FreshRSS

🔒
☐ ☆ ✇ The Hacker News

VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk

By Newsroom — February 21st 2024 at 05:34
VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a target domain user with EAP installed in their web browser into requesting and relaying
☐ ☆ ✇ The Hacker News

Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now

By Newsroom — February 20th 2024 at 10:38
ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems. The vulnerabilities are listed below - CVE-2024-1708 (CVSS score: 8.4) - Improper limitation of a pathname to a restricted directory aka "path traversal" CVE-2024-1709 (CVSS score:
☐ ☆ ✇ The Hacker News

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

By Newsroom — February 20th 2024 at 09:08
A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6. It has been addressed by the theme developers in&
☐ ☆ ✇ The Hacker News

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

By Newsroom — February 15th 2024 at 05:19
Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates. Tracked as CVE-2024-21410 (CVSS score: 9.8), the issue has been described as a case of privilege escalation impacting the Exchange Server. "An attacker
☐ ☆ ✇ The Hacker News

Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros

By Newsroom — February 7th 2024 at 13:33
The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as CVE-2023-40547 (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of the Microsoft Security Response Center (MSRC) has been&
☐ ☆ ✇ The Hacker News

Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account

By Newsroom — February 3rd 2024 at 06:51
The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. "Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the maintainers said in a terse advisory. The vulnerability, tracked as CVE-2024-23832, has a severity rating of 9.4 out of
☐ ☆ ✇ The Hacker News

Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws

By Newsroom — January 30th 2024 at 05:01
Juniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are rooted in the J-Web component and impact all versions of Junos OS. Two other shortcomings, CVE-2023-36846 and CVE-2023-
☐ ☆ ✇ The Hacker News

Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems

By Newsroom — January 26th 2024 at 05:13
Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. Tracked as CVE-2024-20253 (CVSS score: 9.9), the issue stems from improper processing of user-provided data that a threat actor could abuse to send a
☐ ☆ ✇ The Hacker News

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!

By Newsroom — January 25th 2024 at 11:57
The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the
☐ ☆ ✇ The Hacker News

PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft

By Newsroom — January 18th 2024 at 09:19
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development Kit II (EDK II) and could be exploited to
☐ ☆ ✇ The Hacker News

GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials

By Newsroom — January 17th 2024 at 07:41
GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials within a production container. The Microsoft-owned subsidiary said it was made aware of the problem on December 26, 2023, and that it addressed the issue the same day, in addition to rotating all potentially exposed credentials out of an
☐ ☆ ✇ The Hacker News

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now

By Newsroom — January 16th 2024 at 13:39
Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). “The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern,” Jon Williams, a senior security
☐ ☆ ✇ The Hacker News

Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows

By Newsroom — January 15th 2024 at 13:58
Cybersecurity researchers have disclosed a now-patched security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system. The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs research team owing to the fact that it takes advantage of a feature called My Flow that
☐ ☆ ✇ The Hacker News

High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners

By Newsroom — January 15th 2024 at 08:16
Multiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, if successfully exploited, could allow attackers to execute arbitrary code on affected systems. Romanian cybersecurity firm Bitdefender, which discovered the flaw in Bosch BCC100 thermostats last August, said the issue could be weaponized by an attacker to
☐ ☆ ✇ The Hacker News

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches

By Newsroom — January 13th 2024 at 10:45
Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. “An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a
☐ ☆ ✇ The Hacker News

Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks

By Newsroom — January 12th 2024 at 07:56
Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is particularly intriguing due to the attacker's use of packers and rootkits to conceal the malware," Aqua security researchers Nitzan Yaakov and Assaf Morag said in an analysis published earlier
☐ ☆ ✇ The Hacker News

Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability

By Newsroom — January 12th 2024 at 06:35
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The issue, tracked as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an attacker to gain
☐ ☆ ✇ The Hacker News

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

By Newsroom — January 11th 2024 at 14:16
Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software (CVE-
☐ ☆ ✇ The Hacker News

Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities

By Newsroom — January 10th 2024 at 05:26
Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days. The
☐ ☆ ✇ The Hacker News

CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack

By Newsroom — January 10th 2024 at 04:50
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.
☐ ☆ ✇ The Hacker News

Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution

By Newsroom — January 5th 2024 at 07:42
Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS scoring system. The shortcoming impacts EPM 2021 and EPM 2022 prior to SU5. “If exploited, an
☐ ☆ ✇ The Hacker News

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

By Newsroom — December 21st 2023 at 03:41
Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. Clément
☐ ☆ ✇ The Hacker News

Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits

By Newsroom — December 18th 2023 at 15:43
Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans any user interaction. "An attacker on the internet can chain the vulnerabilities together to create a full, zero-click remote code execution (RCE) exploit against Outlook clients," Akamai security
☐ ☆ ✇ The Hacker News

Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities

By Newsroom — December 13th 2023 at 13:15
Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), both of which are part of UndefinedBehaviorSanitizer (UBSan), a tool designed to catch various kinds of
☐ ☆ ✇ The Hacker News

New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now

By Newsroom — December 12th 2023 at 05:23
Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked as CVE-2023-50164, the vulnerability is rooted in a flawed "file upload logic" that could enable unauthorized path traversal and could be exploited under the circumstances to upload a malicious file
☐ ☆ ✇ The Hacker News

WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability

By Newsroom — December 8th 2023 at 09:23
WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. "A remote code execution vulnerability that is not directly exploitable in core; however, the security team feels that there is a potential for high severity when combined with some plugins,
☐ ☆ ✇ The Hacker News

Sierra:21 - Flaws in Sierra Wireless Routers Expose Critical Sectors to Cyber Attacks

By Newsroom — December 6th 2023 at 11:18
A collection of 21 security flaws have been discovered in Sierra Wireless AirLink cellular routers and open-source software components like TinyXML and OpenNDS. Collectively tracked as Sierra:21, the issues expose over 86,000 devices across critical sectors like energy, healthcare, waste management, retail, emergency services, and vehicle tracking to cyber threats, according
☐ ☆ ✇ The Hacker News

Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers

By Newsroom — December 6th 2023 at 10:10
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. "The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution,"
☐ ☆ ✇ The Hacker News

Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution

By Newsroom — December 6th 2023 at 09:18
Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below - CVE-2022-1471 (CVSS score: 9.8) - Deserialization vulnerability in SnakeYAML library that can lead to remote code execution in multiple products CVE-2023-22522 (CVSS score
☐ ☆ ✇ The Hacker News

CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks

By Newsroom — November 30th 2023 at 11:16
A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments. "This campaign marks the first documented instance [...] where threat actors deploying CACTUS ransomware have exploited vulnerabilities in Qlik Sense for initial access,"
☐ ☆ ✇ The Hacker News

Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches

By Newsroom — November 25th 2023 at 04:00
The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files. A brief description of the vulnerabilities is as follows - CVE-2023-49103 (CVSS score: 10.0) - Disclosure of sensitive credentials and configuration in containerized deployments impacting graphapi versions from
☐ ☆ ✇ The Hacker News

Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks

By Newsroom — November 23rd 2023 at 10:47
An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service (DDoS) botnet. “The payload targets routers and network video recorder (NVR) devices with default admin credentials and installs Mirai variants when successful,” Akamai said in an advisory
☐ ☆ ✇ The Hacker News

Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments

By Newsroom — November 15th 2023 at 07:52
Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local access." Successful exploitation of the vulnerability could also permit a bypass of the CPU's
☐ ☆ ✇ The Hacker News

Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

By Newsroom — November 15th 2023 at 04:18
VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. "On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with
☐ ☆ ✇ The Hacker News

CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

By Newsroom — November 14th 2023 at 18:40
A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The attack has been codenamed CacheWarp (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security and the
☐ ☆ ✇ The Hacker News

CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

By Newsroom — November 14th 2023 at 06:03
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday added five vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active
☐ ☆ ✇ The Hacker News

F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution

By Newsroom — October 27th 2023 at 04:23
F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS score of 9.8 out of a maximum of 10. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP
☐ ☆ ✇ The Hacker News

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A- and M-Series CPUs

By Newsroom — October 26th 2023 at 16:49
A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using
☐ ☆ ✇ The Hacker News

Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software

By Newsroom — October 17th 2023 at 14:37
Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems. The vulnerabilities, tracked as CVE-2023-37265 and CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10. Sonar security researcher Thomas Chauchefoin, who discovered the bugs, 
☐ ☆ ✇ The Hacker News

Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch

By Newsroom — October 3rd 2023 at 16:24
Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, has coined the vulnerabilities ShellTorch. "These vulnerabilities [...] can lead to a full chain Remote
☐ ☆ ✇ The Hacker News

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

By THN — September 22nd 2023 at 08:00
Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution. The Australian software services provider said that the four high-severity flaws were fixed in new versions shipped last month. This includes - CVE-2022-25647 (CVSS score: 7.5) - A deserialization
☐ ☆ ✇ The Hacker News

Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints

By THN — September 13th 2023 at 14:05
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities were released on August
☐ ☆ ✇ The Hacker News

Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attacks

By THN — September 7th 2023 at 11:02
Patches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions once a bad actor is able to gain control of Superset’s metadata database. Outside of these
☐ ☆ ✇ The Hacker News

Major Cybersecurity Agencies Collaborate to Unveil 2022's Most Exploited Vulnerabilities

By THN — August 4th 2023 at 07:02
A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited vulnerabilities in 2022. "In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems," cybersecurity and intelligence agencies from the Five
☐ ☆ ✇ Naked Security

Zenbleed: How the quest for CPU performance could put your passwords at risk

By Paul Ducklin — July 26th 2023 at 19:01
You need to turn on a special setting to stop (the code you wrote to stop [the code you wrote to improve performance] from reducing performance) from reducing security.

