#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

privilege escalation | Breaking Cybersecurity News | The Hacker News

Category — privilege escalation
Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

Feb 06, 2025 United States
Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. CVE-2025-20125 (CVSS score: 9.1) - An authorization bypass vulnerability in an API of Cisco ISE could could permit an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node An attacker could weaponize either of the flaws by sending a crafted serialized Java object or an HTTP request to an unspecified API endpoint, leading to privilege escalation and code execution. Cisco said the two vulnerabilities are not dependent on...
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Feb 04, 2025 Vulnerability / Cloud Security
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service Elevation of Privilege Vulnerability "Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network," Microsoft in an advisory for CVE-2025-21415, crediting an anonymous researcher for reporting the flaw. CVE-2025-21396, on the other hand, stems from a case of missing authorization that could permit an unauthorized attacker to elevate privileges over a network. A security researcher who goes by the alias Sugobet has been acknowledged for discovering it. The tech giant also noted that it's aware of the existen...
Watch Out For These 8 Cloud Security Shifts in 2025

Watch Out For These 8 Cloud Security Shifts in 2025

Feb 04, 2025Threat Detection / Cloud Security
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let's take a look… #1: Increased Threat Landscape Encourages Market Consolidation Cyberattacks targeting cloud environments are becoming more sophisticated, emphasizing the need for security solutions that go beyond detection. Organizations will need proactive defense mechanisms to prevent risks from reaching production. Because of this need, the market will favor vendors offering comprehensive, end-to-end security platforms that streamline risk mitigation and enhance operational efficiency. #2: Cloud Security Unifies with SOC Priorities Security operations centers (SOC) and cloud security functions are c...
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Feb 04, 2025 Vulnerability / Mobile Security
Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class ( UVC ) driver. Successful exploitation of the flaw could lead to physical escalation of privilege, Google said, noting that it's aware that it may be under "limited, targeted exploitation." While no other technical details have been offered, Linux kernel developer Greg Kroah-Hartman revealed in early December 2024 that the vulnerability is rooted in the Linux kernel and that it was introduced in version 2.6.26 , which was released in mid-2008. Specifically, it has to do with an out-of-bounds write condition that could arise as a result of parsing frames of type UVC_VS_UNDEFINED in a function named "uvc_parse_format()" i...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Watch how Computer-Using Agents can be used by attackers to automate account takeover and exploitation.
3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

Jan 15, 2025 Patch Tuesday / Zero-Day
Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass ( CVE-2024-7344 , CVSS score: 6.7), has not been assigned any severity. According to the Zero Day Initiative , the update marks the largest number of CVEs addressed in a single month since at least 2017. The fixes are in addition to seven vulnerabilities the Windows maker addressed in its Chromium-based Edge browser since the release of December 2024 Patch Tuesday updates. Prominent among the patches released by Microsoft is a trio of flaws in Windows Hyper-V NT Kernel Integration VSP ( CVE-2025-21333 , CVE-2025-21334 , and CVE-2025-21335 , CVSS scores: 7.8) that the company said has come under active exploitation in the wild. ...
Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

Jan 15, 2025 Vulnerability / Server Security
Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit." The list of identified flaws is as follows - CVE-2024-57727 (CVSS score: 7.5) - An unauthenticated path traversal vulnerability that allows an attacker to download arbitrary files from the SimpleHelp server, including the serverconfig.xml file that contains hashed passwords for the SimpleHelpAdmin account and other local technician accounts CVE-2024-57728 (CVSS score: 7.2) - An arbitrary file upload vulnerability that allows an attacker with SimpleHelpAdmin privileges (or as a technician with admin privileges) to upload arbitrary files anywhere on the SimpleServer host, potentially leading to remote code execution CVE-2024-5772...
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

Jan 13, 2025 Vulnerability / Cloud Security
A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding to "multiple incidents" involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in unauthenticated remote code execution. Put differently, a successful exploitation of the flaw could permit an attacker to inject malicious operating system commands owing to the fact that certain API endpoints do not adequately sanitize user-supplied input. The vulnerability has been addressed in versions 7.1.4191 and 7.2.4996. Jakub Korepta, a security researcher at Polish cybersecurity company Securing, has been credited with discovering and reporting the shortcoming. A proof-of-concept (PoC) exploit has since been made publicly available . Data gathered by the cybersecurity company...
Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques

Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques

Jan 08, 2025 Malware / Windows Security
Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems. "The NonEuclid remote access trojan (RAT), developed in C#, is a highly sophisticated malware offering unauthorised remote access with advanced evasion techniques," Cyfirma said in a technical analysis published last week. "It employs various mechanisms, including antivirus bypass, privilege escalation, anti-detection, and ransomware encryption targeting critical files." NonEuclid has been advertised in underground forums since at least late November 2024, with tutorials and discussions about the malware discovered on popular platforms like Discord and YouTube. This points to a concerted effort to distribute the malware as a crimeware solution. At its core, the RAT commences with an initialization phase for a client application, after which it performs a series of checks to evade detection prior to s...
Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers

Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers

Jan 07, 2025 Vulnerability / Network Security
Taiwan-based Moxa has warned of two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances that could allow privilege escalation and command execution. The list of vulnerabilities is as follows - CVE-2024-9138 (CVSS 4.0 score: 8.6) - A hard-coded credentials vulnerability that could allow an authenticated user to escalate privileges and gain root-level access to the system, leading to system compromise, unauthorized modifications, data exposure, or service disruption CVE-2024-9140 (CVSS 4.0 score: 9.3) - A vulnerability allows attackers to exploit special characters to bypass input restrictions, potentially leading to unauthorized command execution The shortcomings, reported by security researcher Lars Haulin, affect the below products and firmware versions - CVE-2024-9138 - EDR-810 Series (Firmware version 5.12.37 and earlier), EDR-8010 Series (Firmware version 3.13.1 and earlier), EDR-G902 Series (Firmware version 5.7.25 ...
New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

