PoC Exploit | Breaking Cybersecurity News | The Hacker News

Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). "The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern," Jon Williams, a senior security engineer at Bishop Fox,  said  in a technical analysis shared with The Hacker News. The vulnerabilities in question are listed below - CVE-2022-22274  (CVSS score: 9.4) - A stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote, unauthenticated attacker to cause DoS or potentially result in code execution in the firewall. CVE-2023-0656  (CVSS score: 7.5) - A stack-based buffer overflow vulnerability in the SonicOS allows a remote, unauthenticated attacker to cause DoS, which could result in a crash. While there are no reports of exploi...

Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as  CVE-2023-46604  (CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands. It was patched by Apache in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3 released late last month. The vulnerability has since  come under   active exploitation  by ransomware outfits to deploy ransomware such as HelloKitty and a strain that shares similarities with TellYouThePass as well as a remote access trojan called SparkRAT. According to  new findings  from VulnCheck, threat actors weaponizing the flaw are  relying  on a public proof-of-concept ( PoC ) exploit originally disclosed on October 25, 2023. The attacks have been found to use  ClassPathXmlApplicationContext , a class that's part of the...

A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware. "The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited a SQL injection vulnerability in an application called GeoServer, which is tracked as  CVE-2023-25157 ," Palo Alto Networks Unit 42 researcher Robert Falcone  said . While  bogus PoCs  have become a  well-documented gambit  for targeting the  research community , the cybersecurity firm suspected that the threat actors are opportunistically targeting other crooks who may be adopting the latest vulnerabilities into their arsenal. whalersplonk, the  GitHub account  that hosted the repository, is no longer accessible. The PoC is said to have been committed on August 21, 2023, four days after the vulnerability was publicly announced. ...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...

A proof-of-concept (PoC) exploit code has been made available for the recently disclosed critical security flaw affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager, making it imperative that users move quickly to apply the patches. "FortiOS exposes a management web portal that allows a user to configure the system," Horizon3.ai researcher James Horseman  said . "Additionally, a user can SSH into the system which exposes a locked down CLI interface." The issue, tracked as  CVE-2022-40684  (CVSS score: 9.6), concerns an  authentication bypass  vulnerability that could allow a remote attacker to perform malicious operations on the administrative interface via specially crafted HTTP(S) requests. A successful exploitation of the shortcoming is tantamount to granting complete access "to do just about anything" on the affected system, including altering network configurations, adding malicious users, and intercepting network traffic. That said, ...