#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Denial-of-Service | Breaking Cybersecurity News | The Hacker News

"Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent Bit

"Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent Bit
May 21, 2024 Cyber Attack / API Security
Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could be exploited to achieve denial-of-service (DoS), information disclosure, or remote code execution. The vulnerability, tracked as  CVE-2024-4323 , has been codenamed Linguistic Lumberjack by Tenable Research. It impacts versions from 2.0.7 through 3.0.3, with fixes  available  in  version 3.0.4 . The issue relates to a case of memory corruption in Fluent Bit's built-in HTTP server that could allow for DoS, information leakage, or remote code execution. Specifically, it relates to sending maliciously crafted requests to the  monitoring API  through endpoints such as /api/v1/traces and /api/v1/trace. "Regardless of whether or not any traces are configured, it is still possible for any user with access to this API endpoint to query it," security researcher Jimi Sebree  said . "During the parsing of incoming requests for the /api/

New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw

New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw
May 02, 2024 Botnet / Vulnerability
A never-before-seen botnet called  Goldoon  has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks. The vulnerability in question is  CVE-2015-2051  (CVSS score: 9.8), which affects D-Link DIR-645 routers and allows remote attackers to  execute arbitrary commands  by means of specially crafted HTTP requests. "If a targeted device is compromised, attackers can gain complete control, enabling them to extract system information, establish communication with a C2 server, and then use these devices to launch further attacks, such as distributed denial-of-service (DDoS)," Fortinet FortiGuard Labs researchers Cara Lin and Vincent Li  said . Telemetry data from the network security company points to a spike in the botnet activity around April 9, 2024. It all starts with the exploitation of CVE-2015-2051 to retrieve a dropper script from a remote server, which is responsible for

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks
Apr 09, 2024 Botnet / Vulnerability
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as  CVE-2024-3272  (CVSS score: 9.8) and  CVE-2024-3273  (CVSS score: 7.3), the vulnerabilities impact  legacy D-Link products  that have reached end-of-life (EoL) status. D-Link, in an  advisory , said it does not plan to ship a patch and instead urges customers to replace them. "The vulnerability lies within the nas_sharing.cgi uri, which is vulnerable due to two main issues: a backdoor facilitated by hard-coded credentials, and a command injection vulnerability via the system parameter," security researcher who goes by the name netsecfish  said  in late March 2024. Successful exploitation of the flaws could lead to arbitrary command execution on the affected D-Link NAS devices, granting threat actors the ability to access sensitive information, alter system configurations, or even

Webinar: How to streamline security reviews with Trust Center

cyber security
websiteVantaCompliance / Security Audit
Learn how Vanta Trust Center can help provide real-time evidence for passing controls and automate responses to security questionnaires.

The Ultimate SaaS Security Posture Management Checklist, 2025 Edition

The Ultimate SaaS Security Posture Management Checklist, 2025 Edition
May 22, 2024SaaS Security / Threat Detection
Since the first edition of  The Ultimate SaaS Security Posture Management (SSPM) Checklist  was released three years ago, the corporate SaaS sprawl has been growing at a double-digit pace. In large enterprises, the number of SaaS applications in use today is in the hundreds, spread across departmental stacks, complicating the job of security teams to protect organizations against evolving threats. As SaaS security becomes a top priority, enterprises are turning to SaaS Security Posture Management (SSPM) as an enabler. The  2025 Ultimate SaaS Security Checklist , designed to help organizations choose an SSPM, covers all the features and capabilities that should be included in these solutions. Before diving into each attack surface, when implementing an SSPM solution, it's essential to cover a breadth of integrations, including out-of-the-box and custom app integrations, as well as in-depth security checks. While there are apps that are more sensitive and complex to secure, a breach c

Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure

Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure
Apr 04, 2024 Network Security / Vulnerability
Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of flaws is as follows - CVE-2024-21894  (CVSS score: 8.2) - A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in order to crash the service thereby causing a DoS attack. In certain conditions, this may lead to execution of arbitrary code. CVE-2024-22052  (CVSS score: 7.5) - A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in order to crash the service thereby causing a DoS attack. CVE-2024-22053  (CVSS score: 8.2) - A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure (9.x, 2

