Realtek RTL8170C...

Security Affairs

June 03, 2021

The Vulnerabilities of the Past Are the Vulnerabilities of the Future Full Text

Abstract Major software vulnerabilities are a fact of life, as illustrated by the fact that Microsoft has patched between 55 and 110 vulnerabilities each month this year – with 7% to 17% of those vulnerabilities being critical. May had the fewest vulnerabilities, with a total of 55 and only four considered critical. The problem is that the critical vulnerabilities are things we have seen for many years, like remote code execution and privilege escalation. Microsoft isn't the only big name regularly patching major vulnerabilities: We see monthly security updates coming from Apple, Adobe, Google, Cisco, and others. Everything old is new again With major vulnerabilities in so many applications, is there any hope for a secure future? The answer is, of course, yes, but that does not mean there won't be challenges getting there. The vulnerabilities being seen may not be new to those of us who have been defending against attackers for years or even decades, but the adversaries continual

The Hacker News

June 03, 2021

Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module Full Text

Abstract A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications. "Successful exploitation would lead to complete control of the Wi-Fi module and potential root access on the OS (such as Linux or Android) of the embedded device that uses this module," researchers from Israeli IoT security firm Vdoo  said  in a write-up published yesterday. The Realtek  RTL8710C  Wi-Fi SoC underpins Ameba, an Arduino-compatible programmable platform equipped with peripheral interfaces for building a variety of IoT applications by devices spanning across agriculture, automotive, energy, healthcare, industrial, security, and smart home sectors. The flaws affect all embedded and IoT devices that use the component to connect to Wi-Fi networks and would require an attacker to be on the same Wi-Fi network as the devices that use the RTL8710C module or know the ne

The Hacker News

June 2, 2021

Critical 0day in the Fancy Product Designer WordPress plugin actively exploited Full Text

Abstract A critical zero-day vulnerability in the Fancy Product Designer WordPress plugin exposes more than 17,000 websites to attacks. Researchers from the Wordfence team at WordPress security company Defiant warn that a critical zero-day vulnerability, tracked...

Security Affairs

June 02, 2021

Huawei USB LTE dongles are vulnerable to privilege escalation attacks Full Text

Abstract This week, a Trustwave security researcher disclosed a privilege escalation flaw in Huawei's USB LTE dongles.

BleepingComputer

June 2, 2021

Industrial Switches From Several Vendors Affected by Same Vulnerabilities Full Text

Abstract An attacker with network access to the targeted device can make unauthorized changes to its configuration, cause it to enter a DoS condition, and obtain sensitive information.

Security Week

June 2, 2021

Exploit broker Zerodium is looking for Pidgin 0day exploits Full Text

Abstract Zero-day exploit broker Zerodium is looking for 0day exploits affecting the IM client tool Pidgin on Windows and Linux. Zero-day exploit broker Zerodium announced it is looking for 0day exploits affecting the IM client tool Pidgin on Windows and Linux....

Security Affairs

June 2, 2021

OpenPGP library RNP updates after Thunderbird decrypt-no-recrypt bug squashed Full Text

Abstract OpenPGP project RNP has patched its flagship product in the newest version 0.15.1, after Mozilla Thunderbird, a major user, was found to be saving users’ private keys in plain text.

The Register

June 2, 2021

Critical Zero-Day in WordPress Plugin Under Active Attack Full Text

Abstract Vulnerability in Fancy Product Designer could enable full site takeover.

Infosecurity Magazine

June 2, 2021

Vulnerability in Lasso Library Impacts Products From Cisco, Akamai Full Text

Abstract A high-severity vulnerability discovered recently in an open source library named Lasso has been found to impact products from Cisco and Akamai, as well as Linux distributions.

Security Week

June 02, 2021

Hackers‌ ‌Actively‌ ‌Exploiting‌ ‌0-Day‌ ‌in WordPress Plugin Installed on Over ‌17,000‌ ‌Sites Full Text

Abstract Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that's being actively exploited in the wild to upload malware onto sites that have the plugin installed. Wordfence's threat intelligence team, which discovered the flaw, said it reported the issue to the plugin's developer on May 31. While the flaw has been acknowledged, it's yet to be addressed. Fancy Product Designer is a tool that enables businesses to offer customizable products, allowing customers to design any kind of item ranging from T-shirts to phone cases by offering the ability to upload images and PDF files that can be added to the products. "Unfortunately, while the plugin had some checks in place to prevent malicious files from being uploaded, these checks were insufficient and could easily be bypassed, allowing attackers to upload executable PHP files to any site with the plugin installed," Wordfence

The Hacker News

June 2, 2021

Kaspersky: Exploits for MS Office Flaws Most Popular in Q1 2021 Full Text

Abstract Exploits for vulnerabilities in Microsoft’s Office suite were the most popular among cyber-attackers during the first quarter of this year, according to a new Kaspersky report.

Security Week

June 2, 2021

Zerodium acquiring zero-days in Pidgin, an IM client popular with cybercriminals Full Text

Abstract Cybercriminals preferred it as they could register an XMPP/Jabber ID on a secure server that did not save logs and use it to reach out and talk to each other to arrange operations or business deas.

The Record

June 01, 2021

Critical WordPress plugin zero-day under active exploitation Full Text

Abstract Threat actors are scanning for sites running the Fancy Product Designer plug-in to exploit a zero-day bug allowing them to upload malware.

BleepingComputer

June 01, 2021

Windows 10’s package manager flooded with duplicate, malformed apps Full Text

Abstract Microsoft's Windows 10 package manager Winget's GitHub has been flooded with duplicate apps and malformed manifest files raising concerns among developers with regards to the integrity of apps.

BleepingComputer

June 1, 2021

House bill would require federal contractors to put in place vulnerability disclosure programs Full Text

Abstract Though contracts would not require remediation of vulnerabilities brought in through the programs, the government would be able to not renew contracts with companies whose handling of vulnerabilities raised researchers’ ire.

SCMagazine

June 1, 2021

EPUB Vulnerabilities in Electronic Reading Systems Lead to Risk of User Data Exposure Full Text

Abstract The EPUB format relies primarily on XHTML and CSS to construct e-books, with browser engines often used to render their contents, which leads to browser-like vulnerabilities.

The Daily Swig

May 31, 2021

SonicWall Patches Command Injection Flaw in Firewall Management Application Full Text

Abstract Tracked as CVE-2021-20026 and featuring a CVSS score of 8.8, the recently patched vulnerability impacts on-premises versions of SonicWall NSM, but does not affect NSM SaaS versions.

Security Week

May 31, 2021

PoC published for new Microsoft PatchGuard (KPP) bypass Full Text

Abstract A security researcher has discovered a bug in PatchGuard––a crucial Windows security feature––that can allow threat actors to load unsigned (malicious) code into the Windows operating system kernel.

The Record

May 31, 2021

Experts devised a new attack to bypass Microsoft PatchGuard Full Text

Abstract A security researcher discovered a bug in PatchGuard Windows security feature that can allow loading unsigned malicious code into the Windows kernel. Japanese researcher Kento Oki has discovered a bug in PatchGuard that could be exploited by an attacker...

Security Affairs

May 31, 2021

A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely Full Text

Abstract Siemens on Friday shipped firmed updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution, in what the researchers describe as an attacker's "holy grail." The memory protection bypass vulnerability, tracked as CVE-2020-15782 (CVSS score: 8.1), was discovered by operational technology security company Claroty by reverse-engineering the MC7 / MC7+ bytecode language used to execute PLC programs in the microprocessor. There's no evidence that the weakness was abused in the wild. In an  advisory  issued by Siemens, the German industrial automation firm said an unauthenticated, remote attacker with network access to TCP port 102 could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. "Achie

The Hacker News

May 29, 2021

SonicWall fixes an NSM On-Prem bug, patch it asap! Full Text

Abstract SonicWall urges customers to address a post-authentication flaw that affects on-premises versions of the Network Security Manager (NSM). SonicWall urges customers to 'immediately' address a post-authentication vulnerability, tracked as CVE-2021-20026,...

Security Affairs

May 29, 2021

SonicWall fixes an NSM On-Prem bug, patch it asap! Full Text

Abstract SonicWall urged customers to ‘immediately’ address a post-authentication vulnerability, tracked as CVE-2021-20026, impacting on-premises versions of the Network Security Manager (NSM).

Security Affairs

May 29, 2021

Siemens Patches Major PLC Flaw that Bypasses Its ‘Sandbox’ Protection Full Text

Abstract Researchers published details on a serious vulnerability they found in Siemens SIMATIC S7-1200 and S7-1500 PLCs that could allow an attacker to gain remote access to protected memory areas of the popular programmable logic controllers.

Dark Reading

May 29, 2021

Apple Patches Flaw That Allows Sneaky Screenshots Full Text

Abstract Apple’s Big Sur 11.4 patches a security flaw that could be exploited to take screenshots, record audio and video, and access files on someone else’s Mac without their knowing.

Avast

May 28, 2021

‘OMG it’s a bug!’ Beware the bells and whistles around vulnerability disclosures Full Text

Abstract A vulnerability disclosure shows how splashy websites, catchy names and a healthy dose of FUD can make any vulnerability sound scary.

SCMagazine

May 28, 2021

CVE-2020-15782 flaw in Siemens PLCs allows remote hack Full Text

Abstract Industrial cybersecurity firm Claroty discovered a new flaw in Siemens PLCs that can be exploited by a remote and unauthenticated attacker to hack the devices. Researchers at industrial cybersecurity firm Claroty have discovered a high-severity vulnerability...

Security Affairs

May 28, 2021

SonicWall urges customers to ‘immediately’ patch NSM On-Prem bug Full Text

Abstract SonicWall urges customers to 'immediately' patch a post-authentication vulnerability impacting on-premises versions of the Network Security Manager (NSM) multi-tenant firewall management solution.

BleepingComputer

May 28, 2021

HPE Fixes Critical Zero-Day in Server Management Software Full Text

Abstract The bug in HPE SIM makes it easy as pie for attackers to remotely trigger code, no user interaction necessary.

Threatpost

May 27, 2021

Klarna mobile app bug let users log into other customers’ accounts Full Text

Abstract Klarna Bank suffered a severe technical issue this morning that allowed mobile app users to log into other customers' accounts and see their stored information.

BleepingComputer

May 27, 2021

HPE fixes critical zero-day vulnerability disclosed in December Full Text

Abstract Hewlett Packard Enterprise (HPE) has released a security update to address a zero-day remote code execution vulnerability disclosed last year, in December.

BleepingComputer

May 27, 2021

M1RACLES, the unpatchable bug that impacts new Apple M1 chips Full Text

Abstract A security expert has discovered a vulnerability in Apple M1 chips, dubbed M1RACLES, that cannot be fixed. Software engineer Hector Martin from Asahi Linux has discovered a vulnerability in the new Apple M1 chips, tracked as CVE-2021-30747, that was named...

Security Affairs

May 26, 2021

Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks Full Text

Abstract Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment (IDE). The vulnerable extensions could be exploited to run arbitrary code on a developer's system remotely, in what could ultimately pave the way for supply chain attacks. Some of the extensions in question are "LaTeX Workshop," "Rainbow Fart," "Open in Default Browser," and "Instant Markdown," all of which have cumulatively racked up about two million installations between them. "Developer machines usually hold significant credentials, allowing them (directly or indirectly) to interact with many parts of the product," researchers from open-source security platform Synk  said  in a deep-dive published on May 26. "Leaking a developer's private key can allow a malicious stakeholder to clone important

The Hacker News

May 26, 2021

Chrome 91 features 32 security fixes, enhancements for Linux Full Text

Abstract Google’s high-severity fixes address weaknesses that could potentially allow a remote attacker to execute arbitrary code on an unknowing target.

SCMagazine

May 26, 2021

M1RACLES bug impacts Apple M1 chips, but no need to panic Full Text

Abstract Discovered by Hector Martin, a software engineer at Asahi Linux, a project that works on porting Linux for Mac hardware, the vulnerability was codenamed M1RACLES and tracked as CVE-2021-30747.

The Record

May 26, 2021

Another critical bug impacts all VMware vCenter Server installs Full Text

Abstract VMware addresses a critical remote code execution (RCE) flaw in the Virtual SAN Health Check plug-in that impacts all vCenter Server installs. VMware has released security updates to address a remote code execution (RCE) flaw in vCenter Server that...

Security Affairs

May 26, 2021

Thousands of Chrome Extensions Found Tampering with Security Headers Full Text

Abstract Thousands of Google Chrome extensions available on the official Chrome Web Store are tampering with security headers on popular websites, putting users at risk of a wide range of web-based attacks.

The Record

May 25, 2021

Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now! Full Text

Abstract VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server. Tracked as CVE-2021-21985 (CVSS score 9.8), the issue stems from a lack of input validation in the Virtual SAN ( vSAN ) Health Check plug-in, which is enabled by default in the vCenter Server. "A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server," VMware  said  in its advisory. VMware vCenter Server is a server management utility that's used to control virtual machines, ESXi hosts, and other dependent components from a single centralized location. The flaw affects vCenter Server versions 6.5, 6.7, and 7.0 and Cloud Foundation versions 3.x and 4.x. VMware credited Ricter Z of 360 Noah Lab for reporting the vulnerability. The patch release also rectifies an authenticati

The Hacker News

May 25, 2021

Ivanti fixes high severity flaw in Pulse Connect Secure VPN Full Text

Abstract A flaw in Pulse Connect Secure VPN could allow an authenticated remote attacker to execute arbitrary code with elevated privileges. Ivanti addressed a high severity Buffer Overflow vulnerability in Secure VPN appliances that could allow a remote authenticated...

Security Affairs

May 25, 2021

Apple Patches Zero-Day Flaw in MacOS that Allows for Sneaky Screenshots Full Text

Abstract Security researchers at Jamf discovered the XCSSET malware exploiting the vulnerability, patched in Big Sur 11.4, to take photos of people’s computer screens without their knowing.

Threatpost

May 25, 2021

VMware warns of critical bug affecting all vCenter Server installs Full Text

Abstract VMware urges customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments.

BleepingComputer

May 25, 2021

Trend Micro Bugs Threaten Home Network Security Full Text

Abstract The security vendor’s network management and threat protection station can open the door to code execution, DoS and potential PC takeovers.

Threatpost

May 25, 2021

Pulse Secure VPNs Get Quick Fix for Critical RCE Full Text

Abstract One of the workaround XML files automatically deactivates protection from an earlier workaround: a potential path to older vulnerabilities being opened again.

Threatpost

May 25, 2021

Trend Micro fixes 3 flaws in Home Network Security Devices Full Text

Abstract Trend Micro fixed some flaws in Trend Micro Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication. Trend Micro fixed three vulnerabilities in Home Network Security devices that could be exploited...

Security Affairs

May 25, 2021

How data manipulation could be used to trick fraud detection algorithms on e-commerce sites Full Text

Abstract A data poisoning attack aims to modify a machine learning model’s training set by inserting incorrectly labeled data with the goal of tricking it into making incorrect predictions.

Help Net Security

May 25, 2021

Apple addresses three zero-day flaws actively exploited in the wild Full Text

Abstract Apple has addressed three zero-day vulnerabilities in macOS and tvOS actively exploited in the wild by threat actors. Apple has released security updates to address three zero-day vulnerabilities affecting macOS and tvOS which have been exploited...

Security Affairs

May 25, 2021

Mozilla Thunderbird was saving OpenPGP keys in plaintext after encryption snafu Full Text

Abstract The vulnerability, tracked as CVE-2021-29956 and assessed as “low” impact by Mozilla, existed in the free open-source Thunderbird email client between version 78.8.1 and version 78.10.1.

The Register

May 25, 2021

Trend Micro Patches Vulnerabilities in Home Network Security Devices Full Text

Abstract Vulnerabilities identified by security researchers with Cisco’s Talos unit in Trend Micro Home Network Security devices could be exploited to elevate privileges or achieve arbitrary authentication.

Security Week

May 25, 2021

New High-Severity Vulnerability Reported in Pulse Connect Secure VPN Full Text

Abstract Ivanti, the company behind Pulse Secure VPN appliances, has published a security advisory for a high severity vulnerability that may allow an authenticated remote attacker to execute arbitrary code with elevated privileges. "Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user," the company  said  in an alert published on May 14. "As of version 9.1R3, this permission is not enabled by default." The flaw, identified as CVE-2021-22908, has a CVSS score of 8.5 out of a maximum of 10 and impacts Pulse Connect Secure versions 9.0Rx and 9.1Rx. In a report detailing the vulnerability, the CERT Coordination Center said the issue stems from the gateway's ability to connect to Windows file shares through a number of CGI endpoints that could be leveraged to carry out the attack. "When specifying a long server name for some SMB operations, the 

The Hacker News

May 24, 2021

New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices Full Text

Abstract Adversaries could exploit newly discovered security weaknesses in Bluetooth Core and Mesh Profile Specifications to masquerade as legitimate devices and carry out man-in-the-middle (MitM) attacks. "Devices supporting the Bluetooth  Core  and  Mesh Specifications  are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing," the Carnegie Mellon CERT Coordination Center  said  in an advisory published Monday. The two Bluetooth specifications define the standard that allows for many-to-many communication over Bluetooth to facilitate data transfer between devices in an ad-hoc network. The Bluetooth Impersonation AttackS, aka BIAS , enable a malicious actor to establish a secure connection with a victim, without having to know and authenticate the long-term key shared between the victims, thus effectively bypassing Bluetooth's authentication mechanism. "The BIAS attacks are the first

The Hacker News

May 24, 2021

Apple‌ Issues Patches to Combat Ongoing 0-Day Attacks on macOS, tvOS Full Text

Abstract Apple on Monday rolled out security updates for  iOS ,  macOS ,  tvOS ,  watchOS , and  Safari  web browser to fix multiple vulnerabilities, including an actively exploited zero-day flaw in macOS Big Sur and expand patches for two previously disclosed zero-day flaws.  Tracked as CVE-2021-30713, the zero-day concerns a permissions issue in Apple's Transparency, Consent, and Control ( TCC ) framework in macOS that maintains a database of each user's consents. The iPhone maker acknowledged that the issue may have been exploited in the wild but stopped short of sharing specifics. The company noted that it rectified the problem with improved validation. However, in a separate report, mobile device management company Jamf said the bypass flaw was being actively exploited by XCSSET, a malware that's been out in the wild since August 2020 and known to propagate via modified  Xcode IDE projects  hosted on GitHub repositories and plant malicious packages into legitimate apps ins

The Hacker News

May 24, 2021

French intel found flaws in Bluetooth Core and Mesh specs Full Text

Abstract Attackers could exploit a set of Bluetooth vulnerabilities, affecting the Core and Mesh Profile specifications, to conduct man-in-the-middle (MitM) attacks. Researchers at the french intelligence agency ANSSI discovered multiple flaws in the Bluetooth Core and Mesh...

Security Affairs

May 24, 2021

Apple fixes three zero-days, one abused by XCSSET macOS malware Full Text

Abstract Apple has released security updates to patch three macOS and tvOS zero-day vulnerabilities attackers exploited in the wild, with the former being abused by the XCSSET malware to bypass macOS privacy protections.

BleepingComputer

May 24, 2021

Bluetooth flaws allow attackers to impersonate legitimate devices Full Text

Abstract Attackers could abuse vulnerabilities discovered in the Bluetooth Core and Mesh Profile specifications to impersonate legitimate devices during the pairing process and launch man-in-the-middle (MitM) attacks.

BleepingComputer

May 24, 2021

13 flaws in Nagios IT Monitoring Software pose serious risk to orgs Full Text

Abstract Researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be exploited for malicious purposes. Cybersecurity researchers from Skylight Cyber disclosed technical details about 13 vulnerabilities...

Security Affairs

May 24, 2021

Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software Full Text

Abstract Cybersecurity researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be abused by an adversary to hijack the infrastructure without any operator intervention. "In a telco setting, where a telco is monitoring thousands of sites, if a customer site is fully compromised, an attacker can use the vulnerabilities to compromise the telco, and then every other monitored customer site," Adi Ashkenazy, CEO of Australian cybersecurity firm Skylight Cyber, told The Hacker News via email. Nagios is an open-source IT infrastructure tool analogous to SolarWinds Network Performance Monitor (NPM) that offers monitoring and alerting services for servers, network cards, applications, and services. The issues, which consist of a mix of authenticated remote code execution (RCE) and privilege escalation flaws, were discovered and reported to Nagios in October 2020, following which they were  remediated  in  November . Chief among them i

The Hacker News

May 24, 2021

Anker fixed an issue that caused access to Eufy video camera feeds to random users Full Text

Abstract A misconfiguration issue in the software used by the Eufy video camera exposed private information and video streams of customers. Chinese electronics vendor Anker has recently addressed a bug that mistakenly exposed private information and video...

Security Affairs

May 23, 2021

CVE-2021-31166 Windows HTTP flaw also impacts WinRM servers Full Text

Abstract The wormable CVE-2021-31166 vulnerability in the HTTP Protocol Stack of the Windows IIS server also affects WinRM on Windows 10 and Server systems. Microsoft Patch Tuesday for May 2021 security updates addressed 55 vulnerabilities in Microsoft including...

Security Affairs

May 22, 2021

Wormable Windows HTTP vulnerability also affects WinRM servers Full Text

Abstract A wormable remote code execution (RCE) vulnerability in the Windows IIS server can also be used to attack unpatched Windows 10 and Server systems publicly exposing the WinRM (Windows Remote Management) service.

BleepingComputer

May 20, 2021

Four Android Bugs Being Exploited in the Wild Full Text

Abstract On Wednesday, Google quietly slipped updates into its May 3 Android security bulletin for bugs that its Project Zero group has confirmed are zero-days.

Threatpost

May 20, 2021

Information disclosure vulnerability spotted in macOS SMB server Full Text

Abstract The integer overflow vulnerability exists in the way macOS SMB server processes SMB3 compounded packets. An attacker could exploit this vulnerability by sending a specially crafted packet.

Cisco Talos

May 20, 2021

Pega Infinity patches authentication vulnerability - Malwarebytes Labs Full Text

Abstract There are several PoCs readily available, including complete videos on YouTube, so users of the Pega Infinity enterprise software platform are being advised to update their installations.

Malwarebytes Labs

May 20, 2021

Blind SQL Injection flaw in WP Statistics impacted 600K+ sites Full Text

Abstract Experts discovered a Time-Based Blind SQL Injection vulnerability in the WP Statistics plugin which is installed on over 600,000 WordPress sites. Researchers from the Wordfence Threat Intelligence discovered a Time-Based Blind SQL Injection vulnerability...

Security Affairs

May 19, 2021

Google addresses 4 zero-day flaws in Android exploited in the wild Full Text

Abstract Google released Android Security Bulletin for May 2021 security updates that address four zero-day vulnerabilities that were exploited in the wild. Android Security Bulletin for May 2021 security updates address four zero-day vulnerabilities, tracked...

Security Affairs

May 19, 2021

Threats Hover Over Tor Users Full Text

Abstract Two fresh waves of attacks including SSL-stripping attacks and scheme flooding have been observed crippling Tor users. Users are recommended to keep the web browser updated to fix any exploitable vulnerability.

Cyware Alerts - Hacker News

May 19, 2021

May Android security updates patch 4 zero-days exploited in the wild Full Text

Abstract According to info provided by Google's Project Zero team, four Android security vulnerabilities were exploited in the wild as zero-day bugs before being patched earlier this month.

BleepingComputer

May 19, 2021

Researchers Find Exploitable Remote Code Execution Vulnerabilities in Mercedes-Benz Cars Full Text

Abstract Following an eight-month audit of the code in the latest infotainment system in Mercedes-Benz cars, security researchers with Tencent Security Keen Lab identified five vulnerabilities.

Security Week

May 19, 2021

Emerson Patches Several Vulnerabilities in X-STREAM Gas Analyzers Full Text

Abstract American industrial giant Emerson this week informed customers that it has released firmware updates for its Rosemount X-STREAM gas analyzers to address half a dozen vulnerabilities.

Security Week

May 19, 2021

Hacking the infotainment system used in Mercedes-Benz cars Full Text

Abstract Security researchers identified five vulnerabilities in the infotainment system in Mercedes-Benz cars, four of them are remotely exploitable. Security researchers with Tencent Security Keen Lab identified five vulnerabilities, tracked as CVE-2021-23906,...

Security Affairs

May 19, 2021

Windows PoC Exploit Released for Wormable RCE Full Text

Abstract The exploit pries open CVE-2021-31166, a bug with a CVSS score of 9.8 that was the baddest of the bad in Microsoft’s Patch Tuesday release last week.

Threatpost

May 19, 2021

Latest phones are great at thwarting Wi-Fi tracking. Other devices, not so much – study Full Text

Abstract While the paper indicates that mobile phones have become better at implementing MAC address randomization, it also highlights the lack of a standard approach has led to inconsistent implementations.

The Register

May 18, 2021

Commercial third party code creating security blind spots Full Text

Abstract Despite the fact that third party code in IoT projects has grown 17% in the past five years, only 56% of OEMs have formal policies for testing security, a VDC Research reveals.

Help Net Security

May 18, 2021

Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1 Full Text

Abstract There would need to be at least an additional vulnerability in another software component in place on the website – or an active compromise already taking place – for this to be an attack vector.

Sucuri

May 17, 2021

PoC released for wormable Windows IIS bug Full Text

Abstract Several security researchers and security firms who reviewed last week’s security updates considered the bug the most dangerous vulnerability Microsoft fixed in this month’s patch cycle.

The Record

May 17, 2021

Exploit released for wormable Windows HTTP vulnerability Full Text

Abstract Proof-of-concept exploit code has been released over the weekend for a critical wormable vulnerability in the latest Windows 10 and Windows Server versions.

BleepingComputer

May 17, 2021

Apple’s Find My Network Can be Abused to Exfiltrate Data From Nearby Devices Full Text

Abstract Latest research has demonstrated a new exploit that enables arbitrary data to be uploaded from devices that are not connected to the Internet by simply sending "Find My Bluetooth" broadcasts to nearby Apple devices. "It's possible to upload arbitrary data from non-internet-connected devices by sending Find My [Bluetooth Low Energy] broadcasts to nearby Apple devices that then upload the data for you," Positive Security researcher Fabian Bräunlein  said  in a technical write-up disclosed last week. "Being inherent to the privacy and security-focused design of the Find My Offline Finding system, it seems unlikely that this misuse can be prevented completely." The study builds on a previous study by TU Darmstadt  published  in March 2021, which disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that could lead to a location correlation attack and unauthorized access to a user's lo

The Hacker News

May 17, 2021

Expert released PoC exploit code for Windows CVE-2021-31166 bug Full Text

Abstract A security researcher has published a working proof-of-concept exploit code for a wormable Windows IIS server vulnerability tracked as CVE-2021-31166. Microsoft Patch Tuesday for May 2021 security updates addressed 55 vulnerabilities in Microsoft...

Security Affairs

May 17, 2021

AMD Warns of Two Attacks That Could Allow Bypassing of SEV Protection System Full Text

Abstract AMD has issued guidance for two attacks (CVE-2020-12967, CVE-2021-26311) that allow bypassing the SEV technology implemented to prevent rogue operating systems on virtual machines.

Security Affairs

May 16, 2021

Two flaws could allow bypassing AMD SEV protection system Full Text

Abstract The chipmaker AMD published guidance for two new attacks against its SEV (Secure Encrypted Virtualization) protection technology. Chipmaker AMD has issued guidance for two attacks (CVE-2020-12967, CVE-2021-26311) that allow bypassing the SEV (Secure...

Security Affairs

May 14, 2021

Citrix Patches Vulnerability in Workspace App for Windows Full Text

Abstract Tracked as CVE-2021-22907, the flaw could be exploited by local attackers to escalate their privileges to SYSTEM level. All supported versions of Citrix Workspace app for Windows are affected by it.

Security Week

May 14, 2021

FortiGuard Labs Discovers Multiple Critical Zero Day Vulnerabilities in Adobe Illustrator Full Text

Abstract They are identified as CVE-2021-21103, CVE-2021-21104, and CVE-2021-21105. All these vulnerabilities have different root causes related to a variety of Illustrator Plugins.

Fortinet

May 14, 2021

Cross-browser tracking vulnerability tracks you via installed apps Full Text

Abstract Researchers have developed a way to track a user across different browsers on the same machine by querying the installed applications on the device.

BleepingComputer

May 13, 2021

Developers knowingly push flawed code, doubt build environments are secure Full Text

Abstract A recent survey found that most development teams, 81%, knowingly pushed flawed code live, and 20% senior of managers even admitted to committing this practice often.

SCMagazine

May 13, 2021

Cisco fixes AnyConnect Client VPN zero-day disclosed in November Full Text

Abstract Cisco has addressed a zero-day in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. Cisco has addressed a zero-day vulnerability in Cisco AnyConnect Secure Mobility Client, tracked as CVE-2020-3556, that...

Security Affairs

May 13, 2021

Cisco fixes 6-month-old AnyConnect VPN zero-day with exploit code Full Text

Abstract Cisco has fixed a six-month-old zero-day vulnerability found in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code.

BleepingComputer

May 12, 2021

Microsoft fixes four critical vulnerabilities that pose risk to both data and infrastructure Full Text

Abstract Products affected by the Microsoft vulnerabilities include Hyper-V, Internet Explorer, Windows Server, and Windows 10.

SCMagazine

May 12, 2021

Microsoft Patch Tuesday for May 2021 fix 4 critical flaws Full Text

Abstract Microsoft Patch Tuesday for May 2021 security updates addressed 55 vulnerabilities, four are rated as Critical. Microsoft Patch Tuesday for May 2021 security updates address 55 vulnerabilities in Microsoft Windows, .NET Core and Visual Studio, Internet...

Security Affairs

May 12, 2021

Researchers Flag e-Voting Security Flaws Full Text

Abstract Paper ballots and source-code transparency are recommended to improve election security.

Threatpost

May 12, 2021

Microsoft fixes WSUS bug blocking May Windows security updates Full Text

Abstract Microsoft has resolved a known issue preventing managed devices from receiving the May 2021 Patch Tuesday security updates.

BleepingComputer

May 12, 2021

‘Frag Attacks’ Vulnerabilities in WiFi Standard Affect WiFi-enabled Devices Dating Back to 1997 Full Text

Abstract A Belgian security researcher has discovered a series of vulnerabilities that impact the WiFi standard, with some bugs dating back as far back as 1997 and affecting devices sold for the past 24 years.

The Record

May 12, 2021

FragAttacks vulnerabilities expose all WiFi devices to hack Full Text

Abstract Security researcher discovered a series of flaws, collectively tracked as FragAttacks, that impact the WiFi devices sold for the past 24 years. Belgian security researcher Mathy Vanhoef disclosed the details of a multiple vulnerabilities, tracked...

Security Affairs

May 12, 2021

SAP Patches High-Severity Flaws in Business One, NetWeaver Products Full Text

Abstract Tech giant SAP has released a total of six new security notes on its May 2021 Security Patch Day, along with updates for five other security notes, including three rated Hot News.

Security Week

May 12, 2021

‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices Full Text

Abstract Wi-Fi devices going back to 1997 are vulnerable to attackers who can steal your data if they’re in range.

Threatpost

May 12, 2021

Maybe don’t call Saul? Over 30,000 VoIP devices identifiable worldwide, some with suspected vulnerabilities Full Text

Abstract Thousands of public-facing devices can be accessed anywhere in the world, from the US to Russia, from London to Johannesburg. Our research shows that large and small manufacturers are identifiable, with Aastra-Mitel topping the list. As with many...

Security Affairs

May 12, 2021

All Wi-Fi devices impacted by new FragAttacks vulnerabilities Full Text

Abstract Newly discovered Wi-Fi security vulnerabilities collectively known as FragAttacks (fragmentation and aggregation attacks) are impacting all Wi-Fi devices (including computers, smartphones, and smart devices) going back as far as 1997.

BleepingComputer

May 12, 2021

Australia: 328 weaknesses found by WA Auditor-General in 50 local government systems Full Text

Abstract The computer systems of 50 Western Australian local government entities were probed and the result was the finding of 328 control weaknesses, with 33 considered as significant by the Auditor-General.

ZDNet

May 12, 2021

Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks Full Text

Abstract Three design and multiple implementation flaws have been disclosed in IEEE 802.11 technical standard that undergirds Wi-Fi, potentially enabling an adversary to take control over a system and plunder confidential data. Called  FragAttacks  (short for FRgmentation and AGgregation attacks), the weaknesses impact all Wi-Fi security protocols, from Wired Equivalent Privacy (WEP) all the way to Wi-Fi Protected Access 3 (WPA3), thus virtually putting almost every wireless-enabled device at risk of attack. "An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices," Mathy Vanhoef, a security academic at New York University Abu Dhabi, said. "Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities." IEEE 802.11 provides the basis for all modern devices using the Wi-Fi family of network protocols, allowing lap

The Hacker News

May 12, 2021

Time to patch against FragAttacks but good luck with home routers and IoT devices Full Text

Abstract Several of the flaws relate to the ability to inject plaintext frames, as well as certain devices accepting any unencrypted frame or plaintext aggregated frames that look like handshake messages.

ZDNet

May 12, 2021

Latest Microsoft Windows Updates Patch Dozens of Security Flaws Full Text

Abstract Microsoft on Tuesday rolled out its scheduled  monthly security update  with patches for 55 security flaws affecting Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business. Of these 55 bugs, four are rated as Critical, 50 are rated as Important, and one is listed as Moderate in severity. Three of the vulnerabilities are publicly known, although, unlike  last month , none of them are under active exploitation at the time of release. The most critical of the flaws addressed is  CVE-2021-31166 , a wormable remote code execution vulnerability in the HTTP protocol stack. The issue, which could allow an unauthenticated attacker to send a specially crafted packet to a targeted server, is rated 9.8 out of a maximum of 10 on the CVSS scale. Another vulnerability of note is a remote code execution flaw in Hyper-V ( CVE-2021-28476 ), which also scores the highest severity among all flaws patched this month with a CVSS rating of 9.9. "This i

The Hacker News

May 12, 2021

Microsoft Fixes Exchange Server Zero-Day in May Patch Tuesday Full Text

Abstract Bug was first disclosed in Pwn2Own competition last month

Infosecurity Magazine

May 12, 2021

Half of Government Security Incidents Caused by Missing Patches Full Text

Abstract Risks are driving IT modernization push, according to BAE Systems

Infosecurity Magazine

May 11, 2021

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild Full Text

Abstract Adobe has released  Patch Tuesday updates  for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild. The list of updated applications includes Adobe Experience Manager , Adobe InDesign , Adobe Illustrator , Adobe InCopy , Adobe Genuine Service , Adobe Acrobat and Reader, Magento , Adobe Creative Cloud Desktop Application, Adobe Media Encoder , Adobe After Effects , Adobe Medium, and Adobe Animate. In a security bulletin, the company  acknowledged  it received reports that the flaw "has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows." Tracked as CVE-2021-28550, the zero-day concerns an arbitrary code execution flaw that could allow adversaries to execute virtually any command on target systems. While the targeted attacks took aim at Windows users of Adobe Reader, the issue affects both Windows and macOS ver

The Hacker News

May 11, 2021

Hackers target Windows users exploiting a Zero-Day in Reader Full Text

Abstract Adobe confirmed that a zero-day vulnerability affecting Adobe Reader for Windows has been exploited in the wild in limited attacks. Adobe security updates for May 2021 address at least 43 CVEs in Experience Manager, InDesign, Illustrator, InCopy,...

Security Affairs

May 11, 2021

Wormable Windows Bug Opens Door to DoS, RCE Full Text

Abstract Microsoft’s May 2021 Patch Tuesday updates include fixes for four critical security vulnerabilities.

Threatpost

May 11, 2021

Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader Full Text

Abstract A patch for Adobe Acrobat, the world’s leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution.

Threatpost

May 11, 2021

Google Patches 19 Vulnerabilities With Chrome 90 Update Full Text

Abstract Chrome components affected by these issues include Web App Installs, Offline, Media Feeds, Aura, Tab Groups, Notifications, V8, Autofill, File API, History, Reader Mode, Payments, and Tab Strip.

Security Week

May 11, 2021

Microsoft May 2021 Patch Tuesday fixes 55 flaws, 3 zero-days Full Text

Abstract Today is Microsoft's May 2021 Patch Tuesday, and with it comes three zero-day vulnerabilities, so Windows admins will be rushing to apply updates. 

BleepingComputer

May 11, 2021

Adobe fixes Reader zero-day vulnerability exploited in the wild Full Text

Abstract Adobe has released a massive Patch Tuesday security update release that fixes vulnerabilities in twelve different applications, including one actively exploited vulnerability Adobe Reader.

BleepingComputer

May 11, 2021

Apple Execs Chose to Keep a Hack of 128 Million iPhones Quiet Full Text

Abstract The infections were the result of legitimate developers writing apps using a counterfeit and malicious copy of Xcode, Apple’s iOS and OS X app development tool, dubbed XcodeGhost.

Wired

May 11, 2021

Siemens Addresses 60 Vulnerabilities Introduced by Third-Party Components Full Text

Abstract Of the 14 advisories published this week, nine cover 60 vulnerabilities related to third-party components. The remaining advisories cover only 7 flaws that are specific to Siemens products.

Security Week

May 11, 2021

Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine Full Text

Abstract A computer science professor from Sweden has discovered an arbitrary code execution vulnerability in the Universal Turing Machine, one of the earliest computer designs in history.

