#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Vulnerability | Breaking Cybersecurity News | The Hacker News

Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

Dec 17, 2022 Server Security / Network Security
Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as  CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141 , have been patched in versions 4.17.4, 4.16.8 and 4.15.13  released  on December 15, 2022. Samba is an open source Windows interoperability suite for Linux, Unix, and macOS operating systems that offers file server, printing, and Active Directory services. A brief description of each of the weaknesses is below - CVE-2022-38023  (CVSS score: 8.1) - Use of weak RC4-HMAC Kerberos encryption type in the  Netlogon Secure Channel   CVE-2022-37966  (CVSS score: 8.1) - An elevation of privilege vulnerability in Windows Kerberos RC4-HMAC CVE-2022-37967  (CVSS score: 7.2) - An elevation of privilege vulnerability in Windows Kerberos CVE-2022-45141  (CVSS score: 8.1) - Use of RC4-HMAC encryption when issuing Kerberos t
Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as 'Critical'

Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as 'Critical'

Dec 15, 2022 Windows Security / Network Security
Microsoft has revised the severity of a security vulnerability it originally  patched in September 2022 , upgrading it to "Critical" after it emerged that it could be exploited to achieve remote code execution. Tracked as  CVE-2022-37958  (CVSS score: 8.1), the flaw was previously described as an  information disclosure vulnerability  in SPNEGO Extended Negotiation ( NEGOEX ) Security Mechanism. SPNEGO, short for Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO), is a scheme that allows a client and remote server to arrive at a consensus on the choice of the protocol to be used (e.g., Kerberos or NTLM) for authentication. But a  further analysis  of the flaw by IBM Security X-Force researcher Valentina Palmiotti found that it could allow remote execution of arbitrary code, prompting Microsoft to reclassify its severity. "This vulnerability is a pre-authentication remote code execution vulnerability impacting a wide range of protocols," IBM  said  this
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Top 5 Web App Vulnerabilities and How to Find Them

Top 5 Web App Vulnerabilities and How to Find Them

Dec 15, 2022 Penetration Testing / Vulnerability
Web applications, often in the form of Software as a Service (SaaS), are now the cornerstone for businesses all over the world. SaaS solutions have revolutionized the way they operate and deliver services, and are essential tools in nearly every industry, from finance and banking to healthcare and education.  Most startup CTOs have an excellent understanding of how to build highly functional SaaS businesses but (as they are not cyber security professionals) need to gain more knowledge of how to secure the web application that underpins it.  Why test your web applications?  If you are a CTO at a SaaS startup, you are probably already aware that just because you are small doesn't mean you're not on the firing line. The size of a startup does not exempt it from cyber-attacks – that's because hackers constantly scan the internet looking for flaws that they can exploit. Additionally, it takes only one weakness, and your customer data could end up on the internet. It takes ma
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability

Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability

Dec 14, 2022 Application Security / Zero-Day
The U.S. National Security Agency (NSA) on Tuesday  said  a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as  CVE-2022-27518 , could allow an unauthenticated attacker to execute commands remotely on vulnerable devices and seize control. Successful exploitation, however, requires that the Citrix ADC or Citrix Gateway appliance is configured as a SAML service provider (SP) or a SAML identity provider (IdP). The following supported versions of Citrix ADC and Citrix Gateway are affected by the vulnerability - Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32 Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25 Citrix ADC 12.1-FIPS before 12.1-55.291 Citrix ADC 12.1-NDcPP before 12.1-55.291 Citrix ADC and Citrix Gateway versions 13.1 are not impacted. The company also said there are no workarounds a
Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability

Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability

Dec 13, 2022 Software Security / Cloud Security
A critical security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin. "By exploiting this vulnerability, a malicious actor could delete all images in the Amazon ECR Public Gallery or update the image contents to inject malicious code," Gafnit Amiga, director of security research at Lightspin, said in a report shared with The Hacker News. "This malicious code is executed on any machine that pulls and runs the image, whether on user's local machines, Kubernetes clusters or cloud environments." ECR is a  container image registry service  managed by Amazon Web Services, enabling users to package code as Docker images and deploy the artifacts in a scalable manner. Public repositories hosted on ECR are displayed in what's called the  ECR Public Gallery . "By default, your account has read and write acce
Fortinet Warns of Active Exploitation of New SSL-VPN Pre-auth RCE Vulnerability

Fortinet Warns of Active Exploitation of New SSL-VPN Pre-auth RCE Vulnerability

Dec 13, 2022 Virtual Private Network / Network Security
Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild. Tracked as  CVE-2022-42475  (CVSS score: 9.3), the critical bug relates to a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to execute arbitrary code via specially crafted requests. The company  said  it's "aware of an instance where this vulnerability was exploited in the wild," urging customers to move quickly to apply the updates. The following products are impacted by the issue - FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS version 6.4.0 through 6.4.10 FortiOS version 6.2.0 through 6.2.11 FortiOS-6K7K version 7.0.0 through 7.0.7 FortiOS-6K7K version 6.4.0 through 6.4.9 FortiOS-6K7K version 6.2.0 through 6.2.11 FortiOS-6K7K version 6.0.0 through 6.0.14 Patches are available in FortiOS versions 7.2.3, 7.0.9, 6.4.11, and 6
New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

