Password reset FAILURE: The U.S. Cybersecurity and Infrastructure Security Agency warns GitLab users of a 100-day-old, maximum severity vulnerability.
The post GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW appeared first on Security Boulevard.
Keeping pace with the latest cybersecurity threats is vital for organizations of all sizes. Here at Strobes, our security team has assembled a list of the top 5 most critical...
The post A Closer Look at Top 5 Vulnerabilities of April 2024 appeared first on Strobes Security.
The post A Closer Look at Top 5 Vulnerabilities of April 2024 appeared first on Security Boulevard.
Source: securityboulevard.com – Author: Shubham Jha Keeping pace with the latest cybersecurity threats is vital for organizations of all sizes. Here at Strobes, our security team has assembled a list of the top 5 most critical Common Vulnerabilities and Exposures (CVEs) discovered in April 2024. By staying informed about these vulnerabilities, you can take steps […]
La entrada A Closer Look at Top 5 Vulnerabilities of April 2024 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
CISA and the FBI warn of threat actors abusing path traversal software vulnerabilities in attacks targeting critical infrastructure.
The post CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities appeared first on SecurityWeek.
SaaS-based, AI-assisted penetration service allows proactive defensive action against exploitation of new vulnerabilities.
The post Horizon3.ai Introduces AI-Assisted Service to Prioritize and Patch Vulnerabilities Faster appeared first on SecurityWeek.
Microsoft has uncovered a new type of attack called Dirty Stream that impacted Android apps with billions of installations.
The post Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps appeared first on SecurityWeek.
A maximum severity vulnerability that allows hackers to hijack GitLab accounts with no user interaction required is now under active exploitation, federal government officials warned as data showed that thousands of users had yet to install a patch released in January.
A change GitLab implemented in May 2023 made it possible for users to initiate password changes through links sent to secondary email addresses. The move was designed to permit resets when users didn’t have access to the email address used to establish the account. In January, GitLab disclosed that the feature allowed attackers to send reset emails to accounts they controlled and from there click on the embedded link and take over the account.
While exploits require no user interaction, hijackings work only against accounts that aren’t configured to use multifactor authentication. Even with MFA, accounts remained vulnerable to password resets, but the attackers ultimately are unable to access the account, allowing the rightful owner to change the reset password. The vulnerability, tracked as CVE-2023-7028, carries a severity rating of 10 out of 10.
CISA says a critical GitLab password reset flaw is being exploited in attacks and roughly 1,400 servers have not been patched.
The post 1,400 GitLab Servers Impacted by Exploited Vulnerability appeared first on SecurityWeek.
Researchers can earn as much as $450,000 for a single vulnerability report as Google boosts its mobile vulnerability rewards program.
The post Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push appeared first on SecurityWeek.
Adobe is providing incentives for bug bounty hackers to report security flaws in its implementation of Content Credentials and Adobe Firefly.
The post Adobe Adds Content Credentials and Firefly to Bug Bounty Program appeared first on SecurityWeek.
Source: news.sophos.com – Author: Sally Adam PRODUCTS & SERVICES Our fifth annual report reveals how ransomware experiences have changed over the last year, plus brand-new insights into the business impact of an attack. The fifth Sophos State of Ransomware Report reveals the real-world ransomware experiences of 5,000 organizations around the globe, from root cause through […]
La entrada The State of Ransomware 2024 – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Nice Cup of IoTea? The UK’s Product Security and Telecommunications Infrastructure Act aims to improve the security of net-connected consumer gear.
The post Brits Ban Default Passwords — and More IoT Stupidity appeared first on Security Boulevard.
JFrog raises an alarm after finding three large-scale malware campaigns targeting Docker Hub with imageless repositories.
The post Docker Hub Users Targeted With Imageless, Malicious Repositories appeared first on SecurityWeek.
Three vulnerabilities in the Judge0 open source service could allow attackers to escape the sandbox and obtain root privileges on the host.
The post Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover appeared first on SecurityWeek.
