CISA has added two vulnerabilities in discontinued D-Link products to its KEV catalog, including a decade-old flaw.
The post CISA Warns of Exploited Vulnerabilities in EOL D-Link Products appeared first on SecurityWeek.
A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.
The post Critical Flaw in AI Python Package Can Lead to System and Data Compromise appeared first on SecurityWeek.
Source: www.darkreading.com – Author: Brian Fox Brian Fox, CTO & Co-Founder, Sonatype May 16, 2024 5 Min Read Source: Stu Gray via Alamy Stock Photo COMMENTARY In the realm of cybersecurity, understanding your biggest vulnerabilities is essential. The National Institute of Standards and Technology (NIST) initially established the National Vulnerability Database (NVD) to provide a […]
La entrada The Fall of the National Vulnerability Database – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
VFCFinder analyzes commit histories to pinpoint the most likely commits associated with vulnerability fixes.
The post VFCFinder Highlights Security Patches in Open Source Software appeared first on Security Boulevard.
Recently, the Ubuntu security team has fixed multiple security issues discovered in the GNU C library, commonly known as glibc. If left unaddressed, this can leave your system exposed to attackers who exploit these glibc vulnerabilities. The glibc library provides the foundation for many programs on your system. Therefore, it is crucial to patch these […]
The post Addressing glibc Vulnerabilities in EOL Ubuntu appeared first on TuxCare.
The post Addressing glibc Vulnerabilities in EOL Ubuntu appeared first on Security Boulevard.
Intel has published 41 new May 2024 Patch Tuesday advisories covering a total of more than 90 vulnerabilities.
The post Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities appeared first on SecurityWeek.
Source: www.darkreading.com – Author: Andrada Fiscutean Back in April 2014, researchers uncovered a serious vulnerability in OpenSSL. There are many serious vulnerabilities, but this one was particularly bad, with security expert Bruce Schneier calling it “catastrophic.” On his blog, Schneier wrote, “On the scale of 1 to 10, this is an 11.” The Tor Project […]
La entrada Heartbleed: When Is It Good to Name a Vulnerability? – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
A critical vulnerability in the Cinterion cellular modems can be exploited for remote code execution via SMS messages.
The post Cinterion Modem Flaws Pose Risk to Millions of Devices in Industrial, Other Sectors appeared first on SecurityWeek.
The joint alert from CISA and FBI highlights the continued exploitation of path traversal vulnerabilities in critical infrastructure attacks, impacting sectors like healthcare. The recent CVE-2024-1708 vulnerability in ConnectWise ScreenConnect is a prime example. This flaw was exploited alongside another vulnerability to deploy ransomware and compromise systems. What are Path Traversal Vulnerabilities? Path […]
The post CISA and FBI Issue Alert on Path Traversal Vulnerabilities appeared first on TuxCare.
The post CISA and FBI Issue Alert on Path Traversal Vulnerabilities appeared first on Security Boulevard.
Enlarge (credit: Getty Images)
Google has updated its Chrome browser to patch a high-severity zero-day vulnerability that allows attackers to execute malicious code on end user devices. The fix marks the fifth time this year the company has updated the browser to protect users from an existing malicious exploit.
The vulnerability, tracked as CVE-2024-4671, is a “use after free,” a class of bug that occurs in C-based programming languages. In these languages, developers must allocate memory space needed to run certain applications or operations. They do this by using “pointers” that store the memory addresses where the required data will reside. Because this space is finite, memory locations should be deallocated once the application or operation no longer needs it.
Use-after-free bugs occur when the app or process fails to clear the pointer after freeing the memory location. In some cases, the pointer to the freed memory is used again and points to a new memory location storing malicious shellcode planted by an attacker’s exploit, a condition that will result in the execution of this code.
CISA’s Vulnrichment project is adding important information to CVE records to help improve vulnerability management processes.
The post CISA Announces CVE Enrichment Project ‘Vulnrichment’ appeared first on SecurityWeek.
F5 has patched two potentially serious vulnerabilities in BIG-IP Next that could allow an attacker to take full control of a device.
The post F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager appeared first on SecurityWeek.
Source: Eclypsium[/caption]
F5 promptly responded to the Next Central Manager vulnerabilities in software version 20.2.0, urging organizations to upgrade to the latest version immediately to mitigate potential risks. However, it's crucial to note that while five vulnerabilities were reported, CVEs were only assigned to two of them.
