#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Vulnerability | Breaking Cybersecurity News | The Hacker News

Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments

Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments

Nov 15, 2023 Vulnerability / Hardware Security
Intel has released fixes to close out a high-severity flaw codenamed  Reptar  that impacts its desktop, mobile, and server CPUs. Tracked as  CVE-2023-23583  (CVSS score: 8.8), the  issue  has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local access." Successful exploitation of the vulnerability could also permit a bypass of the CPU's security boundaries, according to Google Cloud, which described it as an issue stemming from how redundant prefixes are interpreted by the processor. "The impact of this vulnerability is demonstrated when exploited by an attacker in a multi-tenant virtualized environment, as the exploit on a guest machine causes the host machine to crash resulting in a Denial of Service to other guest machines running on the same host," Google Cloud's Phil Venables  said . "Additionally, the vulnerability could potentially lead to information disclosure or privilege escala
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

Nov 15, 2023 Network Securit / Vulnerability
VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as  CVE-2023-34060  (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. "On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console)," the company  said  in an alert. "This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present." The virtualization services company further noted that the impact is due to the fact that it utilizes a version of sssd from the underlying Photon OS that is affected by  CVE-2023-34060 . Dustin Hartle from IT solutions provider Idea
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Feb 14, 2024Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl
CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

Nov 14, 2023 Cyber Attack / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday  added  five vulnerabilities to the Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation - CVE-2023-36844  (CVSS score: 5.3) - Juniper Junos OS EX Series PHP External Variable Modification Vulnerability CVE-2023-36845  (CVSS score: 5.3) - Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability CVE-2023-36846  (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36847  (CVSS score: 5.3) - Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36851  (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations

Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations

Nov 13, 2023 National Security / Cyber Attack
Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a long-term espionage campaign," Palo Alto Networks Unit 42 researchers  said  in a report last week. "The observed activity aligns with geopolitical goals of the Chinese government as it seeks to leverage their strong relations with Cambodia to project their power and expand their naval operations in the region." Targeted organizations span defense, election oversight, human rights, national treasury and finance, commerce, politics, natural resources, and telecommunications sectors. The assessment stems from the persistent nature of inbound network connections originating from these entities to a China-linked adversarial infrastructure that masquerades as cloud backup and storage services over a "period of several month
CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation

CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation

Nov 09, 2023 Cyber Attack / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday  added  a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as  CVE-2023-29552  (CVSS score: 7.5), the issue relates to a denial-of-service (DoS) vulnerability that could be weaponized to launch massive DoS amplification attacks. It was  disclosed  by Bitsight and Curesec earlier this April. "The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor," CISA  said . SLP is a protocol that allows systems on a local area network (LAN) to discover each other and establish communications. The exact details surrounding the nature of exploitation of the flaw are currently unknown, bu
SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities

SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities

Nov 07, 2023 Vulnerability / Malware
The Pakistan-linked threat actor known as  SideCopy  has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat. Enterprise security firm SEQRITE described the campaign as multi-platform, with the attacks also designed to infiltrate Linux systems with a compatible version of Ares RAT. SideCopy, active since at least 2019, is  known  for its  attacks  on Indian and Afghanistan entities. It's suspected to be a sub-group of the Transparent Tribe (aka APT36) actor. "Both SideCopy and APT36 share infrastructure and code to aggressively target India," SEQRITE researcher Sathwik Ram Prakki  said  in a Monday report. Earlier this May, the group was  linked  to a phishing campaign that took advantage of lures related to India's Defence Research and Development Organization (DRDO) to deliver information-stealing malware. Since
QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices

QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices

Nov 06, 2023 Vulnerability / Data Security
QNAP has released security updates to address two critical security flaws impacting its operating system that could result in arbitrary code execution. Tracked as  CVE-2023-23368  (CVSS score: 9.8), the vulnerability is described as a command injection bug affecting QTS, QuTS hero, and QuTScloud. "If exploited, the vulnerability could allow remote attackers to execute commands via a network," the company said in an advisory published over the weekend. The shortcoming spans the below versions - QTS 5.0.x (Fixed in QTS 5.0.1.2376 build 20230421 and later) QTS 4.5.x (Fixed in QTS 4.5.4.2374 build 20230416 and later) QuTS hero h5.0.x (Fixed in QuTS hero h5.0.1.2376 build 20230421 and later) QuTS hero h4.5.x (Fixed in QuTS hero h4.5.4.2374 build 20230417 and later) QuTScloud c5.0.x (Fixed in QuTScloud c5.0.1.2374 and later) Also fixed by QNAP is another command injection flaw in QTS, Multimedia Console, and Media Streaming add-on ( CVE-2023-23369 , CVSS score: 9.0) th
FIRST Announces CVSS 4.0 - New Vulnerability Scoring System