The Register

May 11, 2021

Vulnerability attacks weakness in Microsoft Azure virtual machine extensions Full Text

Abstract The flaw, which Microsoft patched in March, would allow an attacker to escalate privileges and access sensitive user data.

SCMagazine

May 11, 2021

Researchers Pawn Electric Cars to Circumvent Payment for Charging Stations and Manipulate Car Battery Full Text

Abstract Tencent's Blade Team, a security research group, showed they could circumvent payment schemes at electric vehicle charging stations by using a Raspberry Pi to conduct the attack.

The Register

May 10, 2021

AirTag hacked for the first time by security researcher Full Text

Abstract While the regular item tracker opens the Find My website, researchers created a modified item tracker that opens a non-related URL, which could be used for phishing or anything else.

9to5 Mac

May 10, 2021

Colonial Pipeline attack underscores US energy’s vulnerability Full Text

Abstract The ransomware attack on Colonial Pipeline, the largest supplier of oil to the Northeast region of the United States, is underscoring just how vulnerable critical U.S. infrastructure is to cybercriminals in a way no previous attack has done, say U.S. officials and experts in the field.

The Hill

May 10, 2021

Pega Infinity hotfix released after researchers flag critical authentication bypass vulnerability Full Text

Abstract According to the research team – Sam Curry, Justin Rhinehart, Brett Buerhaus, and Maik Robert – CVE-2021-27651 is a critical-risk vulnerability in versions 8.2.1 to 8.5.2 of Pega’s Infinity software.

The Daily Swig

May 10, 2021

NatWest Bank scheduled payments bug may have cost you money Full Text

Abstract Today, UK-based NatWest Bank has alerted multiple customers of a system error that may have caused many more payments to be debited from customer accounts than the originally agreed-upon amount. The issue impacts standing orders set up between 23rd March 2020 and 24th February 2021.

BleepingComputer

May 10, 2021

UK/US: Patch These 11 Bugs Now to Thwart Russian Spies Full Text

Abstract New report reveals latest SVR tactics

Infosecurity Magazine

May 10, 2021

Foxit Patches Vulnerability Allowing Attackers to Execute Malware Via PDF Files Full Text

Abstract Successful exploitation of this vulnerability can lead from program crashes and data corruption to the execution of arbitrary code on computers running the vulnerable software.

Heimdal Security

May 10, 2021

Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs Full Text

Abstract Lemon Duck remains relevant as the operators begin to target Microsoft Exchange servers, exploiting high-profile security vulnerabilities to drop web shells and carry out malicious activities.

Cisco Talos

May 9, 2021

SQL injection issue in Anti-Spam WordPress Plugin exposes User Data Full Text

Abstract ‘Spam protection, AntiSpam, FireWall by CleanTalk’ anti-spam WordPress plugin could expose user sensitive data to an unauthenticated attacker. A Time-Based Blind SQL Injection in ‘Spam protection, AntiSpam, FireWall by CleanTalk’ WordPress...

Security Affairs

May 08, 2021

Top 11 Security Flaws Russian Spy Hackers Are Exploiting in the Wild Full Text

Abstract Cyber operatives affiliated with the Russian Foreign Intelligence Service (SVR) have switched up their tactics in response to previous public disclosures of their attack methods, according to a  new advisory  jointly published by intelligence agencies from the U.K. and U.S. Friday. "SVR cyber operators appear to have reacted [...] by changing their TTPs in an attempt to avoid further detection and remediation efforts by network defenders," the National Cyber Security Centre (NCSC)  said . These include the deployment of an open-source tool called  Sliver  to maintain their access to compromised victims as well as leveraging the ProxyLogon flaws in Microsoft Exchange servers to conduct post-exploitation activities. The development followed the  public attribution  of SVR-linked actors to the  SolarWinds  supply-chain attack last month. The adversary is also tracked under different monikers, such as Advanced Persistent Threat 29 (APT29), the Dukes, CozyBear, and Yttrium.

The Hacker News

May 8, 2021

Popular routers found vulnerable to hacker attacks Full Text

Abstract The main issues affecting routers supplied by ISPs such as Virgin, EE, Sky, TalkTalk, and Vodafone were weak default passwords, local network vulnerabilities, and the lack of firmware updates to patch security loopholes.

ESET Security

May 8, 2021

VMware Patches Critical Flaw Reported by Sanctioned Russian Security Firm Full Text

Abstract VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was sanctioned recently by the United States of America.

Security Week

May 8, 2021

Russian hackers are targeting these vulnerabilities, so patch now Full Text

Abstract Russian cyberattacks are being deployed with new techniques - including exploiting vulnerabilities like the recent Microsoft Exchange zero-days - as its hackers continue to target governments, organizations, and energy providers around the world.

ZDNet

May 07, 2021

Foxit Reader bug lets attackers run malicious code via PDFs Full Text

Abstract Foxit Software, the company behind the highly popular Foxit Reader, has published security updates to fix a high severity remote code execution (RCE) vulnerability affecting the PDF reader.

BleepingComputer

May 7, 2021

A Dangerously Bad macOS Bug and a Malware Campaign Full Text

Abstract A dangerously bad zero-day vulnerability in macOS was being abused by the Shlayer malware to bypass Apple’s Gatekeeper, Notarization, and File Quarantine security checks.

Cyware Alerts - Hacker News

May 7, 2021

Intel, AMD Dispute Findings on Chip Vulnerabilities Full Text

Abstract Intel and AMD insist that users of their chips do not need to take any additional security measures as a result of the discovery because existing protections are adequate.

Gov Info Security

May 07, 2021

6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS Full Text

Abstract As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction. The unpatched flaws, collectively named ' Mouse Trap, ' were disclosed on Wednesday by security researcher Axel Persinger, who said, "It's clear that this application is very vulnerable and puts users at risk with bad authentication mechanisms, lack of encryption, and poor default configuration." Remote Mouse is a remote control application for Android and iOS that turns mobile phones and tablets into a wireless mouse, keyboard, and trackpad for computers, with support for voice typing, adjusting computer volume, and switching between applications with the help of a Remote Mouse server installed on the machine. The Android app alone has been installed over 10 million times. In a nutshell, the issues, which were identified by analysing the packets sent from the Android app to its Windows ser

The Hacker News

May 7, 2021

VMware addresses critical RCE in vRealize Business for Cloud Full Text

Abstract VMware has fixed a new critical RCE flaw in VMware vRealize Business for Cloud that was reported by sanctioned Russian firm Positive Technologies. VMware has addressed a critical remote code execution vulnerability, tracked as CVE-2021-21984, in VMware...

Security Affairs

May 7, 2021

New Techniques Emerge for Abusing Windows Services to Gain System Control Full Text

Abstract Several new techniques have become available recently that give attackers an easy way to abuse legitimate Windows services and escalate low-level privileges on a system to gain full control of it.

Dark Reading

May 7, 2021

Millions of Older Broadband Routers Plagued by Security Flaws, Warn Researchers Full Text

Abstract Millions of households in the UK are using old broadband routers that could fall prey to hackers, according to a new investigation carried out by consumer watchdog Which?.

ZDNet

May 07, 2021

New tsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers Full Text

Abstract Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System (DNS) resolvers that could be exploited by adversaries to carry out denial-of-service attacks against authoritative nameservers. The flaw, called  'TsuNAME ,' was discovered by researchers from SIDN Labs and InternetNZ, which manage the national top-level internet domains '.nl' and '.nz' for the Netherlands and New Zealand, respectively. "TsuNAME occurs when domain names are misconfigured with cyclic dependent DNS records, and when vulnerable resolvers access these misconfigurations, they begin looping and send DNS queries rapidly to authoritative servers and other resolvers," the researchers said. A recursive DNS resolver is one of the core components involved in  DNS resolution , i.e., converting a hostname such as www.google.com into a computer-friendly IP address like 142.250.71.36. To achieve this, it responds to a client's request for a web

The Hacker News

May 7, 2021

Millions of Households at Risk from Outdated Routers Full Text

Abstract Which report warns many lack regular firmware updates

Infosecurity Magazine

May 6, 2021

Qualcomm Chip Bug Opens Android Fans to Eavesdropping Full Text

Abstract A malicious app can exploit the issue, which could affect up to 30 percent of Android phones.

Threatpost

May 06, 2021

New TsuNAME DNS bug allows attackers to DDoS authoritative DNS servers Full Text

Abstract Attackers can use a newly disclosed domain name server (DNS) vulnerability publicly known as TsuNAME as an amplification vector in large-scale reflection-based distributed denial of service (DDoS) attacks targeting authoritative DNS servers.

BleepingComputer

May 6, 2021

Qualcomm bug impacts about 30% of all smartphones Full Text

Abstract A high severity flaw, tracked as CVE-2020-11292, affects Qualcomm Mobile Station Modem chips used by around 30% of all smartphones worldwide Researchers from Checkpoint have discovered a buffer overflow vulnerability, tracked as CVE-2020-11292, in the Qualcomm...

Security Affairs

May 6, 2021

Flaw in PHP Composer Could Allow Supply-Chain Attacks Full Text

Abstract Security threats in PHP or its components can have a big impact. Lately, a vulnerability was found in the PHP Composer that could have allowed an attacker to execute arbitrary commands and backdoor every PHP package.

Cyware Alerts - Hacker News

May 6, 2021

Vulnerability in Qualcomm chips lets an attacker snoop on calls and texts Full Text

Abstract Checkpoint researchers shed further light this week on a vulnerability affecting a cellular chip embedded in 40% of the world’s smartphones.

SCMagazine

May 06, 2021

Qualcomm vulnerability impacts nearly 40% of all mobile phones Full Text

Abstract A high severity security vulnerability found in Qualcomm's Mobile Station Modem (MSM) chips (including the latest 5G-capable versions) could enable attackers to access mobile phone users' text messages, call history, and listen in on their conversations.

BleepingComputer

May 06, 2021

Critical Flaws Hit Cisco SD-WAN vManage and HyperFlex Software Full Text

Abstract Networking equipment major Cisco has rolled out software updates to address multiple critical vulnerabilities impacting HyperFlex HX and SD-WAN vManage Software that could allow an attacker to perform command injection attacks, execute arbitrary code, and gain access to sensitive information. In a series of advisories published on May 5, the company said there are no workarounds that remediate the issues. The HyperFlex HX command injection vulnerabilities, tracked as CVE-2021-1497 and CVE-2021-1498 (CVSS scores 9.8), affect all Cisco devices running HyperFlex HX software versions 4.0, 4.5, and those prior to 4.0. Arising due to insufficient validation of user-supplied input in the web-based management interface of Cisco HyperFlex HX Data Platform, the flaws could enable an unauthenticated, remote attacker to perform a command injection attack against a vulnerable device. "An attacker could exploit this vulnerability by sending a crafted request to the web-based management int

The Hacker News

May 06, 2021

New Qualcomm Chip Bug Could Let Hackers Spy On Android Devices Full Text

Abstract Cybersecurity researchers have disclosed a new security vulnerability in Qualcomm's mobile station modems (MSM) that could potentially allow an attacker to leverage the underlying Android operating system to slip malicious code into mobile phones, undetected. "If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones, granting them access to SMS messages and audio of phone conversations," researchers from Israeli security firm Check Point  said  in an analysis published today. The heap overflow vulnerability, tracked as CVE-2020-11292 , resides in the QMI voice service API exposed by the modem to the high level operating system, and could be exploited by a malicious app to conceal its activities "underneath" the OS in the modem chip itself, thus making it invisible to the security protections built into the device. Designed since the 1990s, Qualcomm  MSM  chip

The Hacker News

May 6, 2021

Researcher Claims Peloton APIs Exposed All Users Data Full Text

Abstract Even those in privacy mode were affected, says Pen Test Partners

Infosecurity Magazine

May 6, 2021

Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX software Full Text

Abstract Cisco fixed critical flaws in SD-WAN vManage and HyperFlex HX software that could allow creating admin accounts, and executing commands as root. Cisco has addressed critical vulnerabilities affecting SD-WAN vManage and HyperFlex HX software that could...

Security Affairs

May 6, 2021

JET engine flaws can crash Microsoft’s IIS, SQL Server, say Palo Alto researchers Full Text

Abstract Researchers at Palo Alto Networks have detailed vulnerabilities in the JET database engine that can be exploited to execute malicious code on systems running Microsoft’s SQL Server and IIS web server.

The Register

May 06, 2021

New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers Full Text

Abstract When Spectre, a class of critical vulnerabilities impacting modern processors, was  publicly revealed  in January 2018, the researchers behind the discovery  said , "As it is not easy to fix, it will haunt us for quite some time," explaining the inspiration behind naming the speculative execution attacks. Indeed, it's been more than three years, and there is no end to Spectre in sight. A team of academics from the University of Virginia and University of California, San Diego, have discovered a  new line of attack  that bypasses all current Spectre protections built into the chips, potentially putting almost every system — desktops, laptops, cloud servers, and smartphones — once again at risk just as they were three years ago. The disclosure of  Spectre and Meltdown  opened a  floodgates  of sorts, what with  endless   variants  of the  attacks  coming to light in the intervening years, even as chipmakers like Intel, ARM, and AMD have continually scrambled to incorpo

The Hacker News

May 6, 2021

Malicious Office 365 Apps Are the Ultimate Insiders – Krebs on Security Full Text

Abstract These attacks begin with an emailed link that when clicked loads not a phishing site but the user’s actual Office 365 login page — whether that be at microsoft.com or their employer’s domain.

Krebs on Security

May 05, 2021

Cisco bugs allow creating admin accounts, executing commands as root Full Text

Abstract Cisco has fixed critical SD-WAN vManage and HyperFlex HX software security flaws that could enable remote attackers to execute commands as root or create rogue admin accounts.

BleepingComputer

May 05, 2021

VMware fixes critical RCE bug in vRealize Business for Cloud Full Text

Abstract VMware has released security updates to address a critical severity vulnerability in vRealize Business for Cloud that enables unauthenticated attackers to remotely execute malicious code on vulnerable servers.

BleepingComputer

May 05, 2021

New Study Warns of Security Threats Linked to Recycled Phone Numbers Full Text

Abstract A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online services. Nearly 66% of the recycled numbers that were sampled were found to be tied to previous owners' online accounts at popular websites, potentially enabling account hijacks by simply recovering the accounts tied to those numbers. "An attacker can cycle through the available numbers shown on online number change interfaces and check if any of them are associated with online accounts of previous owners," the researchers  said . If so, the attacker can then obtain these numbers and reset the password on the accounts, and receive and correctly enter the OTP sent via SMS upon login." The findings are part of an analysis of a sample of 259 phone numbers available to new su

The Hacker News

May 5, 2021

Dell Fixes Twelve-Year-Old Driver Vulnerability Impacting Millions of PCs Full Text

Abstract Hundreds of millions of Dell desktops, laptops, notebooks, and tablets will need to update their Dell DBUtil driver to fix a 12-year-old vulnerability that exposes systems to attacks.

The Record

May 05, 2021

BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide Full Text

Abstract PC maker Dell has issued an update to fix multiple critical privilege escalation vulnerabilities that went undetected since 2009, potentially allowing attackers to gain kernel-mode privileges and cause a denial-of-service condition. The issues, reported to Dell by researchers from SentinelOne on Dec. 1, 2020, reside in a firmware update driver named "dbutil_2_3.sys" that comes pre-installed on its devices. Hundreds of millions of desktops, laptops, notebooks, and tablets manufactured by the company are said to be vulnerable. "Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure. Local authenticated user access is required," Dell  said  in an advisory. All five separate flaws have been assigned the CVE identifier CVE-2021-21551 with a CVSS score of 8.8. A breakdown of the shortcomings is as follows -  CVE-2021-21551: Local Elevation Of Privilege

The Hacker News

May 5, 2021

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager Full Text

Abstract Researchers found a critical vulnerability in HPE Edgeline Infrastructure Manager that could be exploited by a remote attacker to bypass authentication. Researchers from Tenable have disclosed a critical authentication bypass vulnerability in HPE Edgeline...

Security Affairs

May 5, 2021

Android May 2021 Update Out, Fixes Over 40 Vulnerabilities Full Text

Abstract The new security patch 2021-05-01 fixes three main critical flaws identified in the System component which could be exploited to run arbitrary code on a vulnerable Android device.

Softpedia

May 05, 2021

ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking Full Text

Abstract The maintainers of Exim have  released patches  to remediate as many as 21 security vulnerabilities in its software that could enable unauthenticated attackers to achieve complete remote code execution and gain root privileges. Collectively named  '21Nails ,' the flaws include 11 vulnerabilities that require local access to the server and 10 other weaknesses that could be exploited remotely. The issues were discovered by Qualys and reported to Exim on Oct. 20, 2020. "Some of the vulnerabilities can be chained together to obtain a full remote unauthenticated code execution and gain root privileges on the Exim Server," Bharat Jogi, senior manager at Qualys, said in public disclosure. "Most of the vulnerabilities discovered by the Qualys Research Team for e.g. CVE-2020-28017 affects all versions of Exim going back all the way to 2004." Exim is a popular mail transfer agent (MTA) used on Unix-like operating systems, with over 60% of the publicly reachable m

The Hacker News

May 4, 2021

21 vulnerabilities in Exim mail server leave web, cloud operations exposed Full Text

Abstract Researchers found 21 unique vulnerabilities in the Exim mail server, some of which can be chained together to obtain full remote unauthenticated code execution and gain root privileges.

SCMagazine

May 04, 2021

Google Chrome adopts Windows 10 exploit protection feature Full Text

Abstract Google Chrome now hinders attackers' efforts to exploit security bugs on systems with Intel 11th Gen or AMD Zen 3 CPUs, running Windows 10 2004 or later.

BleepingComputer

May 4, 2021

Apple Fixes Zero‑Day Security Bugs Under Active Attack Full Text

Abstract On Monday, Apple released a quartet of unscheduled updates for iOS, macOS, and watchOS, slapping security patches on flaws in its WebKit browser engine.

Threatpost

May 4, 2021

Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs Full Text

Abstract The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others.

Threatpost

May 4, 2021

Most of Exim email servers could be hacked by exploiting 21Nails flaws Full Text

Abstract The maintainers of the Exim email server software addressed a collection of 21 issues, dubbed 21Nails, that can allow attackers to fully compromise mail servers. The maintainers of the Exim email server software have released security updates to address...

Security Affairs

May 4, 2021

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs Full Text

Abstract The privilege-escalation bug remained hidden for 12 years and has been present in all Dell PCs, tablets and notebooks shipped since 2009.

Threatpost

May 04, 2021

Critical 21Nails Exim bugs expose millions of servers to attacks Full Text

Abstract Newly discovered critical vulnerabilities in the Exim message transfer agent (MTA) software allow unauthenticated remote attackers to execute arbitrary code and gain root privilege on mail servers with default or common configurations.

BleepingComputer

May 4, 2021

Hundreds of millions Of Dell PCs affected by CVE-2021-21551 flaws Full Text

Abstract American multinational computer technology giant Dell addresses a 12-year-old driver flaw, tracked as CVE-2021-21551, impacting millions of computers. Hundreds of millions of Dell computers worldwide are affected by a 12-year-old vulnerability, tracked...

Security Affairs

May 4, 2021

Dell patches vulnerable driver in a decade of IT products, computers and laptops Full Text

Abstract The five bugs, collectively cataloged as CVE-2021-21551, create privilege escalation and denial of service issues stemming from memory corruption, lack of authentication, and code logic flaws.

SCMagazine

May 04, 2021

Vulnerable Dell driver puts hundreds of millions of systems at risk Full Text

Abstract A driver that's been pushed for the past 12 years to Dell computer devices for consumers and enterprises contains multiple vulnerabilities that could lead to increased privileges on the system.

BleepingComputer

May 4, 2021

Pulse Secure Patches Critical Zero-Day Flaw Full Text

Abstract CVSS 10.0 bug was exploited by multiple APT groups

Infosecurity Magazine

May 4, 2021

Apple addresses three zero-day flaws in its WebKit browser engine Full Text

Abstract Apple has released security updates to patch three zero-days in the WebKit, the Apple's browser engine, and fixed a zero-day exploited in the wild. Apple released security updates to address four zero-day vulnerabilities impacting WebKit, which is used...

Security Affairs

May 04, 2021

Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack Full Text

Abstract Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors. Tracked as  CVE-2021-22893  (CVSS score 10), the flaw concerns "multiple use after free" issues in Pulse Connect Secure that could allow a remote unauthenticated attacker to execute arbitrary code and take control of the affected system. All Pulse Connect Secure versions prior to 9.1R11.4 are impacted. The flaw came to light on April 20 after FireEye  disclosed  a series of intrusions targeting defense, government, and financial organizations in the U.S. and elsewhere by leveraging critical vulnerabilities in the remote access solution to bypass multi-factor authentication protections and breach enterprise networks. The development promoted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue an  Emergency Directive  urging fede

The Hacker News

May 4, 2021

Apple Reports Two iOS Zero-day Vulnerabilities Actively Used in Attacks Full Text

Abstract A week after Apple issued the release of iOS 14.5, the company has released a new update to patch two zero-days that allowed attackers to execute malicious code on up-to-date devices.

Ars Technica

May 03, 2021

Apple Releases Urgent Security Patches For Zero‑Day Bugs Under Active Attacks Full Text

Abstract Apple on Monday released security updates for  iOS ,  macOS , and  watchOS  to address three zero-day flaws and expand patches for a fourth vulnerability that the company said might have been exploited in the wild. The weaknesses all concern WebKit, the browser engine which powers Safari and other third-party web browsers in iOS, allowing an adversary to execute arbitrary code on target devices. A summary of the three security bugs are as follows - CVE-2021-30663:  An integer overflow vulnerability that could be exploited to craft malicious web content, which may lead to code execution. The flaw was addressed with improved input validation. CVE-2021-30665:  A memory corruption issue that could be exploited to craft malicious web content, which may lead to code execution. The flaw was addressed with improved state management. CVE-2021-30666:  A buffer overflow vulnerability that could be exploited to craft malicious web content, which may lead to code execution. The flaw was addr

The Hacker News

May 3, 2021

Expert released PoC exploit for Microsoft Exchange flaw Full Text

Abstract Security researcher released technical details and a PoC code for a high-severity vulnerability in Microsoft Exchange Server reported by the NSA. A security expert released technical details and proof-of-concept exploit (PoC) code for the high-severity...

Security Affairs

May 3, 2021

Pulse Secure releases patch for zero-day used to target defense industrial base Full Text

Abstract Pulse Security said over the past couple of weeks it has worked closely with the Cybersecurity and Infrastructure Security Agency (CISA) as well as FireEye and Stroz Friedberg to investigate and respond quickly to the malicious activity that was identified on its customers’ systems.

SCMagazine

May 03, 2021

Apple fixes 2 iOS zero-day vulnerabilities actively used in attacks Full Text

Abstract Today, Apple has released security updates that fix two actively exploited iOS zero-day vulnerabilities in the Webkit engine used by hackers to attack iPhones, iPads, iPods, macOS, and Apple Watch devices.

BleepingComputer

May 3, 2021

UNC2447 Exploiting SonicWall Zero-day to Breach Networks Full Text

Abstract A financially motivated threat group, tracked as UNC2447, was spotted exploiting a previously disclosed zero-day flaw in SonicWall’s Secure Mobile Access (SMA) appliances.

Cyware Alerts - Hacker News

May 3, 2021

Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool Full Text

Abstract Researchers warned that unpatched versions of HPE’s Edgeline Infrastructure Manager are open to remote authentication-bypass attacks.

Threatpost

May 03, 2021

PoC exploit released for Microsoft Exchange bug dicovered by NSA Full Text

Abstract Technical documentation and proof-of-concept exploit (PoC) code has been released for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines.

BleepingComputer

May 3, 2021

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited Full Text

Abstract Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. Pulse Secure has addressed a zero-day vulnerability (CVE-2021-22893) in the Pulse Connect Secure (PCS)...

Security Affairs

May 03, 2021

Pulse Secure fixes VPN zero-day used to hack high-value targets Full Text

Abstract Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt agencies.

BleepingComputer

May 3, 2021

Tesla Car Hacked Remotely From Drone via Zero-Click Exploit Full Text

Abstract The attack, dubbed TBONE, involves the exploitation of two vulnerabilities affecting ConnMan to take full control of the infotainment system of a Tesla without any user interaction.

Security Week

May 3, 2021

Researchers develop program that helps assess encryption systems’ vulnerabilities Full Text

Abstract A doctoral student at HSE University has proposed a new method to assess vulnerabilities in encryption systems, which is based on a brute-force search of possible options of symbol deciphering.

Help Net Security

May 1, 2021

Zero-Day Threats Keeping Organizations Super Busy Full Text

Abstract Zero-day attacks are one of the most challenging threats as they are very difficult to predict. Attackers have exploited zero-day flaws in applications and devices by Microsoft, Google, Apple, and others.

Cyware Alerts - Hacker News

May 1, 2021

Flaws in the BIND software expose DNS servers to attacks Full Text

Abstract The Internet Systems Consortium (ISC) released updates for the BIND DNS software to patch several denial-of-service (DoS) and potential RCE flaws. The Internet Systems Consortium (ISC) has released security updates for the BIND DNS software to address...

Security Affairs

May 1, 2021

Several Threats Still Looming over Microsoft Exchange Full Text

Abstract Security researchers from Sophos revealed that attackers are trying to exploit the ProxyLogon vulnerabilities in Microsoft Exchange to install Monero cryptominer on the targeted servers.

Cyware Alerts - Hacker News

April 30, 2021

Microsoft warns of damaging vulnerabilities in dozens of IoT operating systems Full Text

Abstract The flaws affect at least 25 different products made by more than a dozen organizations, including Amazon, ARM, Google Cloud, Samsung, RedHat, Apache and others.

SCMagazine

April 30, 2021

ISC Urges Organizations to Update DNS Servers to Wipe Out New BIND Vulnerabilities Full Text

Abstract This week, the organization said the vulnerabilities impact ISC Berkeley Internet Name Domain (BIND) 9, widely used as a DNS system and maintained as an open-source project.

ZDNet

April 30, 2021

Microsoft Warns 25 Critical Vulnerabilities in IoT, Industrial Devices Full Text

Abstract Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash.

Threatpost

April 30, 2021

Microsoft warns of BadAlloc flaws in OT, IoT devices Full Text

Abstract Microsoft researchers are warning of major security vulnerabilities affecting OT and IoT devices and high-risks for businesses using them. Researchers from Microsoft’s Section 52 team recently uncovered several critical memory allocation flaws,...

Security Affairs

April 30, 2021

Microsoft Finds ‘BadAlloc’ Flaws Affecting Wide-Range of IoT and OT Devices Full Text

Abstract Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things (IoT) and Operational Technology (OT) devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash. "These remote code execution (RCE) vulnerabilities cover more than 25 CVEs and potentially affect a wide range of domains, from consumer and medical IoT to Industrial IoT, Operational Technology, and industrial control systems,"  said  Microsoft's 'Section 52' Azure Defender for IoT research group. The flaws have been collectively named " BadAlloc ," for they are rooted in standard  memory allocation functions  spanning widely used real-time operating systems (RTOS), embedded software development kits (SDKs), and C standard library (libc) implementations. A lack of proper input validations associated with these memory allocation functions

The Hacker News

April 29, 2021

Microsoft finds critical code execution bugs in IoT, OT devices Full Text

Abstract Microsoft security researchers have discovered over two dozen critical remote code execution (RCE) vulnerabilities in Internet of Things (IoT) devices and Operational Technology (OT) industrial systems.

BleepingComputer

April 29, 2021

Command injection flaw in PHP Composer allowed supply-chain attacks Full Text

Abstract A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package. The maintainers of the PHP Composer package have addressed a critical vulnerability, tracked as CVE-2021-29472, that could...

Security Affairs

April 29, 2021

F5 Big-IP Vulnerable to Security-Bypass Bug Full Text

Abstract The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console.

Threatpost

April 29, 2021

Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks Full Text

Abstract Tracked as CVE-2021-1448 and having a CVSS score of 7.8, the command injection bug is mitigated by the fact that authentication and local access are required for successful exploitation.

Security Week

April 29, 2021

An issue in the Linux Kernel could allow the hack of your system Full Text

Abstract An information disclosure issue in Linux Kernel allows KASLR bypass could be potentially exploited in attacks in the wild. An information disclosure flaw in the Linux kernel, tracked as CVE-2020-28588, could allow attackers to bypass the Kernel Address...

Security Affairs

April 29, 2021

A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks Full Text

Abstract The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and "backdoor every PHP package," resulting in a supply-chain attack. Tracked as CVE-2021-29472, the security issue was discovered and reported on April 22 by researchers from  SonarSource , following which a hotfix was deployed less than 12 hours later. "Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders," Composer  said  its  release notes  for versions 2.0.13 and 1.10.22 published on Wednesday. "To the best of our knowledge the vulnerability has not been exploited." Composer  is billed as a tool for dependency management in PHP, enabling easy installation of packages relevant to a project. It also allows users to install PHP applications that are available on  Packagist , a repository that aggregates all public P

The Hacker News

April 29, 2021

RotaJakiro Linux backdoor has flown under the radar since 2018 Full Text

Abstract Experts recently uncovered a Linux backdoor, dubbed RotaJakiro, that has flown under the radar for many years while harvest and exfiltrate sensitive information from the victims.  RotaJakiro is a Linux backdoor recently discovered by researchers...

Security Affairs

April 29, 2021

How to Conduct Vulnerability Assessments: An Essential Guide for 2021 Full Text

Abstract Hackers are scanning the internet for weaknesses all the time, and if you don't want your organization to fall victim, you need to be the first to find these weak spots. In other words, you have to adopt a proactive approach to managing your vulnerabilities, and a crucial first step in achieving this is performing a vulnerability assessment. Read this guide to learn how to perform vulnerability assessments in your organization and stay ahead of the hackers. Vulnerability assessment tools Vulnerability assessments are automated processes performed by scanners. This makes them accessible to a wide audience. Many of the scanners are geared towards cybersecurity experts, but there are solutions tailored for IT managers and developers in organizations without dedicated security teams.  Vulnerability scanners come in various types: some excel at network scanning, others at web applications, IoT devices, or container security. If you're a small business, you're likely to find

The Hacker News

April 28, 2021

Google Chrome V8 Bug Allows Remote Code-Execution Full Text

Abstract The internet behemoth rolled out the Chrome 90 stable channel release to address this and eight other security vulnerabilities.

Threatpost

April 28, 2021

Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks Full Text

Abstract SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug.

Threatpost

April 28, 2021

Google addresses a high severity flaw in V8 engine in Chrome Full Text

Abstract Google released updates for Chrome 90 that address a new serious issue, tracked as CVE-2021-21227, in the V8 JavaScript engine used by the web browser. Google has released security updates for Chrome 90 that address a new high severity vulnerability,...

Security Affairs

April 28, 2021

F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability Full Text

Abstract Cybersecurity researchers on Wednesday disclosed a new bypass vulnerability in the Kerberos Key Distribution Center (KDC) security feature impacting F5 Big-IP application delivery services. "The KDC Spoofing vulnerability allows an attacker to bypass the Kerberos authentication to Big-IP Access Policy Manager (APM), bypass security policies and gain unfettered access to sensitive workloads," Silverfort researchers Yaron Kassner and Rotem Zach said in a report. "In some cases this can be used to bypass authentication to the Big-IP admin console as well." Coinciding with the public disclosure, F5 has released a patch to address the weakness. Kerberos  is an authentication protocol that relies on a client-server model for mutual authentication and requires a trusted intermediary called Key Distribution Center ( KDC ) — a Kerberos Authentication Server (AS) or a Ticket Granting Server in this case — that acts as a repository of shared secret keys of all users as we

The Hacker News

April 28, 2021

An Analysis of VB6 P-Code Obfuscation Full Text

Abstract One of the formats that has not seen common obfuscation has been the Visual Basic 6 P-Code byte streams. This is a proprietary opcode set, in a complex file format, with limited tooling available.

Avast

April 28, 2021

Cloud misconfiguration, a major risk for cloud security Full Text

Abstract Misconfigured cloud-based databases continue to cause data breaches, millions of database servers are currently exposed across cloud providers. Fugue’s new State of Cloud Security 2020 report reveals that misconfigured cloud-based databases continue...

Security Affairs

April 28, 2021

Google Patches Yet Another Serious V8 Vulnerability in Chrome Full Text

Abstract The vulnerability, tracked as CVE-2021-21227 and rated high severity, was reported to Google by researcher Gengming Liu from the Chinese cybersecurity firm Singular Security Lab.

Security Week

April 27, 2021

Microsoft SharePoint vulnerability and China Chopper web shell used in ransomware attacks Full Text

Abstract Researchers reported that to ignite a ransomware payload, the attackers abuse a Cobalt Strike beacon. The researchers believe the China Chopper web shell was used in a likely attempt to circumvent detection with known samples.

SCMagazine

April 27, 2021

Apple iOS 14.5 Patches 50 Security Vulnerabilities Full Text

Abstract Apple on Monday shipped the long-awaited iOS and iPadOS 14.5 update with patches for at least 50 documented security vulnerabilities including a WebKit flaw exploited in the wild.

Security Week

April 26, 2021

Boffins found a bug in Apple AirDrop that could leak users’ personal info Full Text

Abstract Experts found a bug in Apple's wireless file-sharing protocol Apple AirDrop that could expose user's contact information. Boffins from the Technical University of Darmstadt, Germany, have discovered a privacy issue in Apple's wireless file-sharing...

Security Affairs

April 26, 2021

Apple fixes macOS zero-day bug exploited by Shlayer malware Full Text

Abstract Apple has fixed a zero-day vulnerability in macOS exploited in the wild by Shlayer malware to bypass Apple's File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.

BleepingComputer

April 26, 2021

Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software Full Text

Abstract The gaming- and AI-friendly graphics accelerators can open the door to a range of cyberattacks.

Threatpost

April 26, 2021

Apple patches ‘worst macOS bug in recent memory’ after it was used in the wild Full Text

Abstract The bug, patched in macOS 11.3, allowed hackers to circumvent much of Apple’s built-in malware detection for programs downloaded from the internet.

SCMagazine

April 26, 2021

Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby Full Text

Abstract New research has uncovered privacy weaknesses in Apple's wireless file-sharing protocol that could result in the exposure of a user's contact information such as email addresses and phone numbers. "As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger,"  said  a team of academics from the Technical University of Darmstadt, Germany. "All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device." AirDrop  is a proprietary ad hoc service present in Apple's iOS and macOS operating systems, allowing users to transfer files between devices by making use of close-range wireless communication. While this feature shows only receiver devices that are in users' contact lists by an authentication mechanism that compares an individual's phone number and email address with entrie

The Hacker News

April 26, 2021

Bugs Allowed Hackers to Dox John Deere Tractor Owners Full Text

Abstract A pair of bugs in John Deere's apps and website could have allowed hackers to find and download the personal data of all owners of the company's farming vehicles and equipment, as per a researcher.

Vice

April 25, 2021

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely Full Text

Abstract 10,000+ unpatched ABUS Secvest home alarm systems could be remotely disabled exposing customers to intrusions and thefts. Researchers from Eye Security have found thousands of unpatched ABUS Secvest home alarm systems exposed online despite the vendor...

Security Affairs

April 24, 2021

Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux Full Text

Abstract A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users' machines that have Homebrew installed. The issue, which was reported to the maintainers on April 18 by a Japanese security researcher named RyotaK, stemmed from the way code changes in its  GitHub repository  were handled, resulting in a scenario where a malicious  pull request  — i.e., the proposed changes — could be automatically reviewed and approved. The flaw was fixed on April 19. Homebrew is a free and open-source software package manager solution that allows the installation of software on Apple's macOS operating system as well as Linux. Homebrew  Cask  extends the functionality to include command-line workflows for GUI-based macOS applications, fonts, plugins, and other non-open source software. "The discovered vulnerability would allow an attacker to inject arbitrary code into a cask and have it be

The Hacker News

April 24, 2021

Unsecured Kubernetes Instances Could Be Vulnerable to Exploitation Full Text

Abstract Kubernetes clusters can and should be configured for greater security, but when left unsecured, these clusters can be accessed anonymously by anyone who knows their IPs, ports, and APIs.

Palo Alto Networks

April 23, 2021

New Supply Chain Exploit in CocoaPods Impacts Three Million Mobile Apps Full Text

Abstract A remote code execution (RCE) vulnerability in the central CocoaPods server could have potentially impacted up to three million mobile apps that relied on the open source package manager.

The Daily Swig

April 23, 2021

New QNAP NAS Flaws Exploited In Recent Ransomware Attacks - Patch It! Full Text

Abstract A new ransomware strain called " Qlocker " is targeting QNAP network attached storage (NAS) devices as part of an ongoing campaign and encrypting files in password-protected 7zip archives. First reports of the  infections  emerged on April 20, with the adversaries behind the operations demanding a bitcoin payment (0.01 bitcoins or about $500.57) to receive the decryption key. In response to the ongoing attacks, the Taiwanese company has released an advisory prompting users to apply updates to QNAP NAS running Multimedia Console, Media Streaming Add-on, and HBS 3 Hybrid Backup Sync to secure the devices from any attacks. "QNAP strongly urges that all users immediately install the latest Malware Remover version and run a malware scan on QNAP NAS," the company  said . "The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks."

The Hacker News

April 23, 2021

Signal Says Cellebrite Mobile Device Analysis Products Can Be Hacked Full Text

Abstract Cellebrite’s forensic applications do not include the type of security protections one would expect from a parsing software, which renders them susceptible to attacks, according to Signal.