The Ubuntu security team recently addressed several Apache HTTP Server vulnerabilities in Ubuntu 23.10, Ubuntu 23.04, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 16.04, and Ubuntu 18.04. These vulnerabilities could potentially allow attackers to disrupt server functionality or even inject malicious code. Let’s break down the issues and how to stay secure. Apache HTTP […]
The post Multiple Apache HTTP Server Vulnerabilities Fixed in Ubuntu appeared first on TuxCare.
The post Multiple Apache HTTP Server Vulnerabilities Fixed in Ubuntu appeared first on Security Boulevard.
A vulnerability (CVE-2024-27322) in the R programming language implementation can be exploited to execute arbitrary and be used as part of a supply chain attack.
The post Vulnerability in R Programming Language Could Fuel Supply Chain Attacks appeared first on SecurityWeek.
MDM Hindered: Android phones are still OK; this is Samsung’s home, after all.
The post South Korean iPhone Ban: MDM DMZ PDQ appeared first on Security Boulevard.
Debian 11 was first released on August 14th, 2021 with PHP version 7.4, which has already reached the end of life. This means PHP 7.4 will no longer receive official updates and security fixes from the PHP development team. However, the Debian security team provides fixes for PHP 7.4 as Debian 11 still uses PHP […]
The post Multiple PHP 7.4 Vulnerabilities Addressed in Debian 11 appeared first on TuxCare.
The post Multiple PHP 7.4 Vulnerabilities Addressed in Debian 11 appeared first on Security Boulevard.
In episode 327 Tom, Scott, and Kevin discuss the findings from Mandiant’s M-Trends 2024 report, highlighting a significant rise in traditional vulnerability exploitation by attackers while observing a decline in phishing. Despite phishing’s decreased prevalence, it remains the second most popular method for gaining initial network access. Discussions include the impact of high-profile vulnerabilities and […]
The post Privacy Challenges in Relationships, Phishing Down but Vulnerabilities Up? appeared first on Shared Security Podcast.
The post Privacy Challenges in Relationships, Phishing Down but Vulnerabilities Up? appeared first on Security Boulevard.
Source: WordPress[/caption]
Exploiting this vulnerability grants hackers the ability to implant backdoors within websites, ensuring prolonged unauthorized access.
Reports indicate that hackers have been actively exploiting this vulnerability, capitalizing on the widespread use of the WP Automatic plugin across more than 30,000 websites. The exploit allows them to execute various malicious activities, including the creation of admin accounts, uploading of corrupted files, and executing SQL injection attacks.
Cybersecurity researchers have observed a surge in exploit attempts, with over 5.5 million recorded attacks since the vulnerability was publicly disclosed. The threat landscape escalated rapidly, peaking on March 31st, underscoring the urgency for website owners to take immediate action to secure their online assets.
Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we decided to take a look at Ant Media Server with the goal of identifying any vulnerabilities within the application. We performed testing against […]
The post Local Privilege Escalation Vulnerability in Ant Media Server (CVE-2024-32656) appeared first on Praetorian.
The post Local Privilege Escalation Vulnerability in Ant Media Server (CVE-2024-32656) appeared first on Security Boulevard.
More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published.
The post Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day appeared first on SecurityWeek.
The warning underscores the importance of a collaborative approach to AI security involving stakeholders across different domains, including data science and infrastructure.
The post AI Adoption Prompts Security Advisory from NSA appeared first on Security Boulevard.
The Brocade SANnav management application is affected by multiple vulnerabilities, including a publicly available root password.
The post Vulnerabilities Expose Brocade SAN Appliances, Switches to Hacking appeared first on SecurityWeek.
“This actor utilized bespoke tooling that demonstrated a clear focus on espionage and an in-depth knowledge of the devices that they targeted, hallmarks of a sophisticated state-sponsored actor,” Cisco Talos said.
Cisco Zero-Days Exploitation Timeline. Credit: Cisco Talos[/caption]
The exploited vulnerabilities facilitated the deployment of previously unknown malware, allowing threat actors to establish persistence on compromised ASA and FTD devices. One such malware implant dubbed “Line Dancer,” acted as an in-memory shellcode loader, enabling the execution of arbitrary shellcode payloads to disable logging, provide remote access, and exfiltrate captured packets.