FIRST Announces CVSS 4.0 - New Vulnerability Scoring System

Nov 02, 2023 Vulnerability Assessment
The Forum of Incident Response and Security Teams (FIRST) has officially announced  CVSS v4.0 , the next generation of the Common Vulnerability Scoring System standard, more than eight years after the release of CVSS v3.0 in June 2015. "This latest version of  CVSS 4.0  seeks to provide the highest fidelity of vulnerability assessment for both industry and the public," FIRST  said  in a statement. CVSS essentially provides a way to capture the principal technical characteristics of a security vulnerability and produce a numerical score denoting its severity. The score can be translated into various levels, such as low, medium, high, and critical, to help organizations prioritize their vulnerability management processes. One of the core updates to CVSS v3.1,  released  in July 2019, was to  emphasize and clarify  that "CVSS is designed to measure the severity of a vulnerability and should not be used alone to assess risk." CVSS v3.1 has also  attracted criticis
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

Nov 02, 2023 Threat Intelligence / Vulnerability
Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. "In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations," cybersecurity firm Rapid7  disclosed  in a report published Wednesday. "Based on the ransom note and available evidence, we attribute the activity to the HelloKitty ransomware family, whose source code was leaked on a forum in early October." The intrusions are said to involve the exploitation of  CVE-2023-46604 , a remote code execution vulnerability in Apache ActiveMQ that allows a threat actor to run arbitrary shell commands. It's worth noting that the  vulnerability  carries a CVSS score of 10.0, indicating maximum severity. It has been  addressed  in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3
Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability

Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability

Nov 01, 2023 Vulnerability / Cyber Attack
F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure, resulting in the execution of arbitrary system commands as part of an exploit chain. Tracked as  CVE-2023-46747  (CVSS score: 9.8), the  vulnerability  allows an unauthenticated attacker with network access to the BIG-IP system through the management port to achieve code execution. A proof-of-concept (PoC)  exploit  has since been made  available  by ProjectDiscovery. It impacts the following versions of the software - 17.1.0 (Fixed in 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG) 16.1.0 - 16.1.4 (Fixed in 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG) 15.1.0 - 15.1.10 (Fixed in 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG) 14.1.0 - 14.1.5 (Fixed in 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG) 13.1.0 - 13.1.5 (Fixed in 13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG) Now the company is  alerting  that it has "observed threat actors using this vulnerability to expl
Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss

Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss

Oct 31, 2023 Vulnerability / Data Protection
Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in "significant data loss if exploited by an unauthenticated attacker." Tracked as  CVE-2023-22518 , the vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring system. It has been described as an instance of "improper authorization vulnerability." All versions of Confluence Data Center and Server are susceptible to the bug, and it has been addressed in the following versions - 7.19.16 or later 8.3.4 or later 8.4.4 or later 8.5.3 or later, and 8.6.1 or later That said, the Australian company emphasized that "there is no impact to confidentiality as an attacker cannot exfiltrate any instance data." No other details about the flaw and the exact method by which an adversary can take advantage of it have been made available, likely owing to the fact that doing so could enable threat actors to devise an exploit. Atlassian is also u
Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

Oct 30, 2023 Kubernetes / Server Security
Three unpatched high-severity security flaws have been disclosed in the  NGINX Ingress controller  for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows -  CVE-2022-4886  (CVSS score: 8.8) -  Ingress-nginx  path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller CVE-2023-5043  (CVSS score: 7.6) - Ingress-nginx annotation injection causes arbitrary command execution CVE-2023-5044  (CVSS score: 7.6) - Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation "These vulnerabilities enable an attacker who can control the configuration of the Ingress object to steal secret credentials from the cluster," Ben Hirschberg, CTO and co-founder of Kubernetes security platform ARMO, said of CVE-2023-5043 and CVE-2023-5044. Successful exploitation of the flaws could allow an adversary to inject arbitrary code into the ingress controller proce
Google Expands Its Bug Bounty Program to Tackle Artificial Intelligence Threats

Google Expands Its Bug Bounty Program to Tackle Artificial Intelligence Threats

Oct 27, 2023 Artificial Intelligence / Vulnerability
Google has announced that it's expanding its Vulnerability Rewards Program ( VRP ) to compensate researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in an effort to  bolster AI safety and security . "Generative AI raises new and different concerns than traditional digital security, such as the potential for unfair bias, model manipulation or misinterpretations of data (hallucinations)," Google's Laurie Richardson and Royal Hansen  said . Some of the categories that are in scope  include  prompt injections, leakage of sensitive data from training datasets, model manipulation, adversarial perturbation attacks that trigger misclassification, and model theft. It's worth noting that Google earlier this July instituted an  AI Red Team  to help address threats to AI systems as part of its Secure AI Framework ( SAIF ). Also announced as part of its commitment to secure AI are efforts to strengthen the AI supply chain
F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution

F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution

Oct 27, 2023 Network Security / Vulnerability
F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component, has been assigned the CVE identifier  CVE-2023-46747 , and carries a CVSS score of 9.8 out of a maximum of 10. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands," F5  said  in an advisory released Thursday. "There is no data plane exposure; this is a control plane issue only." The following versions of BIG-IP have been found to be vulnerable - 17.1.0 (Fixed in 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG) 16.1.0 - 16.1.4 (Fixed in 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG) 15.1.0 - 15.1.10 (Fixed in 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG) 14.1.0 - 14.1.5 (Fixed in 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG) 13.1.0 -
Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

Oct 25, 2023 Threat Intelligence / Vulnerability
The threat actor known as  Winter Vivern  has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou  said  in a new report published today. Previously, it was using known vulnerabilities in Roundcube and Zimbra, for which proofs-of-concept are available online." Winter Vivern, also known as TA473 and UAC-0114, is an  adversarial collective  whose objectives align with that of Belarus and Russia. Over the past few months, it has been attributed to attacks against Ukraine and Poland, as well as government entities across Europe and India. The group is also assessed to have exploited another flaw Roundcube as recently as August and September (CVE-2020-35730), making it the  second nation-state group after APT28  to target the open-source webmail so
Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability

Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability

Oct 25, 2023 Vulnerability / Cyber Threat
VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as  CVE-2023-34048  (CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the implementation of the  DCE/RPC protocol . "A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution," VMware  said  in an advisory published today. Credited with discovering and reporting the flaw is Grigory Dorodnov of Trend Micro Zero Day Initiative. VMware said that there are no workarounds to mitigate the shortcoming and that security updates have been made available in the following versions of the software - VMware vCenter Server 8.0 (8.0U1d or 8.0U2) VMware vCenter Server 7.0 (7.0U3o) VMware Cloud Foundation 5.x and 4.x Given the criticality of the flaw and the lack of temporary mitigations, the virtualization
Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities

Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities

Oct 25, 2023 Exploit / Vulnerability
Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. "An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution," VMware  noted  in an advisory on October 19, 2023. James Horseman from Horizon3.ai and the Randori Attack Team have been credited with discovering and reporting the flaw. Horizon3.ai has since made available a  PoC for the vulnerability , prompting VMware to revise its advisory this week. It's worth noting that CVE-2023-34051 is a patch bypass for a  set of critical flaws  that were addressed by VMware earlier this January that could expose users to remote code execution attacks. &
Backdoor Implanted on Hacked Cisco Devices Modified to Evade Detection

Backdoor Implanted on Hacked Cisco Devices Modified to Evade Detection

Oct 24, 2023 Cyber Threat / Vulnerability
The backdoor implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software has been modified by the threat actor so as to escape visibility via previous fingerprinting methods. "Investigated network traffic to a compromised device has shown that the threat actor has upgraded the implant to do an extra header check," NCC Group's Fox-IT team  said . "Thus, for a lot of devices, the implant is still active, but now only responds if the correct Authorization HTTP header is set." The attacks entail fashioning  CVE-2023-20198  (CVSS score: 10.0) and  CVE-2023-20273  (CVSS score: 7.2) into an exploit chain that grants the threat actor the ability to gain access to the devices, create a privileged account, and ultimately deploy a Lua-based implant on the devices. The development comes as Cisco began rolling out security updates to  address the issues , with more updates to come at an as-yet-undisclosed date. The exact identity of the threat
Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices

Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices

Oct 21, 2023 Zero-Day / Vulnerability
Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a  malicious Lua-based implant  on susceptible devices. Tracked as  CVE-2023-20273  (CVSS score: 7.2), the issue relates to a privilege escalation flaw in the web UI feature and is said to have been used alongside CVE-2023-20198 (CVSS score: 10.0) as part of an exploit chain. "The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination," Cisco  said  in an updated advisory published Friday. "This allowed the user to log in with normal user access." "The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system," a shortcoming that has been assigned the identifier CVE-2023-20273. A Cisco spokesperson told The Hacker News that a fix that cove
Microsoft Warns of North Korean Attacks Exploiting JetBrains TeamCity Flaw

Microsoft Warns of North Korean Attacks Exploiting JetBrains TeamCity Flaw

Oct 19, 2023
North Korean threat actors are actively exploiting a critical security flaw in JetBrains TeamCity to opportunistically breach vulnerable servers, according to Microsoft. The attacks, which entail the exploitation of  CVE-2023-42793  (CVSS score: 9.8), have been  attributed  to Diamond Sleet (aka Labyrinth Chollima) and Onyx Sleet (aka Andariel or Silent Chollima). It's worth noting that both the threat activity clusters are part of the infamous North Korean nation-state actor known as  Lazarus Group . In one of the two attack paths employed by Diamond Sleet, a successful compromise of TeamCity servers is followed by the deployment of a known implant called  ForestTiger  from legitimate infrastructure previously compromised by the threat actor. A second variant of the attacks leverages the initial foothold to retrieve a malicious DLL (DSROLE.dll aka RollSling or Version.dll or FeedLoad) that's loaded by means of a technique referred to as DLL search-order hijacking to eithe
Cybersecurity Resources