Security Week

April 22, 2021

Rockwell Industrial Switches Affected by More Vulnerabilities in Cisco Software Full Text

Abstract Rockwell Automation has started releasing firmware updates for some of its Stratix switches to address another round of vulnerabilities introduced by the use of Cisco’s IOS XE software.

Security Week

April 22, 2021

Cellebrite ‘s forensics tool affected by arbitrary code execution issue Full Text

Abstract Cellebrite mobile forensics tool Ufed contains multiple flaws that allow arbitrary code execution on the device, SIGNAL creator warns. Moxie Marlinspike, the creator of the popular encrypted messaging app Signal, announced that Cellebrite mobile forensics...

Security Affairs

April 22, 2021

Researchers Discover Ways to Leak Contact Information by Exploiting Privacy Weaknesses in Apple AirDrop Full Text

Abstract A bug-hunting team at Technische Universität Darmstadt in Germany reverse engineered AirDrop and found that senders and receivers may leak their contact details in the process.

The Register

April 22, 2021

QNAP removes backdoor account in NAS backup, disaster recovery app Full Text

Abstract QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials.

BleepingComputer

April 22, 2021

Trend Micro flaw actively exploited in the wild Full Text

Abstract Cybersecurity firm Trend Micro revealed that a threat actor is actively exploiting a flaw, tracked as CVE-2020-24557, in its antivirus solutions to gain admin rights on Windows systems. Security solutions one again are used as attack vectors by threat...

Security Affairs

April 22, 2021

Valve belatedly fixes Steam gaming platform RCE vulnerability Full Text

Abstract A Steam source engine vulnerability discovered by ‘Florian’, a member of reverse engineering group Secret Club, was finally resolved last weekend, after it was first reported in May 2019.

The Daily Swig

April 21, 2021

Signal CEO gives mobile-hacking firm a taste of being hacked Full Text

Abstract Software developed by data extraction company Cellebrite contains vulnerabilities that allow arbitrary code execution on the device, claims Moxie Marlinspike, the creator of the encrypted messaging app Signal.

BleepingComputer

April 21, 2021

When unicorns trot too fast: Lessons from one startup’s bug bounty missteps Full Text

Abstract Luta Security’s Katie Moussoris details Clubhouse vulnerabilities she disclosed, and how fast growing startups with good intentions sometimes drop the ball.

SCMagazine

April 21, 2021

Google fixes exploited Chrome zero-day dropped on Twitter last week Full Text

Abstract Google has released Chrome 90.0.4430.85 to address an actively exploited zero-day and four other high severity security vulnerabilities impacting today's most popular web browser.

BleepingComputer

April 21, 2021

Pulse Secure Critical Zero-Day Security Bug Under Active Exploit Full Text

Abstract CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs.

Threatpost

April 21, 2021

Google issues Chrome update patching seven security vulnerabilities Full Text

Abstract Google released version 90.0.4430.85 of the Chrome browser for Windows, Mac, and Linux. The zero-day, which was assigned the identifier CVE-2021-21224, was described as a "type confusion in V8".

ZDNet

April 21, 2021

QNAP fixes critical RCE vulnerabilities in NAS devices Full Text

Abstract QNAP Systems has patched a pair of critical security vulnerabilities that could allow unauthenticated attackers to take control of its network-attached storage (NAS) devices.

The Daily Swig

April 21, 2021

Update Your Chrome Browser ASAP to Patch a Week Old Public Exploit Full Text

Abstract Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven security fixes, including one flaw for which it says an exploit exists in the wild. Tracked as CVE-2021-21224 , the flaw concerns a type confusion vulnerability in V8 open-source JavaScript engine that was reported to the company by security researcher Jose Martinez on April 5 According to security researcher  Lei Cao , the bug [ 1195777 ] is triggered when performing integer data type conversion, resulting in an out-of-bounds condition that could be used to achieve arbitrary memory read/write primitive. "Google is aware of reports that exploits for CVE-2021-21224 exist in the wild," Chrome's Technical Program Manager Srinivas Sista  said  in a blog post. The update comes after proof-of-concept (PoC) code exploiting the flaw published by a researcher named " frust " emerged on April 14 by taking advantage of the fact that the issue was addressed

The Hacker News

April 21, 2021

3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited Full Text

Abstract Security vendor SonicWall has addressed three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. SonicWall is warning its customers to update their hosted and on-premises email security products to address...

Security Affairs

April 21, 2021

Django Debug Toolbar tripped up by SQL injection flaw Full Text

Abstract Users who use the Django Debug Toolbar – particularly in production environments where the potential for attack is higher are advised to update to 1.11.1, 2.2.1, or 3.2.1.

The Daily Swig

April 21, 2021

GraphQL APIs rev up innovation – but also introduce a potential security nightmare Full Text

Abstract It should come as no surprise that businesses have glommed onto the data sharing and monetizing benefits of APIs while overlooking the security ramifications of APIs left unprotected.

Last Watchdog

April 20, 2021

3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances Full Text

Abstract SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the  flaws  were discovered and reported to the company by FireEye's Mandiant subsidiary on March 26, 2021, after the cybersecurity firm detected post-exploitation web shell activity on an internet-accessible system within a customer's environment that had SonicWall's Email Security (ES) application running on a Windows Server 2012 installation. A third flaw (CVE-2021-20023) identified by FireEye was disclosed to SonicWall on April 6, 2021. FireEye is tracking the malicious activity under the moniker UNC2682. "These vulnerabilities were executed in conjunction to obtain administrative access and code execution on a SonicWall ES device," researchers Josh Fleischer, Chris DiGiamo, and Alex Pennino  said . The adversary leveraged these vulnerabilitie

The Hacker News

April 20, 2021

Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock Full Text

Abstract The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity.

Threatpost

April 20, 2021

SonicWall warns customers to patch 3 zero-days exploited in the wild Full Text

Abstract Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products.

BleepingComputer

April 20, 2021

Microsoft partially fixes Windows 7, Server 2008 vulnerability Full Text

Abstract Microsoft has silently issued a partial fix for a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices.

BleepingComputer

April 20, 2021

Remote code execution vulnerabilities discovered in Cosori smart air fryer Full Text

Abstract CVE-2020-28592 and CVE-2020-28593 are remote code execution vulnerabilities that could allow an attacker to remotely inject code into the device to change temperatures, cooking times, and settings.

Cisco Talos

April 20, 2021

Vulnerability Spotlight: Multiple vulnerabilities in Synology DiskStation Manager Full Text

Abstract An attacker could exploit CVE-2021-26560, CVE-2021-26561, and CVE-2021-26562 with a man-in-the-middle technique to gain the ability to remotely execute code on the targeted device.

Cisco Talos

April 20, 2021

Pulse Secure VPN zero-day used to hack defense firms, govt orgs Full Text

Abstract Pulse Secure has shared mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited against US Defense Industrial base (DIB) networks and worldwide organizations.

BleepingComputer

April 20, 2021

Recent Chromium bug used to attack Chinese WeChat users Full Text

Abstract A Chrome vulnerability exploit published online last week has been weaponized and abused to attack WeChat users in China, a local security firm Qingteng Cloud Security reported on Friday.

The Record

April 20, 2021

WeChat users targeted by hackers using recently disclosed Chromium exploit Full Text

Abstract Threat actors used the Chrome exploit publicly disclosed last week in attacks aimed at WeChat users in China, researchers warn. China-based firm Qingteng Cloud Security, reported that threat actors weaponized the recently disclosed Chrome exploit...

Security Affairs

April 20, 2021

WordPress 5.7.1 Patches XXE Flaw in PHP 8 Full Text

Abstract WordPress has released version 5.7.1 of its popular content management system (CMS), which brings more than 25 bug fixes, including patches for two security vulnerabilities.

Security Week

April 20, 2021

Geico Security Bug Lets Fraudsters Steal Customers’ Driver License Numbers for Months Full Text

Abstract The insurance giant did not say how many customers were affected by the breach but said the fraudsters accessed customer driver’s license numbers between January 21 and March 1.

TechCrunch

April 20, 2021

Coding error allowed attackers to delete Facebook live video Full Text

Abstract On April 17, security researcher Ahmad Talahmeh published an advisory explaining how the vulnerability worked, together with Proof-of-Concept (PoC) code able to trigger an attack.

ZDNet

April 19, 2021

WordPress could treat Google FloC as a security issue Full Text

Abstract The backlash against Google's Federated Learning of Cohorts (FLoC) has continued, with a proposal raised in WordPress Core to block the alternative identifier to third-party cookies by default.

ZDNet

April 19, 2021

Google Project Zero testing 30-day grace period on bug details to boost user patching Full Text

Abstract Google Project Zero will be shifting from a 90-day deadline to a new model that incorporates a new 30-day grace period to gives users time to install patches before technical details are revealed.

ZDNet

April 18, 2021

WordPress to automatically disable Google FLoC on websites Full Text

Abstract WordPress announced today that they plan on treating Google's new FLoC tracking technology as a security concern and plans to block it by default on WordPress sites.

BleepingComputer

April 18, 2021

Monero Cryptocurrency campaign exploits ProxyLogon flaws Full Text

Abstract Threat actors targeted are exploiting the ProxyLogon vulnerabilities in Microsoft Exchange servers to deploy Monero cryptocurrency miners. Sophos researchers reported that threat actors targeted Microsoft Exchange by exploiting ProxyLogon vulnerabilities...

Security Affairs

April 17, 2021

Microsoft fixes Windows 10 bug that can corrupt NTFS drives Full Text

Abstract Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.

BleepingComputer

April 17, 2021

Google Project Zero updates vulnerability disclosure policy moving to a “90+30” model Full Text

Abstract Google Project Zero security team has updated its vulnerability disclosure policy, it gives users 30 days to patch flaws before disclosing associated technical details. The Google Project Zero security team announced an update to its vulnerability...

Security Affairs

April 16, 2021

Critical RCE can allow attackers to compromise Juniper Networks devices Full Text

Abstract Cybersecurity provider Juniper Networks addressed a critical vulnerability that could be exploited by attackers to remotely hijack or disrupt vulnerable devices. Cybersecurity vendor Juniper Networks addressed a critical vulnerability in Junos OS, tracked...

Security Affairs

April 16, 2021

Popular Codecov code coverage tool hacked to steal dev credentials Full Text

Abstract Codecov online platform for hosted code testing reports and statistics announced on Thursday that a threat actor had modified its Bash Uploader script, exposing sensitive information in customers' continuous integration (CI) environment.

BleepingComputer

April 16, 2021

Google won’t reveal technical details on patches for 30 days if vendors hit deadlines Full Text

Abstract Researchers applauded the move, which Google’s Project Zero hopes will drive user patch adoption.

SCMagazine

April 16, 2021

Mass Monitoring of Remote Workers Drives Shadow IT Risk Full Text

Abstract Kaspersky study finds employees switching to less secure personal devices

Infosecurity Magazine

April 16, 2021

Critical Vulnerability Can Allow Attackers to Hijack or Disrupt Juniper Devices Full Text

Abstract A critical vulnerability patched recently by networking and cybersecurity solutions provider Juniper Networks could allow an attacker to remotely hijack or disrupt affected devices.

Security Week

April 16, 2021

Cockpit CMS flaws exposed web servers to NoSQL injection exploits Full Text

Abstract The vulnerabilities could allow a remote, unauthenticated attacker to execute code on a server running Cockpit in some configurations, specifically limited to those running MongoLite.

The Daily Swig

April 16, 2021

Google to Delay Publishing Bug Details for 30 Days Full Text

Abstract New strategy designed to mitigate opportunistic attacks

Infosecurity Magazine

April 16, 2021

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) Thursday issued an  advisory  warning of multiple vulnerabilities in the OpENer  EtherNet/IP  stack that could expose industrial systems to denial-of-service (DoS) attacks, data leaks, and remote code execution. All OpENer commits and versions prior to February 10, 2021, are affected, although there are no known public exploits that specifically target these vulnerabilities. The four security flaws were discovered and reported to CISA by researchers Tal Keren and Sharon Brizinov from operational technology security company Claroty. Additionally, a fifth security issue identified by Claroty was previously disclosed by Cisco Talos ( CVE-2020-13556 ) on December 2, 2020. "An attacker would only need to send crafted ENIP/CIP packets to the device in order to exploit these vulnerabilities," the researchers  said . CVE-2020-13556 concerns an out-of-bounds write vulnerability in the Ethernet/IP server that could

The Hacker News

April 15, 2021

What to do when a bug bounty request sounds more like extortion Full Text

Abstract Experts advise? Try to force the gray hat researcher into a prisoner’s dilemma.

SCMagazine

April 15, 2021

NSA: Top 5 vulnerabilities actively abused by Russian govt hackers Full Text

Abstract A joint advisory from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) warn that the Russian Foreign Intelligence Service (SVR) is exploiting five vulnerabilities in attacks against U.S. organizations and interests.

BleepingComputer

April 15, 2021

Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Credential Harvesting Full Text

Abstract Six days after installing the webshell, the actor used the installed webshell to run PowerShell commands to gather information from the local server and the Active Directory and stole credentials from the compromised Exchange server.

Palo Alto Networks

April 15, 2021

Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks Full Text

Abstract The NSA, the CISA, and the FBI jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” today to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities.

FBI

April 15, 2021

Siemens Releases Several Advisories for ‘NAME:WRECK’ Vulnerabilities Full Text

Abstract Siemens released a total of 14 new advisories on Tuesday, including five describing the impact and remediations for the NAME:WRECK vulnerabilities disclosed on the same day.

Security Week

April 15, 2021

Another Critical Vulnerability Patched in SAP Commerce Full Text

Abstract SAP announced the release of 14 new security notes and 5 updates to previously released notes. The only new Hot News note released with this round of patches addresses a critical vulnerability in SAP Commerce.

Security Week

April 15, 2021

1-Click Hack Found in Popular Desktop Apps — Check If You’re Using Them Full Text

Abstract Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble. "Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction," the researchers  said . "Code execution can be achieved either when a URL pointing to a malicious executable (.desktop, .jar, .exe, …) hosted on an internet accessible file share (nfs, webdav, smb, …) is opened, or an additional vulnerability in the opened application's URI handler is exploited." Put differently; the flaws stem from an insufficient validation of URL input that, when opened with the help of the u

The Hacker News

April 15, 2021

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce Full Text

Abstract April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them fixes a critical issue in SAP Commerce. April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released...

Security Affairs

April 15, 2021

Critical WhatsApp Flaw Let Attackers Hack the Victim Device Remotely Full Text

Abstract CENSUS identified two vulnerabilities in the popular WhatsApp messenger app for Android. The first of these was independently reported to Facebook and was...

Cyber Security News

April 15, 2021

For the second time in a week, a Google Chromium zero-day released online Full Text

Abstract For the second time in a week, a Chromium zero-day remote code execution exploit code has been released on Twitter, multiple browsers impacted. A new Chromium zero-day remote code execution exploit has been released on Twitter this week, kile the previous...

Security Affairs

April 14, 2021

Security Bug Allows Attackers to Brick Kubernetes Clusters Full Text

Abstract The vulnerability is triggered when a cloud container pulls a malicious image from a registry.

Threatpost

April 14, 2021

WhatsApp flaws could have allowed hackers to remotely hack mobile devices Full Text

Abstract WhatsApp addressed two security vulnerabilities in its app for Android that could have been exploited to remotely hack the victim's device. WhatsApp recently addressed two security vulnerabilities in its app for Android that could have been exploited...

Security Affairs

April 14, 2021

SAP fixes critical bugs in Business Client, Commerce, and NetWeaver Full Text

Abstract SAP's security updates for this month address multiple critical vulnerabilities. The most serious of them, rated with the highest severity score, affects the company's Business Client product.

BleepingComputer

April 14, 2021

Second Google Chrome zero-day exploit dropped on twitter this week Full Text

Abstract A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.

BleepingComputer

April 14, 2021

Critical Exchange Server Vulnerabilities let Attackers Execute Remote Code Full Text

Abstract Microsoft has released security updates for vulnerabilities found in the below versions of Exchange servers on the 13th April 2021 which is...

Cyber Security News

April 14, 2021

Reddit takes bug bounty program public Full Text

Abstract Reddit announced Wednesday that it is taking its bug bounty program public. The popular social news site and community forum platform has run a private program with HackerOne for the past three years, but hopes that by going public, it can more quickly address vulnerabilities, improve its defenses and keep the platform secure. “We’ve seen…

SCMagazine

April 14, 2021

100 Million+ Devices Affected With Critical WRECK DNS Implementation Flaws Full Text

Abstract JSOF team together with Forescout Research Labs, have revealed a set of nine vulnerabilities related to Domain Name System (DNS) implementations, causing...

Cyber Security News

April 14, 2021

New WhatsApp Bugs Could’ve Let Attackers Hack Your Phone Remotely Full Text

Abstract Facebook-owned WhatsApp recently addressed two security vulnerabilities in its messaging app for Android that could have been exploited to execute malicious code remotely on the device and even compromise encrypted communications. The flaws take aim at devices running Android versions up to and including Android 9 by carrying out what's known as a "man-in-the-disk" attack that makes it possible for adversaries to compromise an app by manipulating certain data being exchanged between it and the external storage. "The two aforementioned WhatsApp vulnerabilities would have made it possible for attackers to remotely collect TLS cryptographic material for TLS 1.3 and TLS 1.2 sessions," researchers from Census Labs  said  today.  "With the TLS secrets at hand, we will demonstrate how a man-in-the-middle (MitM) attack can lead to the compromise of WhatsApp communications, to remote code execution on the victim device and to the extraction of Noise protocol key

The Hacker News

April 14, 2021

WhatsApp flaw lets anyone lock you out of your account Full Text

Abstract The underlying loophole abuses a lapse in security of two independent WhatsApp processes, according to Forbes, which quoted research by Luis Márquez Carpintero and Ernesto Canales Pereña.

ESET Security

April 14, 2021

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks Full Text

Abstract Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. Dubbed  SMASH  (Synchronized MAny-Sided Hammering), the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM cards, notwithstanding extensive mitigations that have been put in place by manufacturers over the last seven years. "Despite their in-DRAM Target Row Refresh (TRR) mitigations, some of the most recent DDR4 modules are still vulnerable to many-sided Rowhammer bit flips," the researchers said.  "SMASH exploits high-level knowledge of cache replacement policies to generate optimal access patterns for eviction-based many-sided Rowhammer. To bypass the in-DRAM TRR mitigations, SMASH carefully schedules cache hits and misses to successfully trigger synchronized many-sided Rowhammer bit flips." By synchronizing memory requests with DRAM refresh commands, the researchers

The Hacker News

April 14, 2021

New Vulnerability Affecting Container Engines CRI-O and Podman (CVE-2021-20291) Full Text

Abstract Palo Alto Networks researchers have found CVE-2021-20291 in containers/storage that leads to a Denial of Service (DoS) of the container engines CRI-O and Podman when pulling a malicious image from a registry.

Palo Alto Networks

April 14, 2021

Microsoft Patches Four More Critical Exchange Server Bugs Full Text

Abstract NSA reported the vulnerabilities as Patch Tuesday CVEs top 100

Infosecurity Magazine

April 14, 2021

Adobe Patches Critical Code Execution Vulnerabilities in Photoshop, Bridge Full Text

Abstract Adobe on Tuesday announced patches for several vulnerabilities in four of its products, including critical code execution and buffer flow flaws affecting Photoshop and Bridge.

Security Week

April 14, 2021

PoC Exploit Released for Unpatched Flaw Affecting Chromium-Based Browsers Full Text

Abstract A researcher has made public a proof-of-concept (PoC) exploit for a recently discovered vulnerability affecting Chrome, Edge, and other Chromium-based web browsers. The researchers demonstrated the exploit against both Chrome and Microsoft Edge.

Security Week

April 13, 2021

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits Full Text

Abstract Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation. One of the two flaws concerns an insufficient validation of untrusted input in its V8 JavaScript rendering engine (CVE-2021-21220), which was demonstrated by Dataflow Security's Bruno Keith and Niklas Baumstark at the  Pwn2Own 2021  hacking contest last week. While Google moved to fix the flaw quickly, security researcher Rajvardhan Agarwal published a  working exploit  over the weekend by reverse-engineering the patch that the Chromium team pushed to the open-source component, a factor that may have played a crucial role in the release. UPDATE:   Agarwal, in an email to The Hacker News, confirmed that there's one more vulnerability affecting Chromium-based browsers that has been patched in the latest vers

The Hacker News

April 13, 2021

NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers Full Text

Abstract In its April slate of patches, Microsoft rolled out fixes for a total of  114 security flaws , including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Of the  114 flaws , 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity. Chief among them is  CVE-2021-28310 , a privilege escalation vulnerability in Win32k that's said to be under active exploitation, allowing attackers to elevate privileges by running malicious code on a target system.  Cybersecurity firm Kaspersky, which discovered and reported the flaw to Microsoft in February, linked the zero-day exploit to a threat actor named Bitter APT, which was found exploiting a similar flaw ( CVE-2021-1732 ) in attacks late last year. "It is an escalation of privilege (EoP) exploit that is likely used together with other browser exploits to escape sandboxes or get system privileges for further access," Kaspersky researcher Boris Larin  said . NS

The Hacker News

April 13, 2021

Microsoft fixes 2 critical Exchange Server flaws reported by the NSA Full Text

Abstract Microsoft patch Tuesday security updates address four high and critical vulnerabilities in Microsoft Exchange Server that were reported by the NSA. Microsoft patch Tuesday security updates released today have addressed four critical and high severity...

Security Affairs

April 13, 2021

How the NAME:WRECK Bugs Impact Consumers, Businesses Full Text

Abstract How this class of vulnerabilities will impact millions connected devices and potentially wreck the day of IT security professionals.

Threatpost

April 13, 2021

NSA discovers critical Exchange Server vulnerabilities, patch now Full Text

Abstract Microsoft today has released security updates for Exchange Server that address a set of four vulnerabilities with severity scores ranging from high to critical.

BleepingComputer

April 13, 2021

Microsoft closes new critical Exchange vulnerability, suggests patch ‘as soon as possible’ Full Text

Abstract The alert about new exchange bugs come soon after on-premises Exchange customers were told to patch against a campaign actively exploiting a zero-day vulnerability.

SCMagazine

April 13, 2021

Adobe addresses two critical vulnerabilities in Photoshop Full Text

Abstract Adobe has addressed security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. Adobe has fixed ten security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. Seven vulnerabilities...

Security Affairs

April 13, 2021

Microsoft April 2021 Patch Tuesday fixes 108 flaws, 5 zero-days Full Text

Abstract Today is Microsoft's April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. It has been a tough couple of months for Windows and Microsoft Exchange admins, and it looks like April won't be any easier, so please be nice to your IT staff today.

BleepingComputer

April 13, 2021

Adobe Patches Slew of Critical Security Bugs in Bridge, Photoshop Full Text

Abstract The security bugs could open the door for arbitrary code-execution and full takeover of targeted machines.

Threatpost

April 13, 2021

Experts released PoC exploit code for a critical RCE in QNAP NAS devices Full Text

Abstract The exploit code for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices that run the Surveillance Station video management system is available online. An exploit for a remote code execution vulnerability affecting...

Security Affairs

April 13, 2021

Adobe fixes critical vulnerabilities in Photoshop and Digital Editions Full Text

Abstract Adobe has released security updates that address security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp.

BleepingComputer

April 13, 2021

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices Full Text

Abstract Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. Dubbed " NAME:WRECK " by Forescout and JSOF, the flaws are the latest in series of studies undertaken as part of an initiative called Project Memoria to study the security of widely-used TCP/IP stacks that are incorporated by various vendors in their firmware to offer internet and network connectivity features. "These vulnerabilities relate to Domain Name System (DNS) implementations, causing either Denial of Service (DoS) or Remote Code Execution (RCE), allowing attackers to take target devices offline or to take control over them," the researchers said. The name comes from the fact that parsing of domain names can break (i.e., "wreck") DNS implementations in TCP/IP stacks, adding to a recent uptick in vulnerabilities such as

The Hacker News

April 13, 2021

Millions of devices impacted by NAME:WRECK flaws Full Text

Abstract Security experts disclosed nine flaws, collectively tracked as NAME:WRECK, affecting implementations of the DNS protocol in popular TCP/IP network communication stacks. Security researchers disclosed nine vulnerabilities, collectively tracked as NAME:WRECK,...

Security Affairs

April 13, 2021

Expert publicly released Chromium-based browsers exploit demonstrated at Pwn2Own 2021 Full Text

Abstract An Indian security researcher has published a proof-of-concept (PoC) exploit code for a vulnerability impacting Google Chrome and other Chromium-based browsers. The Indian security researcher Rajvardhan Agarwal has publicly released a proof-of-concept...

Security Affairs

April 13, 2021

Name:Wreck Bugs Could Impact 100M IoT Devices Full Text

Abstract Exploitation could deny service or enable remote code execution

Infosecurity Magazine

April 13, 2021

New DNS vulnerabilities have the potential to impact millions of devices Full Text

Abstract These vulnerabilities affect four popular TCP/IP stacks – namely FreeBSD, IPnet, Nucleus NET, and NetX – which are commonly present in well-known IT software and popular IoT/OT firmware and have the potential to impact millions of IoT devices.

Help Net Security

April 13, 2021

NAME:WRECK DNS vulnerabilities affect over 100 million devices Full Text

Abstract Security researchers today disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices.

BleepingComputer

April 13, 2021

NAME:WRECK DNS bugs affect over 100 million devices Full Text

Abstract Security researchers today disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices.

BleepingComputer

April 13, 2021

‘Name:Wreck’ is the latest collision between TCP/IP and the standards process Full Text

Abstract The set of nine vulnerabilities in four popular TCP/IP stacks, including FreeBSD, show once again how complexities in the TCP/IP standards can ultimately leads to vulnerable products.

SCMagazine

April 12, 2021

Google Chrome, Microsoft Edge zero-day vulnerability shared on Twitter Full Text

Abstract A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge.

BleepingComputer

April 12, 2021

CS:GO, Valve Source games vulnerable to hacking using Steam invites Full Text

Abstract A group of security researchers known as the Secret Club took it to Twitter to report a remote code execution bug in the Source 3D game engine developed by Valve and used for building games with tens of millions of unique players.

BleepingComputer

April 12, 2021

Zerodium Will Triple Payouts for RCE Exploits for WordPress CMS Full Text

Abstract The exploit purchase platform is currently tempting exploit developers and vendors with a $300,000 payout, three times more than the normal cost. The announcement was made via Twitter.

Heimdal Security

April 12, 2021

UK’s NCSC Issues Critical Alert Against Fortinet VPN Vulnerability Full Text

Abstract The alert from the NCSC follows a report by Kaspersky detailing how cybercriminals are exploiting a Fortinet VPN vulnerability (CVE-2018-13379) to distribute ransomware by exploiting unpatched systems and remotely accessing usernames and passwords.

ZDNet

April 12, 2021

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021 Full Text

Abstract The 2021 spring edition of  Pwn2Own  hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A total of $1.2 million was awarded for 16 high-profile exploits over the course of the three-day virtual event organized by the Zero Day Initiative (ZDI). Targets with successful attempts included Zoom, Apple Safari, Microsoft Exchange, Microsoft Teams, Parallels Desktop, Windows 10, and Ubuntu Desktop operating systems. Some of the major highlights are as follows — Using an authentication bypass and a local privilege escalation to completely take over a Microsoft Exchange server, for which the Devcore team netted $200,000 Chaining a pair of bugs to achieve code execution in Microsoft Teams, earning researcher OV $200,000 A zero-click exploit targeting Zoom that employed a three-bug chain to exploit the messenger app and gain code execution on the target system. ($200,000) The exploitation

The Hacker News

April 10, 2021

Cisco will not release updates to fix critical RCE flaw in EoF Business Routers Full Text

Abstract According to a security advisory published by the company, Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers are affected by Remote Command Execution vulnerability that resides in the Management Interface.

Security Affairs

April 9, 2021

Zerodium will pay $300K for WordPress RCE exploits Full Text

Abstract Zero-day broker Zerodium announced that will triples payouts for remote code execution exploits for the popular WordPress content management system. Zero-day broker Zerodium has tripled the payouts for exploits for the WordPress content management...

Security Affairs

April 9, 2021

Cisco will not release updates to fix critical RCE flaw in EoF Business Routers Full Text

Abstract Cisco announced it will not release security updates to address a critical security vulnerability affecting some of its Small Business routers. Cisco is urging customers that are using some of its Small Business routers to replace their devices because...

Security Affairs

April 9, 2021

LifeLabs Launches Vulnerability Disclosure Program Full Text

Abstract Canadian medical laboratory teams up with Bugcrowd to boost cybersecurity

Infosecurity Magazine

April 9, 2021

Critical Zoom vulnerability triggers remote code execution without user input Full Text

Abstract The researchers from Computest demonstrated a three-bug attack chain against Zoom that caused remote code execution on a target machine, and all without any form of user interaction.

ZDNet

April 09, 2021

Zerodium triples WordPress remote code execution exploit payout Full Text

Abstract Zerodium has announced today an increased interest in exploits Zerodium has announced today an increased interest in exploits for the WordPress content management system that achieve remote code execution.

BleepingComputer

April 9, 2021

Pwn2Own 2021: participants earned $1,2M of the $1.5M prize pool Full Text

Abstract The Pwn2Own 2021 hacking competition was concluded, participants earned more than $1.2 million, the greatest total payout ever. The Pwn2Own 2021 hacking competition reached the end, participants earned more than $1.2 million which is more than ever...

Security Affairs

April 09, 2021

Researchers earn $1,2 million for exploits demoed at Pwn2Own 2021 Full Text

Abstract Pwn2Own 2021 ended with contestants earning a record $1,210,000 for exploits and exploits chains demoed over the course of three days.

BleepingComputer

April 9, 2021

Moodle flaw exposed users to account takeover Full Text

Abstract Moodle is an open-source educational platform used by 179,000 sites and has 242 million users. It allows universities to easily distribute content to students and teachers.

Security Affairs

April 09, 2021

Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers Full Text

Abstract Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices. The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers, allowing an unauthenticated, remote attacker to execute arbitrary code on an affected appliance. The flaw, which stems from improper validation of user-supplied input in the web-based management interface, could be exploited by a malicious actor to send specially-crafted HTTP requests to the targeted device and achieve remote code execution. " A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device," Cisco  said  in its advisory. Security researcher Treck Zhou has been credited with reporting the vulnerability. Although

The Hacker News

April 9, 2021

Report: Supplier Impersonation Attacks a Major Risk Full Text

Abstract Threat actors are leveraging the supply chain to deliver various types of threats to organizations, and few of them are spared from such attacks, according to a new report from Proofpoint.

Security Week

April 08, 2021

Google Chrome blocks port 10080 to stop NAT Slipstreaming attacks Full Text

Abstract Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks.

BleepingComputer

April 8, 2021

Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers Full Text

Abstract Cisco says it will not patch three small business router models and one VPN firewall device with critical vulnerabilities.

Threatpost

April 08, 2021

Google Chrome blocks a new port to stop NAT Slipstreaming attacks Full Text

Abstract Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks.

BleepingComputer

April 8, 2021

BleedingTooth: Google drops full details of zero-click Linux Bluetooth bug chain leading to RCE Full Text

Abstract A set of zero-click vulnerabilities in the Linux Bluetooth subsystem that allow nearby, unauthenticated attackers “to execute arbitrary code with kernel privileges on vulnerable devices”.

The Daily Swig

April 8, 2021

Pwn2Own 2021 Day 2 – experts earned $200K for a zero-interaction Zoom exploit Full Text

Abstract Pwn2Own 2021 - Day 2: a security duo earned $200,000 for a zero-interaction Zoom exploit allowing remote code execution. One of the most interesting working exploits of the second day of the Pwn2Own 2021 was demonstrated by security researchers Daan...

Security Affairs

April 08, 2021

Windows 10 hacked again at Pwn2Own, Chrome and Zoom also fall Full Text

Abstract Contestants hacked Microsoft's Windows 10 OS twice during the second day of the Pwn2Own 2021 competition, together with the Google Chrome web browser and the Zoom video communication platform.

BleepingComputer

April 8, 2021

Cisco RCE Flaws Let Attackers Let Attackers Escalate Privileges Full Text

Abstract Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local...

Cyber Security News

April 8, 2021

Cisco fixed multiple flaws in SD-WAN vManage Software, including a critical RCE Full Text

Abstract Cisco has addressed a critical pre-authentication remote code execution (RCE) vulnerability in the SD-WAN vManage Software. Cisco has addressed multiple vulnerabilities in Cisco SD-WAN vManage Software that could be exploited by an unauthenticated,...

Security Affairs

April 8, 2021

Google Patches Critical Code Execution Vulnerability in Android Full Text

Abstract The April 2021 Android security bulletin by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component.

Security Week

April 07, 2021

Cisco fixes bug allowing remote code execution with root privileges Full Text

Abstract Cisco has released security updates to address a pre-authentication remote code execution (RCE) vulnerability affecting SD-WAN vManage Software's user management function.

BleepingComputer

April 7, 2021

NSA workflow application Emissary vulnerable to malicious takeover Full Text

Abstract Users have been urged to update their systems after the discovery of five security flaws in the Java web application, which runs in a multi-tiered P2P network of computer resources.

The Daily Swig

April 7, 2021

Hackers Targeting Mission-critical SAP Applications Exploiting known Security Vulnerabilities Full Text

Abstract Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, according to a report issued...

Cyber Security News

April 7, 2021

Vulnerabilities in ICS-specific backup solution open industrial facilities to attack Full Text

Abstract Researchers from Claroty have found and privately disclosed nine vulnerabilities affecting Rockwell Automation’s FactoryTalk AssetCentre, an ICS-specific backup solution.

Help Net Security

April 07, 2021

Android to Support Rust Programming Language to Prevent Memory Flaws Full Text

Abstract Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs. To that end, the company has been building parts of the Android Open Source Project (AOSP) with Rust for the past 18 months, with plans in the pipeline to scale this initiative to cover more aspects of the operating system. "Managed languages like Java and Kotlin are the best option for Android app development," Google  said . "The Android OS uses Java extensively, effectively protecting large portions of the Android platform from memory bugs. Unfortunately, for the lower layers of the OS, Java and Kotlin are not an option." Stating that code written in C and C++ languages requires robust isolation when parsing untrustworthy input, Google said the technique of containing such code within a tightly constrained and unprivileged sandbox can be expensive, causing latency issues and additional

The Hacker News

April 07, 2021

Microsoft’s Windows 10, Exchange, and Teams hacked at Pwn2Own Full Text

Abstract During the first day of Pwn2Own 2021, contestants won $440,000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft's Windows 10 OS, the Exchange mail server, and the Teams communication platform.

BleepingComputer

April 7, 2021

Rust in the Android platform Full Text

Abstract Google announced that the Android Open Source Project (AOSP) now supports the Rust programming language for developing the OS itself to prevent memory safety vulnerabilities.

Chrome Releases

April 07, 2021

Critical Auth Bypass Bug Found in VMWare Data Centre Security Product Full Text

Abstract A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1.  Carbon Black Cloud Workload is a data center security product from VMware that aims to protect critical servers and workloads hosted on vSphere, the company's cloud-computing virtualization platform. "A URL on the administrative interface of the VMware Carbon Black Cloud Workload appliance can be manipulated to bypass authentication," VMware  said  in its advisory, thereby allowing an adversary with network access to the interface to gain access to the administration API of the appliance. Armed with the access, a malicious actor can then view and alter  administrative configuration settings , the company added. In addition to releasing a fix for CVE-2021

The Hacker News

April 7, 2021

Zero-Click Flaw with Apple Mail Can be Triggered by Sending Two Zip Files Full Text

Abstract Mikko Kenttala, founder and CEO of SensorFu found a zero-click vulnerability in Apple Mail, which allowed to add or modify any arbitrary...

Cyber Security News

April 6, 2021

Bug allows attackers to hijack Windows time sync software used to track security incidents Full Text

Abstract Any disruption to Greyware’s Domain Time II could make it virtually impossible to track a security incident – and any sequence of events that are important to the business or regulators.

SCMagazine

April 6, 2021

SAP systems are targeted within 72 hours after updates are released Full Text

Abstract On-premises SAP systems are targeted by threat actors within 72 hours after security patches are released, security SAP security firm Onapsis warns. According to a joint study published by Onapsis and SAP, on-premises SAP systems are targeted by threat...

Security Affairs

April 6, 2021

Critical Cloud Bug in VMWare Carbon Black Allows Takeover Full Text

Abstract CVE-2021-21982 affects a platform designed to secure private clouds, and the virtual servers and workloads that they contain.

Threatpost

April 6, 2021

Parrot Launches Bug Bounty Program Full Text

Abstract European drone group partners with YesWeHack to launch a Bug Bounty program

Infosecurity Magazine

April 06, 2021

Ongoing attacks are targeting unsecured mission-critical SAP apps Full Text

Abstract Threat actors are targeting mission-critical SAP enterprise applications unsecured against already patched vulnerabilities, exposing the networks of commercial and government organizations to attacks.

BleepingComputer

April 06, 2021

Watch Out! Mission Critical SAP Applications Are Under Active Attack Full Text

Abstract Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research. "Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, perform financial fraud or disrupt mission-critical business processes by deploying ransomware or stopping operations," cybersecurity firm Onapsis and SAP  said  in a joint report published today. The Boston-based company said it detected over 300 successful exploitations out of a total of 1,500 attempts targeting previously known vulnerabilities and insecure configurations specific to SAP systems between mid-2020 to March 2021, with multiple brute-force attempts made by adversaries aimed at high-privilege SAP accounts as well as chaining together several flaws to strike SAP applications. Applicatio

The Hacker News

April 6, 2021

VMware Patches Critical Flaw in Carbon Black Cloud Workload Full Text

Abstract Tracked as CVE-2021-21982 and featuring a CVSS score of 9.1, the vulnerability could allow attackers to bypass authentication through manipulation of a URL on the interface.

