#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

Network Management | Breaking Cybersecurity News | The Hacker News

Category — Network Management
The Power and Peril of RMM Tools

The Power and Peril of RMM Tools

Jul 30, 2024 Network Management / IT Security
As more people work remotely, IT departments must manage devices distributed over different cities and countries relying on VPNs and remote monitoring and management (RMM) tools for system administration.  However, like any new technology, RMM tools can also be used maliciously. Threat actors can establish connections to a victim's device and run commands, exfiltrate data, and stay undetected.  This article will cover real-world examples of RMM exploits and show you how to protect your organization from these attacks.  What are RMM tools?  RMM software simplifies network management, allowing IT professionals to remotely solve problems, install software, and upload or download files to or from devices.  Unfortunately, this connection is not always secure, and attackers can use malicious software to connect their servers to a victim's device. As these connections become easier to detect, however,  ransomware-as-a-service (RaaS) groups have had to adjus...
F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution

F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution

Oct 27, 2023 Network Security / Vulnerability
F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component, has been assigned the CVE identifier  CVE-2023-46747 , and carries a CVSS score of 9.8 out of a maximum of 10. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands," F5  said  in an advisory released Thursday. "There is no data plane exposure; this is a control plane issue only." The following versions of BIG-IP have been found to be vulnerable - 17.1.0 (Fixed in 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG) 16.1.0 - 16.1.4 (Fixed in 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG) 15.1.0 - 15.1.10 (Fixed in 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG) 14.1.0 - 14.1.5 (Fixed in 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG) 13.1.0 - ...
Critical Security Flaws Reported in Moxa MXview Network Management Software

Critical Security Flaws Reported in Moxa MXview Network Management Software

Feb 14, 2022
Technical details have been disclosed regarding a number of security vulnerabilities affecting Moxa's MXview web-based network management system, some of which could be chained by an unauthenticated adversary to achieve remote code execution on unpatched servers. The five security weaknesses "could allow a remote, unauthenticated attacker to execute code on the hosting machine with the highest privileges available: NT AUTHORITY\SYSTEM," Claroty security researcher Noam Moshe  said  in a report published this week. Moxa  MXview  is designed for configuring, monitoring, and diagnosing networking devices in industrial networks. The flaws, which affect versions 3.x to 3.2.2 of the network management software, were rectified in  version 3.2.4 or higher  following a coordinated disclosure process in October 2021. "Successful exploitation of these vulnerabilities may allow an attacker to create or overwrite critical files to execute code, gain access to the p...
cyber security

Accelerate Your Zero Trust Strategy

websiteElisityIdentity Security / Microsegmentation
Download your guide on how to compare vendors and select the right microsegmentation solution
cyber security

Key Essentials to Modern SaaS Data Resilience

websiteVeeamSaaS Security / Data Resilience
Learn how to modernize your SaaS data protection strategy and strengthen security to avoid risks of data loss.
Expert Insights Articles Videos
Cybersecurity Resources