The Next Central Manager serves as the centralized point of control for managing all tasks across the BIG-IP Next fleet. Despite F5's efforts to enhance security with the Next generation of BIG-IP software, these vulnerabilities highlight the persistent challenges in safeguarding network and application infrastructure.
The vulnerabilities enabled attackers to exploit various aspects of the Central Manager's functionality. For instance, one vulnerability allowed attackers to inject malicious code into OData queries, potentially leading to the leakage of sensitive information, including administrative password hashes. Another vulnerability involved an SQL injection flaw, providing attackers with a means to bypass authentication measures.
Source: Cyble[/caption]
The Cybersecurity and Infrastructure Security Agency (CISA), a key entity responsible for safeguarding critical infrastructure in the United States, has issued alerts highlighting the increased interest of hacktivist groups in targeting internet-exposed Industrial Control Systems (ICS) devices.
Cyble Research and Intelligence Labs (CRIL) also shared an elaborate report on the rise of hackers exploiting UPS management systems to target unsuspecting victims.
“CRIL researchers speculate that threat actors could soon leverage the critical vulnerabilities disclosed in PowerPanel in upcoming campaigns. With the potential for exploitation looming, urgent attention to patching and mitigation measures is imperative to preemptively thwart any attempts to exploit these weaknesses”, said CRIL.[caption id="attachment_67315" align="alignnone" width="1536"]
Source: Cyble[/caption]
Against this CyberPower UPS vulnerability, the official report details critical information about the flaw and the mitigation strategies, including opting for the latest patch updates across multiple devices.
PowerPanel is a UPS management software designed to offer advanced power management capabilities for various critical systems such as Uninterrupted Power Supply, Power Distribution Units, and Automatic Transfer Switches.
Its features include real-time monitoring, remote management, event logging, automatic shutdown, and energy management, among others, providing organizations with the tools needed to ensure continuous power availability and optimize energy usage.
Source: Cyble[/caption]
Past incidents involving cyberattacks on UPS systems highlight the potential consequences of such vulnerabilities. Groups like GhostSec and TeamOneFist have targeted UPS systems in various campaigns, demonstrating the disruptive capabilities of such attacks. While the impact of these incidents may vary, the direct access to UPS systems by attackers remains a critical concern.
[caption id="attachment_67318" align="alignnone" width="495"] Source: Cyble[/caption]
Addressing the vulnerabilities in PowerPanel Business Software requires a proactive approach, including timely patching and implementation of mitigation measures. Organizations are advised to implement robust patch management strategies, conduct regular security audits and penetration testing, and enhance user awareness. Additionally, measures such as network segmentation and the use of Multi-Factor Authentication (MFA) can help bolster defenses against potential attacks.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Source: TunnelVision Vulnerability Exploitation Process by Leviathan[/caption]
The modus operandi of attackers involves the setup of rogue DHCP servers strategically positioned to intercept VPN traffic. By manipulating routing tables, all VPN-bound data is diverted away from the encrypted tunnel, exposing it to interception on local networks or malicious gateways.
Leviathan Security's report shed light on a phenomenon known as "decloaking," where VPN traffic is stripped of its encryption, leaving it vulnerable to interception. Despite the presence of VPN control channels and kill switches, these defenses prove ineffective against TunnelVision, leaving users unaware of the breach and their data exposed.
The implications of this VPN vulnerability are profound, especially for individuals reliant on VPNs for sensitive communications, such as journalists and whistleblowers. Urgent action is needed to address this issue and safeguard the integrity of VPN connections.
CISA and the FBI warn of threat actors abusing path traversal software vulnerabilities in attacks targeting critical infrastructure.
The post CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities appeared first on SecurityWeek.
Microsoft has uncovered a new type of attack called Dirty Stream that impacted Android apps with billions of installations.
The post Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps appeared first on SecurityWeek.
A vulnerability (CVE-2024-27322) in the R programming language implementation can be exploited to execute arbitrary and be used as part of a supply chain attack.
The post Vulnerability in R Programming Language Could Fuel Supply Chain Attacks appeared first on SecurityWeek.