Security Week

April 6, 2021

Experts discovered a privilege escalation issue in popular Umbraco CMS Full Text

Abstract Experts discovered a vulnerability in the popular CMS Umbraco that could allow low privileged users to escalate privileges to "admin." Security experts from Trustwave have discovered a privilege escalation vulnerability in the popular website CMS,...

Security Affairs

April 6, 2021

Experts found critical flaws in Rockwell FactoryTalk AssetCentre Full Text

Abstract Rockwell Automation has recently addressed nine critical vulnerabilities in its FactoryTalk AssetCentre product with the release of version v11. The American provider of industrial automation Rockwell Automation on Thursday informed customers that...

Security Affairs

April 5, 2021

Probing restrictions may stilt Pentagon’s vulnerability disclosure program for contractors Full Text

Abstract The push and pull between the military and security researchers is indicative of more widespread tensions that needs to be surmounted if the Pentagon wants to secure its contracting base.

SCMagazine

April 5, 2021

Apple Mail Zero-Click Security Vulnerability Allows Email Snooping Full Text

Abstract The researcher is offering details on CVE-2020-9922, which can be triggered just by sending a target an email with two .ZIP files attached.

Threatpost

April 5, 2021

Firmware attacks, a grey area in cybersecurity of organizations Full Text

Abstract A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack. Microsoft recently published a report that states, titled "March 2021 Security Signals report," that revealed that more than...

Security Affairs

April 3, 2021

QNAP caught napping as disclosure delay expires, critical NAS bugs revealed Full Text

Abstract Some QNAP network-attached storage devices are vulnerable to attack because of two critical vulnerabilities, one that enables unauthenticated remote code execution and another that provides the ability to write to arbitrary files.

The Register

April 3, 2021

FBI & CISA Warn of Active Attacks on FortiOS Vulnerabilities Full Text

Abstract The FBI and Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) today issued a joint advisory warning admins of active exploits targeting three vulnerabilities in Fortinet FortiOS.

Dark Reading

April 2, 2021

TIM’s Red Team Research (RTR) team found 5 zero-day flaws in the CA eHealth Performance Manager product Full Text

Abstract Researchers from TIM’s Red Team Research discovered five new vulnerabilities affecting the CA eHealth Performance Manager product. Researchers from TIM’s Red Team Research led by Massimiliano Brolli, discovered 5 new vulnerabilities affecting...

Security Affairs

April 2, 2021

Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs Full Text

Abstract Unpatched vulnerabilities in QNAP small office/home office (SOHO) network-attached storage (NAS) devices could be exploited by remote attackers to remotely execute arbitrary code. Security researchers at SAM Seamless Network discovered a couple of critical...

Security Affairs

April 2, 2021

Critical QNAP Vulnerabilities Let Attackers Access User Data and Complete Takeover Full Text

Abstract SAM’s security research team revealed two recent vulnerabilities and their potential impacts that are discovered in a specific kind of NAS device...

Cyber Security News

April 2, 2021

Airlift Express Fixes Vulnerabilities in Its E-commerce Store Full Text

Abstract A team of security researchers from PrivacySavvy recently discovered an OTP vulnerability in Airlift Express, which could lead to account hacks and exploits by cybercriminals.

Security Affairs

April 2, 2021

Airlift Express Fixes Vulnerabilities in Its E-commerce Store Full Text

Abstract PrivacySavvy experts discovered an OTP vulnerability in Airlift Express, which could lead to account hacks and exploits by cybercriminals. A team of security researchers from PrivacySavvy recently discovered an OTP vulnerability in Airlift Express,...

Security Affairs

April 2, 2021

Trustwave Uncovers Vulnerability in Popular Website CMS Full Text

Abstract Privilege escalation issue found on website CMS Umbraco

Infosecurity Magazine

April 1, 2021

VMware fixes authentication bypass in Carbon Black Cloud Workload appliance Full Text

Abstract VMware has addressed a critical authentication bypass vulnerability in the VMware Carbon Black Cloud Workload appliance. VMware has addressed a critical vulnerability, tracked as CVE-2021-21982, in the VMware Carbon Black Cloud Workload appliance...

Security Affairs

April 01, 2021

VMware fixes authentication bypass in data center security software Full Text

Abstract VMware has addressed a critical vulnerability in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers.

BleepingComputer

April 1, 2021

VMware fixed flaws in vROps that can be chained to compromise organizations Full Text

Abstract VMware addressed two vulnerabilities in its vRealize Operations (vROps) product that can expose organizations to a significant risk of attacks The vROps delivers self-driving IT operations management for private, hybrid, and multi-cloud environments...

Security Affairs

April 01, 2021

Hackers Using a Windows OS Feature to Evade Firewall and Gain Persistence Full Text

Abstract A novel technique adopted by attackers finds ways to use Microsoft's Background Intelligent Transfer Service (BITS) so as to deploy malicious payloads on Windows machines stealthily. In 2020, hospitals, retirement communities, and medical centers bore the brunt of an  ever-shifting phishing campaign  that distributed custom backdoors such as KEGTAP, which ultimately paved the way for RYUK ransomware attacks. But new  research  by FireEye's Mandiant cyber forensics arm has now revealed a previously unknown persistence mechanism that shows the adversaries made use of BITS to launch the backdoor. Introduced in Windows XP,  BITS  is a component of Microsoft Windows, which makes use of idle network bandwidth to facilitate the asynchronous transfer of files between machines. This is achieved by creating a job — a container that includes the files to download or upload. BITS is commonly used to deliver operating system updates to clients as well as by Windows Defender antivirus

The Hacker News

April 1, 2021

US CISA warns of DoS flaws in Citrix Hypervisor Full Text

Abstract Citrix addressed vulnerabilities in Hypervisor that could be exploited by threat actors to execute code in a virtual machine to trigger a denial of service condition on the host. US CISA warns that Citrix has released security updates to address flaws...

Security Affairs

April 1, 2021

Chinese Researchers Earn Another $20,000 for Chrome Sandbox Escape Full Text

Abstract Tracked as CVE-2021-21194, it can be exploited to escape the Chrome sandbox. In combination with a renderer bug, it can allow an attacker to remotely execute arbitrary code outside the Chrome sandbox.

Security Week

March 31, 2021

VMware Fixes Critical Flaw that Let Attackers Steal Admin Credentials Full Text

Abstract VMware security teams announced the release of security patches to fix a severe flaw in vRealize Operations whose exploit would allow threat...

Cyber Security News

March 31, 2021

Chinese experts earned $20,000 for reporting a Chrome Sandbox Escape Full Text

Abstract Researchers have reported to Google a sandbox escape vulnerability in the Chrome web browser to Google that awarded them $20,000. Experts from the Chinese cybersecurity company Qihoo 360 have reported to Google another sandbox escape vulnerability...

Security Affairs

March 31, 2021

Fake jQuery files infect WordPress sites with malware Full Text

Abstract Researchers have spotted counterfeit versions of the jQuery Migrate plugin injected on dozens of websites which contains obfuscated code to load malware. These files are named jquery-migrate.js & jquery-migrate.min.js and present at the exact locations where JavaScript files are normally present on WordPress sites but are malicious.

BleepingComputer

March 31, 2021

Most Global Chip Companies Show Signs of Compromise Full Text

Abstract BlueVoyant report reveals widespread vulnerabilities and open ports

Infosecurity Magazine

March 31, 2021

Google Chrome for Linux is getting DNS-over-HTTPS, but there’s a catch Full Text

Abstract Google Chrome developers have announced plans to roll out DNS-over-HTTPS (DoH) support to Chrome web browser for Linux. DoH has been supported on Google Chrome for other platforms, including Android, since at least 2020. But, there's a catch.

BleepingComputer

March 31, 2021

IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions Full Text

Abstract IETF has formally deprecated the TLS 1.0 and TLS 1.1 cryptographic protocols because they lack support for recommended cryptographic algorithms and mechanisms The Internet Engineering Task Force (IETF) formally deprecates Transport Layer Security...

Security Affairs

March 30, 2021

VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials Full Text

Abstract VMware addressed a high severity vulnerability in vRealize Operations that could allow stealing admin credentials from vulnerable servers. VMware has published security updates to address multiple vulnerabilities in VMware vRealize Operations that...

Security Affairs

March 30, 2021

VMware fixes bug allowing attackers to steal admin credentials Full Text

Abstract VMware has published security updates to address a high severity vulnerability in vRealize Operations that could allow attackers to steal admin credentials after exploiting vulnerable servers.

BleepingComputer

March 30, 2021

Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites Full Text

Abstract Researchers discovered a reflected XSS vulnerability in the Ivory Search WordPress Plugin installed on over 60,000 sites. On March 28, 2021, Astra Security Threat Intelligence Team responsibly disclosed a vulnerability in Ivory Search, a WordPress...

Security Affairs

March 30, 2021

Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations Full Text

Abstract Linux kernel recently fixed a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices against Spectre attacks. Kernel updates released in March have addressed a couple of vulnerabilities that could...

Security Affairs

March 30, 2021

Hundreds of thousands of projects affected by a flaw in netmask npm package Full Text

Abstract A vulnerability in the netmask npm package, tracked as CVE-2021-28918, could be exploited by attackers to conduct a variety of attacks. A vulnerability in the netmask npm package, tracked as CVE-2021-28918, could expose private networks to multiple...

Security Affairs

March 30, 2021

Researchers discover SAML XML Injection vulnerability Full Text

Abstract The flaw could allow an attacker to modify SAML responses generated by an Identity Provider, and thereby gain unauthorized access to user accounts, or to escalate privileges within an application.

NCC Group

March 29, 2021

Apple patches zero-day targeted for iPhones, iPads and its popular watches Full Text

Abstract Apple on Friday said it patched a zero-day cross-site scripting vulnerability affecting iPhones, iPads, the iPod touch and Apple watches that was actively exploited in the wild – the company’s seventh such announcement of a zero-day patch in the past five months. The Cybersecurity and Infrastructure Security Agency (CISA) issued a release on the bug…

SCMagazine

March 29, 2021

Patched Linux bugs nix Spectre mitigations Full Text

Abstract Spectre is a flaw in speculative execution in Intel, ARM and AMD processors that first came to light in 2018. The vulnerability could ultimately reveal the contents of memory.

SCMagazine

March 29, 2021

Flaws in Ovarro TBox RTUs Could Open Industrial Systems to Remote Attacks Full Text

Abstract As many as five vulnerabilities have been uncovered in Ovarro's TBox remote terminal units (RTUs) that, if left unpatched, could open the door for escalating attacks against critical infrastructures, like remote code execution and denial-of-service. "Successful exploitation of these vulnerabilities could result in remote code execution, which may cause a denial-of-service condition," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said  in an advisory published on March 23. TBox is an "all-in-one" solution for automation and control systems for supervisory control and data acquisition ( SCADA ) applications, with its telemetry software used for remote control and monitoring of assets in a number of critical infrastructure sectors, such as water, power, oil and gas, transportation, and process industries. TBox devices can be programmed using a software suite called TWinSoft, which allows for the creation of interactive web pages, where users

The Hacker News

March 29, 2021

New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems Full Text

Abstract Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as  Spectre  and obtain sensitive information from kernel memory. Discovered by  Piotr Krysiuk  of Symantec's Threat Hunter team, the flaws — tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS scores: 5.5) — impact all Linux kernels prior to 5.11.8. Patches for the security issues were released on March 20, with Ubuntu, Debian, and Red Hat deploying fixes for the vulnerabilities in their respective Linux distributions. While  CVE-2020-27170  can be abused to reveal content from any location within the kernel memory,  CVE-2020-27171 can be used to retrieve data from a 4GB range of kernel memory. First documented in January 2018,  Spectre and Meltdown  take advantage of flaws in modern processors to  leak data  that are currently processed on the computer, thereby allowing

The Hacker News

March 29, 2021

No, I Did Not Hack Your MS Exchange Server — Krebs on Security Full Text

Abstract The motivations of the cybercriminals behind the Krebonsecurity dot top domain are unclear, but the domain itself has a recent association with other cybercrime activity — and harassing this author.

Krebs on Security

March 28, 2021

Critical netmask networking bug impacts thousands of applications Full Text

Abstract Popular npm component netmask has a critical networking vulnerability, CVE-2021-28918. netmask is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare them. The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads.

BleepingComputer

March 28, 2021

Experts found two flaws in Facebook for WordPress Plugin Full Text

Abstract A critical flaw in the official Facebook for WordPress plugin could be abused exploited for remote code execution attacks. Researchers at Wordfence have discovered two vulnerabilities in the Facebook for WordPress plugin, which has more than 500,000...

Security Affairs

March 28, 2021

QNAP NAS Devices: A Juicy Target for Cryptominers Full Text

Abstract A group of researchers from Qihoo 360 found QNAP’s unpatched NAS devices targeted by a newly discovered malware named UnityMiner. 

Cyware Alerts - Hacker News

March 28, 2021

Over 62,000 Microsoft Exchange Servers, Still Left unpatched Full Text

Abstract Microsoft has recently published a very new, one-click mitigation tool, as Microsoft has recently identified various 0-day exploits that are generally being...

Cyber Security News

March 28, 2021

QNAP urges users to take action to protect devices against Brute-Force attacks Full Text

Abstract Taiwanese manufacturer QNAP published an alert urging its customers to secure their devices after a growing number of users reported that their devices have been hit by brute-force attacks. This week the Taiwanese vendor QNAP has published an alert...

Security Affairs

March 27, 2021

DearCry Enters the Threat Landscape to Exploit Exchange Servers Full Text

Abstract The encryption approach taken by this ransomware matches that of WannaCry, however, not other similarities have been observed between the two.

Cyware Alerts - Hacker News

March 27, 2021

Apple released out-of-band updates for a new Zero‑Day actively exploited Full Text

Abstract Apple has released new out-of-band updates for iOS, iPadOS, macOS and watchOS to address another zero‑day flaw, tracked CVE-2021-1879, actively exploited. Apple has released a new set of out-of-band patches for iOS, iPadOS, macOS and watchOS to address...

Security Affairs

March 26, 2021

Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack Full Text

Abstract Merely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has issued yet another security update for iPhone, iPad, and Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild. Tracked as CVE-2021-1879 , the vulnerability relates to a WebKit flaw that could enable adversaries to process maliciously crafted web content that may result in universal cross-site scripting attacks. "This issue was addressed by improved management of object lifetimes," the iPhone maker noted. Apple has credited Clement Lecigne and Billy Leonard of Google's Threat Analysis Group for discovering and reporting the issue. While details of the flaw have not been disclosed, the company said it's aware of reports that CVE-2021-1879 may have been actively exploited. Updates are available for the following devices: iOS 12.5.2  - Phone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6t

The Hacker News

March 26, 2021

Apple fixes a iOS zero-day vulnerability actively used in attacks Full Text

Abstract Apple has released security updates today to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices.

BleepingComputer

March 26, 2021

OpenSSL Releases Patches for 2 High-Severity Security Vulnerabilities Full Text

Abstract The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification. Tracked as CVE-2021-3449 and CVE-2021-3450 , both the  vulnerabilities  have been resolved in an update (version OpenSSL 1.1.1k) released on Thursday. While CVE-2021-3449 affects all OpenSSL 1.1.1 versions, CVE-2021-3450 impacts OpenSSL versions 1.1.1h and newer. OpenSSL is a software library consisting of cryptographic functions that implement the Transport Layer Security protocol with the goal of securing communications sent over a computer network. According to an advisory published by OpenSSL, CVE-2021-3449 concerns a potential DoS vulnerability arising due to NULL pointer dereferencing that can cause an OpenSSL TLS server to crash if in the course of renegotiation the client transmits a malicious "ClientHello" message during the  handshake  between the server and

The Hacker News

March 26, 2021

New, critical vulnerability discovered that could let attackers gain entry to SolarWinds systems Full Text

Abstract While not great news for SolarWinds, it’s also not surprising, say researchers, considering that the software has been under the spotlight for months.

SCMagazine

March 26, 2021

Companies don’t bother to patch. Should MSPs cut them out of decision process? Full Text

Abstract Companies continue to be exploited via Microsoft Exchange vulnerabilities due to inaction.

SCMagazine

March 26, 2021

Apple fixes iOS zero-day vulnerability exploited in the wild Full Text

Abstract Apple has released security updates today to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices.

BleepingComputer

March 26, 2021

Vulnerabilities Can Allow Attackers to Remotely Gain Control of Weintek HMIs Full Text

Abstract A cybersecurity researcher who specializes in industrial control systems (ICS) has identified three types of critical vulnerabilities in products made by human-machine interface (HMI) manufacturer Weintek.

Security Week

March 26, 2021

SolarWinds patches critical code execution bug in Orion Platform Full Text

Abstract SolarWinds has released security updates to address four vulnerabilities impacting the company's Orion IT monitoring platform, two o them allowing remote attackers to execute arbitrary code following exploitation.

BleepingComputer

March 26, 2021

Nearly Half of Popular Android Apps Built With High-Risk Components Full Text

Abstract Almost all of the most popular Android applications use open source components, but many of those components are outdated and have at least one high-risk vulnerability, as per an analysis by Synopsys.

Dark Reading

March 26, 2021

Solarwinds Orion Platform updates fix two remote code execution issues Full Text

Abstract Solarwinds released security updates that address multiple vulnerabilities, including two flaws that be exploited by attackers for remote code execution. Solarwinds has released a major security update to address multiple security vulnerabilities...

Security Affairs

March 26, 2021

Patch Facebook for WordPress to Fix Site Takeover Bugs Full Text

Abstract Wordfence reveals new vulnerabilities in popular plugin

Infosecurity Magazine

March 26, 2021

Severe vulnerabilities patched in Facebook for WordPress Plugin Full Text

Abstract The plugin (formerly called Official Facebook Pixel) is used to capture user actions when they visit a page and to monitor site traffic and has been installed on over 500,000 websites.

ZDNet

March 26, 2021

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks Full Text

Abstract New research into  5G architecture  has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. AdaptiveMobile shared its findings with the GSM Association (GSMA) on February 4, 2021, following which the weaknesses were collectively designated as CVD-2021-0047. 5G is an evolution of current 4G architectures and is based on what's called a service-based architecture (SBA) that provides a modular framework to deploy a set of interconnected network functions, allowing consumers to discover and authorize their access to a plethora of services. The network functions are also responsible for registering subscribers, managing sessions and subscriber profiles, storing subscriber data, and connecting the users (UE or user equipment) to the internet via a base station (gNB). What's more, each network function of

The Hacker News

March 25, 2021

Another Critical RCE Flaw Discovered in SolarWinds Orion Platform Full Text

Abstract IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE). Chief among them is a JSON deserialization flaw that allows an authenticated user to execute arbitrary code via the  test alert actions  feature available in the Orion Web Console, which lets users simulate network events (e.g., an unresponsive server) that can be configured to trigger an alert during setup. It has been rated critical in severity. A second issue concerns a high-risk vulnerability that could be leveraged by an adversary to achieve RCE in the Orion Job Scheduler. "In order to exploit this, an attacker first needs to know the credentials of an unprivileged local account on the Orion Server," SolarWinds  said  in its release notes. The advisory is light on technical specifics,

The Hacker News

March 25, 2021

OpenSSL Project released 1.1.1k version to fix two High-severity flaws Full Text

Abstract The OpenSSL Project addresses two high-severity vulnerabilities, including one related to verifying a certificate chain and one that can trigger a DoS condition. The OpenSSL Project this week released version 1.1.1k to address two high-severity vulnerabilities,...

Security Affairs

March 25, 2021

Microsoft Offers Up To $30K For Teams Bugs Full Text

Abstract A bug-bounty program launched for the Teams desktop videoconferencing and collaboration application has big payouts for finding security holes.

Threatpost

March 25, 2021

62,000 Microsoft Exchange Servers potentially left unpatched, weeks after software bugs were first uncovered Full Text

Abstract The CyberNews investigation team found 62,174 potentially vulnerable unpatched Microsoft Exchange Servers. A number of entities in the US and worldwide remain vulnerable to software bugs that were reported by Microsoft weeks ago. The CyberNews...

Security Affairs

March 25, 2021

Critical Code Execution Flaw with Cisco Jabber Let Attackers Execute Arbitrary Programs Full Text

Abstract Cisco released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS.

Cyber Security News

March 25, 2021

ACSC running scans to find vulnerable Microsoft Exchange servers in Australia Full Text

Abstract Head of the Australian Cyber Security Centre (ACSC) Abigail Bradshaw has told senators "10s of organizations" have so far reached out to her agency regarding vulnerable Microsoft Exchange servers.

ZDNet

March 25, 2021

QNAP warns of ongoing brute-force attacks against NAS devices Full Text

Abstract QNAP warns customers of ongoing attacks targeting QNAP NAS (network-attached storage) devices and urges them to immediately take action to mitigate them.

BleepingComputer

March 25, 2021

Critical Cisco Jabber Bug Could Let Attackers Hack Remote Systems Full Text

Abstract Cisco on Wednesday released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS. Successful exploitation of the flaws could permit an "attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition," the networking major  said  in an advisory. The issues concern a total of five security vulnerabilities, three of which (CVE-2021-1411, CVE-2021-1417, and CVE-2021-1418) were reported to the company by Olav Sortland Thoresen of Watchcom, with two others (CVE-2021-1469 and CVE-2021-1471) uncovered during internal security testing. Cisco notes that the flaws are not dependent on one another, and that exploitation of any one of the vulnerabilities doesn't hinge on the exploitation of another. But in order to do this, an attacker needs to be authenti

The Hacker News

March 25, 2021

#IMOS21: Six Components of a Bug Bounty Program Full Text

Abstract Verizon Media’s Sean Poris outlines how to run a successful bug bounty scheme

Infosecurity Magazine

March 25, 2021

Nearly 100,000 web shells detected on Exchange servers Full Text

Abstract Kryptos Logic found nearly 100,000 active web shells during internet scans of ProxyLogon, the most serious of four vulnerabilities in Microsoft's Exchange Server software disclosed earlier this month.

Tech Target

March 24, 2021

Cisco Jabber for Windows, macOS, Android and iOS is affected by a critical issue Full Text

Abstract Cisco has addressed a critical arbitrary program execution flaw in its Cisco Jabber client software for Windows, macOS, Android, and iOS. Cisco has addressed a critical arbitrary program execution issue, tracked as CVE-2021-1411, that affects several...

Security Affairs

March 24, 2021

Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws Full Text

Abstract Thrive Themes have recently patched vulnerabilities in their Wordpress plugins and legacy Themes – but attackers are targeting those who haven’t yet applied security updates.

Threatpost

March 24, 2021

Microsoft fixes Windows PSExec privilege elevation vulnerability Full Text

Abstract Microsoft has fixed a vulnerability in the PsExec utility that allows local users to gain elevated privileges on Windows devices.

BleepingComputer

March 24, 2021

Microsoft Exchange Servers See ProxyLogon Patching Frenzy Full Text

Abstract Vast swathes of companies were likely compromised before patches were applied, so the danger remains.

Threatpost

March 24, 2021

Cisco addresses critical bug in Windows, macOS Jabber clients Full Text

Abstract Cisco has addressed a critical arbitrary program execution vulnerability impacting several Cisco Jabber client software for Windows, macOS, Android, and iOS.

BleepingComputer

March 24, 2021

Zero-day Flaws Used in Nine Months Long Campaign Targeting Windows, iOS, and Android Devices Full Text

Abstract All the exploits were propagated via watering hole attacks that redirected targets to an infrastructure that installed diverse malware depending on the browsers and devices.

Cyware Alerts - Hacker News

March 24, 2021

TikTok Pays Out $11,000 Bounty for High-Impact Exploit Full Text

Abstract Sayed Abdelhafiz discovered a couple of cross-site scripting (XSS) vulnerabilities, an issue related to starting arbitrary components, and a so-called Zip Slip archive extraction vulnerability.

Security Week

March 24, 2021

92% of worldwide Microsoft Exchange IPs are now patched or mitigated Full Text

Abstract Microsoft revealed that 92% of all on-premises Microsoft Exchange servers exposed online affected by the ProxyLogon vulnerabilities are now patched. On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day...

Security Affairs

March 23, 2021

Critical Flaws Affecting GE’s Universal Relay Pose Threat to Electric Utilities Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of critical security shortcomings in GE's Universal Relay (UR) family of power management devices. "Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition," the agency said in an advisory published on March 16. GE's universal relays enable  integrated monitoring and metering, high-speed communications, and offer simplified power management for the protection of critical assets. The flaws, which affect a number of UR advanced protection and control relays, including B30, B90, C30, C60, C70, C95, D30, D60, F35, F60, G30, G60, L30, L60, L90, M60, N60, T35 and T60, were addressed by GE with the release of an updated version of the UR firmware (version 8.10) made available on December 24, 2020. The patches resolve a total of nine vulnerabilities, the most importan

The Hacker News

March 23, 2021

Most Email Isn’t Secure. Here’s How to Fix It. Full Text

Abstract End-to-end encrypted email is generally cumbersome and unintuitive. It’s time to invest in alternatives.

Lawfare

March 23, 2021

Critical Bugs in Virtual Learning Software May be Used to Hack into Student PCs Full Text

Abstract The McAfee Labs Advanced Threat Research team recently investigated software installed on computers used in K-12 school districts. Netop...

Cyber Security News

March 23, 2021

Google fixes an Android vulnerability actively exploited in the wild Full Text

Abstract Google addressed a zero-day vulnerability affecting Android devices that use Qualcomm chipsets which is actively exploited in the wild. Google has addressed a zero-day vulnerability, tracked as CVE-2020-11261, affecting Android devices that use Qualcomm...

Security Affairs

March 23, 2021

CISA is warning of vulnerabilities in GE Power Management Devices Full Text

Abstract U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns of flaws in GE Power Management Devices that could allow an attacker to conduct multiple malicious activities on vulnerable systems. U.S. Cybersecurity & Infrastructure Security...

Security Affairs

March 23, 2021

Microsoft: 92% of Exchange servers safe from ProxyLogon attacks Full Text

Abstract Roughly 92% of all Internet-connected on-premises Microsoft Exchange servers affected by the ProxyLogon vulnerabilities are now patched and safe from attacks, Microsoft said on Monday.

BleepingComputer

March 23, 2021

Only 14% of domains worldwide truly protected from spoofing with DMARC enforcement Full Text

Abstract Email continues to be an effective way to communicate and use has increased during a year of the global pandemic, and hackers continue to use email as a primary attack vector.

Help Net Security

March 22, 2021

WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack Full Text

Abstract Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by attackers to launch targeted attacks. Tracked as CVE-2020-11261 (CVSS score 8.4), the flaw concerns an "improper input validation" issue in Qualcomm's Graphics component that could be exploited to trigger memory corruption when an attacker-engineered app requests access to a huge chunk of the device's memory. "There are indications that CVE-2020-11261 may be under limited, targeted exploitation," the search giant said in an updated January security bulletin on March 18. CVE-2020-11261 was discovered and reported to Qualcomm by Google's Android Security team on July 20, 2020, after which it was fixed in January 2021. It's worth noting that the access vector for the vulnerability is "local," meaning that exploitation requires local access to the device. In other words, to launch a successful attack, the b

The Hacker News

March 22, 2021

Zoom’s screen-sharing Feature Bug Leaks Sensitive Data Full Text

Abstract Zoom is a video conferencing and messaging software with support for many different devices. A glitch in Zoom’s display-sharing...

Cyber Security News

March 22, 2021

Popular Netop Remote Learning Software Found Vulnerable to Hacking Full Text

Abstract Cybersecurity researchers on Sunday disclosed multiple critical vulnerabilities in remote student monitoring software Netop Vision Pro  that a malicious attacker could abuse to execute arbitrary code and take over Windows computers. "These findings allow for elevation of privileges and ultimately remote code execution which could be used by a malicious attacker within the same network to gain full control over students' computers," the McAfee Labs Advanced Threat Research team said in an analysis. The vulnerabilities, tracked as CVE-2021-27192, CVE-2021-27193, CVE-2021-27194, and CVE-2021-27195, were reported to Netop on December 11, 2020, after which the Denmark-based company fixed the issues in an update (version 9.7.2) released on February 25. "Version 9.7.2 of Vision and Vision Pro is a maintenance release that addresses several vulnerabilities, such as escalating local privileges sending sensitive information in plain text," the company stated in its

The Hacker News

March 22, 2021

Critical code execution vulnerability fixed in Adobe ColdFusion Full Text

Abstract Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018.

BleepingComputer

March 22, 2021

Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now Full Text

Abstract The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning (ERP) system. Tracked as  CVE-2021-26295 , the flaw affects all versions of the software prior to  17.12.06  and employs an "unsafe deserialization" as an attack vector to permit unauthorized remote attackers to execute arbitrary code on a server directly. OFBiz  is a Java-based web framework for automating enterprise processes and offers a wide range of functionality, including accounting, customer relationship management, manufacturing operations management, order management, supply chain fulfillment, and warehouse management system, among others. Specifically, by exploiting this flaw, a malicious party can tamper with serialized data to insert arbitrary code that, when deserialized, can potentially result in remote code execution. "An unauthe

The Hacker News

March 22, 2021

Adobe addresses a critical vulnerability in ColdFusion product Full Text

Abstract Adobe has released security updates to address a critical vulnerability in the ColdFusion product (versions 2021, 2016, and 2018) that could lead to arbitrary code execution.  Adobe has released security patches to address a critical vulnerability...

Security Affairs

March 22, 2021

Abusing distance learning software to hack into student PCs Full Text

Abstract Experts uncovered critical flaws in the Netop Vision Pro distance learning software used by many schools to control remote learning sessions. McAfee discovered multiple security vulnerabilities in the Netop Vision Pro popular distance learning software...

Security Affairs

March 22, 2021

RCE flaw in Apache OFBiz could allow to take over the ERP system Full Text

Abstract The Apache Software Foundation fixed a high severity remote code execution flaw in Apache OFBiz that could have allowed attackers to take over the ERP system. The Apache Software Foundation addressed last week a high severity vulnerability in Apache...

Security Affairs

March 22, 2021

After F5 publishes proofs of concept, potential hackers get to work Full Text

Abstract After proofs of concept for vulnerabilities in F5’s BIG-IP and BIG-IQ products were published March 18, several researchers have logged upticks in hacking attempts and mass vulnerability scans.

SCMagazine

March 22, 2021

Firms Urged to Patch as Attackers Exploit Critical F5 Bugs Full Text

Abstract Full chain exploitation now seen in wild

Infosecurity Magazine

March 20, 2021

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online Full Text

Abstract Almost 10 days after application security company F5 Networks  released patches  for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of in the wild exploitation development comes on the heels of a proof-of-concept exploit code that surfaced online earlier this week by reverse-engineering the Java software patch in BIG-IP. The  mass scans  are said to have spiked since March 18. The flaws affect BIG-IP versions 11.6 or 12.x and newer, with a critical remote code execution (CVE-2021-22986) also impacting BIG-IQ versions 6.x and 7.x.  CVE-2021-22986  (CVSS score: 9.8) is notable for the fact that it's an unauthenticated, remote command execution vulnerability affecting the iControl REST interface, allowing an attacker to execute arbitrary system commands, create or delete files, and disable services without the need for a

The Hacker News

March 20, 2021

A threat actor exploited 11 zero-day flaws in 2020 campaigns Full Text

Abstract A hacking group has employed at least 11 zero-day flaws as part of an operation that took place in 2020 and targeted Android, iOS, and Windows users. Google’s Project Zero security team published a report about the activity of a mysterious hacking...

Security Affairs

March 20, 2021

Microsoft Bug Deleting the Downloaded Files from Microsoft Teams and SharePoint files Full Text

Abstract Microsoft SharePoint and Microsoft Teams users report that the downloaded files are missing or moved to the Recycle Bin.

Cyber Security News

March 20, 2021

Unit 42 Finds 15 New Vulnerabilities in Microsoft, Adobe, Apple Products Full Text

Abstract Unit 42 researchers have been credited with discovering 15 new vulnerabilities addressed by the Microsoft Security Response Center (MSRC), Adobe Security Bulletin, and Apple Security Updates, as part of the last quarter of security update releases.

Palo Alto Networks

March 19, 2021

Critical F5 BIG-IP Flaw Now Under Active Attack Full Text

Abstract Researchers are reporting mass scanning for – and in-the-wild exploitation of – a critical-severity flaw in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure.

Threatpost

March 19, 2021

Critical F5 BIG-IP vulnerability now targeted in ongoing attacks Full Text

Abstract Cybersecurity firm NCC Group said on Thursday that it detected successful in the wild exploitation of a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices.

BleepingComputer

March 19, 2021

Google Releases PoC Utilizing Spectre Flaw Full Text

Abstract Google released a Proof-of-Concept on Spectre side-channel vulnerability for web app developers, highlighting the importance of deploying application-level mitigations to stay secure.

Cyware Alerts - Hacker News

March 19, 2021

Millions of sites could be hacked due to flaws in popular WordPress plugins Full Text

Abstract Experts found vulnerabilities in two WordPress plugins that could be exploited to run arbitrary code and potentially take over a website. Security researchers disclosed vulnerabilities in Elementor and WP Super Cache WordPress plugins that could be exploited...

Security Affairs

March 19, 2021

Microsoft antivirus now automatically mitigates Exchange Server vulnerability Full Text

Abstract Microsoft antivirus tools many users already have installed will now automatically mitigate a critical Exchange Server vulnerability, the lynchpin of several recent campaigns to breach on-premises servers.

SCMagazine

March 19, 2021

Microsoft Defender adds automatic Exchange ProxyLogon mitigation Full Text

Abstract Microsoft Defender Antivirus will now protect unpatched on-premises Exchange servers from ongoing attacks by automatically mitigating the actively exploited CVE-2021-26855 vulnerability.

BleepingComputer

March 18, 2021

Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites Full Text

Abstract A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution (RCE) without the need for prior access to a privileged account. The flaws, which were discovered by independent security researchers Simon Scannell and Carl Smith, were reported to the MyBB Team on February 22, following which it  released  an update (version 1.8.26) on March 10 addressing the issues. MyBB, formerly MyBBoard and originally MyBulletinBoard, is free and open-source forum software developed using PHP and MySQL. According to the researchers, the first issue — a nested auto URL persistent XSS vulnerability (CVE-2021-27889) — stems from how MyBB parses messages containing URLs during the rendering process, thus enabling any unprivileged forum user to embed stored XSS payloads into threads, posts, and even private messages. "The vulnerability can be exploited with minimal user interaction by saving a maliciously craf

The Hacker News

March 18, 2021

Fiserv Forgets to Buy Domain It Used as System Default Full Text

Abstract Fintech security provider Fiserv acknowledges it used unregistered domain as default email.

Threatpost

March 18, 2021

Tutor LMS for WordPress Open to Info-Stealing Security Holes Full Text

Abstract The popular learning-management system for teacher-student communication is rife with SQL-injection vulnerabilities.

Threatpost

March 18, 2021

Why Cached Credentials Can Cause Account Lockouts and How to Stop it Full Text

Abstract When a user account becomes locked out, the cause is often attributed to a user who has simply entered an old or incorrect password too many times. However, this is far from being the only thing that can cause an account to become locked. Another common cause, for example, is an application or script that is configured to log into the system using an old password. Perhaps the most easily overlooked cause of account lockouts, however, is the use of cached credentials. Before I explain  why cached credentials can be problematic , let's first consider what the Windows cached credentials do and why they are necessary. Cached and stored credentials Cached credentials are a mechanism that is used to ensure that users have a way of logging into their device in the event that the device is unable to access the Active Directory. Suppose for a moment that a user is working from a domain-joined laptop and is connected to the corporate network. In that type of situation, the Active Directory

The Hacker News

March 18, 2021

Vulnerability Management Firm Vulcan Cyber Raises $21 Million Full Text

Abstract The new funding, Vulcan Cyber says, will help it expand its platform with new vulnerability remediation solutions for both cloud and applications, as well as meet demand for its SaaS solution.

Security Week

March 18, 2021

Android apps are asking for too many dangerous permissions. Here’s how we know Full Text

Abstract In theory, Android app permissions are a great way to ensure our safety and protect our privacy. In practice, however, these permissions aren’t always shown prominently or described in much detail.

Cyber News

March 17, 2021

Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites Full Text

Abstract Researchers have disclosed vulnerabilities in multiple WordPress plugins that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios. The flaws were uncovered in  Elementor , a website builder plugin used on more than seven million sites, and  WP Super Cache , a tool used to serve cached pages of a WordPress site. According to Wordfence, which discovered the security weaknesses in Elementor, the bug concerns a set of  stored cross-site scripting  (XSS) vulnerabilities (CVSS score: 6.4), which occurs when a malicious script is injected directly into a vulnerable web application. In this case, due to a lack of validation of the HTML tags on the server-side, a bad actor can exploit the issues to add executable JavaScript to a post or page via a crafted request. "Since posts created by contributors are typically reviewed by editors or administrators before publishing, any JavaScript added to one of these posts would

The Hacker News

March 17, 2021

Cisco Plugs Security Hole in Small Business Routers Full Text

Abstract The Cisco security vulnerability exists in the RV132W ADSL2+ Wireless-N VPN Routers and RV134W VDSL2 Wireless-AC VPN Routers.

