#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Vulnerability | Breaking Cybersecurity News | The Hacker News

Category — Vulnerability
Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch

Oct 03, 2024 Vulnerability / Endpoint Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824 , carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity. "An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code," the software service provider said in an advisory released on May 21, 2024. Horizon3.ai, which released a proof-of-concept (PoC) exploit for the flaw in June, said the issue is rooted in a function called RecordGoodApp() within a DLL named PatchBiz.dll. Specifically, it concerns how the function handles an SQL query statement, thereby allowing an attacker to gain remote code execution via xp_cmdshell. Th
Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities

Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities

Oct 02, 2024 Vulnerability / Network Security
A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. "These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks," Forescout Vedere Labs said in a technical report shared with The Hacker News. Of the 14 security flaws – collectively called DRAY:BREAK – two are rated critical, nine are rated high, and three are rated medium in severity. The most critical of the shortcomings is a flaw that has been awarded the maximum CVSS score of 10.0. CVE-2024-41592 concerns a buffer overflow bug in the "GetCGI()" function in the Web user interface that could lead to a denial-of-service (DoS) or remote code execution (RCE) when processing the query string parameters. Another critical vulnerability (CVE-2024-41
Agentic AI in SOCs: A Solution to SOAR's Unfulfilled Promises

Agentic AI in SOCs: A Solution to SOAR's Unfulfilled Promises

Sep 25, 2024Artificial Intelligence / SOC Automation
Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency. However, despite three generations of technology and 10 years of advancements, SOAR hasn't fully delivered on its potential, leaving SOCs still grappling with many of the same challenges. Enter Agentic AI—a new approach that could finally fulfill the SOC's long-awaited vision, providing a more dynamic and adaptive solution to automate SOC operations effectively. Three Generations of SOAR – Still Falling Short SOAR emerged in the mid-2010s with companies like PhantomCyber, Demisto, and Swimlane, promising to automate SOC tasks, improve productivity, and shorten response times. Despite these ambitions, SOAR found its greatest success in automating generalized tasks like threat intel propagation, rather than core threat detection, investigation, and response (TDIR) workloads.
Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

Oct 02, 2024 Vulnerability / Data Breach
Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming, credited to a researcher named " spacewasp ," was patched by Adobe in June 2024. Dutch security firm Sansec, which has described CosmicSting as the "worst bug to hit Magento and Adobe Commerce stores in two years," said the e-commerce sites are being compromised at the rate of three to five per hour. The flaw has since come under widespread exploitation , prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to the Known Exploited Vulnerabilities (KEV) catalog in mid-July 2024. Some of these attacks involve weaponizing the flaw to ste
cyber security

How to Stay Safe From Insider & User Offboarding Risks

websiteWing SecuritySaaS Security / Insider Threat
Unrevoked permissions for offboarded employees is just one of the risks that can result in data breaches.
Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw

Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw

Oct 02, 2024 Email Security / Vulnerability
Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519 , a severe security flaw in Zimbra's postjournal service that could enable unauthenticated attackers to execute arbitrary commands on affected installations. "The emails spoofing Gmail were sent to bogus addresses in the CC fields in an attempt for Zimbra servers to parse and execute them as commands," Proofpoint said in a series of posts on X. "The addresses contained Base64 strings that are executed with the sh utility." The critical issue was addressed by Zimbra in versions 8.8.15 Patch 46, 9.0.0 Patch 41, 10.0.9, and 10.1.1 released on September 4, 2024. A security researcher named lebr0nli (Alan Li) has been credited with discovering and reporting the short
Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now

Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now

Sep 27, 2024 Software Security / Vulnerability
Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said , have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers - CVE-2024-46905 (CVSS score: 8.8)  CVE-2024-46906 (CVSS score: 8.8)  CVE-2024-46907 (CVSS score: 8.8)  CVE-2024-46908 (CVSS score: 8.8)  CVE-2024-46909 (CVSS score: 9.8), and CVE-2024-8785 (CVSS score: 9.8) Security researcher Sina Kheirkhah of Summoning Team has been credited with discovering and reporting the first four flaws. Andy Niu of Trend Micro has been acknowledged for CVE-2024-46909, while Tenable has been credited for CVE-2024-8785. It's worth noting that Trend Micro recently reported that threat actors are actively exploiting proof-of-concept (PoC) exploits for other recently disclosed security flaws in WhatsU
Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

