#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Vulnerability | Breaking Cybersecurity News | The Hacker News

SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol

SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol

Jun 09, 2020
Cybersecurity researchers today uncovered a new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed "wormable" bug, the flaw can be exploited to achieve remote code execution attacks. Dubbed " SMBleed " ( CVE-2020-1206 ) by cybersecurity firm ZecOps, the flaw resides in SMB's decompression function — the same function as with SMBGhost or EternalDarkness bug ( CVE-2020-0796 ), which came to light three months ago, potentially opening vulnerable Windows systems to malware attacks that can propagate across networks. The newly discovered vulnerability impacts Windows 10 versions 1903 and 1909, for which Microsoft today released security patches as part of its monthly Patch Tuesday updates for June . The development comes as the US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory last week warning Windows 10
Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities

Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities

Jun 09, 2020
Microsoft today released its June 2020 batch of software security updates that patches a total of 129 newly discovered vulnerabilities affecting various versions of Windows operating systems and related products. This is the third Patch Tuesday update since the beginning of the global Covid-19 outbreak, putting some extra pressure on security teams struggling to keep up with patch management while proceeding with caution that should not break anything during this lockdown season. The 129 bugs in the June 2020 bucket for sysadmins and billions of users include 11 critical vulnerabilities—all leading to remote code execution attacks—and 118 classified as important in severity, mostly leading to privilege escalation and spoofing attacks. According to the advisories Microsoft released today, hackers, fortunately, don't appear to be exploiting any of the zero-day vulnerabilities in the wild, and details for none of the flaws addressed this month was disclosed publicly before thi
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Any Indian DigiLocker Account Could've Been Accessed Without Password

Any Indian DigiLocker Account Could've Been Accessed Without Password

Jun 08, 2020
The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially let a remote attacker bypass mobile one-time passwords (OTP) and sign in as other users. Discovered separately by two independent bug bounty researchers, Mohesh Mohan and Ashish Gahlot , the vulnerability could have been exploited easily to unauthorisedly access sensitive documents uploaded by targeted users' on the Government-operated platform. "The OTP function lacks authorization which makes it possible to perform OTP validation with submitting any valid users details and then manipulation flow to sign in as a totally different user," Mohesh Mohan said in a disclosure shared with The Hacker News. With over 38 million registered users, Digilocker is a cloud-based repository that acts as a digital platform to facilitate online processing of documents and speedier delivery of various government-to-citizen services.
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Two Critical Flaws in Zoom Could've Let Attackers Hack Systems via Chat

Two Critical Flaws in Zoom Could've Let Attackers Hack Systems via Chat

Jun 03, 2020
If you're using Zoom —especially during this challenging time to cope with your schooling, business, or social engagement—make sure you are running the latest version of the widely popular video conferencing software on your Windows, macOS, or Linux computers. No, it's not about the arrival of the most-awaited "real" end-to-end encryption feature, which apparently, according to the latest news, would now only be available to paid users . Instead, this latest warning is about two newly discovered critical vulnerabilities. Cybersecurity researchers from Cisco Talos unveiled today that it discovered two critical vulnerabilities in the Zoom software that could have allowed attackers to hack into the systems of group chat participants or an individual recipient remotely. Both flaws in question are path traversal vulnerabilities that can be exploited to write or plant arbitrary files on the systems running vulnerable versions of the video conferencing software to e
Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers

Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers

Jun 03, 2020
A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. The six flaws, disclosed by cybersecurity firm Trustwave today, reside in Sybase Adaptive Server Enterprise ( ASE ), a relational database management software geared towards transaction-based applications. The cybersecurity company said the issues — both specific to the operating system and the platform as a whole — were discovered during a security testing of the product, one of which has a CVSS rating of 9.1. Identified as CVE-2020-6248 , the most severe vulnerability allows arbitrary code execution when making database backups, thus allowing an attacker to trigger the execution of malicious commands. "During database backup operations, there are no security checks for overwriting critical configuration files," Trustwave researchers said  in a
Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers

Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers

Jun 02, 2020
Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure. Tracked as CVE-2020-3956 , the code injection flaw stems from an improper input handling that could be abused by an authenticated attacker to send malicious traffic to Cloud Director, leading to the execution of arbitrary code. It's rated 8.8 out of 10 on the CVSS v.3 vulnerability severity scale, making it a critical vulnerability. VMware Cloud Director is a popular deployment, automation, and management software that's used to operate and manage cloud resources, allowing businesses to data centers distributed across different geographical locations into virtual data centers. According to the company, the vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface, and API acces
Exclusive – Any Mitron (Viral TikTok Clone) Profile Can Be Hacked in Seconds

Exclusive – Any Mitron (Viral TikTok Clone) Profile Can Be Hacked in Seconds

May 30, 2020
Mitron (means "friends" in Hindi), you have been fooled again! Mitron is not really a 'Made in India' product, and the viral app contains a highly critical, unpatched vulnerability that could allow anyone to hack into any user account without requiring interaction from the targeted users or their passwords. I am sure many of you already know what TikTok is, and those still unaware, it's a highly popular video social platform where people upload short videos of themselves doing things like lip-syncing and dancing. The wrath faced by Chinese-owned TikTok from all directions—mostly due to data security and ethnopolitical reasons—gave birth to new alternatives in the market, one of which is the Mitron app for Android. Mitron video social platform recently caught headlines when the Android app crazily gained over 5 million installations and 250,000 5-star ratings in just 48 days after being released on the Google Play Store. Popped out of nowhere, Mitron i
New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

May 19, 2020
Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers. The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concern Bluetooth Classic, which supports Basic Rate (BR) and Enhanced Data Rate (EDR) for wireless data transfer between devices. "The Bluetooth specification contains vulnerabilities enabling to perform impersonation attacks during secure connection establishment," the researchers outlined in the paper. "Such vulnerabilities include the lack of mandatory mutual authentication, overly permissive role switching, and an authentication procedure downgrade." Given the widespread impact of the vulnerability, the researchers said they responsibly disclosed the findings to the Bluetooth Special Interest Group (SIG), the organization that oversees the development o
Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers

May 01, 2020
Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The vulnerabilities were identified by F-Secure researchers earlier this March and disclosed on Thursday, a day after SaltStack released a patch (version 3000.2) addressing the issues , rated with CVSS score 10. "The vulnerabilities, allocated CVE IDs CVE-2020-11651 and CVE-2020-11652 , are of two different classes," the cybersecurity firm said . "One being authentication bypass where functionality was unintentionally exposed to unauthenticated network clients, the other being directory traversal where untrusted input (i.e., parameters in network requests) was not sanitized correctly allowing unconstrained access to the entire filesystem of the master server." The researchers warned that the flaws could be exploited in the wild imm
CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers

CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers

Apr 17, 2020
The United States Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution (RCE) vulnerability in Pulse Secure VPN servers—even if they have already patched it. The warning comes three months after another CISA alert urging users and administrators to patch Pulse Secure VPN environments to thwart attacks exploiting the vulnerability. "Threat actors who successfully exploited CVE-2019-11510 and stole a victim organization's credentials will still be able to access — and move laterally through — that organization's network after the organization has patched this vulnerability if the organization did not change those stolen credentials," CISA said. CISA has also released a tool to help network administrators look for any indicators of compromise associated with the flaw.
Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

Mar 24, 2020
A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt , a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982 , the vulnerability resides in the OPKG package manager of OpenWrt that exists in the way it performs integrity checking of downloaded packages using the SHA-256 checksums embedded in the signed repository index. While an 'opkg install' command is invoked on the victim system, the flaw could allow a remote man-in-the-middle attacker in a position to intercept the communication of a targeted device to execute arbitrary code by tricking the system into installing a malicious package or software update without verification. If exploited successfully, a remote attacker could gain complete control over the targeted OpenWrt network device, and subsequently, over the netwo
Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices

Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices

Mar 21, 2020
A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage (NAS) devices in an attempt to remotely infect and control vulnerable machines. Called " Mukashi ," the new variant of the malware employs brute-force attacks using different combinations of default credentials to log into Zyxel NAS, UTM, ATP, and VPN firewall products to take control of the devices and add them to a network of infected bots that can be used to carry out Distributed Denial of Service (DDoS) attacks. Multiple Zyxel NAS products running firmware versions up to 5.21 are vulnerable to the compromise, Palo Alto Networks' Unit 42 global threat intelligence team said, adding they uncovered the first such exploitation of the flaw in the wild on March 12. Zyxel's Pre-Authentication Command Injection Flaw Mukashi hinges on a pre-authentication command injection vulnerability (tracked as CVE-2020-9054 ), for which a proof-
Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion

Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion

Mar 18, 2020
Though it's not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe last week made a pre-announcement to inform its users of an upcoming security update for Acrobat and Reader, but the company today unveiled bugs in a total of 6 widely-used software, including: Adobe Genuine Integrity Service Adobe Acrobat and Reader Adobe Photoshop Adobe Experience Manager Adobe ColdFusion Adobe Bridge According to the security advisories, 29 of the 41 vulnerabilities are critical in severity, and the other 11 have been rated important. Adobe Acrobat and Reader software for Windows and macOS systems contain 13 flaws, out of which 9 are critical. Adobe Genuine Integrity Service , a utility in Adobe suite that prevents users from running non-genuine or cracked pirated software, is affected with just one important severity privilege escalation flaw. Adobe Photoshop
Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks

Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks

Mar 10, 2020
Remember rowhammer vulnerability? A critical issue affecting modern DRAM (dynamic random access memory) chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips. To mitigate Rowhammer vulnerability on the latest DDR4 DRAM, many memory chip manufacturers added some defenses under the umbrella term Target Row Refresh (TRR) that refreshes adjacent rows when a victim row is accessed more than a threshold. But it turns out 'Target Row Refresh,' promoted as a silver bullet to mitigate rowhammer attacks, is also insufficient and could let attackers execute new hammering patterns and re-enable the bit-flip attacks on the latest hardware as well. TRRespass: The Rowhammer Fuzzing Tool Tracked as CVE-2020-10255 , the newly reported vulnerability was discovered by researchers at VUSec Lab, who today also released ' TRRespass ,' an open source black box many-sided RowHammer fuzzin
LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk

LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk

Mar 10, 2020
It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless 'performance killing' patches that resolve them. Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The Hacker News. Tracked as CVE-2020-0551 , dubbed " Load Value Injection in the Line Fill Buffers" or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information—encryption keys or passwords—from the protected memory and subsequently, take significant control over a targeted system. According to experts at Bitdefender and academic researchers from a couple of universities, the new attack is particularly devastating in multi-tenant environments such as enterprise workstations or cloud servers in the datacenter. And
Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks

Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks

Feb 25, 2020
Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days. The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities , all of which have been marked 'HIGH' in severity, including one that (CVE-2020-6418) has been reportedly exploited in the wild. The brief description of the Chrome bugs, which impose a significant risk to your systems if left unpatched, are as follows: Integer overflow in ICU — Reported by André Bargull on 2020-01-22 Out of bounds memory access in streams (CVE-2020-6407) — Reported by Sergei Glazunov of Google Project Zero on 2020-01-27 Type confusion in V8 (CVE-2020-6418) — Reported by Clement Lecigne of Google's Threat Analysis Group on 2020-02-18 The Integer Overflow vulnerability was disclosed by André Bargull privately to Google last month, earning him $5,000 in rewards, while the other two
New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers

New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers

Feb 25, 2020
OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD , also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers. It was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems. Discovered by experts at Qualys Research Labs, who also reported a similar RCE flaw in the email server application last month, the latest out-of-bounds read issue, tracked as  CVE-2020-8794 , resides in a component of the OpenSMTPD's client-side code that was introduced nearly 5 years ago. Just like the previous issue, which attackers started exploiting in the wild just a day after its public disclosure, the new OpenSMTPD flaw could also let remote hackers execute arbit
Cybersecurity Resources