remote code execution | Breaking Cybersecurity News | The Hacker News

Cyber Security Expert and Penetration tester, Ebrahim Hegazy has found a serious vulnerability in Yahoo's website that allows an attacker to remotely execute any commands on the server i.e. Remote Command Execution vulnerability. According to Ebrahim blog post , the vulnerability resides in a Chinese subdomin of Yahoo website i.e. https://tw.user.mall.yahoo.com/rating/list?sid= $Vulnerability Any remote user can manipulate the input to the sid parameter in the above URL, that passes the parameter value to an eval() PHP function on the server end. If an attacker is able to inject a PHP code into this web application, it forces the server to execute it, but this method only limited by what PHP is capable of. In a POC Video he has successfully demonstrated few Payloads: Example-1: https://tw.user.mall.yahoo.com/rating/list?sid= ${@print(system("dir"))} Example-2: https://tw.user.mall.yahoo.com/rating/list?sid= ${@print(system("ps"))} Last week, He

Facebook has paid out its largest Bug Bounty ever of $33,500 to a Brazilian security researcher for discovering and reporting a critical Remote code execution vulnerability, which potentially allows the full control of a server. In September, ' Reginaldo Silva' found an XML External Entity Expansion vulnerability affecting the part of Drupal that handled OpenID, which allows attacker to read any files on the webserver. As a feature, Facebook allows users to access their accounts using OpenID in which it receives an XML document from 3rd service and parse it to verify that it is indeed the correct provider or not i.e. Receives at https://www.facebook.com/openid/receiver.php  In November 2013, while testing Facebook's ' Forgot your password ' functionality, he found that the OpenID process could be manipulated to execute any command on the Facebook server remotely and also allows to read arbitrary files on the webserver. In a Proof-of-Concept ,

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

In the first week of this year, we have reported about a critical vulnerability found in more than 2000 Routers that allow attackers to reset the admin panel password to defaults. Recently, Cisco has released a security advisory , detailed about the similar vulnerability affecting their three networking products. Cisco has rated the flaw highly critical and marked it as 10.0 on the Common Vulnerability Scoring System (CVSS). A security researcher found a secret service listening on port 32764 TCP, allowed a remote user to send unauthenticated commands to the device and reset the administrative password. Successful exploitation of the vulnerability allows the hacker to execute arbitrary commands on the device with escalated privileges. Vulnerable Cisco products are: WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security. "This vulnerability is due to an undocumented test interface in t

A German Security researcher has demonstrated a critical  vulnerability on Ebay website, world's biggest eStore. According to David Vieira-Kurz  discovered Remote code execution flaw " due to a type-cast issue in combination with complex curly syntax ", that allows an attacker to execute arbitrary code on the EBay's web server. In a demo video, he exploited this RCE flaw on EBay website, and managed to display output of phpinfo()  PHP function on the web page, just by modifying the URL and injecting code in that. According to an explanation on his blog , he noticed a legitimate URL on EBay: https://sea.ebay.com/search/?q=david&catidd=1  . . and modified the URL to pass any array values including a payload: https://sea.ebay.com/search/?q[0]=david&q[1]=sec{${ phpinfo() }}&catidd=1 Video Demonstration: But it is not clear at this moment that where the flaw resides on Ebay server, because how a static GET parameter can be converted to accept like an array

Microsoft has  released  11 Security Patch this Tuesday, including one for CVE-2013-5065  zero-day vulnerability, recently discovered Local privilege escalation vulnerability that could allow a hacker to launch an attack using corrupted TIFF images to take over victims' computers. FireEye researchers said they found the exploit in the wild being used alongside a PDF-based exploit against a patched Adobe Reader vulnerability. December's Patch Tuesday update bundle brings five bulletins ranked critical, including a patch for a vulnerability that could allow remote code execution in Internet Explorer and another remote code execution vulnerability in Office and Microsoft Server is also addressed. Other patches addressing remote code execution vulnerabilities in Lync, all versions of Office and Microsoft Exchange. All supported versions of Windows, from XP to RT and 8.1, are affected by at least one of the critical vulnerabilities. The Six Security bulletins rated important de

