Exploits | Breaking Cybersecurity News | The Hacker News

The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures," CloudSEK said in a new report. AndroxGh0st is the name given to a Python-based cloud attack tool that's known for its targeting of Laravel applications with the goal of sensitive data pertaining to services like Amazon Web Services (AWS), SendGrid, and Twilio. Active since at least 2022, it has previously leveraged flaws in the Apache web server ( CVE-2021-41773 ), Laravel Framework ( CVE-2018-15133 ), and PHPUnit ( CVE-2017-9841 ) to gain initial access, escalate privileges, and establish persistent control over compromised systems. Earlier this January, U.S. cybersecurity and intelligence a...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities ( KEV ) catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracked as CVE-2024-9537 (CVSS v4 score: 9.3), refers to a bug involving an unspecified third-party component that could lead to remote code execution. The issue has since been addressed in versions 12.1.3, 12.2.3, and 12.3 and later. Fixes have also been made available for version 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x. The development comes weeks after cloud hosting provider Rackspace acknowledged that it "became aware of an issue with the ScienceLogic EM7 Portal," prompting it to take its dashboard offline towards the end of last month. "We have confirmed that the exploit of this third-party application resulted in access to three internal Rackspace monitoring web servers," an a...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

Two new vulnerabilities affecting Linux were uncovered this week. These vulnerabilities could potentially allow malicious hackers to gain root privileges. CVE-2010-3904: Reliable Datagram Sockets (RDS) Protocol Vulnerability The first vulnerability, reported on Tuesday by security firm VSR, arises from a flaw in the implementation of the Reliable Datagram Sockets (RDS) protocol in versions 2.6.30 through 2.6.36-rc8 of the Linux kernel. Known as CVE-2010-3904 , this bug could allow a local attacker to issue specially crafted socket function calls. This would enable the attacker to write arbitrary values into kernel memory, thereby escalating their privileges to root and gaining "superuser" status. The problem exists only in Linux installations where the CONFIG_RDS kernel configuration option is set and there are no restrictions preventing unprivileged users from loading packet family modules. This is the case for most stock distributions, as VSR notes. A proof-of-concept e...