Dec 09, 2022
Cybersecurity researchers have reported an increase in  TrueBot  infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor as well as the Raspberry Robin worm. "Post-compromise activity included data theft and the execution of Clop ransomware," security researcher Tiago Pereira  said  in a Thursday report. TrueBot is a Windows malware downloader that's attributed to a threat actor tracked by Group-IB as  Silence , a Russian-speaking crew believed to  share associations  with Evil Corp (aka DEV-0243) and  TA505 . The first-stage module functions as an entry point for subsequent post-exploitation activities, including information theft using a hitherto unknown custom data exfiltration utility dubbed Teleport, the cybersecurity firm said. The
Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers

Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers

Dec 08, 2022 Patch Management / Zero-Day
An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent  Itaewon Halloween crowd crush  to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément Lecigne, is the latest set of attacks perpetrated by  ScarCruft , which is also called APT37, InkySquid, Reaper, and Ricochet Chollima. "The group has historically focused their targeting on South Korean users, North Korean defectors, policy makers, journalists, and human rights activists," TAG  said  in a Thursday analysis. The new findings illustrate the threat actor's continued abuse of Internet Explorer flaws such as CVE-2020-1380 and CVE-2021-26411 to drop backdoors like  BLUELIGHT and Dolphin , the latter of which was disclosed by Slovak cybersecurity firm ESET late last month. Another key tool in its arsenal is  RokRat , a Windows-based remo
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

Dec 05, 2022 Endpoint Security / Pen Testing
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier  CVE-2022-23093 , impacts all supported versions of FreeBSD and concerns a  stack-based buffer overflow  vulnerability in the  ping service . "ping reads raw IP packets from the network to process responses in the pr_pack() function," according to an  advisory  published last week. "The pr_pack() copies received IP and  ICMP  headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet." As a consequence, the destination buffer could be overflowed by up to 40 bytes when the IP option headers are present. The FreeBSD Project noted that the ping process runs in a 
Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Dec 03, 2022 Threat Detection / Zero Day
Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as  CVE-2022-4262 , concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion vulnerabilities could be weaponized by threat actors to perform out-of-bounds memory access, or lead to a crash and arbitrary code execution. According to the NIST's National Vulnerability Database, the flaw  permits  a "remote attacker to potentially exploit heap corruption via a crafted HTML page." Google acknowledged active exploitation of the vulnerability but stopped short of sharing additional specifics to prevent further abuse. CVE-2022-4262 is the fourth actively exploited type confusion flaw in Chrome that Google has addressed since the start of the year. It's also
Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL

Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL

Dec 02, 2022 Kubernetes / Cloud Security
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed " Hell's Keychain " by cloud security firm Wiz, has been described as a "first-of-its-kind supply-chain attack vector impacting a cloud provider's infrastructure." Successful exploitation of the bug could enable a malicious actor to remotely execute code in customers' environments and even read or modify data stored in the PostgreSQL database. "The vulnerability consists of a chain of three exposed secrets (Kubernetes service account token, private container registry password, CI/CD server credentials) coupled with overly permissive network access to internal build servers," Wiz researchers Ronen Shustin and Shir Tamari  said . Hell's Keychain commences with an SQL inject
Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers

Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers

Dec 02, 2022 Database Security / Cyber Threat
A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy  Redigo , according to cloud security firm  Aqua . Tracked as CVE-2022-0543 (CVSS score: 10.0), the weakness pertains to a case of sandbox escape in the Lua scripting engine that could be leveraged to attain remote code execution. This is not the first time the flaw has come under active exploitation, what with Juniper Threat Labs uncovering attacks perpetrated by the  Muhstik botnet  in March 2022 to execute arbitrary commands. The Redigo infection chain is similar in that the adversaries scan for exposed Redis servers on port 6379 to establish initial access, following it up by downloading a shared library "exp_lin.so" from a remote server.
Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

Dec 01, 2022 Kubernetes / Vulnerability Management
A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as  CVE-2022-4116  (CVSS score: 9.8), the shortcoming could be trivially abused by a malicious actor without any privileges. "The vulnerability is found in the Dev UI Config Editor, which is vulnerable to drive-by localhost attacks that could lead to remote-code execution (RCE)," Contrast Security researcher Joseph Beeton, who reported the bug,  said  in a write-up. Quarkus, developed by Red Hat, is an  open source project  that's used for creating Java applications in  containerized  and serverless environments. It's worth pointing out that the  issue  only impacts developers who are running Quarkus and are tricked into visiting a specially crafted website, which is embedded with malicious JavaScript code designed to install or execute arbitrary payloads. This could take the form o
New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection

New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection

Nov 29, 2022
Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as  CVE-2022-4020 , the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as an issue that "may allow changes to Secure Boot settings by creating NVRAM variables." Credited with  discovering  the flaw is ESET researcher Martin Smolár, who previously disclosed  similar bugs  in Lenovo computers. Disabling Secure Boot, an integrity mechanism that guarantees that only trusted software is loaded during system startup, enables a malicious actor to tamper with  boot loaders , leading to severe consequences. This includes  granting  the attacker complete control over the operating system loading process as well as "disable or bypass protections to silently deploy their
Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services

Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services

Nov 28, 2022
Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to a  confused deputy problem , a type of privilege escalation where a program that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action. The shortcoming was reported by Datadog to AWS on September 1, 2022, following which a patch was shipped on September 6. "This attack abuses the AppSync service to assume [identity and access management]  roles  in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette  said  in a report published last week. In a coordinated disclosure, Amazon  said  that no customers were affected by the vulnerability and that no customer action is required. It described it as a "case-sensitivity parsing issue w
Iranian Hackers Compromised a U.S. Federal Agency’s Network Using Log4Shell Exploit

Iranian Hackers Compromised a U.S. Federal Agency's Network Using Log4Shell Exploit

Nov 17, 2022
Iranian government-sponsored threat actors have been blamed for compromising a U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server. The details, which were shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), come in response to incident response efforts undertaken by the authority from mid-June through mid-July 2022. "Cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence," CISA  noted . LogShell, aka  CVE-2021-44228 , is a critical remote code execution flaw in the widely-used Apache Log4j Java-based logging library. It was addressed by the open source project maintainers in December 2021. The latest development  marks  the  continued   abuse  of the Log4j v
Critical RCE Flaw Reported in Spotify's Backstage Software Catalog and Developer Platform

Critical RCE Flaw Reported in Spotify's Backstage Software Catalog and Developer Platform

Nov 15, 2022
Spotify's Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability (CVSS score: 9.8), at its core, takes advantage of a critical sandbox escape in vm2, a popular JavaScript sandbox library ( CVE-2022-36067  aka Sandbreak), that came to light last month. "An unauthenticated threat actor can execute arbitrary system commands on a Backstage application by exploiting a vm2 sandbox escape in the Scaffolder core plugin," application security firm Oxeye said in a report shared with The Hacker News. Backstage  is an open source  developer portal  from Spotify that allows users to create, manage, and explore software components from a unified " front door ." It's used by  many companies  like Netflix, DoorDash, Roku, and Expedia, among others. According to Oxeye, the flaw is rooted in a tool called  software templ
PCspooF: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft

PCspooF: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft

Nov 15, 2022
Credit: Marina Minkin A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet ( TTE ) that's used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft. Dubbed  PCspooF  by a group of academics and researchers from the University of Michigan , the University of Pennsylvania, and the NASA Johnson Space Center, the  technique  is designed to break TTE's security guarantees and induce TTE devices to lose synchronization for up to a second, a behavior that can even lead to uncontrolled maneuvers in spaceflight missions and threaten crew safety. TTE is one among the networking technologies that's part of what's called a mixed-criticality network wherein traffic with different timing and faults tolerance requirements coexist in the same physical network. This means that both critical devices, which, say, enable vehicle control, and non-critical devices, which are
Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products

Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products

Nov 10, 2022
Citrix has released  security updates  to address a critical authentication bypass flaw in the application delivery controller (ADC) and Gateway products that could be exploited to take control of affected systems. Successful exploitation of the issues could enable an adversary to gain authorized access, perform remote desktop takeover, and even circumvent defenses against login brute-force attempts under specific configurations. CVE-2022-27510  - Unauthorized access to Gateway user capabilities CVE-2022-27513  - Remote desktop takeover via phishing CVE-2022-27516  - User login brute-force protection functionality bypass The following supported versions of Citrix ADC and Citrix Gateway are affected by the flaws - Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47  Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12  Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21 Citrix ADC 12.1-FIPS before 12.1-55.289 Citrix ADC 12.1-NDcPP before 12.1-55.289 Exploitation, howe
High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies

High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies

Nov 10, 2022
Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The high-severity issue, tracked as  CVE-2022-0902  (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow  flow computers and remote controllers . "Attackers can exploit this flaw to gain root access on an ABB flow computer, read and write files, and remotely execute code," industrial security company Claroty  said  in a report shared with The Hacker News. ABB, a Swedish-Swiss industrial automation firm, has since released  firmware updates  as of July 14, 2022, following responsible disclosure. Flow computers are special-purpose electronic instruments used by petrochemical manufacturers to interpret data from flow meters and calculate and record the volume of substances such as natural gas, crude oils, and other hydrocarbon fluids at a specific point in time
Cybersecurity Resources