Sep 27, 2024 Linux / Vulnerability
A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System ( CUPS ) on Linux systems that could permit remote command execution under certain conditions. "A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer)," security researcher Simone Margaritelli said . CUPS is a standards-based, open-source printing system for Linux and other Unix-like operating systems, including ArchLinux, Debian, Fedora, Red Hat Enterprise Linux (RHEL), ChromeOS, FreeBSD, NetBSD, OpenBSD, openSUSE, and SUSE Linux. The list of vulnerabilities is as follows - CVE-2024-47176 - cups-browsed <= 2.0.1 binds on UDP INADDR_ANY:631 trusting any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker-controlled URL CVE-2024-47076 - libcupsfil
Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers

Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers

Sep 27, 2024 Container Security / Cloud Computing
A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132 , carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.2 and NVIDIA GPU Operator version 24.6.2. "NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-Check Time-of-Use ( TOCTOU ) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system," NVIDIA said in an advisory. "A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering." The issue impacts all versions of NVIDIA Container Toolkit up to and including v1.16.1, and Nvidia GPU Operator up to and i
Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 68%

Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 68%

Sep 25, 2024 Secure Coding / Mobile Security
Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years. The tech giant said focusing on Safe Coding for new features not only reduces the overall security risk of a codebase, but also makes the switch more "scalable and cost-effective." Eventually, this leads to a drop in memory safety vulnerabilities as new memory unsafe development slows down after a certain period of time, and new memory safe development takes over, Google's Jeff Vander Stoep and Alex Rebert said in a post shared with The Hacker News. Perhaps even more interestingly, the number of memory safety vulnerabilities tends to register a drop notwithstanding an increase in the quantity of new memory unsafe code. The paradox is explained by the fact that vulnerabilities decay exponentially, with a study finding
CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

Sep 25, 2024 Vulnerability / Cyber Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2024-7593 (CVSS score: 9.8), which could be exploited by a remote unauthenticated attacker to bypass the authentication of the admin panel and create rogue administrative users. "Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account," CISA said. The issue was patched by Ivanti in vTM versions 22.2R1, 22.3R3, 22.5R2, 22.6R2, and 22.7R2 in August 2024. The agency did not reveal any specifics on how the shortcoming is being weaponized in real-world attacks and who may be behind them, but Ivanti had previously noted that a proof-of-concept (PoC) is publicly available. In light
Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

Sep 23, 2024 IoT Security / Vulnerability
A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490 , carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF's implementation of the tinydhcp server stemming from a lack of adequate input validation. "There exists a vulnerability in all publicly available examples of the ASF codebase that allows for a specially crafted DHCP request to cause a stack-based overflow that could lead to remote code execution," CERT Coordination Center (CERT/CC) said in an advisory. Given that the software is no longer supported and is rooted in IoT-centric code, CERT/CC has warned that the vulnerability is "likely to surface in many places in the wild." The issue impacts ASF 3.52.0.2574 and all prior versions of the software, with the agency also noting th
Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Sep 20, 2024 Enterprise Security / Network Security
Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the company as part of CSA 4.6 Patch 519 and CSA 5.0. "Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality," the company said in a Thursday bulletin. It also noted that the flaw could be chained with CVE-2024-8190 (CVSS score: 7.2), permitting an attacker to bypass admin authentication and execute arbitrary commands on the appliance.  Ivanti has further warned that it's "aware of a limited number of customers who have been exploited by this vulnerability," days after it disclosed active exploitation attempts targeting CVE-2024-8190. This indicates that the threat actors behind th
GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

Sep 19, 2024 Enterprise Security / DevOps
GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week. The problem as a result of the library not properly verifying the signature of the SAML Response. SAML, short for Security Assertion Markup Language, is a protocol that enables single sign-on (SSO) and exchange of authentication and authorization data across multiple apps and websites.  "An unauthenticated attacker with access to any signed SAML document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents, according to a security advisory . "This would allow the attacker to log in as arbitrary user within the vulnerable system." It's worth noting the fl
Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Sep 18, 2024 Virtualization / Network Security
Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol . "A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution," the virtualization services provider said in a bulletin. The shortcoming is similar to two other remote code execution flaws, CVE-2024-37079 and CVE-2024-37080 (CVSS scores: 9.8), that VMware resolved in vCenter Server in June 2024. Also addressed by VMware is a privilege escalation flaw in the vCenter Server (CVE-2024-38813, CVSS score: 7.5) that could enable a malicious actor with network access to the instance to escalate privileges to root by sending a specially crafted network packet. Securit
Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution

Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution

Sep 16, 2024 Cloud Security / Vulnerability
A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable Research. "The vulnerability could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline-orchestration tool," security researcher Liv Matan said in a report shared with The Hacker News. Dependency confusion (aka substitution attack), which was first documented by security researcher Alex Birsan in February 2021, refers to a type of software supply chain compromise in which a package manager is tricked into pulling a malicious package from a public repository instead of the intended file of the same name from an internal repository. So, a threat actor could stage a large-scale supply chain attack by publ
Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Sep 14, 2024 Enterprise Security / Threat Intelligence
Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution," Ivanti noted in an advisory released earlier this week. "The attacker must have admin level privileges to exploit this vulnerability." The flaw impacts Ivanti CSA 4.6, which has currently reached end-of-life status, requiring that customers upgrade to a supported version going forward. That said, it has been addressed in CSA 4.6 Patch 519. "With the end-of-life status this is the last fix that Ivanti will backport for this version," the Utah-based IT software company added. "Customers mus
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

Sep 13, 2024 Virtual Reality / Vulnerability
Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit , has been assigned the CVE identifier CVE-2024-40865. "A novel attack that can infer eye-related biometrics from the avatar image to reconstruct text entered via gaze-controlled typing," a group of academics from the University of Florida, CertiK Skyfall Team, and Texas Tech University  said . "The GAZEploit attack leverages the vulnerability inherent in gaze-controlled text entry when users share a virtual avatar." Following responsible disclosure, Apple addressed the issue in visionOS 1.3 released on July 29, 2024. It described the vulnerability as impacting a component called Presence. "Inputs to the virtual keyboard may be inferred from Persona," it said in a security advisory, addin
New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

Sep 13, 2024 Enterprise Security / Vulnerability
Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining and deliver botnet malware. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver a malware strain dubbed Hadooken , according to cloud security firm Aqua. "When Hadooken is executed, it drops a Tsunami malware and deploys a crypto miner," security researcher Assaf Moran said . The attack chains exploit known security vulnerabilities and misconfigurations, such as weak credentials, to obtain an initial foothold and execute arbitrary code on susceptible instances. This is accomplished by launching two nearly-identical payloads, one written in Python and the other, a shell script, both of which are responsible for retrieving the Hadooken malware from a remote server (" 89.185.85[.]102 " or " 185.174.136[.]204 "). "In addition, the shell script version attempts to iterate ov
Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

Sep 12, 2024 DevSecOps / Vulnerability
GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances," the company said in an alert. The vulnerability, along with three high-severity, 11 medium-severity, and two low-severity bugs, have been addressed in versions 17.3.2, 17.2.5, 17.1.7 for GitLab Community Edition (CE) and Enterprise Edition (EE). It's worth noting that CVE-2024-6678 is the fourth such flaw that GitLab has patched over the past year after CVE-2023-5009 (CVSS score: 9.6), CVE-2024-5655 (CVSS score: 9.6), and CVE-2024
Top 3 Threat Report Insights for Q2 2024

Top 3 Threat Report Insights for Q2 2024

Sep 12, 2024 Threat Intelligence / Cybercrime
Cato CTRL (Cyber Threats Research Lab) has released its Q2 2024 Cato CTRL SASE Threat Report . The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Cato's global customers, between April and June 2024. Key Insights from the Q2 2024 Cato CTRL SASE Threat Report The report is packed with unique insights that are based on thorough data analysis of network flows. The top three insights for enterprises are as follows. 1) IntelBroker: A Persistent Threat Actor in the Cyber Underground During an in-depth investigation into hacking communities and the dark web, Cato CTRL identified a notorious threat actor known as IntelBroker. IntelBroker is a prominent figure and moderator within the BreachForums hacking community and has been actively involved in the sale of data and source code from major organizations. These include AMD, Apple, Facebook, KrypC, Microsoft, Space-Eyes, T-Mobile and the US Army Aviation and Mi
Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

Sep 11, 2024 Windows Security / Vulnerability
Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech giant resolved in its Chromium-based Edge browser since last month's Patch Tuesday release. The three vulnerabilities that have been weaponized in a malicious context are listed below, alongside a bug that Microsoft is treating as exploited - CVE-2024-38014 (CVSS score: 7.8) - Windows Installer Elevation of Privilege Vulnerability CVE-2024-38217 (CVSS score: 5.4) - Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability CVE-2024-38226 (CVSS score: 7.3) - Microsoft Publisher Security Feature Bypass Vulnerability CVE-2024-43491 (CVSS score: 9.8) - Microsoft Windows Updat
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources