#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: Vulnerability

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

Dec 01, 2022 Kubernetes / Vulnerability Management
A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as  CVE-2022-4116  (CVSS score: 9.8), the shortcoming could be trivially abused by a malicious actor without any privileges. "The vulnerability is found in the Dev UI Config Editor, which is vulnerable to drive-by localhost attacks that could lead to remote-code execution (RCE)," Contrast Security researcher Joseph Beeton, who reported the bug,  said  in a write-up. Quarkus, developed by Red Hat, is an  open source project  that's used for creating Java applications in  containerized  and serverless environments. It's worth pointing out that the  issue  only impacts developers who are running Quarkus and are tricked into visiting a specially crafted website, which is embedded with malicious JavaScript code designed to install or execute arbitrary payloads. This could take the form o
New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection

New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection

Nov 29, 2022
Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as  CVE-2022-4020 , the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as an issue that "may allow changes to Secure Boot settings by creating NVRAM variables." Credited with  discovering  the flaw is ESET researcher Martin Smolár, who previously disclosed  similar bugs  in Lenovo computers. Disabling Secure Boot, an integrity mechanism that guarantees that only trusted software is loaded during system startup, enables a malicious actor to tamper with  boot loaders , leading to severe consequences. This includes  granting  the attacker complete control over the operating system loading process as well as "disable or bypass protections to silently deploy their
Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services

Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services

Nov 28, 2022
Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to a  confused deputy problem , a type of privilege escalation where a program that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action. The shortcoming was reported by Datadog to AWS on September 1, 2022, following which a patch was shipped on September 6. "This attack abuses the AppSync service to assume [identity and access management]  roles  in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette  said  in a report published last week. In a coordinated disclosure, Amazon  said  that no customers were affected by the vulnerability and that no customer action is required. It described it as a "case-sensitivity parsing issue w
Iranian Hackers Compromised a U.S. Federal Agency’s Network Using Log4Shell Exploit

Iranian Hackers Compromised a U.S. Federal Agency's Network Using Log4Shell Exploit

Nov 17, 2022
Iranian government-sponsored threat actors have been blamed for compromising a U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server. The details, which were shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), come in response to incident response efforts undertaken by the authority from mid-June through mid-July 2022. "Cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence," CISA  noted . LogShell, aka  CVE-2021-44228 , is a critical remote code execution flaw in the widely-used Apache Log4j Java-based logging library. It was addressed by the open source project maintainers in December 2021. The latest development  marks  the  continued   abuse  of the Log4j v
Critical RCE Flaw Reported in Spotify's Backstage Software Catalog and Developer Platform

Critical RCE Flaw Reported in Spotify's Backstage Software Catalog and Developer Platform

Nov 15, 2022
Spotify's Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability (CVSS score: 9.8), at its core, takes advantage of a critical sandbox escape in vm2, a popular JavaScript sandbox library ( CVE-2022-36067  aka Sandbreak), that came to light last month. "An unauthenticated threat actor can execute arbitrary system commands on a Backstage application by exploiting a vm2 sandbox escape in the Scaffolder core plugin," application security firm Oxeye said in a report shared with The Hacker News. Backstage  is an open source  developer portal  from Spotify that allows users to create, manage, and explore software components from a unified " front door ." It's used by  many companies  like Netflix, DoorDash, Roku, and Expedia, among others. According to Oxeye, the flaw is rooted in a tool called  software templ
PCspooF: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft

PCspooF: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft

Nov 15, 2022
Credit: Marina Minkin A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet ( TTE ) that's used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft. Dubbed  PCspooF  by a group of academics and researchers from the University of Michigan , the University of Pennsylvania, and the NASA Johnson Space Center, the  technique  is designed to break TTE's security guarantees and induce TTE devices to lose synchronization for up to a second, a behavior that can even lead to uncontrolled maneuvers in spaceflight missions and threaten crew safety. TTE is one among the networking technologies that's part of what's called a mixed-criticality network wherein traffic with different timing and faults tolerance requirements coexist in the same physical network. This means that both critical devices, which, say, enable vehicle control, and non-critical devices, which are
Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products

Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products

Nov 10, 2022
Citrix has released  security updates  to address a critical authentication bypass flaw in the application delivery controller (ADC) and Gateway products that could be exploited to take control of affected systems. Successful exploitation of the issues could enable an adversary to gain authorized access, perform remote desktop takeover, and even circumvent defenses against login brute-force attempts under specific configurations. CVE-2022-27510  - Unauthorized access to Gateway user capabilities CVE-2022-27513  - Remote desktop takeover via phishing CVE-2022-27516  - User login brute-force protection functionality bypass The following supported versions of Citrix ADC and Citrix Gateway are affected by the flaws - Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47  Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12  Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21 Citrix ADC 12.1-FIPS before 12.1-55.289 Citrix ADC 12.1-NDcPP before 12.1-55.289 Exploitation, howe
High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies

High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies

Nov 10, 2022
Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The high-severity issue, tracked as  CVE-2022-0902  (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow  flow computers and remote controllers . "Attackers can exploit this flaw to gain root access on an ABB flow computer, read and write files, and remotely execute code," industrial security company Claroty  said  in a report shared with The Hacker News. ABB, a Swedish-Swiss industrial automation firm, has since released  firmware updates  as of July 14, 2022, following responsible disclosure. Flow computers are special-purpose electronic instruments used by petrochemical manufacturers to interpret data from flow meters and calculate and record the volume of substances such as natural gas, crude oils, and other hydrocarbon fluids at a specific point in time
New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models

New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models

Nov 10, 2022
PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices. "The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS," Slovak cybersecurity firm ESET  explained  in a series of tweets. UEFI refers to software that acts as an interface between the operating system and the firmware embedded in the device's hardware. Because UEFI is  responsible  for launching the operating system when a device is powered on, it has made the technology an attractive option for threat actors looking to  drop malware  that's difficult to detect and remove. Viewed in that light, the flaws, tracked as CVE-2022-3430, CVE-2022-3431, and CVE-2022-3432, could be abused by an adversary to turn off Secure Boot, a security mechanism that's designed to prevent malicious programs from lo
VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software

VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software

Nov 09, 2022
VMware has patched five security flaws affecting its  Workspace ONE Assist  solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an authentication bypass flaw that could be abused by an attacker with network access to VMware Workspace ONE Assist to obtain administrative access without the need to authenticate to the application. CVE-2022-31686 has been described by the virtualization services provider as a "broken authentication method" vulnerability, and CVE-2022-31687 as a "Broken Access Control" flaw. "A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application," VMware  said  in an advisory for CVE-2022-31686 and CVE-202
Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities

Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities

Nov 05, 2022
Microsoft is warning of an uptick among nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments. The tech giant, in its 114-page  Digital Defense Report , said it has "observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability," making it imperative that organizations patch such exploits in a timely manner. This also corroborates with an April 2022 advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which  found  that bad actors are "aggressively" targeting newly disclosed software bugs against broad targets globally. Microsoft noted that it only takes 14 days on average for an exploit to be available in the wild after public disclosure of a flaw, stating that while zero-day attacks are initially limited in scope, they tend to be swiftly adopted by other threat actors, leading to indiscriminat
CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software

Nov 04, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  published  three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom's Remote Access Server (RAS), which "could allow an attacker to obtain sensitive information and compromise the vulnerable device and other connected machines," CISA said. This includes CVE-2022-3703 (CVSS score: 9.0), a critical flaw that stems from the RAS web portal's inability to verify the authenticity of firmware, thereby making it possible to slip in a rogue package that grants backdoor access to the adversary. Two other flaws relate to a directory traversal bug in the RAS API (CVE-2022-41607, CVSS score: 8.6) and a file upload issue (CVE-2022-40981, CVSS score: 8.3) that can be exploited to read arbitrary files and upload malicious files that can compromise th
Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software

Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software

Nov 02, 2022
Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers.  "These vulnerabilities can be chained together by an unauthenticated, remote attacker to gain code execution on the server running Checkmk version 2.1.0p10 and lower," SonarSource researcher Stefan Schiller  said  in a technical analysis. Checkmk's open source edition of the monitoring tool is based on  Nagios Core  and offers integrations with  NagVis  for the visualization and generation of topological maps of infrastructures, servers, ports, and processes. According to its Munich-based developer tribe29 GmbH, its Enterprise and Raw editions are used by  over 2,000 customers , including Airbus, Adobe, NASA, Siemens, Vodafone, and others. The four vulnerabilities, which consist of two Critical and two Medium severity bugs, are as follows - A  code injection flaw  
OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

Nov 01, 2022
The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as  CVE-2022-3602 and CVE-2022-3786 , have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email address. "In a TLS client, this can be triggered by connecting to a malicious server," OpenSSL said in an advisory for CVE-2022-3786. "In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects." OpenSSL is an  open source implementation  of the SSL and TLS protocols used for secure communication and is baked into several operating systems and a wide range of software . Versions 3.0.0 through 3.0.6 of the library are affected by the new flaws, which has been remediated in version 3.0.7. It's worth noting tha
Researchers Disclose Details of Critical 'CosMiss' RCE Flaw Affecting Azure Cosmos DB

Researchers Disclose Details of Critical 'CosMiss' RCE Flaw Affecting Azure Cosmos DB

Nov 01, 2022
Microsoft on Tuesday said it addressed an authentication bypass vulnerability in  Jupyter Notebooks  for Azure Cosmos DB that enabled full read and write access. The tech giant said the problem was introduced on August 12, 2022, and rectified worldwide on October 6, 2022, two days after responsible disclosure from Orca Security, which dubbed the flaw  CosMiss . "In short, if an attacker had knowledge of a Notebook's 'forwardingId,' which is the UUID of the Notebook Workspace, they would have had full permissions on the Notebook without having to authenticate, including read and write access, and the ability to modify the file system of the container running the notebook," researchers Lidor Ben Shitrit and Roee Sagi said. This container modification could ultimately pave the way for obtaining remote code execution in the Notebook container by overwriting a Python file associated with the  Cosmos DB Explorer  to spawn a reverse shell. Successful exploitation
Last Years Open Source - Tomorrow's Vulnerabilities

Last Years Open Source - Tomorrow's Vulnerabilities

Nov 01, 2022
Linus Torvalds, the creator of Linux and Git, has his own law in software development, and it goes like this: " given enough eyeballs, all bugs are shallow ." This phrase puts the finger on the very principle of open source: the more, the merrier - if the code is easily available for anyone and everyone to fix bugs, it's pretty safe. But is it? Or is the saying "all bugs are shallow" only true for  shallow  bugs and not ones that lie deeper? It turns out that security flaws in open source can be harder to find than we thought. Emil Wåreus, Head of R&D at  Debricked , took it upon himself to look deeper into the community's performance. As the data scientist he is, he, of course, asked the data:  how good is the open source community at finding vulnerabilities in a timely manner ? The thrill of the (vulnerability) hunt Finding open source vulnerabilities is typically done by the maintainers of the open source project, users, auditors, or external secur
Hackers Actively Exploiting Cisco AnyConnect and GIGABYTE Drivers Vulnerabilities

Hackers Actively Exploiting Cisco AnyConnect and GIGABYTE Drivers Vulnerabilities

Oct 26, 2022
Cisco has warned of active exploitation attempts targeting a pair of two-year-old security flaws in the Cisco AnyConnect Secure Mobility Client for Windows. Tracked as  CVE-2020-3153  (CVSS score: 6.5) and  CVE-2020-3433  (CVSS score: 7.8), the vulnerabilities could enable local authenticated attackers to perform DLL hijacking and copy arbitrary files to system directories with elevated privileges.  While CVE-2020-3153 was addressed by Cisco in February 2020, a fix for CVE-2020-3433 was shipped in August 2020. "In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild," the networking equipment maker said in an updated advisory. "Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability." The alert comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) moved to add the two flaws to its K
VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform

VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform

Oct 26, 2022
VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product. Tracked as CVE-2021-39144, the issue has been rated 9.8 out of 10 on the CVSS vulnerability scoring system, and relates to a remote code execution vulnerability via XStream open source library. "Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of 'root' on the appliance," the company  said  in an advisory. In light of the severity of the flaw and its relatively low bar for exploitation, the Palo Alto-based virtualization services provider has also made available a  patch  for end-of-life products. Also addressed by VMware as part of the update is CVE-2022-31678 (CVSS score: 5.3), an XML External Entity ( XXE ) vulnerability that could be exploited to result in a denial-of-service (DoS) condition or unauthorized info
22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library

22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library

Oct 25, 2022
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as  CVE-2022-35737  (CVSS score: 7.5), the 22-year-old issue affects SQLite versions  1.0.12  through 3.39.1, and has been addressed in  version 3.39.2  released on July 21, 2022. "CVE-2022-35737 is  exploitable  on 64-bit systems, and exploitability depends on how the program is compiled," Trail of Bits researcher Andreas Kellas  said  in a technical write-up published today. "Arbitrary code execution is confirmed when the library is compiled without stack canaries, but unconfirmed when stack canaries are present, and denial-of-service is confirmed in all cases." Programmed in C, SQLite is the most widely used database engine , included by default in Android, iOS, Windows, and macOS, as well as popular web browsers such as Googl
Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability

Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability

Oct 25, 2022
Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827 , has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges. Successful exploitation of out-of-bounds write flaws, which typically occur when a program attempts to write data to a memory location that's outside of the bounds of what it is allowed to access, can result in corruption of data, a crash, or execution of unauthorized code. The iPhone maker said it addressed the bug with improved bounds checking, while crediting an anonymous researcher for reporting the vulnerability. As is usually the case with actively exploited zero-day flaws, Apple refrained from sharing more specifics about the shortcoming other than acknowledging that it's "aware of a report that this i
More Resources

Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.