Cyber security of many organizations being attacked at an extremely high rate this month, well another alarming cyber crime report become public today. A widely unpatched and two years old critical vulnerability in JBoss Application Server (AS) that enable an attacker to remotely get a shell on a vulnerable web server. JBoss Application Server is an open-source Java EE-based application server very popular, it was designed by JBoss, now a division of Red Hat. In late 2012, JBoss AS was named as " wildFly ", since disclosure of the exploit code many products running the affected JBoss Application Server have been impacted, including some security software. Tens of thousands of enterprise data center servers are vulnerable to this attack, with at least 500 actively compromised, according to the Imperva report. Many systems administrators have yet to properly configure their servers to mitigate the threat, and the number of potential targets has increased over

Last Tuesday, Popular Mac news website MacRumors's user forums was hacked and forum database has been compromised including the username, email and passwords belonging to all 860,000 registered users. Yesterday,  Inj3ct0r Team of Exploit Database website  1337Day claimed the responsibility for the hack and also claimed that they have also hacked the official website of vBulletin Forum using a   Zero Day exploit . " Macrumors.com was based on vBulletin CMS. We use our 0day exploit vBulletin , got password moderator. 860000 user data hacked too. The network security is a myth " he told me. During the conversation, team leader told me that he has discovered a Zero Day Remote Code Execution vulnerability in vBulletin v4.x.x and 5.х.x, that allows an attacker to execute arbitrary code on the server end remotely. On their exploit marketplace they are also selling this zero day exploit with Shell Upload payload at $7000 USD. " We found a critical v

Japanese most popular word processing software ' Ichitaro ' and Multiple Products are vulnerable to a zero day Remote Code Execution Flaw Vulnerability, allowing the execution of arbitrary code to compromise a user's system. According to assigned CVE-2013-5990 ,  malicious attacker is able to gain system access and execute arbitrary code with the privileges of a local user. The vulnerability is caused due to an unspecified error when handling certain document files. " We confirm the existence of vulnerabilities in some of our products. " company blog says. In a blog post, Antivirus Firm Symantec confirmed that in September 2013, they have discovered attacks in the wild attempting to exploit this vulnerability during, detected as  Trojan.Mdropper , which is a variant of  Backdoor.Vidgrab . Researchers mentioned that  Backdoor.Vidgrab variant was used as a payload for a watering hole attack exploiting the Microsoft Internet Explorer Memory

A Mysterious Hacker who goes by the " Pinkie Pie " handle is rewarded with $50,000 USD for hacking into the Google Chrome browser for Nexus 4 and Samsung Galaxy S4 . At Information Security Conference PacSec 2013 in Tokyo, during the HP's Pwn2Own contest, a zero-day exploit  showcased by " Pinkie Pie ", that took advantage of two vulnerabilities: An integer overflow that affects Chrome. Chrome vulnerability that resulted in a full sandbox escape. For successful exploitation, you have to get your victim to visit a malicious website e.g. clicking a link in an email, or an SMS or on another web page. He demonstrated this zero-day attack with remote code execution vulnerability on the affected devices. It is not known whether other Android phones are also vulnerable to same flaw or not. Vulnerability has been disclosed to Google by the Contest organizers and the company is working to address the issue as soon as possible. Researchers from

Microsoft has released advanced notification for the November 2013 security updates that are scheduled to be released on November 12, 2013. The company plans to deliver eight security bulletins for Windows 8.1, three of them are rated critical and five are important. But there's no relief in sight for a zero-day vulnerability ( CVE-2013-3906 ) in how Office handles .TIFF graphics files . The bulletins listed in Microsoft's advanced notification as critical are for remote code execution vulnerabilities in Windows operating system and the remaining vulnerabilities listed as important are said to be remote code execution, elevation of privilege, information disclosure and denial of service flaws affecting Windows operating system, as well as Microsoft Office. A malicious zero day attack capable of hijacking your PC via a vulnerability found in Windows, Office, and Lync is being exploited more widely than originally thought. Some new reports of the security resea