New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking

New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking
Mar 29, 2024 Vulnerability / Linux
Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed  WallEscape  by security researcher Skyler Ferrante. It has been described as a case of improper neutralization of escape sequences. "The util-linux wall command does not filter  escape sequences  from command line arguments," Ferrante  said . "This allows unprivileged users to put arbitrary text on other users' terminals, if mesg is set to "y" and wall is setgid." The  vulnerability  was introduced as part of a  commit  made in August 2013.  The "wall" command is used to write a message to the terminals of all users that are currently logged in to a server, essentially allowing users with elevated permissions to  broadcast key information  to

New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems

New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems
Mar 20, 2024 DoS Attack / Network Security
A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk. Called  Loop DoS attacks , the  approach  pairs "servers of these protocols in such a way that they communicate with each other indefinitely," researchers from the CISPA Helmholtz-Center for Information Security said. UDP, by design, is a  connectionless protocol  that does not validate source IP addresses, making it susceptible to IP spoofing. Thus, when attackers forge several UDP packets to include a victim IP address, the destination server responds to the victim (as opposed to the threat actor), creating a reflected denial-of-service (DoS) attack. The latest study found that certain implementations of the UDP protocol, such as DNS, NTP, TFTP, Active Users, Daytime, Echo, Chargen, QOTD, and Time, can be weaponized to create a self-perpetuating attack loop. "It pairs two

New BunnyLoader Malware Variant Surfaces with Modular Attack Features

New BunnyLoader Malware Variant Surfaces with Modular Attack Features
Mar 20, 2024 Cybercrime / Financial Security
Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called  BunnyLoader  that modularizes its various functions as well as allow it to evade detection. "BunnyLoader is dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well as deliver additional malware to its victims," Palo Alto Networks Unit 42  said  in a report published last week. The new version, dubbed BunnyLoader 3.0, was announced by its developer named Player (or Player_Bunny) on February 11, 2024, with rewritten modules for data theft, reduced payload size, and enhanced keylogging capabilities. BunnyLoader was  first documented  by Zscaler ThreatLabz in September 2023, describing it as a malware-as-a-service (MaaS) designed to harvest credentials and facilitate cryptocurrency theft. It was initially offered on a subscription basis for $250 per month. The malware has since undergone frequent updates that are aimed

Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account

Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account
Feb 03, 2024 Vulnerability / Social Media
The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. "Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the maintainers said in a terse advisory. The vulnerability, tracked as  CVE-2024-23832 , has a severity rating of 9.4 out of a maximum of 10. Security researcher  arcanicanis  has been credited with discovering and reporting it. It has been described as an "origin validation error" ( CWE-346 ), which can typically allow an attacker to "access any functionality that is inadvertently accessible to the source." Every Mastodon version prior to 3.5.17 is vulnerable, as are 4.0.x versions before 4.0.13, 4.1.x versions before 4.1.13, and 4.2.x versions before 4.2.5. Mastodon said it's withholding additional technical specifics about the flaw until February 15, 2024, to give  admins  ampl

Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws

Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws
Jan 30, 2024 Vulnerability / Network Security
Juniper Networks has released out-of-band updates to  address high-severity flaws  in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The vulnerabilities, tracked as  CVE-2024-21619 and CVE-2024-21620 , are rooted in the J-Web component and impact all versions of Junos OS. Two other shortcomings, CVE-2023-36846 and CVE-2023-36851, were  previously disclosed  by the company in August 2023. CVE-2024-21619  (CVSS score: 5.3) - A missing authentication vulnerability that could lead to exposure of sensitive configuration information CVE-2024-21620  (CVSS score: 8.8) - A cross-site scripting (XSS) vulnerability that could lead to the execution of arbitrary commands with the target's permissions by means of a specially crafted request Cybersecurity firm watchTowr Labs has been  credited  with discovering and reporting the issues. The two vulnerabilities have been addressed in the following versions - CVE-2024-21619  - 20.

PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft

PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft
Jan 18, 2024 Firmware Security / Vulnerability
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface ( UEFI ) specification used widely in modern computers. Collectively dubbed  PixieFail  by Quarkslab, the  nine issues  reside in the TianoCore EFI Development Kit II ( EDK II ) and could be exploited to achieve remote code execution, denial-of-service (DoS), DNS cache poisoning, and leakage of sensitive information. UEFI firmware – which is responsible for  booting the operating system  – from AMI, Intel, Insyde, and Phoenix Technologies are impacted by the shortcomings. EDK II incorporates its own TCP/IP stack called  NetworkPkg  to enable network functionalities available during the initial Preboot eXecution Environment ( PXE , pronounced "pixie") stage, which allows for management tasks in the absence of a running operating system. In other words, it is a client-server interface to  boot a

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now
Jan 16, 2024 Vulnerability / Network Security
Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). "The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern," Jon Williams, a senior security engineer at Bishop Fox,  said  in a technical analysis shared with The Hacker News. The vulnerabilities in question are listed below - CVE-2022-22274  (CVSS score: 9.4) - A stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote, unauthenticated attacker to cause DoS or potentially result in code execution in the firewall. CVE-2023-0656  (CVSS score: 7.5) - A stack-based buffer overflow vulnerability in the SonicOS allows a remote, unauthenticated attacker to cause DoS, which could result in a crash. While there are no reports of exploitation of the flaws

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
Jan 13, 2024 Vulnerability / Network Security
Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as  CVE-2024-21591 , is rated 9.8 on the CVSS scoring system. "An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS) or Remote Code Execution (RCE) and obtain root privileges on the device," the company  said  in an advisory. The networking equipment major, which is set to be  acquired by Hewlett Packard Enterprise (HPE)  for $14 billion, said the issue is caused by use of an insecure function allowing a bad actor to overwrite arbitrary memory. The flaw impacts the following versions, and has been fixed in versions 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and later - Junos OS versions earlier than 20.4R

Microsoft's Final 2023 Patch Tuesday: 34 Flaws Fixed, Including 4 Critical

Microsoft's Final 2023 Patch Tuesday: 34 Flaws Fixed, Including 4 Critical
Dec 13, 2023 Patch Tuesday / Windows Security
Microsoft released its final set of Patch Tuesday updates for 2023, closing out 34 flaws in its software, making it one of the lightest releases in recent years. Of the 34 shortcomings, four are rated Critical and 30 are rated Important in severity. The fixes are in addition to  18 flaws  Microsoft addressed in its Chromium-based Edge browser since the release of  Patch Tuesday updates for November 2023 . According to data from the  Zero Day Initiative , the software giant has patched more than 900 flaws this year, making it one of the busiest years for Microsoft patches. For comparison, Redmond resolved 917 CVEs in 2022. While none of the vulnerabilities are listed as publicly known or under active attack at the time of release, some of the notable ones are listed below - CVE-2023-35628  (CVSS score: 8.1) - Windows MSHTML Platform Remote Code Execution Vulnerability CVE-2023-35630  (CVSS score: 8.8) - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability CVE-2

Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices

Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
Dec 01, 2023 Firewall / Network Security
Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection. The  three vulnerabilities  are listed below - CVE-2023-35138  (CVSS score: 9.8) - A command injection vulnerability that could allow an unauthenticated attacker to execute some operating system commands by sending a crafted HTTP POST request. CVE-2023-4473  (CVSS score: 9.8) - A command injection vulnerability in the web server that could allow an unauthenticated attacker to execute some operating system commands by sending a crafted URL to a vulnerable device. CVE-2023-4474  (CVSS score: 9.8) - An improper neutralization of special elements vulnerability that could allow an unauthenticated attacker to execute some operating system commands by sending a crafted URL to a vulnerable device. Also patched by Zyxel are three high-severity flaws ( CVE-
Expert Insights
Cybersecurity Resources