Dec 13, 2024 Linux / Threat Analysis
Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection. "PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers," Elastic Security Lab researchers Remco Sprooten and Ruben Groenewoud said in a technical report published Thursday. The company's analysis comes from artifacts uploaded to the VirusTotal malware scanning platform earlier this September. The internals of the malware is based on a multi-stage architecture that comprises a dropper component named "cron," two memory-resident executables ("/memfd:tgt" and "/memfd:wpn"), an LKM rootkit ("puma.ko"), and a shared object (SO) userland rootkit called Kitsune ("li...
LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

Oct 31, 2024 Vulnerability / Website Security
A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. "The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain administrator level access after which malicious plugins could be uploaded and installed," Patchstack security researcher Rafie Muhammad said in an analysis. LiteSpeed Cache is a popular site acceleration plugin for WordPress that, as the name implies, comes with advanced caching functionality and optimization features. It's installed on over six million sites. The newly identified issue, per Patchstack, is rooted in a function named is_role_simulation and is similar to an earlier flaw that was publicly documented back in August ...
OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

Oct 13, 2024
The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. "The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting vulnerabilities like CVE-2024-30088 for privilege escalation," Trend Micro researchers Mohamed Fahmy, Bahaa Yamany, Ahmed Kamal, and Nick Dai said in an analysis published on Friday. The cybersecurity company is tracking the threat actor under the moniker Earth Simnavaz , which is also referred to as APT34, Crambus, Cobalt Gypsy, GreenBug, Hazel Sandstorm (formerly EUROPIUM), and Helix Kitten. The attack chains entail the deployment of a previously undocumented implant that comes with capabilities to exfiltrate credentials through on-premises Microsoft Exchange servers, a tried-and-tested tact...
Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks

Sep 05, 2024
Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information. A brief description of the two vulnerabilities is below - CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an affected system CVE-2024-20440 (CVSS score: 9.8) - A vulnerability arising due to an excessively verbose debug log file that an attacker could exploit to access such files by means of a crafted HTTP request and obtain credentials that can be used to access the API While these shortcomings are not dependent on each other for them to be successful, Cisco notes in its advisory that they "are not exploitable unless Cisco Smart Licensing Utility was started by a user and is actively running." The flaws, which were discovered during i...
Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals

Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals

Aug 30, 2024 Vulnerability / Network Security
The most dangerous vulnerability you've never heard of. In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up with. Some vulnerabilities will start ringing alarm bells within your security tooling, while others are far more nuanced, but still pose an equally dangerous threat. Today, we want to discuss one of these more nuanced vulnerabilities as it is likely lurking in your environment waiting to be exploited: Active Directory Certificate Services vulnerabilities.  vPenTest by Vonahi Security recently implemented an attack vector specifically designed to identify and mitigate these hidden AD CS threats. But first, let's explore why AD CS vulnerabilities are so dangerous and how they work. What is Active Directory Certificate Services? Active Directory Certificate Services ("AD CS"), as defined by Microsoft is, "a Windows Server role for issuing and managing public key infrastructure (PKI) cert...
Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters

Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters

Aug 20, 2024 Vulnerability / Container Security
Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and access credentials for services used by the cluster. "An attacker with command execution in a pod running within an affected Azure Kubernetes Services cluster could download the configuration used to provision the cluster node, extract the transport layer security (TLS) bootstrap tokens, and perform a TLS bootstrap attack to read all secrets within the cluster," Google-owned Mandiant said . Clusters using "Azure CNI" for the "Network configuration" and "Azure" for the "Network Policy" have been found to be impacted by the privilege escalation bug. Microsoft has since addressed the issue following responsible disclosure. The attack technique devised by the threat intelligence firm hinges on accessing a little-known component called Azure WireS...
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics

Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics

Aug 16, 2024 Cyber Attack / Malware
Chinese-speaking users are the target of an ongoing campaign that distributes a malware known as ValleyRAT. "ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage," Fortinet FortiGuard Labs researchers Eduardo Altares and Joie Salvio said . "Another noteworthy characteristic of this malware is its heavy usage of shellcode to execute its many components directly in memory, significantly reducing its file footprint in the victim's system." Details about the campaign first emerged in June 2024, when Zscaler ThreatLabz detailed attacks involving an updated version of the malware. Exactly how the latest iteration of ValleyRAT is distributed is currently not known, although previous campaigns have leveraged email messages containing URLs pointing to compressed executables. "Based on the filenames of the executables we found, they're likely using phis...
Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days

Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days

Aug 14, 2024 Windows Security / Vulnerability
Microsoft on Tuesday shipped fixes to address a total of 90 security flaws , including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, nine are rated Critical, 80 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 vulnerabilities that the tech giant resolved in its Edge browser since last month. The Patch Tuesday updates are notable for addressing six actively exploited zero-days - CVE-2024-38189 (CVSS score: 8.8) - Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 (CVSS score: 7.5) - Windows Scripting Engine Memory Corruption Vulnerability CVE-2024-38193 (CVSS score: 7.8) - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2024-38106 (CVSS score: 7.0) - Windows Kernel Elevation of Privilege Vulnerability CVE-2024-38107 (CVSS score: 7.8) - Windows Power Dependency Coordinator Elevation of Privilege Vulnerability CVE-2024-38213 (CVS...
Expert Insights / Articles Videos
Cybersecurity Resources