The second implant, a persistent backdoor known as “Line Runner,” included various defense evasion mechanisms to evade detection and enable the execution of arbitrary Lua code on compromised systems.
Perimeter network devices like the ASA and FTD firewall appliances “are the perfect intrusion point for espionage-focused campaigns,” Cisco said. “Gaining a foothold on these devices allows an actor to directly pivot into an organization, reroute or modify traffic and monitor network communications.”
The networking and security giant said it had observed a “dramatic and sustained” increase in the targeting of these devices in the past two years, especially those deployed in the telecommunications and energy sectors as “critical infrastructure entities are likely strategic targets of interest for many foreign governments,” Cisco explained.
“China-nexus attackers have gained access to edge devices via exploitation of vulnerabilities, particularly zero-days, and subsequently deployed custom malware ecosystems,“ Mandiant said.The security firm added that it is likely to see continued deployment of custom malware ecosystems from Chinese espionage groups that are tailored for the device and operation at hand. “This approach provides several advantages such as the increased ability to remain undetected, reduced complexity and increased reliability, and a reduced malware footprint.“ Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Cisco warns that nation state-backed hackers are exploiting at least two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and energy sector networks.
The post Cisco Raises Alarm for ‘ArcaneDoor’ Zero-Days Hitting ASA Firewall Platforms appeared first on SecurityWeek.
In this new series, CJ May shares his expertise in implementing secure-by-design software processes. The second part of his DevSecOps program is all about implementing secure-by-design software pipelines.
The post Secure-by-Design Software in DevSecOps appeared first on Security Boulevard.
Cyberattacks are continuing to become more sophisticated even as defenders become more adept at thwarting existing threats.
The post DirectDefense Report Sees Shifts in Cyberattack Patterns appeared first on Security Boulevard.
Russia and Ukraine topped a list of cybercrime-producing nations, followed by China and the United States, with African nation Nigeria rounding out the top five.
The post Nigeria, Romania, Russia, U.S. Among Top Cybercrime Nations appeared first on Security Boulevard.
Google patches CVE-2024-4058, a critical Chrome vulnerability for which researchers earned a $16,000 reward.
The post Google Patches Critical Chrome Vulnerability appeared first on SecurityWeek.
CISA warns organizations of a two-year-old Windows Print Spooler vulnerability being exploited in the wild.
The post CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation appeared first on SecurityWeek.
The Ubuntu security team has recently rolled out critical security updates aimed at addressing several vulnerabilities identified in Squid, a widely used web proxy cache server. These vulnerabilities, if left unaddressed, could potentially expose systems to denial-of-service attacks. Let’s delve into the specifics of these vulnerabilities and understand their implications. Recent Squid Vulnerabilities Fixed […]
The post Multiple Squid Vulnerabilities Fixed in Ubuntu appeared first on TuxCare.
The post Multiple Squid Vulnerabilities Fixed in Ubuntu appeared first on Security Boulevard.
Source: X[/caption]
At the time of writing this, reports and tweets related to the Nothing data breach were removed to prevent further exploitation. Although investigations confirmed the existence of the leaked database, there was no evidence suggesting the compromise of user account passwords. However, official emails of Nothing employees were also found in the database, further exacerbating the security concerns.
Despite efforts to obtain confirmation from Nothing regarding the data breach and potential implications of the leaked data, The Cyber Express has not yet received an official statement or response at the time of writing. Moreover, several community members and tech reporters removed the sample data and any other information from their social media accounts within 72 hours of reporting.
Palo Alto Networks firewall vulnerability CVE-2024-3400, exploited as a zero-day, impacts a Siemens industrial product.
The post Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability appeared first on SecurityWeek.
Microsoft PlayReady vulnerabilities that could allow rogue subscribers to illegally download movies from popular streaming services.
The post Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services appeared first on SecurityWeek.
Enlarge (credit: Getty Images)
Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed Monday.
When Microsoft patched the vulnerability in October 2022—at least two years after it came under attack by the Russian hackers—the company made no mention that it was under active exploitation. As of publication, the company’s advisory still made no mention of the in-the-wild targeting. Windows users frequently prioritize the installation of patches based on whether a vulnerability is likely to be exploited in real-world attacks.