Microsoft has issued a temporary fix for a 0day vulnerability that can be exploited to install malware via infected Word documents. A Zero-day Remote code execution flaw, which has been dubbed CVE-2013-3906 , exploits a vulnerability in a Microsoft graphics component, to target Microsoft Office users running Windows Vista and Windows Server 2008. " The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images ," it said in the post .  Vulnerability was reported to Microsoft by McAfee Labs senior security researcher Haifei Li. A successful infection can give an attacker complete control over a system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Currently the company is only aware of targeted attacks mostly in the Middle East and South Asia, with attackers sending unsuspecting v

Security expert Ebrahim Hegazy , Cyber Security Analyst Consultant at Q-CERT, has found a serious vulnerability in Twitter that allows an attacker to upload files of any extension including PHP. When an application does not validate or improperly validates file types before uploading files to the system, called Unrestricted File upload vulnerability . Such flaws allow an attacker to upload and execute arbitrary code on the target system which could result in execution of arbitrary HTML and script code or system compromise. According to Ebrahim, when a developer creates a new application for Twitter  i.e. dev.twitter.com - they have an option to upload an image for that application. While uploading the image, the Twitter server will check for the uploaded files to accept certain image extensions only, like PNG, JPG and other extensions won't get uploaded. But in a Video Proof of Concept he demonstrated  that, a vulnerability allowed him to bypass this security validation

Last week Craig Heffner, specialized on the embedded device hacking exposed a serious backdoor in number of D-Link routers allows unauthorized backdoor access. Recently he published his another researcher, Titled ' From China, With Love ', exposed that D-Link is not only the vendor who puts backdoors in their products. According to him, China based networking device and equipment manufacturer - Tenda Technology  (www.tenda.cn) also added potential backdoors into their Wireless Routers. He unpacked the software framework update and locate the httpd binary an found that the manufacturer is using GoAhead server, which has been substantially modified. These routers are protected with standard Wi-Fi Protected Setup (WPS) and WPA encryption key, but still by sending a UDP packet with a special string , an attacker could take over the router. Routers contain a flaw in the httpd component, as the MfgThread() function spawns a backdoor service that listens fo

October is turning out to be a busy month for patches. This month also marks the 10-year anniversary of the Patch Tuesday program, which Microsoft started in October of 2003. Scheduled for tomorrow, Microsoft has announced that they will release eight security updates including four critical, addressing vulnerabilities in Microsoft Windows, Internet Explorer (IE), Microsoft Office and its other products. Bulletin 1 is almost certainly to a zero-day vulnerability   CVE-2013-3893   that has been actively exploited by hackers in targeted attacks.  Though Microsoft issued a temporary " Fix it " in September for the vulnerability, Bulletins 2, 3 and 4 address vulnerabilities in a wide range of Microsoft products, including Windows XP, 7 and 8, and Windows Server 2003, 2008 and 2012. Bulletins 5, 6 and 7 address vulnerabilities that could allow for remote code execution .  Bulletin 8 addresses an information disclosure vulnerability in SIlverlight and is the le

Cisco has fixed a critical vulnerability in Secure Access Control Server for Windows that could allow remote attackers to execute arbitrary commands and take control of the underlying operating system. Cisco Secure ACS is an application that allows companies to centrally manage access to network resources for various types of devices and users.  The reported flaw affects Cisco Secure ACS for Windows versions 4.0 through 4.2.1.15. Successful exploitation requires that Cisco Secure Access Control Server is configured as a RADIUS server EAP-FAST authentication. The Cisco Security advisory said: " The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server ," The newly patched vulnerabili

Yeah, it's Patch Tuesday once again. Almost 10 years ago in October, 2003 - Microsoft  invented the process of regularly scheduled security updates on every second Tuesday of the Month, as  Patch Tuesday. Today, the Microsoft Security team will i ssue eight security updates in total, out of that -- three of which are designated as " critical ," and rest five as " Important " updates, that patches vulnerabilities in Microsoft Windows, Microsoft Server Software, and Internet Explorer. The eight bulletins that Microsoft is releasing fixes a total of 23 different vulnerabilities in Microsoft products. Microsoft will be rolling out a total of three Critical patches dealing with Remote Code Execution. Windows 8 is expected to get four of the updates, one of them is critical and dealing with Remote Code Execution with Internet Explorer 10, while the other three updates are Important and deal with Elevation of Privilege and Denial of Service . Windows RT i

Microsoft has announced   Patch Tuesday for this July Month, with seven bulletins. Out of that, one is important kernel privilege escalation flaw and six critical Remote Code Execution vulnerabilities . Patch will address vulnerabilities in Microsoft Windows, .Net Framework, Silverlight and will apply to all versions of Internet Explorer from IE6 on Windows XP to IE10 on Windows 8 . Often targeted by attackers to perform drive-by malware download attacks, remote code execution flaws allow an attacker to crash an application and launch malware payloads often without any sort of notification or interaction form the user. The Windows 8 maker is also patching a kernel vulnerability disclosed at the beginning of June by Google researcher Tavis Ormandy . The issue is to do with Windows kernel's EPATHOBJ::pprFlattenRec function (CVE-2013-3660) and after Ormandy released the exploit code, Metasploit module was developed to exploit the bug. The company is planning to release the updat

Server Administrators are being urged to update their Ruby on Rails servers following the discovery of an active malware campaign targeting vulnerable versions of the web development framework. According to security researcher Jeff Jarmoc , Hackers are exploiting a known and patched vulnerability in coding language Ruby on Rails, which allows a remote user to edit the web server's crontab to download a file to the /tmp directory where it is compiled and executed. The exploit that is currently being used by attackers adds a custom cron job (a scheduled task on Linux machines) that executes a sequence of commands. " Functionality is limited, but includes the ability to download and execute files as commanded, as well as changing servers ," Jarmoc blogged. " There's no authentication performed, so an enterprising individual could hijack these bots fairly easily by joining the IRC server and issuing the appropriate commands ." The original fla

This coming Tuesday, Microsoft will issue fixes for 33 vulnerabilities in total, including two critical  zero-day flaws relating to Internet Explorer recently discovered that has been used to attack several high-profile targets. Internet Explorer 6, 7, 8, 9 and 10 are the recipients of a patch that can prevent an exploit that enables remote code execution in the browser. This affects all Windows operating systems except XP. The vulnerability ( CVE-​​2013-​​1347 ) had previously been addressed in a workaround yesterday , but given the way it was being exploited with attacks reported on the US Department of Labor and European aerospace and nuclear researchers the patch has been prioritised. A second bulletin deals with another IE vulnerability believed to be one disclosed in March at the annual Pwn2Own hacking competition. At least four of the patches require a restart, Microsoft said. The remaining eight patches will address flaws that range from denial-of-servic

Security researchers revealed that series of " Watering Hole " has been conducted exploiting a IE8 zero-day vulnerability to target U.S. Government experts working on nuclear weapons research. The news is not surprising but it is very concerning, the principal targets of the attacks are various groups of research such as the components of U.S. Department of Labor and the U.S. Department of Energy, the news has been confirmed by principal security firms and by Microsoft corporate. The flaw has been used in a series of "watering hole" attacks, let's remind that "Watering Hole" is a technique of attack realized compromising legitimate websites using a " drive-by " exploit. The attackers restrict their audience to a individuals interested to specific content proposed by targeted website, in this way when the victim visits the page a backdoor Trojan is installed on his computer. The website compromised to exploit the IE8 zero-day is the Dep