Threatpost

March 17, 2021

Twitter images can be abused to hide ZIP, MP3 files — here’s how Full Text

Abstract Yesterday, a researcher disclosed a method of hiding up to three MB of data inside a Twitter image. In his demonstration, the researcher showed both MP3 audio files and ZIP archives contained within the PNG images hosted on Twitter.

BleepingComputer

March 17, 2021

Biden administration convenes government, private sector groups to respond to Microsoft vulnerabilities Full Text

Abstract White House officials said Wednesday that the Biden administration has formally stood up a task force of government and private sector groups as it works to investigate and respond to the recently uncovered cyber espionage incident involving a Microsoft email application.

The Hill

March 17, 2021

Microsoft breach ramps up pressure on Biden to tackle cyber vulnerabilities Full Text

Abstract The Biden administration is coming under increasing pressure to address U.S. cybersecurity vulnerabilities following the Microsoft breach that has quickly been viewed as a massive threat to the U.S.

The Hill

March 17, 2021

Microsoft releases one-click mitigation tool for Exchange Server hacks Full Text

Abstract Released on Monday, the tool is designed to mitigate the threat posed by four actively-exploited vulnerabilities that have collectively caused havoc for organizations worldwide.

ZDNet

March 17, 2021

Old Linux storage bugs, new security patches Full Text

Abstract A trio of security holes -- CVE-2021-27365, CVE-2021-27363, and CVE-2021-27364 -- was found by security company GRIMM researchers in an almost forgotten corner of the mainline Linux kernel.

ZDNet

March 16, 2021

Google fixes five Chrome bugs, including one zero-day exploited in the wild Full Text

Abstract The latest news from Google warning to patch Chrome vulnerabilities came on the heels of news early last week that the vast majority of Chrome users take close to one month to install a new patch.

SCMagazine

March 16, 2021

The Microsoft Exchange hack: The risks and rewards of sharing bug intel Full Text

Abstract Intel that Microsoft privately shared with security partners may have leaked to hackers. How do companies know who to trust with their secrets?

SCMagazine

March 16, 2021

DuckDuckGo browser extension vulnerability leaves Edge users open to potential cyber-snooping Full Text

Abstract DuckDuckGo has fixed a universal cross-site scripting (uXSS) flaw in a popular browser extension named DuckDuckGo Privacy Essentials available for both Chrome and Firefox.

The Daily Swig

March 16, 2021

Microsoft rolls back update to fix access issues for thousands Full Text

Abstract Microsoft Corp said early on Tuesday glitches that affected access to workplace messaging app Teams, Outlook.com and other services have been largely fixed after it rolled back an update.

Reuters

March 16, 2021

Researchers Uncovered Hidden Data in the PDF Files Published by Security Agencies Full Text

Abstract Recently, security researchers from different organizations are publishing and sharing frequent electronic documents like PDF files. But there are still many organizations...

Cyber Security News

March 16, 2021

Microsoft releases one-click mitigation tool for Exchange Server Full Text

Abstract Microsoft released a one-click mitigation tool for the Hafnium Exchange Server vulnerabilities that the company hopes will help organizations struggling to update.

SCMagazine

March 16, 2021

Over 80,000 Exchange Servers Still Affected by Actively Exploited Vulnerabilities Full Text

Abstract The bugs were publicly disclosed on March 2, when the Microsoft announced not only patches for them, but also the fact that a Chinese threat actor had been actively exploiting them in attacks.

Security Week

March 16, 2021

Microsoft One-Click Tool Mitigates Exchange Server Attacks Full Text

Abstract Tool designed for customers without dedicated IT or cybersecurity resource

Infosecurity Magazine

March 16, 2021

Mirai Variant Targeting New IoT Vulnerabilities, Network Security Devices Full Text

Abstract Researchers found attacks using VisualDoor (SonicWall SSL-VPN), CVE-2020-25506 (D-Link firewall), CVE-2020-26919 (Netgear ProSAFE Plus), CVE-2019-19356 (Netis wireless router), and other exploits.

Palo Alto Networks

March 16, 2021

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues Full Text

Abstract Microsoft released an Exchange On-premises Mitigation Tool (EOMT) tool to small businesses for the fix of ProxyLogon vulnerabilities. On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855,...

Security Affairs

March 16, 2021

The Microsoft Exchange hacks: How they started and where we are Full Text

Abstract The emergency patches for the recently disclosed critical vulnerabilities in Microsoft Exchange email server did not come soon enough and organizations had little time to prepare before en masse exploitation began.

BleepingComputer

March 16, 2021

Is there a link between Microsoft Exchange exploits and PoC code the company shared with partner security firms? Full Text

Abstract Microsoft is reportedly investigating whether the recent attacks against Microsoft Exchange servers could be linked to information leaked by a partner security firm. According to a report published by The Wall Street Journal, Microsoft is investigating...

Security Affairs

March 16, 2021

15 Years Old Linux Bug Let Attackers Gain Admin Privileges Full Text

Abstract Three bugs found in the mainline Linux kernel turned out to be about 15 years old. One of these bugs turned out...

Cyber Security News

March 15, 2021

Microsoft releases one-click Exchange On-Premises Mitigation Tool Full Text

Abstract Microsoft has released a one-click Exchange On-premises Mitigation Tool (EOMT) tool to allow small business owners to easily mitigate the recently disclosed ProxyLogon vulnerabilities.

BleepingComputer

March 15, 2021

A Side-Channel Attack that Works Without Scripting Support Full Text

Abstract Security researchers have discovered the first browser side-channel attack that is JavaScript-free and it appears that the new Apple M1 chips may be vulnerable to the attack.

Cyware Alerts - Hacker News

March 15, 2021

ProxyLogon Microsoft Exchange exploit is completely out of the bag by now Full Text

Abstract A security researcher released a new PoC exploit for ProxyLogon issues that could be adapted to install web shells on vulnerable Microsoft Exchange servers. A security researcher has released a new proof-of-concept exploit that could be adapted to install...

Security Affairs

March 15, 2021

Google fixes the third actively exploited Chrome 0-Day since January Full Text

Abstract Google has addressed a new zero-day flaw in its Chrome browser that has been actively exploited in the wild, the second one within a month Google has fixed a new actively exploited zero-day in its Chrome browser, this is the second zero-day issue...

Security Affairs

March 15, 2021

Google fixes the third actively exploited Chrome 0-Day since January Full Text

Abstract The flaw, tracked as CVE-2021-21193, is a use after free vulnerability in the Blink rendering engine. Google addressed the issue with the 89.0.4389.90 version for Windows, Mac, and Linux.

Security Affairs

March 15, 2021

Exchange Exploit Attempts Surge Sixfold as Ransomware Lands Full Text

Abstract Check Point warns of major increase in attack activity

Infosecurity Magazine

March 15, 2021

Google: This Spectre proof-of-concept shows how dangerous these attacks can be Full Text

Abstract Google has released a proof of concept (PoC) code to demonstrate the practicality of Spectre side-channel attacks against a browser's JavaScript engine to leak information from its memory.

ZDNet

March 15, 2021

Thousands of Unsanitized PDF Documents from Security Agencies Reveal Hidden Data and Allow Exploits Full Text

Abstract Security agencies are doing a poor job at sanitizing PDF documents on their official websites and are leaking troves of sensitive information that could be collected and weaponized in malware attacks.

The Record

March 14, 2021

New PoC for Microsoft Exchange bugs puts attacks in reach of anyone Full Text

Abstract A security researcher has released a new proof-of-concept exploit this weekend that requires slight modification to install web shells on Microsoft Exchange servers vulnerable to the actively exploited ProxyLogon vulnerabilities.

BleepingComputer

March 14, 2021

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE Full Text

Abstract Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. Netgear has released security and firmware updates to address 15 vulnerabilities in its JGS516PE...

Security Affairs

March 14, 2021

Google releases Spectre PoC code exploit for Chrome browser Full Text

Abstract Google released proof-of-concept code to conduct Spectre attacks against its Chrome browser to share knowledge of browser-based side-channel attacks. Google released proof-of-concept code for conducting a Spectre attack against its Chrome browser...

Security Affairs

March 13, 2021

15-year-old Linux kernel bugs let attackers gain root privileges Full Text

Abstract Three security vulnerabilities found in the iSCSI subsystem of the Linux kernel could allow local attackers with basic user privileges to gain root privileges on unpatched Linux systems.

BleepingComputer

March 13, 2021

Experts found three new 15-year-old bugs in a Linux kernel module Full Text

Abstract Three 15-year-old flaws in Linux kernel could be exploited by local attackers with basic user privileges to gain root privileges on vulnerable Linux systems. GRIMM researchers found three vulnerabilities in the SCSI (Small Computer System Interface)...

Security Affairs

March 13, 2021

A Spectre proof-of-concept for a Spectre-proof web Full Text

Abstract Google has published the proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. The PoC code is expected to work against all modern browsers.

Chrome Releases

March 12, 2021

Critical Security Hole Can Knock Smart Meters Offline Full Text

Abstract Unpatched Schneider Electric PowerLogic ION/PM smart meters are open to dangerous attacks.

Threatpost

March 12, 2021

Google fixes second actively exploited Chrome zero-day this month Full Text

Abstract Google has fixed a second actively exploited Chrome zero-day this month with the release of Chrome 89.0.4389.90 to the Stable desktop channel for Windows, Mac, and Linux users.

BleepingComputer

March 12, 2021

SAP Fixes Critical Security Flaw in Manufacturing Software Full Text

Abstract Recently, SAP has fixed a very critical security flaw in its manufacturing software, this critical-bug fix was a spring of 18 security...

Cyber Security News

March 12, 2021

Microsoft warns of new threat to ‘unpatched’ networks Full Text

Abstract Microsoft warned late Thursday of a threat detected to unpatched networks from a new family of ransomware.

The Hill

March 12, 2021

Utah Company Stored Passport Scans on Unsecured Server Full Text

Abstract Premier Diagnostics data breach exposes personal information of over 50k customers

Infosecurity Magazine

March 12, 2021

Three flaws that sat in Linux kernel since 2006 could deliver root privileges to attackers Full Text

Abstract Three recently unearthed vulnerabilities in the Linux kernel, located in the iSCSI module used for accessing shared data storage facilities, could allow root privileges to anyone with a user account.

SCMagazine

March 12, 2021

Google shares Spectre PoC targeting browser JavaScript engines Full Text

Abstract Google has published JavaScript proof-of-concept (PoC) code to demonstrate the practicality of using Spectre exploits targeting web browsers to gain access to information from a browser's memory.

BleepingComputer

March 12, 2021

NCSC: Install Latest Microsoft Exchange Server Updates Urgently Full Text

Abstract Orgs advised to take steps to avoid compromise by increasing range of threat actors

Infosecurity Magazine

March 12, 2021

Serious Vulnerabilities Found in Schneider Electric Power Meters Full Text

Abstract Industrial cybersecurity firm Claroty this week disclosed technical details for two potentially serious vulnerabilities affecting PowerLogic smart meters made by Schneider Electric.

Security Week

March 11, 2021

Smart sex toys come with Bluetooth and remote hijacking weaknesses Full Text

Abstract Today, researchers have exposed common weaknesses lurking in the latest smart sex toys that can be exploited by attackers. As more as more adult toy brands enter the market, and COVID-19 situation has led to a rapid increase in sex toy sales, researchers believe a discussion around the security of these devices is vital.

BleepingComputer

March 11, 2021

Smart sex toys come with Bluetooth and remote access weaknesses Full Text

Abstract Today, researchers have exposed common weaknesses lurking in the latest smart sex toys that can be exploited by attackers. As more as more adult toy brands enter the market, and COVID-19 situation has led to a rapid increase in sex toy sales, researchers believe a discussion around the security of these devices is vital.

BleepingComputer

March 11, 2021

ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals. "CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack," the agencies  said . "Adversaries may also sell access to compromised networks on the dark web." The attacks have primarily targeted local governments, academic institutions, non-governmental organizations, and business entities in various industry sectors, including agriculture, biotechnology, aerospace, defense, legal services, power utilities, and pharmaceutical, which the agencies say are in line with previous activity conducted by Chinese cyber actors. Tens of thousands of entities, including the  Eur

The Hacker News

March 11, 2021

Expert publishes PoC exploit code for Microsoft Exchange flaws Full Text

Abstract This week a security researcher published on GitHub a proof-of-concept tool to hack Microsoft Exchange servers chaining two of ProxyLogon flaws.  On March 2nd, Microsoft has released emergency out-of-band security updates that address four...

Security Affairs

March 11, 2021

Dependency Confusion Exploit Being Used to Create More Copycat Packages Full Text

Abstract After the release of a proof-of-concept for a new dependency confusion vulnerability by a researcher, hundreds of bogus npm packages have popped up targeting Amazon, Zillow, Lyft, and Slack NodeJS apps.

Cyware Alerts - Hacker News

March 11, 2021

F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs Full Text

Abstract The F5 flaws could affect the networking infrastructure for some of the largest tech and Fortune 500 companies – including Microsoft, Oracle and Facebook.

Threatpost

March 11, 2021

PoC released for Microsoft Exchange ProxyLogon vulnerabilities Full Text

Abstract A Vietnamese security researcher has published today the first functional public proof-of-concept exploit for a group of vulnerabilities in Microsoft Exchange servers known as ProxyLogon.

The Record

March 11, 2021

New Critical RCE Vulnerabilities in BIG-IP, BIG-IQ let Attacker Take Control of an Affected System Full Text

Abstract F5 Networks has published a security advisory warning customers to patch a critical flaw in BIG-IP product that is very likely to...

Cyber Security News

March 11, 2021

Cyber Espionage Campaigns Leverage Microsoft Exchange Flaws to Target Thousands of Organizations Full Text

Abstract At least 10 different hacking groups are using recently discovered flaws in Microsoft Corp’s mail server software to break into targets around the world, ESET said in a blog post on Wednesday.

Reuters

March 11, 2021

Researchers Discover First Side-Channel Attack Against Apple M1 Chips Full Text

Abstract The analysis focused on Prime+Probe, a cache side-channel attack method that can detect which cache sets are accessed by the target and uses that to infer potentially valuable information.

Security Week

March 11, 2021

F5 addresses critical vulnerabilities in BIG-IP and BIG-IQ Full Text

Abstract Security firm F5 announced the availability of patches for seven vulnerabilities in BIG-IP, four of which have been rated as "critical" severity. BIG-IP product family includes hardware, modularized software, and virtual appliances that...

Security Affairs

March 11, 2021

F5 addresses critical vulnerabilities in BIG-IP and BIG-IQ Full Text

Abstract Security firm F5 announced the availability of patches for seven vulnerabilities in BIG-IP, four of which have been rated as "critical" severity. BIG-IP product family includes hardware, modularized software, and virtual appliances that run the F5 TMOS...

Security Affairs

March 10, 2021

Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP! Full Text

Abstract Application security company F5 Networks on Wednesday published an  advisory  warning of four critical vulnerabilities impacting multiple products that could result in a denial of service (DoS) attack and even remote code execution on target networks. The patches concern a total of seven related flaws (from CVE-2021-22986 through CVE-2021-22992),  two  of  which  were discovered and reported by Felix Wilhelm of Google Project Zero in December 2020. The four critical flaws affect BIG-IP versions 11.6 or 12.x and newer, with CVE-2021-22986 also affecting BIG-IQ versions 6.x and 7.x. F5 said it's not aware of any public exploitation of these issues. Successful exploitation of these vulnerabilities could lead to a full compromise of vulnerable systems, including the possibility of remote code execution as well as trigger a buffer overflow, leading to a DoS attack. Urging customers to update their BIG-IP and BIG-IQ deployments to a fixed version as soon as possible, F5 Networks

The Hacker News

March 10, 2021

Microsoft IE zero-day exploited in wild, could provide unrestricted operating system access Full Text

Abstract Security pros need to prioritize patching a memory corruption vulnerability flaw found in Internet Explorer 11 and 9, and Edge browsers.

SCMagazine

March 10, 2021

SAP Stomps Out Critical RCE Flaw in Manufacturing Software Full Text

Abstract The remote code execution flaw could allow attackers to deploy malware, modify network configurations and view databases.

Threatpost

March 10, 2021

SAP Patches Critical Flaws in MII, NetWeaver Products Full Text

Abstract SAP's March 2021 Security Patch Day updates include 9 new security notes, including two for critical vulnerabilities affecting the company's NetWeaver AS and MII products.

Security Week

March 10, 2021

For the second time in less than a year, F5 announces critical vulnerabilities in networking devices Full Text

Abstract The disclosure comes less than a year after another remote code execution vulnerability in F5’s BIG-IP devices, leading some to question whether larger, more fundamental security culture failures exist at the company.

SCMagazine

March 10, 2021

F5 urges customers to patch critical BIG-IP pre-auth RCE bug Full Text

Abstract F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most versions of BIG-IP and BIG-IQ software.

BleepingComputer

March 10, 2021

10 groups now targeting Hafnium Microsoft Exchange vulnerabilities Full Text

Abstract Security company ESET is now tracking 10 different threat groups or otherwise unique clusters of breaches that have used a chain of vulnerabilities Microsoft patched in Exchange Server last week.

SCMagazine

March 10, 2021

GitHub Informs Users of ‘Potentially Serious’ Authentication Bug Full Text

Abstract GitHub on Monday informed users that it had discovered what it described as an “extremely rare, but potentially serious” security bug related to how some authenticated sessions were handled.

Security Week

March 10, 2021

Flaws in Apple Location Tracking System Could Lead to User Identification Full Text

Abstract Vulnerabilities identified in offline finding — Apple’s proprietary crowd-sourced location tracking system — could be abused for user identification, researchers said in a report released this month.

Security Week

March 10, 2021

Vulnerability That Allows Complete WordPress Site Takeover Exploited in the Wild Full Text

Abstract With more than 30,000 installations, The Plus Addons for Elementor is a premium plugin that has been designed to add several widgets to be used with the popular WordPress website builder Elementor.

Security Week

March 10, 2021

Microsoft Expands Coverage of Exchange Server Patches Full Text

Abstract Yet another zero-day also fixed in this month’s Patch Tuesday

Infosecurity Magazine

March 10, 2021

Adobe releases batch of security fixes for Framemaker, Creative Cloud, Connect Full Text

Abstract Adobe has released fixes for critical security problems impacting Framemaker, Creative Cloud, and Connect. This includes one bug in Framemaker and three critical flaws in Adobe Creative Cloud

ZDNet

March 10, 2021

A flaw in The Plus Addons for Elementor WordPress plugin allows sites takeover Full Text

Abstract Researchers from the Wordfence team found a critical vulnerability in The Plus Addons for Elementor WordPress plugin that could be exploited to take over a website. Researchers at the Wordfence team of the security firm Defiant have spotted a critical...

Security Affairs

March 10, 2021

Microsoft’s March Patch Tuesday fixes 14 Critical flaws Full Text

Abstract Microsoft's March Patch Tuesday security updates address 89 vulnerabilities in its products, 14 are listed as Critical and 75 are listed as Important in severity. Microsoft's March Patch Tuesday security updates address 89 vulnerabilities in its products,...

Security Affairs

March 10, 2021

Siemens Releases Several Advisories for Vulnerabilities in Third-Party Components Full Text

Abstract Half of the new advisories cover flaws in third-party components. One of these advisories is related to AMNESIA:33, a collection of vulnerabilities discovered recently in open source TCP/IP stacks.

Security Week

March 09, 2021

Microsoft Issues Security Patches for 82 Flaws — IE 0-Day Under Active Attacks Full Text

Abstract Microsoft plugged as many as  89 security flaws  as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines. Of these flaws, 14 are listed as Critical, and 75 are listed as Important in severity, out of which two of the bugs are described as publicly known, while five others have been reported as under active attack at the time of release. Among those five security issues are a clutch of vulnerabilities known as  ProxyLogon  (CVE-2021-26855, 2021-26857, CVE-2021-26858, and CVE-2021-27065) that allows adversaries to break into Microsoft Exchange Servers in target environments and subsequently allow the installation of unauthorized web-based backdoors to facilitate long-term access. But in the wake of Exchange servers coming under  indiscriminate assault  toward the end of February by multiple threat groups looking to exploit the vulnerabil

The Hacker News

March 09, 2021

iPhone Call Recorder bug gave acess to other people’s conversations Full Text

Abstract An iOS call recording app patched a security vulnerability that gave anyone access to the conversations of thousands of users by simply providing the correct phone numbers.

BleepingComputer

March 9, 2021

Apple’s Device Location-Tracking System Could Expose User Identities Full Text

Abstract Researchers have identified two vulnerabilities in the company’s crowd-sourced Offline Finding technology that could jeopardize its promise of privacy.

Threatpost

March 9, 2021

Microsoft releases a patch for older versions of Exchange Full Text

Abstract Microsoft has released security updates for unsupported versions of Exchange email servers following widespread attacks exploiting four newly discovered security vulnerabilities.

ZDNet

March 9, 2021

The Microsoft Exchange Hack and the Great Email Robbery Full Text

Abstract The world is probably days away from a mass-exploitation of Microsoft Exchange servers—a hack that could have a far greater impact than the SolarWinds breach.

Lawfare

March 9, 2021

Microsoft releases ProxyLogon patches for unsupported Microsoft Exchange versions Full Text

Abstract Microsoft released ProxyLogon security updates for Microsoft Exchange servers running vulnerable unsupported Cumulative Update versions. On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day...

Security Affairs

March 9, 2021

Microsoft releases Hafnium patch for defunct edition of Exchange Full Text

Abstract In a rare move for a vendor, Microsoft is now offering the same patch for its no-longer-supported Exchange Server 2010 that it introduced last week for all newer editions.

SCMagazine

March 9, 2021

Apple Plugs Severe WebKit Remote Code-Execution Hole Full Text

Abstract Apple pushed out security updates for a memory-corruption bug to devices running on iOS, macOS, watchOS and for Safari.

Threatpost

March 09, 2021

Microsoft March 2021 Patch Tuesday fixes 82 flaws, 2 zero-days Full Text

Abstract Today is Microsoft's March 2021 Patch Tuesday, and with admins already struggling with Microsoft Exchange updates and hacked servers, please be nice to your IT staff today.

BleepingComputer

March 9, 2021

Apple fixes CVE-2021-1844 RCE that affects iOS, macOS, watchOS, and Safari Full Text

Abstract Apple released out-of-band patches to address a remote code execution, tracked as CVE-2021-1844, that affect iOS, macOS, watchOS, and Safari web browser. Apple has released out-of-band security patches to address a critical iOS, macOS, watchOS, and Safari...

Security Affairs

March 09, 2021

Adobe fixes critical Creative Cloud, Adobe Connect vulnerabilities Full Text

Abstract Adobe has released security updates that fix vulnerabilities in Adobe Creative Cloud Desktop, Framemaker, and Connect. 

BleepingComputer

March 09, 2021

Microsoft releases ProxyLogon updates for unsupported Exchange Servers Full Text

Abstract Microsoft has released security updates for Microsoft Exchange servers running unsupported Cumulative Update versions vulnerable to ProxyLogon attacks.

BleepingComputer

March 9, 2021

Huge Rise in Hackers Submitting Vulnerabilities During #COVID19 Full Text

Abstract HackerOne reports a 63% rise in hackers submitting vulnerabilities in 2020

Infosecurity Magazine

March 09, 2021

GitHub fixes bug causing users to log into other accounts Full Text

Abstract Last night, GitHub automatically logged out many users and invalidated their sessions to protect user accounts against a potentially serious security vulnerability. Earlier this month GitHub had received a report of anomalous behavior from an external party.

BleepingComputer

March 09, 2021

GitHub bug caused users to login to other user accounts Full Text

Abstract Last night, GitHub automatically logged out many users and invalidated their sessions to protect user accounts against a potentially serious security vulnerability. Earlier this month GitHub had received a report of anomalous behavior from an external party.

BleepingComputer

March 8, 2021

Google Chrome users take at least one month to update, as zero-days lurk Full Text

Abstract And starting January 2020, Microsoft’s Edge browser became based on Chromium. Developing an exploit for Chrome now gives the attackers a much larger attack surface to go after.

SCMagazine

March 8, 2021

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign Full Text

Abstract Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. Researchers at 360Netlab are warning of a cryptocurrency malware campaign targeting unpatched QNAP network-attached storage...

Security Affairs

March 08, 2021

Google Chrome to block port 554 to stop NAT Slipstreaming attacks Full Text

Abstract Google Chrome will block the browser's access to TCP port 554 to protect against attacks using the NAT Slipstreaming 2.0 vulnerability.

BleepingComputer

March 8, 2021

Truecaller’s Guardians App was leaking live location details, issue fixed Full Text

Abstract Caller identification company Truecaller’s ‘Guardians’ application launched last week that lets users share their live location with selected guardians on their phone book had a major vulnerability.

The Times Of India

March 8, 2021

Microsoft updated MSERT to detect web shells used in attacks against Microsoft Exchange installs Full Text

Abstract Microsoft updated its Microsoft Safety Scanner (MSERT) tool to detect web shells employed in the recent Exchange Server attacks. Early this month, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855,...

Security Affairs

March 07, 2021

Microsoft’s MSERT tool now finds web shells from Exchange Server attacks Full Text

Abstract Microsoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks.

BleepingComputer

March 07, 2021

Microsoft’s MSERT tool now finds web shells from Exchange Server attacks Full Text

Abstract Microsoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks.

BleepingComputer

March 06, 202
1

This new Microsoft tool checks Exchange Servers for ProxyLogon hacks Full Text

Abstract Microsoft has released a PowerShell script that admins can use to check whether the recently disclosed ProxyLogon vulnerabilities have hacked a Microsoft Exchange server.

BleepingComputer

March 6, 2021

Microsoft releases IOC Detection Tool for Microsoft Exchange Server flaws Full Text

Abstract After the disclosure of Microsoft Exchange zero-days, MS Exchange Server team has released a script to determine if an install is vulnerable. This week Microsoft has released emergency out-of-band security updates that address four...

Security Affairs

March 06, 2021

Samsung fixes critical Android bugs in March 2021 updates Full Text

Abstract This week Samsung has started rolling out Android's March 2021 security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. Users are advised to update their Android devices immediately to safeguard against these bugs.

BleepingComputer

March 6, 2021

VMware Fixes Critical RCE Vulnerability with View Planner Full Text

Abstract Recently, in View Planner, it's a benchmarking desktop client that is available for free, VMware has inscribed a critical unauthenticated RCE vulnerability,...

Cyber Security News

March 5, 2021

Privilege Escalation Bugs Patched in Linux Kernel Full Text

Abstract Identified by Positive Technologies security researcher Alexander Popov, the high severity bugs resided in the virtual socket implementation of the Linux kernel. A total of five vulnerabilities were recently identified and fixed in the Linux kernel.

Security Week

March 5, 2021

CNAME Cloaking Scheme Renders Anti-tracking Defenses Ineffective Full Text

Abstract Digital ad companies are exploring a new technique wherein they masquerade as serving first-party, rather than third-party cookies, to circumvent the protections offered by adblocking software.

Cyware Alerts - Hacker News

March 05, 2021

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories Full Text

Abstract Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby by deanonymizing users. The  findings  are a consequence of an exhaustive review undertaken by the Open Wireless Link (OWL) project, a team of researchers from the Secure Mobile Networking Lab at the Technical University of Darmstadt, Germany, who have historically taken apart Apple's wireless ecosystem with the goal of identifying security and privacy issues. In response to the disclosures on July 2, 2020, Apple is said to have partially addressed the issues, stated the researchers, who used their own data for the study citing privacy implications of the analysis. How Find My Works? Apple devices come with a feature called  Find My  that makes it easy for users to locate other Apple devices, includ

The Hacker News

March 05, 2021

Microsoft: Exchange updates can install without fixing vulnerabilities Full Text

Abstract Due to the critical nature of recently issued Microsoft Exchange security updates, admins need to know that the updates may have installation issues on servers where User Account Control (UAC) is enabled.

BleepingComputer

March 5, 2021

Several Cisco Products Exposed to DoS Attacks Due to Snort Vulnerability Full Text

Abstract The flaw, tracked as CVE-2021-1285 and rated high severity, can be exploited by an unauthenticated, adjacent attacker to cause a DoS condition by sending it specially crafted Ethernet frames.

Security Week

March 5, 2021

Five privilege escalation flaws fixed in Linux Kernel Full Text

Abstract Experts found five vulnerabilities in the Linux kernel, tracked as CVE-2021-26708, that could lead to local privilege escalation. Positive Technologies researcher Alexander Popov found five high severity vulnerabilities in the Linux kernel that...

Security Affairs

March 04, 2021

Hijacking traffic to Microsoft’s windows.com with bitflipping Full Text

Abstract A researcher was able to bitsquat Microsoft's windows.com domain by cybersquatting variations of windows.com. Adversaries can abuse this tactic to conduct automated attacks or collect data due to the nature of bit flipping.

BleepingComputer

March 04, 2021

Supermicro, Pulse Secure release fixes for ‘TrickBoot’ attacks Full Text

Abstract Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware's UEFI firmware-infecting module, known as TrickBoot.

BleepingComputer

March 04, 2021

VMware releases fix for severe View Planner RCE vulnerability Full Text

Abstract VMware has addressed a high severity unauth RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution.

BleepingComputer

March 4, 2021

VMware addresses Remote Code Execution issue in View Planner Full Text

Abstract VMware released a security patch for a remote code execution vulnerability that affects the VMware View Planner product. VMware released a security patch for a remote code execution flaw, tracked as CVE-2021-21978, that affects the VMware View Planner. The...

Security Affairs

March 4, 2021

VMware Patches Remote Code Execution Vulnerability in View Planner Full Text

Abstract With the release of View Planner 4.6 Security Patch 1 on March 2, VMware fixes CVE-2021-21978, an issue that could allow an attacker to execute code remotely. The bug features a CVSS score of 8.6.

Security Week

March 04, 2021

Windows DNS SIGRed bug gets first public RCE PoC exploit Full Text

Abstract A working proof-of-concept (PoC) exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution (RCE) vulnerability.

BleepingComputer

March 4, 2021

Google Patches Actively Exploited Chrome Zero-day Vulnerability in Chrome 89 Release – Update Now!! Full Text

Abstract Google released Chrome 89 with several security fixes, including Chrome zero-day bug that is being exploited in wide. The...

Cyber Security News

March 4, 2021

GRUB2 boot loader maintainers fixed hundreds of flaws Full Text

Abstract Now maintainers at the GRUB project have released security updates to address more than 100 vulnerabilities. GRUB2 (the GRand Unified Bootloader version 2) is a replacement for the original GRUB Legacy boot loader, which is now referred to as “GRUB...

Security Affairs

March 4, 2021

Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-26708) Full Text

Abstract Security researcher Alexander Popov has discovered and fixed five similar issues, tracked together as CVE-2021-26708 in the virtual socket implementation of the Linux kernel.

Help Net Security

March 3, 2021

Researcher finds 5 privilege escalation vulnerabilities in Linux kernel Full Text

Abstract The vulnerabilities, which were patched before public disclosure, could have allowed an attacker to potentially steal data, run administrative commands or install malware on operating systems or server applications.

SCMagazine

March 3, 2021

Unpatched Bug in WiFi Mouse App Opens PCs to Attack Full Text

Abstract Wireless mouse-utility lacks proper authentication and opens Windows systems to attack.

Threatpost

March 3, 2021

Home-Office Photos: A Ripe Cyberattack Vector Full Text

Abstract Threat actors can use personal information gleaned from images to craft targeted scams, putting personal and corporate data at risk.

Threatpost

March 03, 2021

GRUB2 boot loader reveals multiple high severity vulnerabilities Full Text

Abstract GRUB, a popular Linux boot loader project has fixed multiple high severity vulnerabilities.

BleepingComputer

March 3, 2021

Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw Full Text

Abstract A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could've allowed to hijack any account. Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could...

Security Affairs

March 03, 2021

A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account Full Text

Abstract Microsoft has awarded an independent security researcher $50,000 as part of its bug bounty program for reporting a flaw that could have allowed a malicious actor to hijack users' accounts without their knowledge. Reported by Laxman Muthiyah, the vulnerability aims to brute-force the seven-digit security code that's sent to a user's email address or mobile number to corroborate his (or her) identity before resetting the password in order to recover access to the account. Put differently, the account takeover scenario is a consequence of privilege escalation stemming from an authentication bypass at an endpoint which is used to verify the codes sent as part of the  account recovery process . The company addressed the issue in November 2020, before details of the flaw came to light on Tuesday. Although there are encryption barriers and rate-limiting checks designed to prevent an attacker from repeatedly submitting all the 10 million combinations of the codes in an automa

The Hacker News

March 3, 2021

Microsoft Patches Four Zero-Day Exchange Server Bugs Full Text

Abstract Chinese state attackers are currently exploiting them, it warns

Infosecurity Magazine

March 3, 2021

Google Patches Critical Remote Code Execution Vulnerability in Android Full Text

Abstract Google this week announced the release of patches for 37 vulnerabilities as part of the Android security updates for March 2021, including a fix for a critical flaw in the System component.

Security Week

March 3, 2021

Four zero-days in Microsoft Exchange actively exploited in the wild Full Text

Abstract Microsoft released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day flaws. Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855,...

Security Affairs

March 3, 2021

Google fixes Critical Remote Code Execution issue in Android System component Full Text

Abstract Google addressed 37 vulnerabilities with the release of the Android security updates for March 2021, including a critical flaw in the System component. Google released security updates to address 37 vulnerabilities as part of the Android security...

Security Affairs

March 02, 2021

Microsoft fixes actively exploited Exchange zero-day bugs, patch now Full Text

Abstract Microsoft has released emergency out-of-band security updates for Microsoft Exchange that fix four zero-day vulnerabilities actively exploited in targeted attacks.

BleepingComputer

March 02, 2021

Google fixes second actively exploited Chrome zero-day bug this year Full Text

Abstract Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users.

BleepingComputer

March 2, 2021

Microsoft issues critical Exchange Server patches to thwart wave of targeted attacks Full Text

Abstract On a series of three blog posts to be released Tuesday, Microsoft said targeted hacking from a group operating out of China that the company calls Hafnium, linked together chains of vulnerabilities to garner access.

SCMagazine

March 2, 2021

Quarter of Healthcare Apps Contain High Severity Bugs Full Text

Abstract Veracode urges more regular scanning of applications

Infosecurity Magazine

March 02, 2021

New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0 - 14.3 Full Text

Abstract A popular jailbreaking tool called "unc0ver" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in the wild. The latest release, dubbed unc0ver v6.0.0, was  released  on Sunday, according to its lead developer Pwn20wnd, expanding its compatibility to jailbreak any device running iOS 11.0 through iOS 14.3 using a kernel vulnerability, including iOS 12.4.9-12.5.1, 13.5.1-13.7, and 14.0-14.3. Tracked as  CVE-2021-1782 , the flaw is a privilege escalation vulnerability in the kernel stemming from a race condition that could cause a malicious application to elevate its privileges. "We wrote our own exploit based on CVE-2021-1782 for #unc0ver to achieve optimal exploit speed and stability," Pwn20wnd  said  in a separate tweet. The vulnerability has since been addressed by Apple as part of its iOS and iPadOS 14.4 u

The Hacker News

March 01, 2021

Working Windows and Linux Spectre exploits found on VirusTotal Full Text

Abstract Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal.

BleepingComputer

March 1, 2021

Vendor Quickly Patches Serious Vulnerability in NATO-Approved Firewall Full Text

Abstract A critical vulnerability discovered in a firewall appliance made by Genua could be useful to threat actors once they’ve gained access to an organization’s network, according to SEC Consult.

Security Week

March 1, 2021

Minion privilege escalation exploit patched in SaltStack Salt project Full Text

Abstract The privilege escalation vulnerability, tracked as CVE-2020-28243, could allow "an unprivileged user to create files in any non-blacklisted directory via a command injection in a process name."

ZDNet

February 27, 2021

Microsoft fixes Windows 10 drive corruption bug — what you need to know Full Text

Abstract Microsoft has fixed a Windows 10 bug that could cause NTFS volumes to become corrupted by merely accessing a particular path or viewing a specially crafted file.

BleepingComputer

February 27, 2021

Experts found a critical authentication bypass flaw in Rockwell Automation software Full Text

Abstract A critical authentication bypass vulnerability could be exploited by remote attackers to Rockwell Automation programmable logic controllers (PLCs). A critical authentication bypass vulnerability, tracked as CVE-2021-22681, can be exploited by remote...

Security Affairs

February 27, 2021

Google shares PoC exploit for critical Windows 10 Graphics RCE bug Full Text

Abstract Project Zero, Google's 0day bug-hunting team, shared technical details and proof-of-concept (PoC) exploit code for a critical remote code execution (RCE) bug affecting a Windows graphics component.

BleepingComputer

February 26, 2021

Critical Vulnerability in Cisco Systems allows a Remote Attacker to Bypass Authentication Full Text

Abstract A critical vulnerability in Cisco Systems’ intersite policy manager software could allow a remote attacker to bypass authentication. Three critical flaws fixed...

Cyber Security News

February 26, 2021

Amazon Dismisses Claims Alexa ‘Skills’ Can Bypass Security Vetting Process Full Text

Abstract Researchers found a number of privacy and security issues in Amazon’s Alexa skill vetting process, which could lead to attackers stealing data or launching phishing attacks.

Threatpost

February 26, 2021

Unprotected Private Key Allows Remote Hacking of Rockwell Controllers Full Text

Abstract The vulnerability, tracked as CVE-2021-22681 with a CVSS score of 10, was independently reported to Rockwell by researchers at the Soonchunhyang University, Kaspersky, and Claroty.

Security Week

February 26, 2021

ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process Full Text

Abstract Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information. The findings were presented on Wednesday at the Network and Distributed System Security Symposium (NDSS) conference by a group of academics from Ruhr-Universität Bochum and the North Carolina State University, who analyzed 90,194 skills available in seven countries, including the US, the UK, Australia, Canada, Germany, Japan, and France. Amazon Alexa allows third-party developers to create additional functionality for devices such as Echo smart speakers by configuring "skills" that run on top of the voice assistant, thereby making it easy for users to initiate a conversation with the skill and complete a specific task.  Chief among the findings is the concern that

The Hacker News

February 26, 2021

Cisco Releases Security Patches for Critical Flaws Affecting its Products Full Text

Abstract Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. "An attacker could exploit this vulnerability by sending a crafted request to the affected API," the company  said  in an advisory published yesterday. "A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices." The bug, tracked as CVE-2021-1388, ranks 10 (out of 10) on the CVSS vulnerability scoring system and stems from an improper token validation in an API endpoint of Cisco ACI MSO installed the Application Services Engine. It affects ACI MSO versions running a 3.0 release of the software. The ACI Multi-Site Orchestrator lets customers monitor and m

The Hacker News

February 26, 2021

Cybersecurity Agencies Warn of Accellion Vulnerability Exploits Full Text

Abstract On Wednesday, the U.S. CISA along with its counterparts in the U.K., Australia, New Zealand, and Singapore warned that hackers are exploiting unpatched vulnerabilities in Accellion FTA.

Bank Info Security

February 25, 2021

Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS Full Text

Abstract Cisco addressed over a dozen vulnerabilities in its products, including three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. Cisco released security updates to address over a dozen vulnerabilities affecting...

Security Affairs

February 25, 2021

Google discloses technical details of Windows CVE-2021-24093 RCE flaw Full Text

Abstract Google Project Zero team disclosed the details of a recently patched remote code execution vulnerability (CVE-2021-24093) in Windows Operating system. White hat hacker at Google Project Zero disclosed the details of a recently patched Windows vulnerability,...

Security Affairs

February 25, 2021

Out-of-bounds read vulnerability in Slic3r could lead to information disclosure Full Text

Abstract Cisco Talos recently discovered an out-of-bounds read vulnerability in Slic3r's library. An adversary could send a target a specially crafted obj file to cause an out-of-bounds condition.

Cisco Talos

February 25, 2021

CVSS as a Framework, Not a Score Full Text

Abstract Vulnerabilities are graded on factors such as how the vulnerable component is exposed, how difficult and reliable an attack could be, and the impact on confidentiality, integrity, and/or availability.

Dark Reading

February 25, 2021

Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw Full Text

Abstract A Chinese security researcher published a PoC code for the CVE-2021-21972 vulnerability in VMware Center, thousands of vulnerable servers are exposed online. A Chinese security researcher published the Proof-of-concept exploit code for the CVE-2021-21972...

Security Affairs

February 25, 2021

Google Discloses Details of Remote Code Execution Vulnerability in Windows Full Text

Abstract An 8.8 CVSS score has been assigned to the vulnerability, but Microsoft has rated it critical for all affected operating systems including Windows 10, Windows Server 2016 and 2019, and Windows Server.

Security Week

February 24, 2021

Cisco fixes maximum severity MSO auth bypass vulnerability Full Text

Abstract Cisco has addressed a maximum severity authentication bypass vulnerability found in the API endpoint of the Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine.

BleepingComputer

February 24, 2021

Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie Tracking Full Text

Abstract Mozilla said its Total Cookie Protection feature in Firefox 86 prevents invasive, cross-site cookie tracking.

Threatpost

February 24, 2021

Nginx: Server misconfigurations found in the wild that expose websites to attacks Full Text

Abstract Security researchers at Detectify have discovered a series of middleware misconfigurations in Nginx config files from GitHub that could leave web applications vulnerable to attack.

The Daily Swig

February 24, 2021

VMWare Patches Critical RCE Flaw in vCenter Server Full Text

Abstract The vulnerability, one of three patched by the company this week, could allow threat actors to breach the external perimeter of a data center or leverage backdoors already installed to take over a system.

Threatpost

February 24, 2021

Popular Node.js package vulnerable to command injection attacks Full Text

Abstract The maintainers of systeminformation, a Node.js package used for getting hardware, system, and OS information, have patched a bug that left applications vulnerable to command injection attacks.

The Daily Swig

February 24, 2021

Heavily used Node.js package has a code injection vulnerability Full Text

Abstract The heavily downloaded Node.js library "systeminformation" has a severe command injection vulnerability tracked as CVE-2021-21315.

BleepingComputer

February 24, 2021

SonicWall Releases Second Set of February Firmware Patches Full Text

Abstract Network security firm SonicWall today released a new set of firmware patches for its SMA 100 series products, which provide workers with remote access to internal resources.

Dark Reading

February 24, 2021

VMware warns of critical remote code execution flaw in vSphere HTML5 client Full Text

Abstract VMware has revealed a critical-severity vulnerability, which is rated 9.8 on the CVSS scale and tracked as CVE-2021-21972, in the HTML5 client for its flagship vSphere hybrid cloud suite.

The Register

February 23, 2021

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now Full Text

Abstract VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. "A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server," the company  said  in its advisory. The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a maximum of 10, making it critical in severity. "In our opinion, the RCE vulnerability in the vCenter Server can pose no less a threat than the infamous vulnerability in Citrix (CVE-2019-19781)," said Positive Technologies' Mikhail Klyuchnikov, who discovered and reported the flaw to VMware. "The error allows an unauthorized user to send a specially crafted request, which will later give them the opportunity

The Hacker News

February 23, 2021

VMware addresses a critical RCE issue in vCenter Server Full Text

Abstract VMware addressed a critical remote code execution flaw, tracked as CVE-2021-21972, in vCenter Server virtual infrastructure management platform. VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual...

Security Affairs

February 23, 2021

Zero-day flaws in virtual event platforms provide access to personal, corporate data Full Text

Abstract Huntress uncovered software flaws and misconfigurations – from information disclosure or PII leakage to direct access to databases and potential remote code execution – in two of the top five virtual event platforms.

SCMagazine

February 23, 2021

VMware fixes critical RCE bug in all default vCenter installs Full Text

Abstract VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform that may allow attackers to potentially take control of affected systems.

BleepingComputer

February 23, 2021

IBM addressed flaws in Java Runtime, Planning Analytics Workspace, Kenexa LMS Full Text

Abstract IBM has released security patches to address high- and medium-severity vulnerabilities impacting some of its enterprise solutions.  IBM has released security updates to address several high- and medium-severity flaws affecting some of its enterprise...

Security Affairs

February 23, 2021

Keybase patches bug that kept pictures in cleartext storage on Mac, Windows clients Full Text

Abstract Tracked as CVE-2021-23827, the bug is described as an issue which "allows an attacker to obtain potentially sensitive media (such as private pictures) in the cache and uploadtemps directories."

ZDNet

February 23, 2021

IBM issues patches for Java Runtime, Planning Analytics Workspace, Kenexa LMS Full Text

Abstract This week, the tech giant published a set of security advisories laying out fixes for vulnerabilities that impact IBM Java Runtime, IBM Planning Analytics Workspace, and IBM Kenexa LMS On Premise.

ZDNet

February 22, 2021

SHAREit fixes security bugs in app with 1 billion downloads Full Text

Abstract Singapore-based Smart Media4U Technology said today that it fixed SHAREit vulnerabilities that may have allowed attackers to execute arbitrary code remotely on users' devices.

BleepingComputer

February 22, 2021

SHAREit fixes security bugs three months after initial report Full Text

Abstract Singapore-based Smart Media4U Technology said today that it fixed SHAREit vulnerabilities that may have allowed attackers to execute arbitrary code remotely on users' devices.

BleepingComputer

February 22, 2021

Python programming language hurries out update to tackle remote code vulnerability Full Text

Abstract PSF is urging its legion of Python users to upgrade systems to Python 3.8.8 or 3.9.2, in particular to address the remote code execution (RCE) vulnerability that's tracked as CVE-2021-3177.

ZDNet

February 20, 2021

Recently fixed Windows zero-day actively exploited since mid-2020 Full Text

Abstract Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data.

BleepingComputer

February 20, 2021

SonicWall releases second firmware updates for SMA 100 vulnerability Full Text

Abstract Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. SonicWall disclosed a...

Security Affairs

February 20, 2021

SonicWall releases additional update for SMA 100 vulnerability Full Text

Abstract SonicWall has released a second firmware update for an SMA-100 zero-day vulnerability known to be used in attacks and is warning to install it immediately.

BleepingComputer

February 20, 2021

Brave browser leaks onion addresses in DNS traffic Full Text

Abstract The Tor mode included with the Brave web browser allows users to access .onion dark web domains inside Brave private browsing windows without having to install Tor as a separate software package.

ZDNet

February 19, 2021

Privacy bug in the Brave browser exposes Tor addresses to user’s DNS provider Full Text

Abstract A privacy bug in the Brave Browser caused the leak of the Tor onion URL addresses visited in the Tor mode by the users. A bug in the Private Window with Tor implemented in the Brave web browser could reveal the onion sites visited by the users. The...

Security Affairs

February 19, 2021

Highest Number of Vulnerabilities Disclosure Reported in 2020 Full Text

Abstract An analysis of data collected by the NIST about vulnerabilities from 2020 says numbers of security loopholes in 2020 skyrocketed to create a new record.

Cyware Alerts - Hacker News

February 19, 2021

Brave privacy bug exposes Tor onion URLs to your DNS provider Full Text

Abstract Brave Browser is fixing a privacy issue that leaks the Tor onion URL addresses you visit to your locally configured DNS server, exposing the dark web websites you visit.

BleepingComputer

February 19, 2021

Security researchers warn of critical zero-day flaws in ‘age gap’ dating app Gaper Full Text

Abstract Critical zero-day vulnerabilities in Gaper, an ‘age gap’ dating app, could be exploited to compromise any user account and potentially extort users, security researchers claim.

The Daily Swig

February 19, 2021

Stored XSS Vulnerability on iCloud.com Earned Researcher $5,000 Full Text

Abstract The flaw was present in the iCloud-hosted versions of Apple’s Pages and Keynote software. Exploitation involved creating a new document or presentation and entering an XSS payload into its name field.

Security Week

February 18, 2021

SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps Full Text

Abstract Apps like eHarmony and MeetMe are affected by a flaw in the Agora toolkit that went unpatched for eight months, researchers discovered.

Threatpost

February 18, 2021

Exploit Details Emerge for Unpatched Microsoft Bug Full Text

Abstract A malicious website or malicious ad can trigger an exploit for the IE zero-day bug, opening the door for data theft and code execution, new analysis notes.

Threatpost

February 18, 2021

Half of Apps Contain at Least One Serious Exploitable Vulnerability Full Text

Abstract Nearly 70% of apps in manufacturing have at least one serious vulnerability

Infosecurity Magazine

February 18, 2021

The OpenSSL Project addressed three vulnerabilities Full Text

Abstract The OpenSSL Project addressed three vulnerabilities, including two denial-of-service (DoS) issues and a bug in the SSLv2 rollback protection. The OpenSSL Project released security patches to address three vulnerabilities, two denial-of-service (DoS)...

Security Affairs

February 17, 2021

Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping Full Text

Abstract A severe security vulnerability in a popular video calling software development kit (SDK) could have allowed an attacker to spy on ongoing private video and audio calls. That's according to new research published by the McAfee Advanced Threat Research (ATR) team today, which found the aforementioned flaw in Agora.io's SDK used by several social apps such as eHarmony, Plenty of Fish, MeetMe, and Skout; healthcare apps like Talkspace, Practo, and Dr. First's Backline; and in the Android app that's paired with "temi" personal robot. California-based Agora is a video, voice, and live interactive streaming platform, allowing developers to embed voice and video chat, real-time recording, interactive live streaming, and real-time messaging into their apps. The company's SDKs are estimated to be embedded into mobile, web, and desktop applications across more than 1.7 billion devices globally. McAfee disclosed the flaw (CVE-2020-25605) to Agora.io on April 20

The Hacker News

February 17, 2021

QNAP patches critical vulnerability in Surveillance Station NAS app Full Text

Abstract QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage (NAS) devices running the vulnerable software.

BleepingComputer

February 17, 2021

Three New Vulnerabilities Patched in OpenSSL Full Text

Abstract The most serious of the vulnerabilities, with a severity rating of moderate, is CVE-2021-23841, a NULL pointer dereference issue that can result in a crash and a DoS condition.

Security Week

February 17, 2021

The cybersecurity issues of seismic monitoring devices Full Text

Abstract Seismic monitoring devices linked to the internet are vulnerable to cyberattacks that could disrupt data collection and processing, say researchers who have probed the devices for weak points.

Help Net Security

February 17, 2021

Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software Full Text

Abstract French software firm Centreon announced this week that the recently disclosed supply chain attack did not impact its paid customers. The French security agency ANSSI recently warned of a series of attacks targeting Centreon monitoring software used...

Security Affairs

February 17, 2021

SQLite patches use-after-free bug that left apps open to code execution, denial-of-service exploits Full Text

Abstract The highest threat to systems running affected versions of SQLite, a C-language library that implements an SQL database engine, is to system availability, according to a Red Hat Bugzilla thread.

The Daily Swig

February 17, 2021

Two vulnerabilities in Advantech WebAccess/SCADA Full Text

Abstract A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure.

Talos

February 16, 2021

Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites Full Text

Abstract A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams. The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug (CVE-2021–1801) that allowed malicious parties to bypass the iframe sandboxing policy in the browser engine that powers Safari and Google Chrome for iOS and run malicious code. Specifically, the technique exploited the manner how WebKit handles JavaScript event listeners , thus making it possible to break out of the sandbox associated with an ad's inline frame element despite the presence of "allow-top-navigation-by-user-activation" attribute that explicitly forbids any redirection unless the click event occurs inside the iframe. To test this hypothesis, the researchers set about creating a simple HTML file containing a cross-origin sandboxed iframe and a button outside it that

The Hacker News

February 16, 2021

Telegram flaw could have allowed access to users secret chats Full Text

Abstract Experts at Shielder disclosed a flaw in the Telegram app that could have exposed users' secret messages, photos, and videos to remote attackers. Researchers at cyber security firm Shielder discovered a critical flaw affecting iOS, Android, and macOS...

Security Affairs

February 16, 2021

Misconfigured Baby Monitors Allow Unauthorized Viewing Full Text

Abstract Hundreds of thousands of individuals are potentially affected by this vulnerability.

Threatpost

February 16, 2021

Windows 10 Secure Boot update triggers BitLocker key recovery Full Text

Abstract Microsoft has acknowledged an issue affecting Windows 10 customers who have installed the KB4535680 security update that addresses a security feature bypass vulnerability in Secure Boot.

BleepingComputer

February 16, 2021

Apple patches severe macOS Big Sur data loss bug Full Text

Abstract For the past few weeks, macOS Big Sur has suffered from a bug that could cause serious data loss. The bug was introduced in Big Sur 11.2, and it made its way into the 11.3 data.

ZDNet

February 16, 2021

Security Flaws Left Unpatched in SHAREit Android App with One Billion Downloads Full Text

Abstract The bugs can be exploited to run malicious code on smartphones where the SHAREit app is installed, Echo Duan, a mobile threats analyst for security firm Trend Micro, said in a report on Monday.

ZDNet

February 16, 2021

Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware Full Text

Abstract Multiple unpatched vulnerabilities have been discovered in SHAREit , a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution. The findings come from cybersecurity firm Trend Micro's analysis of the Android version of the app, which allows users to share or transfer files between devices. But in a worrisome twist, the flaws are yet to be patched by Smart Media4U Technology Pte. Ltd., the Singapore-based developer of the app, despite responsible disclosure three months ago. "We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps' permission," Trend Micro researcher Echo Duan  said  in a write-up. "It is also not easily detectable." One of the flaws arises from the manner the app facilitates sharing of

The Hacker News

February 16, 2021

Many SolarWinds Customers Failed to Secure Systems Following Hack Full Text

Abstract Many companies still expose SolarWinds Orion to the internet and have failed to take action following the disclosure of the massive SolarWinds breach, according to RiskRecon.

Security Week

February 16, 2021

Popular SHAREit app is affected by severe flaws yet to be fixed Full Text

Abstract Multiple vulnerabilities in the popular file-sharing app SHAREit have yet, to be addressed, experts from Trend Micro warned. SHAREit is a popular file-sharing Android app with more than one billion downloads, experts from Trend Micro discovered multiple...

Security Affairs

February 16, 2021

Popular SHAREit app is affected by severe flaws yet to be fixed Full Text

Abstract Multiple vulnerabilities in the popular file-sharing app SHAREit have yet, to be addressed, experts from Trend Micro warned. SHAREit is a popular file-sharing Android app with more than one billion downloads, experts from Trend Micro discovered multiple...

Security Affairs

February 15, 2021

A Sticker Sent On Telegram Could Have Exposed Your Secret Chats Full Text

Abstract Cybersecurity researchers on Monday disclosed details of a now-patched flaw in the Telegram messaging app that could have exposed users' secret messages, photos, and videos to remote malicious actors. The issues were discovered by Italy-based Shielder in iOS, Android, and macOS versions of the app. Following responsible disclosure, Telegram addressed them in a series of patches on September 30 and October 2, 2020. The flaws stemmed from the way secret chat functionality operates and in the app's handling of  animated stickers , thus allowing attackers to send malformed stickers to unsuspecting users and gain access to messages, photos, and videos that were exchanged with their Telegram contacts through both classic and secret chats. One caveat of note is that exploiting the flaws in the wild may not have been trivial, as it requires chaining the aforementioned weaknesses to at least one additional vulnerability in order to get around security defenses in modern devices tod

The Hacker News

February 15, 2021

VMware fixes command injection issue in vSphere Replication Full Text

Abstract VMware released security patches for a potentially serious vulnerability affecting the vSphere Replication product. VMware has recently released security patches to address a serious command injection vulnerability, tracked as CVE-2021-21976, in its vSphere...

Security Affairs

February 15, 2021

VMware fixes command injection issue in vSphere Replication Full Text

Abstract VMware released security patches for a potentially serious vulnerability affecting the vSphere Replication product. VMware has recently released security patches to address a serious command injection vulnerability, tracked as CVE-2021-21976, in its vSphere...

Security Affairs

February 15, 2021

Mercedes Issues eCall Recall Full Text

Abstract Over a million Mercedes-Benz cars recalled due to bug in emergency call system

Infosecurity Magazine

February 15, 2021

Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises Full Text

Abstract Several versions of the product are affected by a high-severity (important) command injection vulnerability that can be exploited by a hacker with admin privileges to execute shell commands.

Security Week

February 15, 2021

Palo Alto firewall software vulnerability quartet revealed Full Text

Abstract “Using these vulnerabilities, an attacker can gain access to sensitive data, disrupt the availability of firewall components or gain access to internal network segments,” the researchers warn.

The Daily Swig

February 14, 2021

PayPal addresses reflected XSS bug in user wallet currency converter Full Text

Abstract PayPal has addressed a reflected cross-site scripting (XSS) vulnerability that affected the currency converter feature of user wallets.  PayPal has fixed a reflected cross-site scripting (XSS) vulnerability that was discovered in the currency...

Security Affairs

February 14, 2021

FBI’s alert warns about using Windows 7 and TeamViewer Full Text

Abstract The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. The FBI issues this week a Private Industry Notification (PIN) alert to warn companies about the risks of using...

Security Affairs

February 13, 2021

Vulnerability in Chess.com Allowed Access to 50 Million User Records Full Text

Abstract The vulnerability in Chess.com's API could have been exploited to access any account on the site. It could also be used to gain full access to the site through its admin panel.

Hackread

February 13, 2021

Siemens Patches 21 Vulnerabilities in 2 Tools Full Text

Abstract Siemens has mitigated 21 vulnerabilities in two of its virtualization software tools that, if exploited, could enable attackers to gain remote control, exfiltrate data or cause systems to crash.

Gov Info Security

February 13, 2021

PayPal Mitigates XSS Vulnerability Full Text

Abstract The PayPal vulnerability was discovered in February 2020 by a security researcher who goes by the name Cr33pb0y, who was paid $2,900 as part of HackerOne's bug bounty program.

Cuinfosecurity

February 12, 2021

Copycats emerge after researcher exploits design flaw to breach Microsoft, Apple, Tesla Full Text

Abstract Pseudonymous authors published more than 150 copycat packages just three days after Sonatype published research around a software supply chain flaw, attempting to exploit the vulnerabilities in the brief window before a patch. Ethical hacker and security researcher Alex Birsan posted a blog on Feb. 9 that detailed how he used dependency, or namespace confusion,…

SCMagazine

February 12, 2021

Vulnerabilities hit record high in 2020, topping 18,000 Full Text

Abstract Security teams were under siege last year, according to research analyzing 2020 NIST data on common vulnerabilities and exposures (CVEs) that found more security flaws – 18,103 – were disclosed in 2020 than in any other year to date. To understand the significance, there were far more “critical” and “high severity” vulnerabilities in 2020 (10,342)…

SCMagazine

February 12, 2021

Telegram ‘Secret Chat’ didn’t delete self-destructing media files Full Text

Abstract Telegram has fixed a security issue where self-destructing audio and video recording were not being deleted from user's macOS devices as expected.

BleepingComputer

February 12, 2021

Misconfigured Docker Containers Could Land You in Trouble Full Text

Abstract Cyber adversaries have been found injecting cryptomining malware via exposed Redis instances, that give full access to all the running containers on Docker Hub, in an ongoing campaign.

Cyware Alerts - Hacker News

February 12, 2021

TIM’s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM InfoSphere Information Server Full Text

Abstract Researchers at TIM’s Red Team Research discovered a zero-day vulnerability in IBM InfoSphere Information Server. Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered a new critical vulnerability in IBM InfoSphere Information...

Security Affairs

February 12, 2021

Nearly Two-Thirds of CVEs Are Low Complexity Full Text

Abstract Similar number in 2020 required no user interaction, says Redscan

Infosecurity Magazine

February 12, 2021

Secret Chat in Telegram Left Self-Destructing Media Files On Devices Full Text

Abstract Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats. The vulnerability was  discovered  by security researcher Dhiraj Mishra in version 7.3 of the app, who disclosed his findings to Telegram on December 26, 2020. The issue has since been resolved in  version 7.4 , released on January 29. Unlike Signal or WhatsApp, conversations on Telegram by default are not end-to-end encrypted, unless users explicitly opt to enable a device-specific feature called " secret chat ," which keeps data encrypted even on Telegram servers. Also available as part of secret chats is the option to send self-destructing messages. What Mishra found was that when a user records and sends an audio or video message via a regular chat, the application leaked the exact path where the recorded message is stored in ".mp4" format. With the secret chat

The Hacker News

February 12, 2021

Singtel Supply Chain Breach Traced to Zero-Day Bug Full Text

Abstract Accellion’s legacy FTA product was also exploited in New Zealand bank attack

Infosecurity Magazine

February 11, 2021

Internet Explorer 11 zero-day vulnerability gets unofficial micropatch Full Text

Abstract An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation.

BleepingComputer

February 11, 2021

Deskpro XSS flaws could hijack admin sessions, take over helpdesk agent accounts Full Text

Abstract Hackers could have exploited cross-site scripting (XSS) vulnerabilities found in popular helpdesk platform Deskpro to hijack the sessions of administrators and takeover the accounts of helpdesk agents. This would give the attackers the same privileges as admins and agents in terms of what they could execute or information they are exposed to, according to a…

SCMagazine

February 11, 2021

Internet Explorer 11 zero-day vulnerability gets a free micropatch Full Text

Abstract An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation.

BleepingComputer

February 11, 2021

If you use Slack on Android, reset your password now Full Text

Abstract Slack found that one of its app versions on Android was storing passwords in plaintext, leaving affected users vulnerable. The company has fixed the bug and is now starting to intimate affected users to reset their passwords.

Business Insider

February 11, 2021

Buggy WordPress plugin exposes 100K sites to takeover attacks Full Text

Abstract Critical and high severity vulnerabilities in the Responsive Menu WordPress plugin exposed over 100,000 sites to takeover attacks as discovered by Wordfence.

BleepingComputer

February 11, 2021

Siemens Patches 21 More File Parsing Vulnerabilities in PLM Products Full Text

Abstract These vulnerabilities can be exploited by an attacker for arbitrary code execution, data extraction, and DoS attacks if they can trick the targeted user into opening a malicious file.

Security Week

February 11, 2021

A Windows Defender Vulnerability Lurked Undetected for 12 Years Full Text

Abstract The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender uses to delete the invasive files and infrastructure that malware can create.

Wired

February 11, 2021

Intel fixes vulnerabilities in Windows, Linux graphics drivers Full Text

Abstract Intel addressed 57 vulnerabilities during this month's Patch Tuesday, including high severity ones impacting Intel Graphics Drivers.

BleepingComputer

February 11, 2021

PayPal fixes reflected XSS vulnerability in user wallet currency converter Full Text

Abstract First disclosed on February 19, 2020, by a bug bounty hunter who goes by the name "Cr33pb0y" on HackerOne, the vulnerability is described as a "reflected XSS and CSP bypass" issue.

ZDNet

February 11, 2021

12-year-old Windows Defender bug gives hackers admin rights Full Text

Abstract Microsoft has fixed a privilege escalation vulnerability in Microsoft Defender Antivirus (formerly Windows Defender) that could allow attackers to gain admin rights on unpatched Windows systems.

BleepingComputer

February 11, 2021

Magento security: Multiple critical flaws give e-commerce sites ample reason to update Full Text

Abstract E-commerce sites that rely on the widely used Magento platform ought to update their installations following the release of a batch of security updates, some of which are critical.

The Daily Swig

February 10, 2021

SAP addresses a critical flaw in SAP Commerce Product Full Text

Abstract SAP released seven new security notes on February 2021 Security Patch Day, including a Hot News note for a critical issue affecting SAP Commerce. SAP released seven new security notes on February 2021 Security Patch Day and updated six previously...

Security Affairs

February 10, 2021

Intel Squashes High-Severity Graphics Driver Flaws Full Text

Abstract Intel is warning on security bugs across its graphics drivers, server boards, compute modules and modems.

Threatpost

February 10, 2021

Intel Patches Tens of Vulnerabilities in Software, Hardware Products Full Text

Abstract The list of high-severity flaws includes a privilege escalation issue in the Intel Solid State Drive (SSD) Toolbox, and a denial-of-service (DoS) flaw in the XMM 7360 Cell Modem.

Security Week

February 10, 2021

Microsoft Office February security updates patch Sharepoint, Excel RCE bugs Full Text

Abstract Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates.

BleepingComputer

February 10, 2021

Microsoft fixes Windows 10 bug letting attackers trigger BSOD crashes Full Text

Abstract Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.

BleepingComputer

February 10, 2021

Nine New ‘Number:Jack’ Vulnerabilities in Communication Protocols Could be Used to Exploit IoT and OT Devices Full Text

Abstract Vulnerabilities in the communications protocols used by millions of Internet of Things (IoT) and operational technology (OT) devices could allow cyber attackers to intercept and manipulate data.

ZDNet

February 10, 2021

Microsoft fixes Windows 10 console bug leading to blue screens Full Text

Abstract Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.

BleepingComputer

February 10, 2021

Big Russian hack used a technique experts had warned about for years. Why wasn’t the U.S. government ready? Full Text

Abstract The disastrous Russian hack of federal government networks last year relied on a powerful new trick: Digital spies penetrated so deeply that they were able to impersonate any user they wanted.

Washington Post

February 10, 2021

Apple Patches 10-Year-Old macOS SUDO Root Privilege Escalation Bug Full Text

Abstract Apple has rolled out a fix for a critical sudo vulnerability in macOS Big Sur, Catalina, and Mojave that could allow unauthenticated local users to gain root-level privileges on the system. "A local attacker may be able to elevate their privileges," Apple  said  in a security advisory. "This issue was addressed by updating to sudo version 1.9.5p2." Sudo is a common utility built into most Unix and Linux operating systems that lets a user without security privileges access and run a program with the credentials of another user. Tracked as CVE-2021-3156 (also called " Baron Samedit "), the vulnerability first came to light last month after security auditing firm Qualys  disclosed  the existence of a heap-based buffer overflow, which it said had been "hiding in plain sight" for almost 10 years. The vulnerability, which was introduced in the code back in July 2011, impacts sudo versions 1.7.7 through 1.7.10p9, 1.8.2 through 1.8.31p2, and 1.9.0

The Hacker News

February 10, 2021

Many TCP/IP stacks found vulnerable to Mitnick attack, some still unpatched Full Text

Abstract The tested stacks are used across a bevy of internet of things devices, industrial equipment and other networked products.

SCMagazine

February 10, 2021

Zero-Day and Six Publicly Disclosed CVEs Fixed by Microsoft Full Text

Abstract Patch Tuesday sees just 56 vulnerabilities addressed this month

Infosecurity Magazine

February 10, 2021

Microsoft fixes the Windows 10 console driver crash bug Full Text

Abstract Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.

BleepingComputer

February 10, 2021

Adobe fixes a buffer overflow issue in Reader which is exploited in the wild Full Text

Abstract Adobe released security patches for 50 flaws affecting six products, including a zero-day flaw in Reader that has been exploited in the wild. Adobe has released security updates that address 50 vulnerabilities affecting its Adobe Acrobat, Magento,...

Security Affairs

February 09, 2021

Apple fixes SUDO root privilege escalation flaw in macOS Full Text

Abstract Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges.

BleepingComputer

February 9, 2021

Rampant data sharing suggests website managers lack control, visibility Full Text

Abstract Website managers need better insight into their third-party app partners’ default settings and access rights, experts say.

SCMagazine

February 9, 2021

Actively Exploited Windows Kernel EoP Bug Allows Takeover Full Text

Abstract Microsoft addressed 56 security vulnerabilities for February Patch Tuesday — including 11 critical and six publicly known. And, it continued to address the Zerologon bug.

Threatpost

February 9, 2021

Microsoft February 2021 Patch Tuesday fixes 56 bugs, including an actively exploited Windows zero-day Full Text

Abstract Microsoft February 2021 Patch Tuesday addresses 56 vulnerabilities, including a flaw that is known to be actively exploited in the wild. Microsoft February 2021 Patch Tuesday security updates address 56 CVEs in multiple products, including Windows...

Security Affairs

February 9, 2021

Attackers Exploit Critical Adobe Flaw to Target Windows Users Full Text

Abstract A critical vulnerability in Adobe Reader has been exploited in “limited attacks.”

Threatpost

February 09, 2021

Microsoft urges customers to patch critical Windows TCP/IP bugs Full Text

Abstract Microsoft has urged customers today to install security updates for three Windows TCP/IP vulnerabilities rated as critical and high severity as soon as possible.

BleepingComputer

February 09, 2021

Microsoft February 2021 Patch Tuesday fixes 56 flaws, 1 zero-day Full Text

Abstract Today is Microsoft's February 2021 Patch Tuesday, so please be buy your Windows administrators some snacks to keep their energy up throughout the day.

BleepingComputer

February 9, 2021

Critical Firefox Vulnerability Can Allow Code Execution If Chained With Other Bugs Full Text

Abstract An update released last week by Mozilla for Firefox 85 patches a critical information disclosure vulnerability that can be chained with other security flaws to achieve arbitrary code execution.

Security Week

February 09, 2021

Adobe fixes critical Reader vulnerability exploited in the wild Full Text

Abstract Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver.

BleepingComputer

February 9, 2021

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs Full Text

Abstract The development team behind the NextGen Gallery plugin has addressed two severe CSRF vulnerabilities that could have allowed site takeover. The developers behind the NextGen Gallery plugin have fixed two critical Cross-site request forgery (CSRF)...

Security Affairs

February 9, 2021

Launching OSV - Better vulnerability triage for open source Full Text

Abstract For consumers of open source software, it is often difficult to map a vulnerability such as a Common Vulnerabilities and Exposures (CVE) entry to the package versions they are using.

Chrome Releases

February 8, 2021

Google launches Open Source Vulnerabilities (OSV) database Full Text

Abstract Google announced the launch of OSV (Open Source Vulnerabilities), a vulnerability database and triage infrastructure for open source projects. Google last week announced the OSV (Open Source Vulnerabilities), a vulnerability database and triage infrastructure...

Security Affairs

February 8, 2021

Google pitches security standards for ‘critical’ open-source projects Full Text

Abstract In a post-Solar Winds era, less structured projects are extremely vulnerable to malicious forces and human error, the software giant argues.

SCMagazine

February 08, 2021

Critical vulnerability fixed in WordPress plugin with 800K installs Full Text

Abstract The NextGen Gallery development team has addressed two severe CSRF vulnerabilities to protect sites from potential takeover attacks.

BleepingComputer

February 8, 2021

With thousands of vendors, companies typically have limited grasp over supply chain security Full Text

Abstract Organizations operate in networks that on average include 1,409 vendors. Combine that with limited resources, and supply chain security can seem an oxymoron.

SCMagazine

February 08, 2021

Cyberpunk 2077 bug fixed that let malicious mods take over PCs Full Text

Abstract CD Projekt Red has released a hotfix for Cyberpunk 2077 to fix a remote code execution vulnerability that could be exploited by third-party data file modifications and save games files.

BleepingComputer

February 07, 2021

Removal notice for Signal article Full Text

Abstract Due to conflicting information BleepingComputer has received, we have removed our original article.

BleepingComputer

February 07, 2021

Signal ignores proxy censorship vulnerability, says it’s not a risk Full Text

Abstract Signal, an end-to-end encrypted messaging platform was blocked in Iran and suggested a TLS proxy workaround to help its users bypass censorship. However, researchers have discovered vulnerabilities in the workaround that can render Signal's suggestions moot and pose risks for the users.

BleepingComputer

February 7, 2021

Hacking Nespresso machines to have unlimited funds to purchase coffee Full Text

Abstract Some commercial Nespresso machines that are used in Europe could be hacked to add unlimited funds to purchase coffee. Some Nespresso Pro machines in Europe could be hacked to add unlimited funds to purchase coffee. The attack is possible because the machines...

Security Affairs

February 07, 2021

Fortinet fixes critical vulnerabilities in SSL VPN and web firewall Full Text

Abstract Fortinet has fixed multiple severe vulnerabilities impacting its products. The vulnerabilities range from Remote Code Execution to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products. 

BleepingComputer

February 07, 2021

Signal ignores proxy censorship vulnerability, bans researchers Full Text

Abstract Signal, an end-to-end encrypted messaging platform was blocked in Iran and suggested a TLS proxy workaround to help its users bypass censorship. However, researchers have discovered vulnerabilities in the workaround that can render Signal's suggestions moot and pose risks for the users.

BleepingComputer

February 6, 2021

Experts found critical flaws in Realtek Wi-Fi Module Full Text

Abstract Critical flaws in the Realtek RTL8195A Wi-Fi module could have been exploited to gain root access and take over devices' wireless communications. Researchers from Israeli IoT security firm Vdoo found six vulnerabilities in the Realtek RTL8195A Wi-Fi...

Security Affairs

February 06, 2021

Mozilla fixes Windows 10 NTFS corruption bug in Firefox Full Text

Abstract Mozilla has released Firefox 85.0.1 and includes a fix that prevents a Windows 10 NTFS corruption bug from being triggered from the browser.

BleepingComputer

February 6, 2021

Google Chrome sync feature can be abused for C&C and data exfiltration Full Text

Abstract Threat actors have discovered they can abuse the Google Chrome sync feature to send commands to infected browsers and steal data from infected systems, bypassing traditional firewalls and other network defenses.

ZDNet

February 6, 2021

Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213) Full Text

Abstract Successful exploitation of this vulnerability allows an attacker to upload an arbitrary file with arbitrary names and extensions, leading to Remote Code Execution (RCE) on the targeted web server.

Palo Alto Networks

February 5, 2021

Google: Insufficient and rushed patching leads to more zero-day exploits Full Text

Abstract The findings highlight a troubling habit that software developers can sometimes fall into: hastily scramble to issue an urgent vulnerability patch, only to move on to the next issue without fully grasping the underlying cause or crafting a wholistic fix.

SCMagazine

February 5, 2021

Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites Full Text

Abstract An CRSF-to-stored-XSS security bug plagues 50,000 ‘Contact Form 7’ Style users.

Threatpost

February 5, 2021

Skype ‘spoofing vulnerabilities’ are a haven for social engineering attacks, security researcher claims Full Text

Abstract According to the researcher, tampering is possible by sending the content, intercepting requests, and forwarding with modified code, as well as by intercepting spoofed content and changing values.

The Daily Swig

February 5, 2021

Google Chrome Zero-Day Afflicts Windows, Mac Users Full Text

Abstract Google warns of a zero-day vulnerability in the V8 open-source engine that’s being actively exploited by attackers.

Threatpost

February 5, 2021

Geeni smart doorbells, cameras riddled with flaws, research finds Full Text

Abstract The vulnerabilities, found in Geeni- and Merkury-branded security cameras and smart doorbells, would allow attackers to take full control of devices and remotely disable cameras in some cases.

Cyberscoop

February 5, 2021

Google patches an actively exploited Chrome zero-day Full Text

Abstract Google has released today version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. Today's release contains only one bugfix for a zero-day vulnerability that was exploited in the wild.

ZDNet

February 05, 2021

Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP Full Text

Abstract Cisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. The  flaws  — tracked from CVE-2021-1289 through CVE-2021-1295 (CVSS score 9.8) — impact RV160, RV160W, RV260, RV260P, and RV260W VPN routers running a firmware release earlier than Release 1.0.01.02. Along with the aforementioned three vulnerabilities, patches have also been released for two more  arbitrary file write flaws  (CVE-2021-1296 and CVE-2021-1297) affecting the same set of VPN routers that could have made it possible for an adversary to overwrite arbitrary files on the vulnerable system. All the nine security issues were reported to the networking equipment maker by security researcher Takeshi Shiomitsu, who has previously uncovered  similar critical flaws  in RV110W, RV130W, and RV215W Routers that could be lever

The Hacker News

February 5, 2021

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls Full Text

Abstract Security vendor Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls, including a Remote Code Execution flaw. Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls that were reported by Positive...

Security Affairs

February 5, 2021

7 Common Microsoft AD Misconfigurations that Adversaries Abuse Full Text

Abstract Threat actors typically have the goal of obtaining Active Directory Domain Administrator privileges, or, in other words, complete control over the Active Directory domain.

Crowdstrike

February 5, 2021

Free coffee! Belgian researcher hacks prepaid vending machines Full Text

Abstract Belgian cybersecurity researcher Polle Vanhoof just published a paper about an exploitable hole he found in the payment system used in some Nespresso prepaid coffee machines.

Sophos

February 04, 2021

New Chrome Browser 0-day Under Active Attack—Update Immediately! Full Text

Abstract Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild. The company released  88.0.4324.150  for Windows, Mac, and Linux, with a fix for a heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine. "Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild," the company said in a statement. The security flaw was reported to Google by Mattias Buelens on January 24. Previously on February 2, Google  addressed six issues in Chrome , including one critical use after free vulnerability in Payments (CVE-2021-21142) and four high severity issues in Extensions, Tab Groups, Fonts, and Navigation features. While it's typical of Google to limit details of the vulnerability until a majority of users are updated with the fix, the development comes weeks after Google and Microsoft  disclosed  attacks carried out by North Korean hackers against security resear

The Hacker News

February 04, 2021

Google fixes Chrome zero-day actively exploited in the wild Full Text

Abstract Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users.

BleepingComputer

February 4, 2021

Allen-Bradley Flex I/O vulnerable to denial of service Full Text

Abstract A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

Talos

February 4, 2021

Google addresses Chrome zero-day flaw actively exploited in the wild Full Text

Abstract Google has addressed an actively exploited zero-day vulnerability, tracked as CVE-2021-21148, with the release of the Chrome 88.0.4324.150 version. Google released Chrome 88.0.4324.150 version that addressed an actively exploited zero-day security...

Security Affairs

February 4, 2021

Industrial control system vulnerabilities up 25 percent in 2020 Full Text

Abstract A new research report released Thursday by Claroty said that vendors and industrial organizations must come to grips with these trends and act upon bug reports because the attacks and vulnerabilities will not abate.

SCMagazine

February 4, 2021

Multiple vulnerabilities spotted in SoftMaker Office PlanMaker Full Text

Abstract An exploitable integer overflow and heap-based buffer overflow vulnerabilities exists in the PlanMaker document-parsing functionality of SoftMaker Office 2021's PlanMaker application.

Talos

February 4, 2021

Disclosed ICS Vulnerabilities Surged During Second Half of 2020 Full Text

Abstract ICS vulnerabilities were up 25% year-on-year

Infosecurity Magazine

February 4, 2021

Rubbish software security patches responsible for a quarter of zero-days last year Full Text

Abstract Zero-day flaws are a problem because they may be exploited for long periods of time before they're detected and dealt with. There were 24 of them in 2020, four more than in 2019.

The Register

February 4, 2021

Three More Vulnerabilities Found in SolarWinds Products Full Text

Abstract Customers urged to patch Orion and Serv-U FTP promptly

Infosecurity Magazine

February 4, 2021

Google: Incomplete Patches Caused Quarter of Zero-Days in 2020 Full Text

Abstract Attackers are capitalizing on lack of vendor thoroughness

Infosecurity Magazine

February 04, 2021

Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices Full Text

Abstract Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications. The six flaws were  reported  by researchers from Israeli IoT security firm Vdoo. The  Realtek RTL8195A  module is a standalone, low-power-consumption Wi-Fi hardware module targeted at embedded devices used in several industries such as agriculture, smart home, healthcare, gaming, and automotive sectors. It also makes use of an "Ameba" API, allowing developers to communicate with the device via Wi-Fi, HTTP, and  MQTT , a lightweight messaging protocol for small sensors and mobile devices. Although the issues uncovered by Vdoo were verified only on RTL8195A, the researchers said they extend to other modules as well, including RTL8711AM, RTL8711AF, and RTL8710AF. The flaws concern a mix of stack overflow, and out-of-bounds reads that stem from the Wi-Fi module's WPA2  fo

The Hacker News

February 3, 2021

SonicWall issues firmware patch after attackers exploited critical bugs Full Text

Abstract Fix addresses an exploit enabling admin credential access, and a remote code execution attack.

SCMagazine

February 3, 2021

TIM’s Red Team Research (RTR) discovered 2 new zero-day vulnerabilities in WordPress Plugin Limit Login Attempts Reloaded Full Text

Abstract Researchers from TIM’s Red Team Research (RTR) discovered 2 new zero-day vulnerabilities in WordPress Plugin Limit Login Attempts Reloaded Italy also joins the security bug research, with the Red Team Research laboratory of TIM, an important Italian...

Security Affairs

February 03, 2021

SonicWall fixes actively exploited SMA 100 zero-day vulnerability Full Text

Abstract SonicWall has released a patch for the zero-day vulnerability used in attacks against the SMA 100 series of remote access appliances.

BleepingComputer

February 03, 2021

Cisco fixes critical code execution bugs in SMB VPN routers Full Text

Abstract Cisco has addressed multiple pre-auth remote code execution (RCE) vulnerabilities affecting several small business VPN routers and allowing attackers to execute arbitrary code as root on successfully exploited devices.

BleepingComputer

February 3, 2021

Recently discovered CVE-2021-3156 SUDO bug also affects macOS Big Sur Full Text

Abstract Experts warn that the recently discovered heap-based buffer overflow bug in Linux SUDO also impacts the latest version of Apple macOS Big Sur. Recently Qualys researchers found a Sudo vulnerability, tracked as CVE-2021-3156, that has allowed any local...

Security Affairs

February 3, 2021

Weak ACLs in Adobe ColdFusion Allow Privilege Escalation Full Text

Abstract An unprivileged user on a Windows computer could place a malicious DLL file within the installation directory of Adobe ColdFusion, which would lead to arbitrary code execution with SYSTEM privileges.

Security Week

February 03, 2021

Microsoft Defender ATP detects Chrome updates as PHP backdoors Full Text

Abstract Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file.

BleepingComputer

February 3, 2021

Five Critical Android Bugs Patched, Part of Feb. Security Bulletin Full Text

Abstract February’s security update for the mobile OS includes a Qualcomm flaw rated critical, with a CVSS score of 9.8.

Threatpost

February 03, 2021

SolarWinds patches critical vulnerabilities in the Orion platform Full Text

Abstract Even with the security updates prompted by the recent SolarWinds Orion supply-chain attack, researchers still found some glaring vulnerabilities affecting the platform, one of them allowing code execution with top privileges.

BleepingComputer

February 3, 2021

Three new SolarWinds vulnerabilities found and patched Full Text

Abstract The discovery is the latest in what some predict will be a surge of both researchers and criminals looking at the company as a result of recent security events, which inevitably will lead to more vulnerabilities being found.

SCMagazine

February 3, 2021

SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover Full Text

Abstract The by-now infamous company has issued patches for three security vulnerabilities in total.

Threatpost

February 03, 2021

Latest macOS Big Sur also has SUDO root privilege escalation flaw Full Text

Abstract Recently discovered Linux SUDO privilege escalation vulnerability, CVE-2021-3156 (aka Baron Samedit) also impacts the latest Apple macOS Big Sur with no patch available yet.

BleepingComputer

February 03, 2021

3 New Severe Security Vulnerabilities Found In SolarWinds Software Full Text

Abstract Cybersecurity researchers on Wednesday disclosed three severe security vulnerabilities impacting SolarWinds products, the most severe of which could have been exploited to achieve remote code execution with elevated privileges. Two of the flaws (CVE-2021-25274 and CVE-2021-25275) were identified in the SolarWinds Orion Platform, while a third separate weakness (CVE-2021-25276) was found in the company's Serv-U FTP server for Windows,  said  cybersecurity firm Trustwave in technical analysis. None of the three security issues have been exploited in the unprecedented  supply chain attack  targeting the Orion Platform that came to light last December. The two sets of vulnerabilities in Orion and Serv-U FTP were disclosed to SolarWinds on December 30, 2020, and January 4, 2021, respectively, following which the company resolved the issues on January 22 and January 25. It's highly recommended that users install the latest versions of  Orion Platform  and Serv-U FTP ( 15.2.2 Ho

The Hacker News

February 2, 2021

Kids’ Health Insurer’s Website Vulnerable for 7 Years Full Text

Abstract The personal information of several thousand insurance applicants was inappropriately accessed, the organization says, but it has no evidence that anyone’s personal information was removed.

Info Risk Today

February 02, 2021

Apple pulls iCloud 12 for Windows 10 with Keychain sync feature Full Text

Abstract Apple has pulled iCloud 12 for Windows 10 from the Microsoft Store for what is believed to be issues with their new Chrome iCloud Keychain password synchronization feature.

BleepingComputer

February 1, 2021

The Next Cyberattack Is Already Under Way Full Text

Abstract A flaw can be harmless, but zero-days represent vulnerabilities that can be turned into weapons. And governments have been buying them and storing them in vaults, like vials of the bubonic plague.

New Yorker

February 01, 2021

SonicWall SMA 100 zero-day exploit actively used in the wild Full Text

Abstract A SonicWall SMA 100 zero-day vulnerability is being actively exploited in the wild, according to a tweet by cybersecurity firm NCC Group.

BleepingComputer

February 1, 2021

Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code Full Text

Abstract The flaw in the free-source library could have been ported to multiple applications.

Threatpost

February 1, 2021

Patient Monitor Plagued by Security Vulnerabilities Full Text

Abstract The VC150’s administrative web interface is vulnerable to a stored Cross-Site Scripting vulnerability (CVE-2020-27262). Further, the device can be shut down via keystroke injection.

Insinuator

February 1, 2021

Experts warn of active exploitation of SonicWall zero-day in the wild Full Text

Abstract Researchers from the security firm NCC Group warn of the exploitation in the wild of a SonicWall zero-day vulnerability. Security experts from the firm NCC Group have detected "indiscriminate" exploitation of a SonicWall zero-day in attacks in the wild,...

Security Affairs

February 1, 2021

Google discloses a severe flaw in widely used Libgcrypt encryption library Full Text

Abstract Google discovered a flaw in GNU Privacy Guard (GnuPG)'s Libgcrypt encryption library that could be exploited to get remote code execution. The popular white hat hacker Tavis Ormandy of Google Project Zero discovered a severe heap buffer overflow flaw...

Security Affairs

February 1, 2021

Researchers Spot SonicWall Exploit in the Wild Full Text

Abstract NCC Group urges customers to check logs

Infosecurity Magazine

February 1, 2021

SonicWall zero-day exploited in the wild Full Text

Abstract Researchers believe they identified the same zero-day vulnerability that a mysterious threat actor used to gain access to SonicWall's internal network in a security breach disclosed on January 23.

ZDNet

February 1, 2021

Exploiting a bug in Azure Functions to escape Docker Full Text

Abstract Expert disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited to escape the Docker container hosting them. Cybersecurity researcher Paul Litvak from Intezer Lab disclosed an unpatched vulnerability in Microsoft Azure...

Security Affairs

January 31, 2021

Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects Full Text

Abstract A "severe" vulnerability in GNU Privacy Guard (GnuPG)'s Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero, a security research unit within Google dedicated to finding zero-day bugs in hardware and software systems. No other versions of Libgcrypt are affected by the vulnerability. "There is a  heap buffer overflow  in libgcrypt due to an incorrect assumption in the block buffer management code," Ormandy  said . "Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs." GnuPG addressed the weakness almost immediately within a day after disclosure, while urging users to  stop using  the vulnerable version. The latest version can be dow

The Hacker News

January 30, 2021

Linux SUDO Flaw Lets Local Users Gain Root Privileges Full Text

Abstract SUDO is a Unix application that enables the system administrators to yield limited root rights to regular users who admitted in the...

Cyber Security News

January 29, 2021

Flaws in open source library used by DoD, IC for satellite imagery could lead to system takeovers Full Text

Abstract Two vulnerabilities discovered could lead to remote code execution, while another could lead to denial of service attacks.

SCMagazine

January 29, 2021

WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites Full Text

Abstract The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites.

Threatpost

January 29, 2021

Experts addressed flaws in Popup Builder WordPress plugin Full Text

Abstract Multiple issues in WordPress 'Popup Builder' Plugin could be exploited by hackers to perform various malicious actions on affected websites. Developers behind the "Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter" WordPress...

Security Affairs

January 29, 2021

Microsoft 365 Becomes Haven for BEC Innovation Full Text

Abstract Two new phishing tactics use the platform’s automated responses to evade email filters.

Threatpost

January 29, 2021

Vulnerabilities in open source streaming platforms YouPHPTube and AVideo could lead to RCE Full Text

Abstract Researchers from Synacktiv discovered multiple vulnerabilities in the source code shared by the projects that were due to a lack of user input sanitization, a technical write-up reads.

The Daily Swig

January 29, 2021

“Serious” vulnerability found in Libgcrypt, GnuPG’s cryptographic library Full Text

Abstract Libgcrypt 1.9.0, the newest version of a cryptographic library integrated in the GNU Privacy Guard (GnuPG) free encryption software, has a “severe” security vulnerability, warned Werner Koch.

Help Net Security

January 29, 2021

Windows Installer zero-day vulnerability gets free micropatch Full Text

Abstract A vulnerability in the Windows Installer component, which Microsoft attempted to fix several times to no avail, today received a micropatch to deny hackers the option of gaining the highest privileges on a compromised system.

BleepingComputer

January 28, 2021

Azure Functions vulnerability proves cloud users not always in control Full Text

Abstract A newly discovered Azure Functions vulnerability lets an attacker escalate privileges and escape the Azure Functions Docker to the Docker host. After an internal assessment, Microsoft determined that the vulnerability has no security impact on Azure Functions users because the Docker host itself gets protected by a Microsoft Hyper-V boundary, according to researchers from Intezer…

SCMagazine

January 28, 2021

Pirated themes and plugins are the most widespread threat to WordPress sites Full Text

Abstract "Overall, the Wordfence scanner found malware originating from a nulled plugin or theme on 206,000 sites, accounting for over 17% of all infected sites," Wordfence said on Wednesday.

ZDNet

January 28, 2021

Potential remote code execution vulnerability uncovered in Node.js apps Full Text

Abstract Made public by self-described security researcher Shoeb ‘CaptainFreak’ Patel on January 23, the research suggests that Express.js may be susceptible to local file read errors.

The Daily Swig

January 28, 2021

CISA warns of high-severity flaws in Fuji Electric Tellus Lite V-Simulator and Server Lite Full Text

Abstract The U.S. CISA published a security advisory for High-Severity flaws in some SCADA/HMI products made by Japanese company Fuji Electric. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a security advisory to warn industrial organizations...

Security Affairs

January 27, 2021

Even dead employees pose a security risk when their accounts are still active Full Text

Abstract Ransomware attackers compromised deceased employee’s account to access a domain admin account. The incident is a sad reminder of some cyber hygiene standards too often overlooked.

SCMagazine

January 27, 2021

Apple Patches Three New iOS Zero-Days Full Text

Abstract While Apple has a significant focus on making iOS secure, one researcher said increasingly complex capabilities often bring vulnerabilities.

SCMagazine

January 27, 2021

‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug grants Linux root access Full Text

Abstract Cybersecurity researchers and the U.S. Cyber Command are warning users about a decade-old buffer overflow bug in sudo that can grant root access to malicious users with low level access to systems. The vulnerability, discovered by Qualys and nicknamed “Baron Samedit,” affects all versions of Linux Qualys has tested against. The glitch allows users, even…

SCMagazine

January 27, 2021

Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming Full Text

Abstract A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren’t connected to the internet.

Threatpost

January 27, 2021

New Docker Container Escape Bug Affects Microsoft Azure Functions Full Text

Abstract Cybersecurity researchers today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab 's investigations into the Azure compute infrastructure. Following disclosure to Microsoft, the Windows maker is said to have "determined that the vulnerability has no security impact on Function users, since the host itself is still protected by another defense boundary against the elevated position we reached in the container host." Azure Functions , analogous to Amazon AWS Lambda, is a serverless solution that allows users to run event-triggered code without having to provision or manage infrastructure explicitly while simultaneously making it possible to scale and allocate compute and resources based on demand. By incorporating Docker into the mix, it makes it possible for developers to easily deploy and run Azure F

The Hacker News

January 27, 2021

Apple addresses three iOS zero-day flaws exploited in the wild Full Text

Abstract Apple has addressed three zero-day vulnerabilities in its iOS operating system that have been exploited in the wild. Apple has addressed three zero-day vulnerabilities in iOS that have been exploited in the wild with the release of security updates...

Security Affairs

January 27, 2021

Warning Issued Over Hackable ADT’s LifeShield Home Security Cameras Full Text

Abstract Newly discovered security vulnerabilities in ADT's Blue (formerly LifeShield) home security cameras could have been exploited to hijack both audio and video streams. The  vulnerabilities  (tracked as CVE-2020-8101) were identified in the video doorbell camera by Bitdefender researchers in February 2020 before they were eventually addressed on August 17, 2020. LifeShield was acquired by Florida-based ADT Inc. in 2019, with Lifeshield's DIY home security solutions rebranded as Blue as of January 2020. The company's products had a 33.6% market share in the U.S. last year. The security issues in the doorbell camera allow an attacker to Obtain the administrator password of the camera by simply knowing its MAC address, which is used to identify a device uniquely Inject commands locally to gain root access, and Access audio and video feeds using an unprotected  RTSP  (Real-Time Streaming Protocol) server The doorbell is designed to periodically send heartbeat messages t

The Hacker News

January 27, 2021

Here’s how a researcher broke into Microsoft VS Code’s GitHub Full Text

Abstract This month a researcher was awarded a bug bounty award of an undisclosed amount after he broke into the official GitHub repository of Microsoft Visual Studio Code. A vulnerability in VS Code's issue management function and a lack of authentication checks enabled the researcher to obtain push access, and write to the repository.

BleepingComputer

January 27, 2021

Vulnerability Spotlight: Denial-of-service vulnerabilities in Micrium uc-HTTP’s HTTP server Full Text

Abstract A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. An attacker can use a specially crafted HTTP request to trigger a denial of service condition.

Talos

January 27, 2021

Heap-based buffer overflow in Linux Sudo allows local users to gain root privileges Full Text

Abstract CVE-2021-3156 Sudo vulnerability has allowed any local user to gain root privileges on Unix-like operating systems without authentication. Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed...

Security Affairs

January 26, 2021

Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild Full Text

Abstract Apple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild. Reported by an anonymous researcher, the three  zero-day   flaws  — CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871 — could have allowed an attacker to elevate privileges and achieve remote code execution. The iPhone maker did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them. While the privilege escalation bug in the kernel (CVE-2021-1782) was noted as a race condition that could cause a malicious application to elevate its privileges, the other two shortcomings — dubbed a "logic issue" — were discovered in the WebKit browser engine (CVE-2021-1870 and CVE-2021-1871), permitting an attacker to achieve arbitrary code execution inside Safari. Apple said the race condition and the WebKit flaws were addressed with improved locking and restrictions, resp

The Hacker News

January 26, 2021

Nvidia Squashes High-Severity Jetson DoS Flaw Full Text

Abstract If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products.

Threatpost

January 26, 2021

New Linux SUDO flaw lets local users gain root privileges Full Text

Abstract A now-fixed Sudo vulnerability allowed any local user to gain root privileges on Unix-like operating systems without requiring authentication.

BleepingComputer

January 26, 2021

TikTok Bug Gave Access to Contacts’ Profile Details Full Text

Abstract Check Point reveals now-fixed vulnerability

Infosecurity Magazine

January 26, 2021

Google fixes severe Golang Windows RCE vulnerability Full Text

Abstract This month Google engineers have fixed two vulnerabilities in the Go language (Golang), including a severe RCE flaw, and a cryptographic weakness. The RCE vulnerability tracked as CVE-2021-3115 mainly impacts Windows users of Go running the 'go get' command, due to the default behavior of Windows PATH lookups.

BleepingComputer

January 26, 2021

TikTok fixes flaws allowing theft of private user information Full Text

Abstract ByteDance, the tech firm behind TikTok, has fixed a security vulnerability in the video-sharing social networking service which could have allowed attackers to steal users' private information.

BleepingComputer

January 26, 2021

TikTok Bug Could Have Exposed Users’ Profile Data and Phone Numbers Full Text

Abstract Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked a phone number with their account or logged in with a phone number, successful exploitation of the vulnerability could have resulted in data leakage and privacy violation, Check Point Research said in an analysis shared with The Hacker News. TikTok has deployed a fix to address the shortcoming following responsible disclosure from Check Point researchers. The newly discovered bug resides in TikTok's " Find friends " feature that allows users to sync their contacts with the service to identify potential people to follow. The contacts are uploaded to TikTok via an HTTP request in the form of a list that consists of hashed contact names and the corresponding phone numbers

The Hacker News

January 26, 2021

Hackers Can Exploit Windows RDP Servers to Amplify DDoS Attacks Full Text

Abstract These days, Windows Remote Desktop Protocol (RDP) servers are being exploited by DDoS-for-hire services to expand Distributed Denial of Service (DDoS) attacks....

Cyber Security News

January 26, 2021

Claroty Discloses Multiple Critical Vulns in Vendor Implementations of Key OT Protocol Full Text

Abstract Researchers from Claroty this week disclosed multiple critical vulnerabilities in vendor implementations of the Open Platform Communications (OPC) network protocol that is widely used in operational technology (OT) networks.

Dark Reading

January 26, 2021

CrowdStrike Discloses Details of Recently Patched Windows NTLM Vulnerability Full Text

Abstract One of the vulnerabilities that Microsoft addressed on January 2021 Patch Tuesday could allow an attacker to relay NTLM authentication sessions and then execute code remotely, using a printer spooler MSRPC interface.

Security Week

January 26, 2021

DDoS Attackers Exploit Vulnerable Microsoft RDP Servers Full Text

Abstract Threat actors are exploiting vulnerable Microsoft Remote Desktop Protocol servers to amplify various distributed denial-of-service attacks, according to a report from application and network performance firm Netscout.

Gov Info Security

January 25, 2021

Cisco DNA Center Bug Opens Enterprises to Remote Attack Full Text

Abstract The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks.

Threatpost

January 25, 2021

Industrial Firms Informed About Serious Vulnerabilities in Matrikon OPC Product Full Text

Abstract Industrial organizations have been informed about the existence of several potentially serious vulnerabilities affecting an OPC UA product made by Honeywell subsidiary Matrikon.

Security Week

January 25, 2021

Unsecured Server Leaks 323,000 Cook County Court Records Containing Personal Data and Case Notes Full Text

Abstract On the day of discovery, a Saturday, WebsitePlanet informed the Cook County CTO about the exposure. Early the following Monday, the database was secured and public access restricted.

Security Week

January 23, 2021

Experts Detail A Recent Remotely Exploitable Windows Vulnerability Full Text

Abstract More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager ( NTLM ) that was addressed by Microsoft as part of its monthly  Patch Tuesday updates  earlier this month. The flaw, tracked as  CVE-2021-1678  (CVSS score 4.3), was described as a "remotely exploitable" flaw found in a vulnerable component bound to the network stack, although exact details of the flaw remained unknown. Now according to researchers from Crowdstrike, the security bug, if left unpatched, could allow a bad actor to achieve remote code execution via an NTLM relay. "This vulnerability allows an attacker to relay NTLM authentication sessions to an attacked machine, and use a printer spooler  MSRPC  interface to remotely execute code on the attacked machine," the researchers  said  in a Friday advisory. NTLM relay attacks are a kind of man-in-the-middle (MitM) attacks that typically permit attackers with access to a network to intercept legitimate authe

The Hacker News

January 23, 2021

Beware! Fully-Functional Released Online for SAP Solution Manager Flaw Full Text

Abstract Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as  CVE-2020-6207 , that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP  SolMan  is an application management and administration solution that offers end-to-end application lifecycle management in distributed environments, acting as a centralized hub for implementing and maintaining SAP systems such as ERP, CRM, HCM, SCM, BI, and others. "A successful exploitation could allow a remote unauthenticated attacker to execute highly privileged administrative tasks in the connected  SAP SMD Agents ," researchers from Onapsis  said , referring to the Solution Manager Diagnostics toolset used to analyze and monitor SAP systems. The vulnerability, which has the highest possible CVSS base score of 10.0, was addressed by SAP as part of its  March 2020  u

The Hacker News

January 22, 2021

Sharing eBook With Your Kindle Could Have Let Hackers Hijack Your Account Full Text

Abstract Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book. Dubbed " KindleDrip ," the exploit chain takes advantage of a feature called " Send to Kindle " to send a malware-laced document to a Kindle device that, when opened, could be leveraged to remotely execute arbitrary code on the device and make unauthorized purchases. "The code runs as root, and the attacker only needs to know the email address assigned to the victim's device,"  said  Yogev Bar-On, a security researcher for Readlmode Labs, in a technical write-up on Thursday. The first vulnerability lets a bad actor send an e-book to a Kindle, the second flaw allows for remote code execution while the e-book is parsed, and a third issue makes it possible to escalate privileges and run the code as the "root" user. When linked together, these weaknesses

The Hacker News

January 22, 2021

SAP SolMan exploit released for max severity pre-auth flaw Full Text

Abstract Fully-functional exploit code is now publicly available for a maximum severity pre-auth vulnerability impacting default configurations of an SAP Solution Manager (SolMan) component.

BleepingComputer

January 22, 2021

KindleDrip exploit – Hacking a Kindle device with a simple email Full Text

Abstract KindleDrip: Amazon addressed a number of flaws affecting the Kindle e-reader that could have allowed an attacker to take control of victims' devices. Security experts at Realmode Labs discovered multiple vulnerabilities in the Kindle e-reader that...

Security Affairs

January 22, 2021

Shazam Vulnerability exposed location of Android, iOS users Full Text

Abstract Due to Shazam having been acquired then by Apple, the researcher was asked to take up the issue with Apple which led the flaw to be finally patched on March 26, 2019, both on iOS and Android.

Hackread

January 22, 2021

Dnsmasq Vulnerabilities Threaten DNS Integrity Full Text

Abstract Israeli researchers shared details on seven extremely critical DNS-related vulnerabilities, tracked as DNSpooq, exposing millions of devices to a variety of DNS cache poisoning attacks.

Cyware Alerts - Hacker News

January 22, 2021

Drupal releases fix for critical vulnerability with known exploits Full Text

Abstract Drupal has released a security update to address a critical vulnerability in a third-party library with documented or deployed exploits available in the wild.

BleepingComputer

January 22, 2021

Windows-native PDF viewers vulnerable to multiple attack techniques Full Text

Abstract The vast majority of the most popular Windows-native PDF viewers were vulnerable to multiple attack techniques exploiting standard PDF features, a team of security researchers has discovered.

The Daily Swig

January 22, 2021

Retail and hospitality sector fixing software flaws at a faster rate than others Full Text

Abstract The retail and hospitality sector is fixing software flaws at a faster rate than five other sectors, a recent Veracode analysis of more than 130,000 applications reveals.

Help Net Security

January 22, 2021

Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover Full Text

Abstract Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user’s email address.

Security Week

January 22, 2021

Drupal fixed a new flaw related PEAR Archive_Tar library Full Text

Abstract Drupal development team released security updates to address a vulnerability that resides in the PEAR Archive_Tar third-party library. The Drupal development team has released security updates to address the CVE-2020-36193 vulnerability in the PEAR...

Security Affairs

January 22, 2021

Vulnerability with VLC Player 3.0.11 Let Attackers Execute Code Remotely Full Text

Abstract VLC is a free and open-source cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs,...

Cyber Security News

January 22, 2021

DNSpooq Vulnerability In DNS software Let Attackers hijack Millions of Network Devices Full Text

Abstract Recently, cybersecurity experts have detected nearly 7 vulnerabilities in a very popular DNS software set that has been executed in routers and...

Cyber Security News

January 21, 2021

Joe Biden’s Peloton bike may pose cybersecurity risk, experts warn Full Text

Abstract It is not the first time the issue has been raised. A 2017 review revealed that former first lady Michelle Obama had been supplied with a modified Peloton that came without a camera or microphone.

The Guardian

January 21, 2021

Exploit Allows Root Access to SAP Full Text

Abstract Functional exploit affecting SAP made available to threat actors via GitHub

Infosecurity Magazine

January 21, 2021

Experts warn of scanning activity for critical SAP SolMan flaw after the release of exploit Full Text

Abstract Experts warn of automated scanning activity for servers affected by a critical SAP SolMan flaw after the release of an exploit code. Experts warn of an automated scanning activity for servers affected by vulnerabilities in SAP software, attackers...

Security Affairs

January 21, 2021

Oracle’s January 2021 CPU Contains 329 New Security Patches Full Text

Abstract The January 2021 CPU also includes fixes for CVE-2020-14750, an exploited vulnerability in WebLogic Server, which Oracle addressed with the release of an out-of-band update on November 1, 2020.

Security Week

January 21, 2021

Scanning Activity Detected After Release of Exploit for Critical SAP SolMan Flaw Full Text

Abstract The flaw is a missing authorization check in the EEM Manager component of SolMan, which could allow an unauthenticated, remote attacker to execute operating system commands on hosts, as the SMDAgent.

Security Week

January 21, 2021

Security Bug in YouTube Exposes Viewing History, Playlists of Users Full Text

Abstract Opening a website with an embedded YouTube video potentially allowed miscreants to access a user’s viewing history, favorites, and playlists, due to a security bug in the embedded player.

The Daily Swig

January 21, 2021

Cisco fixed multiple flaws in Cisco SD-WAN products and Smart Software Manager Satellite Web UI Full Text

Abstract Cisco fixed multiple flaws in Cisco SD-WAN products that could allow an unauthenticated, remote attacker to execute attacks against its devices. Cisco released security updates to address multiple flaws in Cisco SD-WAN products could allow an unauthenticated,...

Security Affairs

January 20, 2021

Logic bugs found in popular apps, including Signal and FB Messenger Full Text

Abstract Flaws in popular messaging apps, such as Signal and FB Messenger allowed to force a target device to transmit audio to an attacker device. Google Project Zero security researcher Natalie Silvanovich found multiple flaws in popular video conferencing...

Security Affairs

January 20, 2021

Critical Cisco SD-WAN Bugs Allow RCE Attacks Full Text

Abstract Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite.

Threatpost

January 20, 2021

NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs Full Text

Abstract The company also issued patches for Tesla-based GPUs as part of an updated, separate security advisory.

Threatpost

January 20, 2021

Cisco fixes critical pre-auth bugs in SD-WAN, cloud license manager Full Text

Abstract Cisco has released security updates to address pre-auth remote code execution (RCE) vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software.

BleepingComputer

January 20, 2021

Chrome 88 Drops Flash, Patches Critical Vulnerability Full Text

Abstract The new browser iteration arrives with patches for a total of 36 vulnerabilities. The flaws can be exploited if the user visits or is redirected to a specially crafted webpage.

Security Week

January 20, 2021

Bugs in Facebook, Google chat, JioChat Let Attackers Spy on the Users Full Text

Abstract Google’s Project Zero security researcher, Natalie Silvanovich discovered a serious vulnerability in Group FaceTime which allowed an attacker to call a target...

Cyber Security News

January 20, 2021

Google Discloses Flaws in Signal, FB Messenger, JioChat Messaging Apps Full Text

Abstract In January 2019, a  critical flaw  was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incoming call. The vulnerability was deemed so severe that the iPhone maker removed the FaceTime group chats feature altogether before the issue was resolved in a subsequent iOS update. Since then, a number of similar shortcomings have been discovered in multiple video chat apps such as Signal, JioChat, Mocha, Google Duo, and Facebook Messenger — all thanks to the work of Google Project Zero researcher Natalie Silvanovich. "While [the Group FaceTime] bug was soon fixed, the fact that such a serious and easy to reach vulnerability had occurred due to a logic bug in a calling state machine — an attack scenario I had never seen considered on any platform — made me wonder whether other sta

The Hacker News

January 20, 2021

Google Research Pinpoints Security Soft Spot in Multiple Chat Platforms Full Text

Abstract Mystery of spying using popular chat apps uncovered by Google Project Zero researcher.

Threatpost

January 20, 2021

Retail and Hospitality Facing Deluge of Critical Web App Flaws Full Text

Abstract Sector has one of the worst rates of high severity bugs

Infosecurity Magazine

January 20, 2021

Microsoft to Launch ‘Enforcement Mode’ for Zerologon Flaw Full Text

Abstract Microsoft has warned security admins that starting with its February 9 security update, it will enable Domain Controller (DC) enforcement mode by default as a means of addressing the Zerologon flaw.

Dark Reading

January 20, 2021

Multiple vulnerabilities discovered in PrusaSlicer Full Text

Abstract Two functions in the software could be exploited with specially crafted OBJ and AMF files to cause an out-of-bounds write condition or a buffer overflow, and then execute code on the victim machine.

Talos

January 20, 2021

New Reolink P2P Vulnerabilities Show IoT Security Camera Risks Full Text

Abstract Nozomi Networks Labs has discovered vulnerabilities in the Peer-to-Peer (P2P) feature of a commonly used line of security cameras – Reolink, including lack of encryption and credential leakage.

Nozomi Networks

January 20, 2021

List of DNSpooq vulnerability advisories, patches, and updates Full Text

Abstract Yesterday, seven Dnsmasq vulnerabilities were disclosed, collectively known as DNSPooq, that attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks, on affected devices. In this article we list all the available security advisories related to these vulnerabilities.

BleepingComputer

January 19, 2021

SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach Full Text

Abstract Tactics expose the need for organizations to develop cohesive playbooks for breaches affecting hybrid environments.

SCMagazine

January 19, 2021

7 vulnerabilities in popular DNS forwarding software open door to range of attacks Full Text

Abstract Researchers at JSOF have discovered distinct spoofing and buffer overflow vulnerabilities associated with DNSMasq, used in networking devices to cache and forward Domain Name System requests.

SCMagazine

January 19, 2021

Bugs in Signal, Facebook, Google chat apps let attackers spy on users Full Text

Abstract Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls.

BleepingComputer

January 19, 2021

Zero-day Threats Zeroing-in Again Full Text

Abstract Infosec researchers recently found a zero-day flaw in Windows 10, including the latest version, that allows attackers to corrupt an NTFS-formatted hard drive with a one-line command.

Cyware Alerts - Hacker News

January 19, 2021

DNSpooq bugs let attackers hijack DNS on millions of devices Full Text

Abstract Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning and remote code execution against millions of affected devices.

BleepingComputer

January 19, 2021

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder Full Text

Abstract Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System (DNS) responses, thereby potentially allowing an adversary to mount DNS  cache poisoning attacks  and remotely execute malicious code. The flaws, collectively called "DNSpooq" by Israeli research firm JSOF, echoes previously disclosed weaknesses in the DNS architecture, making Dnsmasq servers powerless against a range of attacks. "We found that Dnsmasq is vulnerable to DNS cache poisoning attack by an off-path attacker (i.e., an attacker that does not observe the communication between the DNS forwarder and the DNS server)," the researchers noted in a report published today. "Our attack allows for poisoning of multiple domain names at once, and is a result of several vulnerabilities found. The attack can be completed successfully under seconds or few minutes, and have no special requirements. We also found that many

The Hacker News

January 19, 2021

Researchers Earn $50,000 for Hacking Apple Servers Full Text

Abstract Jaiswal and Maini said their research focused on Apple hosts running a content management system (CMS) powered by Lucee, an open-source scripting language designed for developing web applications.

Security Week

January 18, 2021

Apple paid a $50,000 bounty to two bug bounty hunters for hacking its hosts Full Text

Abstract A duo of white hat hackers claims to have earned $50,000 from Apple for reporting serious flaws that allowed them to company's servers. The Indian white hat hackers Harsh Jaiswal and Rahul Maini claim to have discovered multiple flaws that allowed...

Security Affairs

January 18, 2021

CoTURN patches access control protection bypass vulnerability in its VoIP system Full Text

Abstract Berlin-based Enable Security has urged organizations that use the open source servers, which power VoIP platforms, to apply their configuration advice as well as the latest software update.

The Daily Swig

January 18, 2021

Multiple backdoors and vulnerabilities discovered in FiberHome routers Full Text

Abstract At least 28 backdoor accounts and several other vulnerabilities have been discovered in the firmware of a popular FTTH ONT router, widely deployed across South America and Southeast Asia.

ZDNet

January 17, 2021

Windows 10 bug causes a BSOD crash when opening a certain path Full Text

Abstract A bug in Windows 10 causes the operating system to crash with a Blue Screen of Death simply by opening a certain path in a browser's address bar or using other Windows commands.