☐ ☆ ✇ The Hacker News

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

By THN — July 24th 2023 at 09:10
Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.
☐ ☆ ✇ The Hacker News

Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks

By Ravie Lakshmanan — June 26th 2023 at 05:51
The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest. The findings come from CrowdStrike, which is tracking the adversary under the name Vanguard Panda. "The adversary consistently employed ManageEngine
☐ ☆ ✇ The Hacker News

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls - Patch Now!

By Ravie Lakshmanan — June 12th 2023 at 06:49
Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution. The vulnerability, tracked as CVE-2023-27997, is "reachable pre-authentication, on every SSL VPN appliance," Lexfo Security researcher Charles Fol, who discovered and reported the flaw alongside Dany Bach, said in a tweet over the
☐ ☆ ✇ The Hacker News

Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks

By Ravie Lakshmanan — May 15th 2023 at 13:24
Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology (OT) networks to external attacks. The findings were presented by Israeli industrial cybersecurity firm OTORIO at the Black Hat Asia 2023 conference last week. "Industrial cellular routers and gateways are essential
☐ ☆ ✇ The Hacker News

Andoryu Botnet Exploits Critical Ruckus Wireless Flaw for Widespread Attack

By Ravie Lakshmanan — May 11th 2023 at 07:05
A nascent botnet called Andoryu has been found to exploit a now-patched critical security flaw in the Ruckus Wireless Admin panel to break into vulnerable devices. The flaw, tracked as CVE-2023-25717 (CVSS score: 9.8), stems from improper handling of HTTP requests, leading to unauthenticated remote code execution and a complete compromise of wireless Access Point (AP) equipment. Andoryu was 
☐ ☆ ✇ The Hacker News

Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now

By Ravie Lakshmanan — April 28th 2023 at 11:41
Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems. The issue, tracked as CVE-2023-28771, is rated 9.8 on the CVSS scoring system. Researchers from TRAPA Security have been credited with reporting the flaw. "Improper error message handling in some firewall versions
☐ ☆ ✇ The Hacker News

Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks

By Ravie Lakshmanan — April 20th 2023 at 11:22
Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. The high-severity flaw, tracked as CVE-2023-0669 (CVSS score: 7.2), concerns a case of pre-authenticated command injection that could be abused to achieve code execution. The
☐ ☆ ✇ The Hacker News

Researchers Discover Critical Remote Code Execution Flaw in vm2 Sandbox Library

By Ravie Lakshmanan — April 8th 2023 at 05:04
The maintainers of the vm2 JavaScript sandbox module have shipped a patch to address a critical flaw that could be abused to break out of security boundaries and execute arbitrary shellcode. The flaw, which affects all versions, including and prior to 3.9.14, was reported by researchers from South Korea-based KAIST WSP Lab on April 6, 2023, prompting vm2 to release a fix with version 3.9.15 on
☐ ☆ ✇ The Hacker News

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs

By Ravie Lakshmanan — February 16th 2023 at 13:18
Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers (PLCs) that could allow for authentication bypass and remote code execution. The flaws, tracked as CVE-2022-45788 (CVSS score: 7.5) and CVE-2022-45789 (CVSS score: 8.1), are part of a broader collection of security defects tracked by Forescout as OT:ICEFALL. Successful
☐ ☆ ✇ The Hacker News

VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities

By Ravie Lakshmanan — January 25th 2023 at 07:07
VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs) that could expose users to remote code execution attacks. Two of the flaws are critical, carrying a severity rating of 9.8 out of a maximum of 10, the virtualization services provider noted in its first security bulletin for 2023. Tracked as CVE-2022-31706
☐ ☆ ✇ The Hacker News

Git Users Urged to Update Software to Prevent Remote Code Execution Attacks

By Ravie Lakshmanan — January 18th 2023 at 09:28
The maintainers of the Git source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution. The flaws, tracked as CVE-2022-23521 and CVE-2022-41903, impacts the following versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0. <!-
☐ ☆ ✇ The Hacker News

Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability

By Ravie Lakshmanan — January 12th 2023 at 06:48
Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel (CWP) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers. Tracked as CVE-2022-44877 (CVSS score: 9.8), the bug impacts all versions of the software before 0.9.8.1147 and was patched by its maintainers on October 25, 2022. Control
☐ ☆ ✇ The Hacker News

Severe Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ Projects

By Ravie Lakshmanan — January 10th 2023 at 08:54
A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server. "By exploiting this vulnerability, attackers could achieve remote code execution (RCE) on a server verifying a maliciously crafted JSON web token (JWT) request," Palo Alto Networks Unit 42 researcher Artur Oleyarsh
☐ ☆ ✇ The Hacker News

Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations

By Ravie Lakshmanan — December 21st 2022 at 07:41
Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA). "The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint," CrowdStrike researchers Brian Pitchford,
☐ ☆ ✇ The Hacker News

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

By Ravie Lakshmanan — December 5th 2022 at 07:40
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. "
❌