Source: WordPress[/caption]
Exploiting this vulnerability grants hackers the ability to implant backdoors within websites, ensuring prolonged unauthorized access.
Reports indicate that hackers have been actively exploiting this vulnerability, capitalizing on the widespread use of the WP Automatic plugin across more than 30,000 websites. The exploit allows them to execute various malicious activities, including the creation of admin accounts, uploading of corrupted files, and executing SQL injection attacks.
Cybersecurity researchers have observed a surge in exploit attempts, with over 5.5 million recorded attacks since the vulnerability was publicly disclosed. The threat landscape escalated rapidly, peaking on March 31st, underscoring the urgency for website owners to take immediate action to secure their online assets.
“This actor utilized bespoke tooling that demonstrated a clear focus on espionage and an in-depth knowledge of the devices that they targeted, hallmarks of a sophisticated state-sponsored actor,” Cisco Talos said.
Cisco Zero-Days Exploitation Timeline. Credit: Cisco Talos[/caption]
The exploited vulnerabilities facilitated the deployment of previously unknown malware, allowing threat actors to establish persistence on compromised ASA and FTD devices. One such malware implant dubbed “Line Dancer,” acted as an in-memory shellcode loader, enabling the execution of arbitrary shellcode payloads to disable logging, provide remote access, and exfiltrate captured packets.
The second implant, a persistent backdoor known as “Line Runner,” included various defense evasion mechanisms to evade detection and enable the execution of arbitrary Lua code on compromised systems.
Perimeter network devices like the ASA and FTD firewall appliances “are the perfect intrusion point for espionage-focused campaigns,” Cisco said. “Gaining a foothold on these devices allows an actor to directly pivot into an organization, reroute or modify traffic and monitor network communications.”
The networking and security giant said it had observed a “dramatic and sustained” increase in the targeting of these devices in the past two years, especially those deployed in the telecommunications and energy sectors as “critical infrastructure entities are likely strategic targets of interest for many foreign governments,” Cisco explained.
“China-nexus attackers have gained access to edge devices via exploitation of vulnerabilities, particularly zero-days, and subsequently deployed custom malware ecosystems,“ Mandiant said.The security firm added that it is likely to see continued deployment of custom malware ecosystems from Chinese espionage groups that are tailored for the device and operation at hand. “This approach provides several advantages such as the increased ability to remain undetected, reduced complexity and increased reliability, and a reduced malware footprint.“ Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Source: X[/caption]
At the time of writing this, reports and tweets related to the Nothing data breach were removed to prevent further exploitation. Although investigations confirmed the existence of the leaked database, there was no evidence suggesting the compromise of user account passwords. However, official emails of Nothing employees were also found in the database, further exacerbating the security concerns.
Despite efforts to obtain confirmation from Nothing regarding the data breach and potential implications of the leaked data, The Cyber Express has not yet received an official statement or response at the time of writing. Moreover, several community members and tech reporters removed the sample data and any other information from their social media accounts within 72 hours of reporting.
Vulnerabilities in Palo Alto Networks Cortex XDR allowed a security researcher to turn it into a malicious offensive tool.
The post Research Shows How Attackers Can Abuse EDR Security Products appeared first on SecurityWeek.
Cisco patches a high-severity Integrated Management Controller vulnerability for which PoC exploit code is available.
The post Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability appeared first on SecurityWeek.
Source: Eowync.eth on X[/caption]
While Trust Wallet's alert has raised questions about iOS security, with some probing the authenticity of the intelligence shared by CEO Eowyn Chen, the company stands by its warning.
Trust Wallet emphasizes that the information is sourced from its security team and trusted partners, highlighting the urgency of the situation amidst growing concerns about cybersecurity, particularly within the blockchain ecosystem.
The advisory advises iOS users to take immediate action to safeguard their devices by disabling iMessage until Apple addresses the vulnerability with a security patch.
Disabling iMessage can be done through the Settings menu, under Messages, by toggling the iMessage option off. Trust Wallet reassures users that their security remains a top priority, urging vigilance until the issue is resolved.
[caption id="attachment_63042" align="alignnone" width="680"] Source: X[/caption]
CEO Eowyn Chen has shared a screenshot purportedly depicting the zero-day exploit for sale, highlighting the gravity of the situation.
