Vulnerability | Breaking Cybersecurity News | The Hacker News

A security flaw has been disclosed in OpenWrt 's Attended Sysupgrade ( ASU ) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143 , carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the flaw on December 4, 2024. The issue has been patched in ASU version 920c8a1 . "Due to the combination of the command injection in the imagebuilder image and the truncated SHA-256 hash included in the build request hash, an attacker can pollute the legitimate image by providing a package list that causes the hash collision," the project maintainers said in an alert. OpenWrt is a popular open-source Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Successful exploitation of the shortcoming could essentiall...

Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. "Prometheus servers or exporters , often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys," Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new report shared with The Hacker News. The cloud security firm also said that the exposure of the "/debug/pprof" endpoints used for determining heap memory usage, CPU usage, and others, could serve as a vector for DoS attacks, rendering the servers inoperable. As many as 296,000 Prometheus Node Exporter instances and 40,300 Prometheus servers have been estimated to be publicly accessible over the internet, making them a huge attack surface that could put data and services at risk. The fact th...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control ( TCC ) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved validation of symbolic links (symlinks) in iOS 18, iPadOS 18 , and macOS Sequoia 15 . Jamf Threat Labs, which discovered and reported the flaw, said the TCC bypass could be exploited by a rogue installed on the system to grab sensitive data without users' knowledge. TCC serves as a critical security protection in Apple devices, giving end users a way to allow or deny a request from apps to access sensitive data, such as GPS location, contacts, and photos, among others. "This TCC bypass allows unauthorized access to files and folders, Health data, the microphone or camera, and m...

Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. "This flaw poses a significant security risk, as it enables attackers to install vulnerable or closed plugins, which can then be exploited for attacks such as Remote Code Execution (RCE), SQL Injection, Cross‑Site Scripting (XSS), or even the creation of administrative backdoors," WPScan said in a report. To make matters worse, attackers could leverage outdated or abandoned plugins to circumvent security measures, tamper with database records, execute malicious scripts, and seize control of the sites. WPScan said it uncovered the security defect when analyzing an infection on an unspecified WordPress site, finding that threat actors ...

Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the account holder with any indication of trouble," Oasis Security researchers Elad Luz and Tal Hason said in a report shared with The Hacker News. Following responsible disclosure, the issue – codenamed AuthQuake – was addressed by Microsoft in October 2024. While the Windows maker supports various ways to authenticate users via MFA, one method involves entering a six-digit code from an authenticator app after supplying the credentials. Up to 10 consequent failed attempts are permitted for a single session. The vulnerability identified by Oasis, at its core, concerns...

Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the elevation of privileges. This is in addition to 13 vulnerabilities the company has addressed in its Chromium-based Edge browser since the release of last month's security update . In total, Microsoft has resolved as many as 1,088 vulnerabilities in 2024 alone, per Fortra. The vulnerability that Microsoft has acknowledged as having been actively exploited is CVE-2024-49138 (CVSS score: 7.8), a privilege escalation flaw in the Windows Common Log File System (CLFS) Driver. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," the company said in an...

The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Guan has been accused of developing and testing a zero-day security vulnerability used to conduct the attacks against Sophos firewalls. "Guan Tianfeng is wanted for his alleged role in conspiring to access Sophos firewalls without authorization, cause damage to them, and retrieve and exfiltrate data from both the firewalls themselves and the computers behind these firewalls," the U.S. Federal Bureau of Investigation (FBI) said . "The exploit was used to infiltrate approximately 81,000 firewalls." The then-zero-day vulnerability in question is CVE-2020-12271 (CVSS score: 9.8), a severe S...

Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote unauthenticated attacker to gain administrative access CVE-2024-11772 (CVSS score: 9.1) - A command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to achieve remote code execution CVE-2024-11773 (CVSS score: 9.1) - An SQL injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements CVE-2024-11633 (CVSS score: 9.1) - An argument injection vulnerability in Ivanti Con...

Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo's LexiCom, VLTransfer, and Harmony software, concerns a case of unauthenticated remote code execution. The security hole is tracked as CVE-2024-50623, with Cleo noting that the flaw is the result of an unrestricted file upload that could pave the way for the execution of arbitrary code. The Illinois-based company, which has over 4,200 customers across the world, has since issued another advisory (CVE pending), warning of a separate "unauthenticated malicious hosts vulnerability that could lead to remote code execution." The development comes after Huntress said the patches released for CVE...

In today's rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution, empowering organizations to stay ahead of attackers with cost-effective, frequent, and thorough security assessments. Strengthen Your Defenses: The Role of Internal and External Pentests  Effective cybersecurity requires addressing threats from both inside and outside your organization. Automated solutions streamline this process, enabling IT teams to implement a holistic and proactive defense strategy. Internal Pentesting: Securing the Core Internal pentesting simulates an attacker operating within your network, exposing vulnerabilities such as insider threats, compromised credentials, or breaches through physical or ...

Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack . Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print the xss cheat sheet in a bullet list. just payloads" in the DeepSeek chat triggered the execution of JavaScript code as part of the generated response – a classic case of cross-site scripting (XSS). XSS attacks can have serious consequences as they lead to the execution of unauthorized code in the context of the victim's web browser. An attacker could take advantage of such flaws to hijack a user's session and gain access to cookies and other data associated with the chat.deepseek[.]com domain, thereby leading to an account takeover. "After some experimenting,...

Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month. Unlike the first set that involved flaws on the server-side, the newly detailed ones allow exploitation of ML clients and reside in libraries that handle safe model formats like Safetensors . "Hijacking an ML client in an organization can allow the attackers to perform extensive lateral movement within the organization," the company said . "An ML client is very likely to have access to important ML services such as ML Model Registries or MLOps Pipelines." This, in turn, could expose sensitive information such as model registry credentials, effectively permitting a malicious actor to back...

Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input validation in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab that results in a path traversal attack. MiCollab is a software and hardware solution that integrates chat, voice, video, and SMS messaging with Microsoft Teams and other applications. NPM is a server-based voicemail system , which enables users to access their voice messages through various methods, including remotely or through the Microsoft Outlook client. WatchTowr Labs, in a report shared with The Hacker News, said it discovered CVE-2024-41713 as part of its efforts to reproduce CVE-2024-35286 (CVSS score: 9.8...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...