Exploiting CVE-2022-38028, as the vulnerability is tracked, allows attackers to gain system privileges, the highest available in Windows, when combined with a separate exploit. Exploiting the flaw, which carries a 7.8 severity rating out of a possible 10, requires low existing privileges and little complexity. It resides in the Windows print spooler, a printer-management component that has harbored previous critical zero-days. Microsoft said at the time that it learned of the vulnerability from the US National Security Agency.
CrushFTP patches a zero-day vulnerability allowing unauthenticated attackers to escape the VFS and retrieve system files.
The post CrushFTP Patches Exploited Zero-Day Vulnerability appeared first on SecurityWeek.
The MITRE Corporation revealed on April 19 that it was one of over 1700 organizations compromised by a state-backed hacking group in January 2024. The MITRE data breach, which involved chaining two Ivanti VPN zero-days, highlights the evolving nature of cyber threats and the challenges organizations face in defending against them.
The MITRE data breach was detected after suspicious activity was noticed on MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified collaborative network used for research and development. [caption id="attachment_63933" align="aligncenter" width="609"] Source: X[/caption]
Malicious hackers are targeting SAP applications at an alarming pace, according to warnings from Onapsis and Flashpoint.
The post SAP Applications Increasingly in Attacker Crosshairs, Report Shows appeared first on SecurityWeek.
Cisco patches a high-severity Integrated Management Controller vulnerability for which PoC exploit code is available.
The post Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability appeared first on SecurityWeek.
Ivanti releases patches for 27 vulnerabilities in the Avalanche MDM product, including critical flaws leading to command execution.
The post Ivanti Patches 27 Vulnerabilities in Avalanche MDM Product appeared first on SecurityWeek.
Chrome and Firefox security updates resolve over 35 vulnerabilities, including a dozen high-severity bugs.
The post Chrome 124, Firefox 125 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Oracle releases 441 new security patches to address 230 vulnerabilities as part of its April 2024 Critical Patch Update.
The post Oracle Patches 230 Vulnerabilities With April 2024 CPU appeared first on SecurityWeek.
Source: Eowync.eth on X[/caption]
While Trust Wallet's alert has raised questions about iOS security, with some probing the authenticity of the intelligence shared by CEO Eowyn Chen, the company stands by its warning.
Trust Wallet emphasizes that the information is sourced from its security team and trusted partners, highlighting the urgency of the situation amidst growing concerns about cybersecurity, particularly within the blockchain ecosystem.
The advisory advises iOS users to take immediate action to safeguard their devices by disabling iMessage until Apple addresses the vulnerability with a security patch.
Disabling iMessage can be done through the Settings menu, under Messages, by toggling the iMessage option off. Trust Wallet reassures users that their security remains a top priority, urging vigilance until the issue is resolved.
[caption id="attachment_63042" align="alignnone" width="680"] Source: X[/caption]
CEO Eowyn Chen has shared a screenshot purportedly depicting the zero-day exploit for sale, highlighting the gravity of the situation.
The Cyber Express has also reached out to Apple to learn more about this iMessage vulnerability. However, at the time of writing this, no official statement or response has been received regarding the iMessage vulnerability.
(Source: Shutterstock)[/caption]
The vulnerability had been discovered and patched in 1.4.51 of the software, described as fixing 'various use-after-free scenarios' while being marked as consisting of 'security fixes' in the change logs.
The MITRE corporation describes this category of bugs as that 'can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw'.
Researchers from Binarly who discovered the flaw's existence on Lenovo and Intel sold devices, noted that the update did not describe the issue as a “vulnerability” or include a CVE vulnerability number. Such action they claim might have affected 'proper handling of these fixes down both the firmware and software supply chains'.
While the bug is of moderate severity on its own, it could be chained with other vulnerabilities to access the read memory of a lighttpd Web Server process and exfiltrate sensitive data and potentially bypass memory-protection techniques such as ASLR (Address space layout randomization).
The ASLR memory protection is implemented in software to protect against buffer overflow or out-of-bounds memory attacks.