The Cyber Express has also reached out to Apple to learn more about this iMessage vulnerability. However, at the time of writing this, no official statement or response has been received regarding the iMessage vulnerability.
(Source: Shutterstock)[/caption]
The vulnerability had been discovered and patched in 1.4.51 of the software, described as fixing 'various use-after-free scenarios' while being marked as consisting of 'security fixes' in the change logs.
The MITRE corporation describes this category of bugs as that 'can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw'.
Researchers from Binarly who discovered the flaw's existence on Lenovo and Intel sold devices, noted that the update did not describe the issue as a “vulnerability” or include a CVE vulnerability number. Such action they claim might have affected 'proper handling of these fixes down both the firmware and software supply chains'.
While the bug is of moderate severity on its own, it could be chained with other vulnerabilities to access the read memory of a lighttpd Web Server process and exfiltrate sensitive data and potentially bypass memory-protection techniques such as ASLR (Address space layout randomization).
The ASLR memory protection is implemented in software to protect against buffer overflow or out-of-bounds memory attacks.
(Source: Shutterstock)[/caption]
The vulnerability is present in any hardware that uses lighttpd versions 1.4.35, 1.4.45, and 1.4.51. Both Intel and Lenovo have reportedly stated that they had no plans to release fixes as they no longer support the hardware where these flaws may perist. Supermicro, has however stated support for versions of its hardware still relying on lighttpd.
A Lenovo spokesman reportedly stated to ArsTechnica that 'Lenovo is aware of the AMI MegaRAC concern identified by Binarly. We are working with our supplier to identify any potential impacts to Lenovo products. ThinkSystem servers with XClarity Controller (XCC) and System x servers with Integrated Management Module v2 (IMM2) do not use MegaRAC and are not affected.'It’s worth mentioning explicitly, however, that the severity of the lighttpd bug is only moderate and is of no value unless an attacker has a working exploit for a much more severe vulnerability. In general, BMCs should be enabled only when needed and locked down carefully, as they allow for extraordinary control of entire fleets of servers with simple HTTP requests sent over the Internet. Chip giant Intel previously issued an advisory in 2018 warning customers about over 13 security bugs discovered in its version of the baseboard management controller (BMC) firmware for Intel Server products while conducting internal evaluation. The reported flaws included including one critical flaw that could be exploited to leak sensitive data or allow attackers to escalate privileges. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
ConnectWise is warning self-hosted and on-premise customers that they need to take immediate action to remediate a critical vulnerability in its ScreenConnect remote desktop software. This software is typically used in data-centers and for remote assistance. Together ConnectWise’s partners manage millions of endpoints (clients).
A Shadowserver scan revealed approximately 3,800 vulnerable ConnectWise ScreenConnect instances on Wednesday, most of them in the US.
~3800 vulnerable ConnectWise ScreenConnect instances (authentication bypass using an alternate path or channel (CVSS 10) & path traversal (CVSS 8.4)) https://t.co/tPi9ALNVab
— Shadowserver (@Shadowserver) February 21, 2024
IP data in:https://t.co/qxv0Gv5ELc
~93% instances of ScreenConnect seen on 2024-02-20 still vulnerable: https://t.co/CRpEHutjFS pic.twitter.com/hiwPqnouby
The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities Catalog. ConnectWise has shared three IP addresses that were recently used by threat actors:
These IP addresses are all blocked by ThreatDown and Malwarebytes solutions.
The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The flaw added to the CISA Catalog is CVE-2024-1709, an authentication bypass vulnerability with a CVSS score of 10 that could allow an attacker administrative access to a compromised instance. With administrative access it is trivial to create and upload a malicious ScreenConnect extension to gain Remote Code Execution (RCE).
Affected versions are ScreenConnect 23.9.7 and prior. Cloud partners don’t need to take any actions. ScreenConnect servers hosted in on screenconnect.com and hostedrmm.com have been updated to remediate the issue.
Partners that are self-hosted or on-premise need to update their servers to version 23.9.8 immediately to apply a patch. ConnectWise will also provide updated versions of releases 22.4 through 23.9.7 for the critical issue, but strongly recommends that partners update to ScreenConnect version 23.9.8.
For instructions on updating to the newest release, please reference this doc: Upgrade an on-premise installation – ConnectWise.
Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
Login