BleepingComputer

January 17, 2021

Critical flaws in Orbit Fox WordPress plugin allows site takeover Full Text

Abstract Two vulnerabilities in the Orbit Fox WordPress plugin, a privilege-escalation issue and a stored XSS bug, can allow site takeover. Security experts from Wordfence have discovered two security vulnerabilities in the Orbit Fox WordPress plugin. The flaws...

Security Affairs

January 16, 2021

Two kids found a screensaver bypass in Linux Mint Full Text

Abstract The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. The maintainers of the Linux Mint project have addressed a security bug that could have allowed attackers to bypass...

Security Affairs

January 16, 2021

Siemens fixed tens of flaws in Siemens Digital Industries Software products Full Text

Abstract Siemens has addressed tens of vulnerabilities in Siemens Digital Industries Software products that can allow arbitrary code execution. Siemens has addressed 18 vulnerabilities affecting some products of Siemens Digital Industries Software which provides...

Security Affairs

January 16, 2021

Linux Mint fixes screensaver bypass discovered by two kids Full Text

Abstract The Linux Mint project has patched this week a security flaw that could have allowed a threat actor to bypass the OS screensaver and its password and access locked desktops.

ZDNet

January 15, 2021

Windows Finger command abused by phishing to download malware Full Text

Abstract Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices.

BleepingComputer

January 15, 2021

Microsoft warns of incoming Windows Zerologon patch enforcement Full Text

Abstract Microsoft today warned admins that updates addressing the Windows Zerologon vulnerability will transition into the enforcement phase starting next month.

BleepingComputer

January 15, 2021

Undisclosed Apache Velocity XSS vulnerability impacts GOV sites Full Text

Abstract An undisclosed XSS vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA.

BleepingComputer

January 15, 2021

Vulnerability Exposes F5 BIG-IP Systems to Remote DoS Attacks Full Text

Abstract According to F5 Networks, the vulnerability is related to a component named Traffic Management Microkernel (TMM), which processes all load-balanced traffic on BIG-IP systems.

Security Week

January 15, 2021

Over 70 Vulnerabilities Will Remain Unpatched in EOL Cisco Routers Full Text

Abstract A total of 68 high-severity flaws were identified in Cisco’s Small Business RV110W, RV130, RV130W, and RV215W routers, but the patches won’t be released because these devices have reached EOL.

Security Week

January 15, 2021

Vulnerabilities Can Allow Hackers to Create Backdoors in Comtrol Industrial Gateways Full Text

Abstract Several flaws have been identified in Pepperl+Fuchs Comtrol IO-Link Master industrial gateways, including those that can be exploited to gain root access to a device and create backdoors.

Security Week

January 15, 2021

Cisco says its RV routers will no longer receive updates Full Text

Abstract Cisco announced it will no longer release firmware updates to fix 74 vulnerabilities affecting its RV routers, which reached end-of-life (EOL). Cisco will no longer release firmware updates to address 74 vulnerabilities affecting some of its RV routers...

Security Affairs

January 14, 2021

Expert discovered a DoS vulnerability in F5 BIG-IP systems Full Text

Abstract A security researcher discovered a flaw in the F5 BIG-IP product that can be exploited to conduct denial-of-service (DoS) attacks. The security expert Nikita Abramov from Positive Technologies discovered a DoS vulnerability, tracked as CVE-2020-27716,...

Security Affairs

January 14, 2021

2020 Saw 6% Rise in Number of CVEs Reported Full Text

Abstract Number of reported Common Vulnerabilities and Exposures grew 6% year on year in 2020

Infosecurity Magazine

January 14, 2021

Office January security updates fix remote code execution bugs Full Text

Abstract Microsoft addresses important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates released during this month's Patch Tuesday.

BleepingComputer

January 14, 2021

Apple nixes feature that let its apps skip VPNs and firewalls, after criticism from researchers Full Text

Abstract The software essentially exempted Apple’s own programs from being routed through its Network Extension Framework, which the company created for third-party security products to monitor and filter network traffic.

SCMagazine

January 14, 2021

Windows 10 bug corrupts your hard drive on seeing this file’s icon Full Text

Abstract An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command.

BleepingComputer

January 14, 2021

Cisco addresses a High-severity flaw in CMX Software Full Text

Abstract Cisco addressed tens of high-severity flaws, including some flaws in the AnyConnect Secure Mobility Client and in its small business routers. This week Cisco released security updates to address 67 high-severity vulnerabilities, including issues...

Security Affairs

January 14, 2021

Understanding TCP/IP Stack Vulnerabilities in the IoT Full Text

Abstract Internet of Things devices are highly susceptible to attacks, breaches, and flaws emanating from issues within the TCP/IP network communications architecture. Here's an overview of what you need to know to mitigate risks.

Dark Reading

January 13, 2021

High-Severity Cisco Flaw Found in CMX Software For Retailers Full Text

Abstract Cisco fixed high-severity flaws tied to 67 CVEs overall, including ones found inits AnyConnect Secure Mobility Client and in its RV110W, RV130, RV130W, and RV215W small business routers.

Threatpost

January 13, 2021

Critical WordPress-Plugin Bug Found in ‘Orbit Fox’ Allows Site Takeover Full Text

Abstract Two security vulnerabilities — one a privilege-escalation problem and the other a stored XSS bug — afflict a WordPress plugin with 40,000 installs.

Threatpost

January 13, 2021

Perils of coding errors play out in Parler slip up Full Text

Abstract Applied to internet applications in general, the IDOR problems that led to the Parler exposure could extend to anything stored sequentially and not secured individually — receipts, posts, and in many instances entire accounts.

SCMagazine

January 13, 2021

Sophisticated Hacks Against Android, Windows Reveals Zero-Day Trove Full Text

Abstract Watering-hole attacks executed by ‘experts’ exploited Chrome, Windows and Android flaws and were carried out on two servers.

Threatpost

January 13, 2021

Microsoft fixes Secure Boot bug allowing Windows rootkit installation Full Text

Abstract Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system's booting process even when Secure Boot is enabled.

BleepingComputer

January 13, 2021

Assessing the Vulnerabilities Equities Process, Three Years After the VEP Charter Full Text

Abstract The government has failed to deliver on its promises of greater transparency.

Lawfare

January 13, 2021

Microsoft Patch Tuesday for January 2021 fixes 83 flaws, including an actively exploited issue Full Text

Abstract Microsoft Patch Tuesday security updates for January 2021 address 83 vulnerabilities, including a critical flaw actively exploited in the wild. Microsoft Patch Tuesday security updates for January 2021 fix 83 security vulnerabilities in multiple products,...

Security Affairs

January 13, 2021

Misconfigurations in Spring Data projects could leave web apps open to abuse Full Text

Abstract The issue lies within Spring’s Application-Level Profile Semantics (ALPS) feature which is defined as “a data format for defining simple descriptions of application-level semantics”.

The Daily Swig

January 13, 2021

SAP Patches Serious Code Injection, DoS Vulnerabilities Full Text

Abstract SAP has published 10 advisories to document flaws and fixes for a range of serious security vulnerabilities. SAP also published a total of 7 other updates for previously released security notes.

Security Week

January 13, 2021

Microsoft Fixes Windows Defender Zero-Day Bug Full Text

Abstract First Patch Tuesday of 2021 featured updates for just 83 CVEs

Infosecurity Magazine

January 13, 2021

Multiple Flaws With Fortinet FortiWeb WAF Would Allow Attackers to Hack Corporate Networks Full Text

Abstract The cybersecurity researchers of Positives Technologies have detected some severe flaws in the Fortinet FotiWeb web application firewall. According to the security...

Cyber Security News

January 12, 2021

Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes Full Text

Abstract The first Patch Tuesday security bulletin for 2021 from Microsoft includes fixes for one bug under active attack, possibly linked to the massive SolarWinds hacks.

Threatpost

January 12, 2021

Microsoft January 2021 Patch Tuesday fixes 83 flaws, 1 zero-day Full Text

Abstract Today is Microsoft's January 2021 Patch Tuesday, and it is the first Microsoft security update release in 2021, so please be very nice to your Windows administrators today.

BleepingComputer

January 12, 2021

Microsoft patches Defender antivirus zero-day exploited in the wild Full Text

Abstract Microsoft has addressed a zero-day vulnerability in the Microsoft Defender antivirus, exploited in the wild by threat actors before the patch was released.

BleepingComputer

January 12, 2021

Microsoft January 2021 Patch Tuesday fixes 83 vulnerabilities, 1 zero-day Full Text

Abstract Today is Microsoft's January 2021 Patch Tuesday, and it is the first Microsoft security update release in 2021, so please be very nice to your Windows administrators today.

BleepingComputer

January 12, 2021

Adobe Fixes 7 Critical Flaws, Blocks Flash Player Content Full Text

Abstract Adobe issued patches for seven critical arbitrary-code-execution flaws plaguing Windows and MacOS users.

Threatpost

January 12, 2021

GitLab addresses numerous vulnerabilities in latest security release Full Text

Abstract Insufficient validation of authentication parameters in GitLab Page for GitLab versions 11.5 onwards gives potential attackers the ability to steal a user’s API access token through GitLab Pages.

The Daily Swig

January 12, 2021

Facebook Awards Big Bounties for Invisible Post and Account Takeover Vulnerabilities Full Text

Abstract Bug bounty hunter Pouya Darabi discovered that an attacker could have created invisible posts on a Facebook page, including verified pages, without having any permissions on the targeted page.

Security Week

January 12, 2021

Computer science student finds a bug in YouTube that allows users to watch private videos Full Text

Abstract The bug was fixed in January 2020, after it was identified in December 2019, by David Schütz, a computer science student in Hungary, and reported to Google through the company's bug bounty program.

The Register

January 11, 2021

Typeform fixes Zendesk Sell form data hijacking vulnerability Full Text

Abstract Online survey and form creator Typeform has quietly patched a data hijacking vulnerability in its Zendesk Sell integration. If exploited, the vulnerability could let attacks redirect the form submissions containing potentially sensitive information to themselves.

BleepingComputer

January 11, 2021

SQL injection: The bug that seemingly can’t be squashed Full Text

Abstract It’s a common vulnerability that, despite being easily remedied, continues to plague our software and, if left undetected, provides a small window of opportunity to potential attackers.

Help Net Security

January 8, 2021

Nvidia releases security updates for GPU display driver and vGPU flaws Full Text

Abstract Nvidia has released security updates to address high-severity vulnerabilities affecting the Nvidia GPU display driver and vGPU software.  Nvidia has addressed a total of 16 flaws, including high-severity vulnerabilities affecting the Nvidia GPU display...

Security Affairs

January 8, 2021

Linux machines again targeted by hackers with new memory loader Full Text

Abstract The Ezuri loader filelessly executes malware on Linux machines from memory, using a technique that is more common in Windows.

SCMagazine

January 8, 2021

Investigation launched into vulnerabilities found within US Judiciary case file system Full Text

Abstract With the investigation ongoing, Judiciary said federal courts across the country will be adding new security procedures aimed at protecting highly sensitive confidential documents filed with courts.

ZDNet

January 08, 2021

NVIDIA fixes high severity flaws affecting Windows, Linux devices Full Text

Abstract NVIDIA has released security updates to address six security vulnerabilities found in Windows and Linux GPU display drivers, as well as ten additional flaws affecting the NVIDIA Virtual GPU (vGPU) management software. 

BleepingComputer

January 8, 2021

Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 87 Update Full Text

Abstract The most important of these use-after-free issues affect autofill, drag and drop, and media components, and are tracked as CVE-2021-21106, CVE-2021-21107, and CVE-2021-21108, respectively.

Security Week

January 8, 2021

Researchers Break Google Audio reCAPTCHA with Google’s own Speech to Text API Full Text

Abstract The cybersecurity researcher Nikolai Tschacherthe has recently posted a proof-of-concept (POC) video of an attack that Breaks Google Audio reCAPTCHA with Google's...

Cyber Security News

January 8, 2021

Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking Full Text

Abstract Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.

Threatpost

January 7, 2021

Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws Full Text

Abstract In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.

Threatpost

January 07, 2021

Windows PsExec zero-day vulnerability gets a free micropatch Full Text

Abstract A free micropatch fixing a local privilege escalation (LPE) vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform.

BleepingComputer

January 7, 2021

Fortinet updates web application firewall to protect against SQL injection, denial-of-service attacks Full Text

Abstract This vulnerability in the user interface of FortiWeb allowed an unauthenticated, remote attacker to execute arbitrary SQL queries or commands before it was resolved, an advisory from Fortinet admits.

The Daily Swig

January 7, 2021

Multiple flaws in Fortinet FortiWeb WAF could allow corporate networks to hack Full Text

Abstract An expert found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could expose corporate networks to hack. Andrey Medov, a security researcher at Positive Technologies, found multiple serious vulnerabilities...

Security Affairs

January 6, 2021

Google fixed a critical Remote Code Execution flaw in Android Full Text

Abstract Google released an Android security update that addressed tens of flaws, including a critical Android remote code execution vulnerability. Google released an Android security update that addresses 43 flaws, including a critical remote code execution...

Security Affairs

January 6, 2021

Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw Full Text

Abstract More than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover.

Threatpost

January 6, 2021

Multiple vulnerabilities found in SoftMaker Office TextMaker Full Text

Abstract Cisco Talos recently discovered multiple vulnerabilities in SoftMaker's TextMaker software. A user could trigger these vulnerabilities by opening an attacker-created, malicious document.

Talos

January 6, 2021

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack Full Text

Abstract Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583,...

Security Affairs

January 5, 2021

RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework Full Text

Abstract Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases.

Threatpost

January 5, 2021

Google Warns of Critical Android Remote Code Execution Bug Full Text

Abstract Google’s Android security update addressed 43 bugs overall affecting Android handsets, including Samsung phones.

Threatpost

January 5, 2021

Google Releases January 2021 Security Updates for Android Full Text

Abstract Addressed as part of the 2021-01-01 security patch level and tracked as CVE-2021-0316, the most important of these flaws is a critical remote code execution bug in System.

Security Week

January 5, 2021

Critical RCE, account takeover flaws patched in Rock RMS church management platform Full Text

Abstract Rock RMS, a ‘relationship management system’ for churches, was affected by a pair of critical vulnerabilities that could lead to account takeover and remote code execution (RCE).

The Daily Swig

January 5, 2021

Security cert expiration causes havoc for some Check Point VPN users Full Text

Abstract It wasn't the best of New Year's Day mornings for some Check Point customers; in addition to possible hangovers, those who lagged with their patching had been left with inoperable systems.

The Register

January 05, 2021

Google Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA Full Text

Abstract A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. Researcher Nikolai Tschacher disclosed his findings in a proof-of-concept (PoC) of the attack on January 2. "The idea of the attack is very simple: You grab the MP3 file of the audio reCAPTCHA and you submit it to Google's own speech-to-text API," Tschacher  said  in a write-up. "Google will return the correct answer in over 97% of all cases." Introduced in 2014,  CAPTCHAs  (or Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of challenge-response test designed to protect against automated account creation and service abuse by presenting users with a question that is easy for humans to solve but difficult for computers. reCAPTCHA  is a popular version of the CAPTCHA technology that was acquired by Google in 2009. The search giant released the  third iteration  of re

The Hacker News

January 04, 2021

Zend Framework remote code execution vulnerability revealed Full Text

Abstract An untrusted deserialization vulnerability has been disclosed in Zend Framework which can be used by attackers to achieve remote code execution on PHP sites. Portions of Laminas Project may also be impacted by this flaw, tracked as CVE-2021-3007.

BleepingComputer

January 4, 2021

Secret Backdoor Found in Zyxel Firewall and AP Controllers Full Text

Abstract The Niels Teusink of Dutch cybersecurity firm EYE has recently revealed a secret backdoor official account in the latest "4.60 patch 0"...

Cyber Security News

January 03, 2021

Google Chrome fixes antivirus ‘file locking’ bug on Windows 10 Full Text

Abstract Google has fixed a Chromium bug to prevent antivirus programs running on Windows 10 from blocking new files and bookmarks.

BleepingComputer

January 02, 2021

Secret backdoor discovered in Zyxel firewall and AP controllers Full Text

Abstract Over 100,000 Zyxel devices are potentially vulnerable to a secret backdoor caused by hardcoded credentials used to update firewall and AP controllers' firmware.

BleepingComputer

January 1, 2021

Expert found a secret backdoor in Zyxel firewall and VPN Full Text

Abstract Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583, related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence...

Security Affairs

January 1, 2021

Google Docs Bug Let Hackers Hijack Screenshots Full Text

Abstract Google has mentioned a flaw that has taken place recently in its feedback tool, and Google affirmed that there is a critical...

Cyber Security News

January 01, 2021

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products Full Text

Abstract Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as  CVE-2020-29583  (CVSS score 7.8), affects  version 4.60  present in wide-range of Zyxel devices, including Unified Security Gateway (USG), USG FLEX, ATP, and VPN firewall products. EYE researcher  Niels Teusink  reported the vulnerability to Zyxel on November 29, following which the company released a firmware patch (ZLD V4.60 Patch1) on December 18. According to the  advisory  published by Zyxel, the undocumented account ("zyfwp") comes with an unchangeable password (" PrOw!aN_fXp ") that's not only stored in plaintext but could also be used by a malicious third-party to login to the SSH server or web interface with admin privileges. Zyxel said the hardcoded credentials were put in place to de

The Hacker News

December 30, 2020

Google Docs bug could have allowed hackers to hijack screenshots Full Text

Abstract Google has addressed a bug in its feedback tool incorporated across its services that could have allowed attackers to view users' private docs. Google has addressed a flaw in its feedback tool that is part of multiple of its services that could be exploited...

Security Affairs

December 30, 2020

Experts have named the average time for fixing vulnerabilities in computer programs Full Text

Abstract In almost 44% of cases, developers of computer programs fix discovered vulnerabilities in products from the point of view of information security only after three months due to slow software updates.

Hackers Review

December 30, 2020

Microsoft Issued a Fix for Zero-Day Six Months Ago but It Didn’t Work Full Text

Abstract Microsoft fixed a zero-day vulnerability in June, but the company did a poor job. Security researchers from Google’s Project Zero showed that attackers could still use the zero-day, despite the patch.

Bit Defender

December 29, 2020

A Google Docs Bug Could Have Allowed Hackers See Your Private Documents Full Text

Abstract Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher  Sreeram KL , for which he was awarded $3133.70 as part of Google's Vulnerability Reward Program. Many of Google's products, including Google Docs, come with a " Send feedback " or "Help Docs improve" option that allows users to send feedback along with an option to include a screenshot — something that's automatically loaded to highlight specific issues. But instead of having to duplicate the same functionality across its services, the feedback feature is deployed in Google's main website ("www.google.com") and integrated to other domains via an iframe element that loads the pop-up's content from "feedback.googleusercontent.com." Th

The Hacker News

December 24, 2020

New cross-layer attack technique raises DNS cache poisoning, user tracking risk Full Text

Abstract The vulnerability allows hackers to mount so-called “cross-layer” attacks against the Linux kernel and cause further damage by exploiting a weakness in its pseudo-random number generator (PRNG).

The Daily Swig

December 24, 2020

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye Full Text

Abstract Millions of devices are potential exposed to attacks targeting the vulnerabilities exploited by the tools stolen from the arsenal of FireEye. Security experts from Qualys are warning that more than 7.5 million devices are potentially exposed to cyber...

Security Affairs

December 24, 2020

Critical Flaws in Kepware Products Can Facilitate Attacks on Industrial Firms Full Text

Abstract The security holes, two rated critical and one high severity, are described as a stack-based buffer overflow issue, a heap-based buffer overflow issue, and a use-after-free bug.

Security Week

December 24, 2020

Google reported that Microsoft failed to fix a Windows zero-day flaw Full Text

Abstract Google's Project Zero experts publicly disclosed details of an improperly patched zero-day code execution vulnerability in Windows. White hat hackers at Google's Project Zero team has publicly disclosed details of an improperly patched zero-day vulnerability...

Security Affairs

December 24, 2020

Millions of Devices Affected by Vulnerabilities Used in Stolen FireEye Tools Full Text

Abstract Qualys said it identified more than 7.5 million instances related to vulnerabilities associated with the stolen FireEye tools and compromised versions of the SolarWinds Orion product.

Security Week

December 24, 2020

Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug Full Text

Abstract Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the flaw were revealed after Microsoft failed to patch it within 90 days of responsible disclosure on September 24. Originally tracked as  CVE-2020-0986 , the flaw concerns an elevation of privilege exploits in the GDI Print /  Print Spooler  API ("splwow64.exe") that was reported to Microsoft by an anonymous user working with Trend Micro's Zero Day Initiative (ZDI) back in late December 2019. But with no patch in sight for about six months, ZDI ended up posting a public  advisory  as a zero-day on May 19 earlier this year, after which it was  exploited  in the wild in a campaign dubbed " Operation PowerFall " against an unnamed South Korean company. "splwow64.exe" is a Windows core system binary that allows 32-bit applications to c

The Hacker News

December 23, 2020

Windows zero-day with bad patch gets new public exploit code Full Text

Abstract Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick.

BleepingComputer

December 23, 2020

QNAP fixes high severity QTS, QES, and QuTS hero vulnerabilities Full Text

Abstract QNAP has released security updates to fix multiple high severity security vulnerabilities impacting network-attached storage (NAS) devices running the QES, QTS, and QuTS hero operating systems.

BleepingComputer

December 23, 2020

Web Page Layout Can Trick Users into Divulging More Info Full Text

Abstract Ben-Gurion University researchers reveal new tactics for marketers and cyber-criminals

Infosecurity Magazine

December 23, 2020

CISA Issues ICS Advisory for New Vulnerabilities in Treck TCP/IP Stack Full Text

Abstract The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory to warn organizations using industrial control systems (ICS) about the risks posed by these flaws.

Security Week

December 22, 2020

New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices Full Text

Abstract The US Cybersecurity Infrastructure and Security Agency (CISA) has  warned  of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service (DoS) attacks. The four flaws affect Treck TCP/IP stack version 6.0.1.67 and earlier and were reported to the company by Intel. Two of these are rated critical in severity. Treck's embedded TCP/IP stack is deployed worldwide in manufacturing, information technology, healthcare, and transportation systems. The most severe of them is a heap-based buffer overflow vulnerability ( CVE-2020-25066 ) in the Treck HTTP Server component that could permit an adversary to crash or reset the target device and even execute remote code. It has a CVSS score of 9.8 out of a maximum of 10. The second flaw is an out-of-bounds write in the IPv6 component ( CVE-2020-27337 , CVSS score 9.1) that could be exploited by an unauthenticated

The Hacker News

December 22, 2020

Vulnerabilities found in Dell Wyse thin clients could enable access to arbitrary files Full Text

Abstract In the U.S. alone, some 6,000 companies and organizations run Dell Wyse thin clients inside their networks, many of which are health care providers.

SCMagazine

December 22, 2020

Dozens of US organizations also used software targeted by Russian hackers: analysis Full Text

Abstract Several major technology and accounting firms are among 24 U.S. organizations that used software targeted by Russian hackers in a cyberattack that breached federal agencies, according to The Wall Street Journal.

The Hill

December 22, 2020

An Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554) Full Text

Abstract On December 4, 2020, the Kubernetes Product Security Committee disclosed a new medium-severity vulnerability (CVE-2020-8554) affecting all Kubernetes versions and is currently unpatched.

Palo Alto Networks

December 21, 2020

Millions of Unpatched IoT and OT Devices at Risk Full Text

Abstract According to researchers at Armis, around 97 percent of the OT devices affected by URGENT/11 (a group of vulnerabilities) are not patched, even though fixes are being delivered.

Cyware Alerts - Hacker News

December 21, 2020

Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices Full Text

Abstract A team of researchers today unveils two critical security vulnerabilities it discovered in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provider CyberMDX and reported to Dell in June 2020, affects all devices running ThinOS versions 8.6 and below. Dell has addressed both the vulnerabilities in an  update  released today. The flaws also have a CVSS score of 10 out of 10, making them critical in severity. Thin clients are typically computers that run from resources stored on a central server instead of a localized hard drive. They work by establishing a remote connection to the server, which takes care of launching and running applications and storing relevant data. Tracked as CVE-2020-29491 and CVE-2020-29492 , the security shortcomings in Wyse's thin clients stem from the fact that the FTP sessions used to pull

The Hacker News

December 21, 2020

Dell Wyse ThinOS flaws allow hacking think clients Full Text

Abstract Multiple Dell Wyse thin client models are affected by critical vulnerabilities that could be exploited by a remote attacker to take over the devices. Critical vulnerabilities tracked as CVE-2020-29492 and CVE-2020-29491 affect several...

Security Affairs

December 21, 2020

SUPERNOVA, a backdoor found while investigating SolarWinds hack Full Text

Abstract While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that...

Security Affairs

December 21, 2020

Critical bugs in Dell Wyse ThinOS allow thin client take over Full Text

Abstract Almost a dozen Dell Wyse thin client models are vulnerable to critical issues that could be exploited by a remote attacker to run malicious code and gain access to arbitrary files.

BleepingComputer

December 21, 2020

Script for detecting vulnerable TCP/IP stacks released Full Text

Abstract Forescout released an open-source tool for detecting whether a network device runs one of the four open-source TCP/IP stacks (and their variations) affected by the Amnesia:33 vulnerabilities.

Help Net Security

December 21, 2020

New SUPERNOVA backdoor found in SolarWinds cyberattack analysis Full Text

Abstract While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor.

BleepingComputer

December 21, 2020

Common Security Misconfigurations and Their Consequences Full Text

Abstract Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations. The first one is development permissions that don't get changed when something goes live. For example, AWS S3 buckets are often assigned permissive access while development is going on. The issues arise when security reviews aren't carefully performed prior to pushing the code live, no matter if that push is for the initial launch of a platform or for updates. The result is straight-forward; a bucket goes live with the ability for anyone to read and write to and from it. This particular misconfiguration is dangerous; since the application is working and the site is loading for users, there's no visible indication that something is wrong until a threat actor hunting for open buckets stum

The Hacker News

December 21, 2020

Zero-day exploit used to hack iPhones of Al Jazeera employees Full Text

Abstract Tens of Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. Researchers from Citizen Lab reported that at least 36 Al Jazeera employees were targeted in a cyber...

Security Affairs

December 21, 2020

Facebook bug exposed email addresses of Instagram users Full Text

Abstract A Nepal-based IT security researcher Saugat Pokharel identified a Facebook bug that exposed the private data of Instagram users, including their email addresses and birthdays.

Hackread

December 19, 2020

VMware Flaw a Vector in SolarWinds Breach? — Krebs on Security Full Text

Abstract U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree used weaknesses in other, non-SolarWinds products to attack high-value targets.

Krebs on Security

December 18, 2020

HPE Patched Critical zero-day in server Management Software Full Text

Abstract HPE (Hewlett Packard Enterprise) has recently published a critical zero-day bug in one of the latest versions of its exclusive HPE Systems...

Cyber Security News

December 18, 2020

Bouncy Castle Bug Puts Bcrypt Passwords at Risk Full Text

Abstract Authentication bypass flaw found in popular Java crypto library

Infosecurity Magazine

December 17, 2020

Bouncy Castle crypto authentication bypass vulnerability revealed Full Text

Abstract A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user and administrator accounts due to a cryptographic weakness in the manner passwords are checked.

BleepingComputer

December 17, 2020

5M WordPress Sites Running the Contact Form 7 Plugin are Open to Attack Full Text

Abstract A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin.

Threatpost

December 17, 2020

Bouncy Castle fixes crypto API authentication bypass flaw Full Text

Abstract A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user and administrator accounts due to a cryptographic weakness in the manner passwords are checked.

BleepingComputer

December 17, 2020

Bouncy Castle fixes cryptography API authentication bypass flaw Full Text

Abstract A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user and administrator accounts due to a cryptographic weakness in the manner passwords are checked.

BleepingComputer

December 17, 2020

Air-Gap Attack Turns Memory Modules into Wi-Fi Radios Full Text

Abstract Attack turns SDRAM buses into a Wi-Fi radio to leak data from air-gapped computers.

Threatpost

December 17, 2020

WordPress plugin with 5 million installs has a critical vulnerability Full Text

Abstract The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch. The vulnerable plugin, Contact Form 7, has over 5 million active installations making this upgrade a necessity for WordPress site owners out there.

BleepingComputer

December 17, 2020

Trend Micro Patches Serious Flaws in Product Used by Companies, Governments Full Text

Abstract The vulnerabilities were discovered by Wolfgang Ettlinger, a researcher at Austria-based cybersecurity consultancy SEC Consult, and they were reported to Trend Micro in the summer of 2019.

Security Week

December 17, 2020

P2P mobile file transfer apps open to attacks, researchers find Full Text

Abstract Security vulnerabilities in the direct file transfer applications of popular smartphone makers allow attackers to send malicious files to mobile devices, a security researcher has found.

The Daily Swig

December 17, 2020

Top 10 Dangerous DNS Attacks Types and The Prevention Measures Full Text

Abstract From the above topic, we can guess that today, we are going to discuss the top 10 DNS attacks and how to...

Cyber Security News

December 17, 2020

Multiple vulnerabilities discovered in NZXT CAM computer monitoring software Full Text

Abstract NZXT CAM contains several vulnerabilities that, If exploited, could allow a malicious user to elevate their privileges and disclose sensitive information on the victim machine.

Talos

December 17, 2020

US-CERT Reports 17,447 Vulnerabilities Recorded in 2020 Full Text

Abstract The US-CERT Vulnerability Database has confirmed 17,447 vulnerabilities were recorded in 2020, marking the fourth consecutive year with a record number of security flaws published.

Dark Reading

December 17, 2020

Two vulnerabilities spotted in Lantronix XPort EDGE Full Text

Abstract An adversary could send the victim various requests to trigger two vulnerabilities that could later allow them to shut down access to the device and disclose sensitive information.

Talos

December 16, 2020

HPE discloses critical zero-day in Systems Insight Manager Full Text

Abstract HPE has disclosed a zero-day vulnerability in the latest versions of its HPE Systems Insight Manager (SIM) software for both Windows and Linux. Hewlett Packard Enterprise (HPE) has disclosed a zero-day remote code execution flaw that affects the latest...

Security Affairs

December 16, 2020

The Bronze Bit Attack can Bypass Kerberos Protocol Full Text

Abstract Using this attack technique, after compromising a network, an attacker can extract password hashes to bypass and forge credentials for other systems on the same network.

Cyware Alerts - Hacker News

December 16, 2020

Israeli spy tech firm says can hack Signal app previously considered safe Full Text

Abstract Israeli phone-hacking firm Cellebrite can now break into Signal, an encrypted messaging app considered safe from external snooping, it claimed in a blog post on Thursday.

Haaretz

December 16, 2020

Researchers find multiple security flaws in Dualog Connection Suite used in ships Full Text

Abstract Infosec consultancy Pen Test Partners said it took all of 90 minutes to discover enough problems with Dualog Connection Suite to submit six CVE number requests for the discovered flaws.

The Register

December 16, 2020

HPE discloses critical zero-day in server management software Full Text

Abstract Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux.

BleepingComputer

December 16, 2020

POS Device Makers Push Patches for Vulnerabilities Full Text

Abstract The vulnerabilities in the default password settings as well as arbitrary code execution affect the Verifone VX520 and Verifone MX series and the Ingenico Telium 2 series.

Info Risk Today

December 16, 2020

Vast Majority of OT Devices Affected by Urgent/11 Vulnerabilities Still Unpatched Full Text

Abstract A vast majority of operational technology (OT) devices affected by the Urgent/11 vulnerabilities and many devices impacted by the CDPwn flaws remain unpatched, IoT security firm Armis reported.

Security Week

December 16, 2020

Total Published CVEs Hits Record High for Fourth Year Full Text

Abstract Number of vulnerabilities in US NVD is now 17,447

Infosecurity Magazine

December 15, 2020

Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices Full Text

Abstract Experts reported flaws in Medtronic ’s MyCareLink Smart 25000 Patient Reader product that could be exploited to take control of a paired cardiac device. Experts from IoT security firm Sternum discovered vulnerabilities discovered in Medtronic’s...

Security Affairs

December 15, 2020

Easy WP SMTP Security Bug Can Reveal Admin Credentials Full Text

Abstract A poorly configured file opens users up to site takeover.

Threatpost

December 15, 2020

Pandemic year increases bug bounties and report submissions Full Text

Abstract Vulnerability submissions have increased over the past 12 months on at least one crowdsourced security platform, with critical issue reports recording a 65% jump.

BleepingComputer

December 15, 2020

Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome Full Text

Abstract Mozilla Foundation releases Firefox 84 browser, fixing several flaws and delivering performance gains and Apple processor support.

Threatpost

December 15, 2020

Apple addressed multiple code execution flaws in iOS and iPadOS Full Text

Abstract Apple addressed this week serious code execution vulnerabilities that affect its iOS and iPadOS mobile operating systems. Apple released security updates to fix multiple severe code execution vulnerabilities in its iOS and iPadOS mobile operating...

Security Affairs

December 15, 2020

Proportion of Exploited Vulnerabilities Continues to Drop Full Text

Abstract While number of identified vulnerabilities has increased significantly in recent years, the percentage of flaws that are exploitable or been exploited has been dropping, according to Kenna Security.

Security Week

December 14, 2020

Critical Golang XML parser bugs can cause SAML authentication bypass Full Text

Abstract This week, Mattermost, in coordination with Golang has disclosed 3 critical vulnerabilities within Go language's XML parser. If exploited, these vulnerabilities, also impacting multiple Go-based SAML implementations, can lead to a complete bypass of SAML authentication which powers prominent web applications today.

BleepingComputer

December 14, 2020

Googles Gives a New Perspective to Web Security Threats via XS-Leaks Full Text

Abstract Google has announced the launch of a knowledge base called XS-Leaks to help web browser developers and security engineers prepare defense mechanisms against rising side-channel threats.

Cyware Alerts - Hacker News

December 14, 2020

This New Zero-Click Cross-platform Flaw in Microsoft Teams Could Spread Like a Worm Full Text

Abstract Security researchers have uncovered a critical flaw in Microsoft Teams that could allow an attacker to access confidential conversations and files from the communications service.

Cyware Alerts - Hacker News

December 14, 2020

Office 365 users put on alert about critical bugs with SharePoint, here’s how to fix it Full Text

Abstract The two critical remote code execution flaws in SharePoint are classified as CVE-2020-17121 and CVE-2020-17118, with the latter can be exploited remotely without any authentication.

Express

December 13, 2020

Amnesia:33 – 33 Vulnerabilities That Impact Four Open-source TCP/IP Stacks Affects Millions of IoT Devices Full Text

Abstract The cybersecurity researchers have been warning regarding a set of very severe vulnerabilities that are continuously affecting TCP/IP stacks let hackers attack...

Cyber Security News

December 11, 2020

Security Issues in PoS Terminals Open Consumers to Fraud Full Text

Abstract Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords.

Threatpost

December 11, 2020

Samsung fixes critical Android bugs in December 2020 updates Full Text

Abstract This week Samsung has started rolling out Android's December security updates to mobile devices to patch critical security vulnerabilities in the operating system. This comes after Android had published their December 2020 security updates bulletin, which includes patches for critical bugs.

BleepingComputer

December 11, 2020

Microsoft Office security updates fix critical SharePoint RCE bugs Full Text

Abstract Microsoft has addressed critical remote code execution vulnerabilities in multiple SharePoint versions with this month's Office security updates.

BleepingComputer

December 10, 2020

Cisco fixes new critical code execution bug in Jabber for Windows Full Text

Abstract Cisco has addressed a new critical severity remote code execution (RCE) vulnerability affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms after patching a related security bug in September.

BleepingComputer

December 10, 2020

Sophos fixes SQL injection vulnerability in their Cyberoam OS Full Text

Abstract Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability.

BleepingComputer

December 10, 2020

Zero-Click Wormable RCE Vulnerability in Cisco Jabber Gets Fixed, Again Full Text

Abstract A series of bugs, patched in September, still allow remote code execution by attackers.

Threatpost

December 10, 2020

250,000 stolen MySQL databases for sale on dark web auction site Full Text

Abstract Hackers have set up an auction site on the dark web to sell 250,000 databases stolen from tens of thousands of breached MySQL servers.

BleepingComputer

December 10, 2020

Windows Kerberos Bronze Bit attack gets public exploit, patch now Full Text

Abstract Proof-of-concept exploit code and full details on a Windows Kerberos security bypass vulnerability have been published earlier this week by Jake Karnes, the NetSPI security consultant and penetration tester who reported the security bug to Microsoft.

BleepingComputer

December 10, 2020

Cisco fixes new Jabber for Windows critical code execution bug Full Text

Abstract Cisco has addressed a new critical severity remote code execution (RCE) vulnerability affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms after patching a related security bug in September.

BleepingComputer

December 9, 2020

Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020 Full Text

Abstract As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart.

Threatpost

December 09, 2020

DHS-CISA urges admins to patch OpenSSL DoS vulnerability Full Text

Abstract This week OpenSSL has released fixes for a high severity Denial of Service (DoS) vulnerability, CVE-2020-1971. U.S. DHS Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to upgrade their vulnerable OpenSSL instances immediately.

BleepingComputer

December 09, 2020

Adobe fixes critical security vulnerabilities in Lightroom, Prelude Full Text

Abstract Adobe has released security updates to address critical severity security bugs affecting Windows and macOS versions of Adobe Lightroom and Adobe Prelude.

BleepingComputer

December 09, 2020

Microsoft fixes new Windows Kerberos security bug in staged rollout Full Text

Abstract Microsoft has issued security updates to address a Kerberos security feature bypass vulnerability impacting multiple Windows Server versions in a two-phase staged rollout.

BleepingComputer

Table of contents