(Source: Shutterstock)[/caption]
The vulnerability is present in any hardware that uses lighttpd versions 1.4.35, 1.4.45, and 1.4.51. Both Intel and Lenovo have reportedly stated that they had no plans to release fixes as they no longer support the hardware where these flaws may perist. Supermicro, has however stated support for versions of its hardware still relying on lighttpd.
A Lenovo spokesman reportedly stated to ArsTechnica that 'Lenovo is aware of the AMI MegaRAC concern identified by Binarly. We are working with our supplier to identify any potential impacts to Lenovo products. ThinkSystem servers with XClarity Controller (XCC) and System x servers with Integrated Management Module v2 (IMM2) do not use MegaRAC and are not affected.'It’s worth mentioning explicitly, however, that the severity of the lighttpd bug is only moderate and is of no value unless an attacker has a working exploit for a much more severe vulnerability. In general, BMCs should be enabled only when needed and locked down carefully, as they allow for extraordinary control of entire fleets of servers with simple HTTP requests sent over the Internet. Chip giant Intel previously issued an advisory in 2018 warning customers about over 13 security bugs discovered in its version of the baseboard management controller (BMC) firmware for Intel Server products while conducting internal evaluation. The reported flaws included including one critical flaw that could be exploited to leak sensitive data or allow attackers to escalate privileges. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
PuTTY vulnerability CVE-2024-31497 allows attackers to compromise private keys and use them to forge signatures.
The post Critical PuTTY Vulnerability Allows Secret Key Recovery appeared first on SecurityWeek.
PAM company Delinea over the weekend rushed to patch a critical authentication bypass vulnerability after it apparently ignored the researcher who found the flaw.
The post Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt appeared first on SecurityWeek.
Juniper Networks patches dozens of vulnerabilities in Junos OS, Junos OS Evolved, and other products.
The post Juniper Networks Publishes Dozens of New Security Advisories appeared first on SecurityWeek.
Source: paloaltonetworks.com[/caption]
The advisory states that versions PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 of Palo Alto's are vulnerable to exploitation and that the issue would be fixed in hotfix releases 'PAN-OS 10.2.9-h1 (, PAN-OS 11.0.4-h1, and PAN-OS 11.1.2-h3' that would be subsequently released on 14th April.
CVE-2024-3400 is an 'Improper Neutralization of Special Elements used in a Command' form of vulnerability according to the MITRE framework with a CVSS score of 4.0 and a Base Score of 10 in Severity.
Only firewalls that have both the GlobalProtect gateway and device telemetry enabled can be exploited through this flaw. Users can access their GlobalProtect gateway configurations by checking their firewall web interface (Network > GlobalProtect > Gateways) and verifying if they have device telemetry enabled by checking your firewall web interface (Device > Setup > Telemetry).
Source: Firewall Firm[/caption]
Palo Alto has advised users on temporary workarounds and mitigations to deal with existence of the flaw (CVE-2024-3400). Palo Alto customers with a Threat Prevention subscription were instructed to combat this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682). To protect against potential exploitation on their device, customers can verify that vulnerability protection has been implemented on their GlobalProtect interface.
Further, users and administrators could mitigate the impact of the vulnerability by temporarily disabling device telemetry until the device has been updated to a patched version of PAN-OS.
The advisory comes two days after another high-severity vulnerability (CVE-2024-3385) affecting the PA-5400 and PA-7000 Series firewalls were discovered in PAN-OS. The Firewall Denial of Service (DoS) allowed remote attackers to potentially reboot hardware-based firewalls to induce a denial of service (DoS) attack or force the firewall to enter maintenance mode.
However unlike the more recent flaw, Palo Alto did not observe this vulnerability being actively exploited but encountered by two customers in normal production usage. These vulnerabilities are the latest in a series of Firewall related vulnerabilities that have been reported recently with several prominent companies reporting vulnerabilities in their Firewall offerings.
These victims include Fortinet, SonicWall and Junpier and exposed hundreds of devices relying on them for security to various forms of attacks. These incidents demonstrate issues with the steady patching of vulnerable systems as well as the attacks they may be exposed to such as the exploit of Fortinet devices by Chinese-linked threat actors which drew attention from CISA.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Login
