#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

remote code execution | Breaking Cybersecurity News | The Hacker News

Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool

Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool

Mar 18, 2024 Vulnerability / Threat Mitigation
Fortra has released details of a now-patched critical security flaw impacting its  FileCatalyst  file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. "A directory traversal within the 'ftpservlet' of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended 'uploadtemp' directory with a specially crafted POST request," the company  said  in an advisory last week. "In situations where a file is successfully uploaded to web portal's DocumentRoot, specially crafted JSP files could be used to execute code, including web shells." The vulnerability, the company said, was first reported on August 9, 2023, and addressed two days later in FileCatalyst Workflow version 5.1.6 Build 114 without a CVE identifier. Fortra was  authorized  as a CVE Numbering Authorit
Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

Mar 14, 2024 Container Security / Vulnerability
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. "The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster," Akamai security researcher Tomer Peled  said . "To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster." Tracked as CVE-2023-5528 (CVSS score: 7.2), the shortcoming impacts all versions of kubelet, including and after version 1.8.0. It was addressed as part of updates released on November 14, 2023, in the following versions - kubelet v1.28.4 kubelet v1.27.8 kubelet v1.26.11, and kubelet v1.25.16 "A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes," Kubernetes maintainers  said  in a
CTEM 101 - Go Beyond Vulnerability Management with Continuous Threat Exposure Management

CTEM 101 - Go Beyond Vulnerability Management with Continuous Threat Exposure Management

Mar 12, 2024CTEM / Vulnerability Management
In a world of ever-expanding jargon, adding another FLA (Four-Letter Acronym) to your glossary might seem like the last thing you'd want to do. But if you are looking for ways to continuously reduce risk across your environment while making significant and consistent improvements to security posture, in our opinion, you probably want to consider establishing a  Continuous Threat Exposure Management (CTEM)  program.  CTEM is an approach to cyber risk management that combines attack simulation, risk prioritization, and remediation guidance in one coordinated process. The term Continuous Threat Exposure Management first appeared in the Gartner ® report, Implement a Continuous Threat Exposure Management Program (CTEM) (Gartner, 21 July 2022,). Since then, we have seen that organizations across the globe are seeing the benefits of this integrated, continual approach. Webinar: Why and How to Adopt the CTEM Framework XM Cyber is hosting a webinar featuring Gartner VP Analyst Pete Shoa
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

Mar 14, 2024 Vulnerability / Network Security
Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests," the company  said  in an advisory. The vulnerability, tracked as CVE-2023-48788, carries a CVSS rating of 9.3 out of a maximum of 10. It impacts the following versions - FortiClientEMS 7.2.0 through 7.2.2 (Upgrade to 7.2.3 or above) FortiClientEMS 7.0.1 through 7.0.10 (Upgrade to 7.0.11 or above) Horizon3.ai, which  plans  to release additional technical details and a proof-of-concept (PoC) exploit next week, said the shortcoming could be exploited to obtain remote code execution as SYSTEM on the server. Fortinet has credited Thiago Santana from the Forticlient
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws

Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws

Mar 13, 2024 Patch Tuesday / Software Update
Microsoft on Tuesday released its monthly security update,  addressing 61 different security flaws  spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution. Of the 61 vulnerabilities, two are rated Critical, 58 are rated Important, and one is rated Low in severity. None of the flaws are listed as publicly known or under active attack at the time of the release, but six of them have been tagged with an "Exploitation More Likely" assessment. The fixes are in addition to  17 security flaws  that have been patched in the company's Chromium-based Edge browser since the release of the  February 2024 Patch Tuesday updates . Topping the list of critical shortcomings are  CVE-2024-21407  and  CVE-2024-21408 , which affect Hyper-V and could result in remote code execution and a DoS condition, respectively. Microsoft's update also addresses privilege escalation flaws in the Azure Kub
Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites

Mar 12, 2024 WordPress / Website Security
A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has  infected more than 3,900 sites  over the past three weeks. "These attacks are orchestrated from domains less than a month old, with registrations dating back to February 12th, 2024," security researcher Puja Srivastava  said  in a report dated March 7. Infection sequences involve the exploitation of CVE-2023-6000, a security vulnerability in Popup Builder that could be exploited to create rogue admin users and install arbitrary plugins. The shortcoming was exploited as part of a  Balada Injector campaign  earlier this January, compromising no less than 7,000 sites. The latest set of attacks lead to the injection of malicious code, which comes in two different variants and is designed to redirect site visitors to other sites such as phishing and scam pages. WordPress site owners are reco
Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability

Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability

Mar 11, 2024 Network Security / Vulnerability
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as  CVE-2024-1403 , the vulnerability has a maximum severity rating of 10.0 on the CVSS scoring system. It impacts OpenEdge versions 11.7.18 and earlier, 12.2.13 and earlier, and 12.8.0.  "When the OpenEdge Authentication Gateway (OEAG) is configured with an OpenEdge Domain that uses the OS local authentication provider to grant user-id and password logins on operating platforms supported by active releases of OpenEdge, a vulnerability in the authentication routines may lead to unauthorized access on attempted logins," the company  said  in an advisory released late last month. "Similarly, when an AdminServer connection is made by OpenEdge Explorer (OEE) and OpenEdge Management (OEM), it also utilizes t
Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client

Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client

Mar 08, 2024 Network Security / Vulnerability
Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return line feed ( CRLF ) injection attack against a user. Arising as a result of insufficient validation of user-supplied input, a threat actor could leverage the flaw to trick a user into clicking on a specially crafted link while establishing a VPN session. "A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token," the company  said  in an advisory. "The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and servi
VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk

VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk

Feb 21, 2024 Active Directory / Vulnerability
VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as  CVE-2024-22245  (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs)," the company  said  in an advisory. EAP,  deprecated as of March 2021 , is a software package that's designed to allow direct login to vSphere's management interfaces and tools through a web browser. It's not included by default and is not part of vCenter Server, ESXi, or Cloud Foundation. Also discovered in the same tool is a session hijack flaw (CVE-2024-22250, CVSS score: 7.8) that could permit a malicious actor with unprivileged local access to a Windows operating system to seize a privileged EAP
WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

Feb 20, 2024 Website Security / PHP Code
A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6. It has been addressed by the theme developers in  version 1.9.6.1  released on February 13, 2024, merely days after WordPress security provider Snicco reported the flaw on February 10. While a proof-of-concept (PoC) exploit has not been released, technical details have been  released  by both Snicco and Patchstack, noting that the underlying vulnerable code exists in the prepare_query_vars_from_settings() function. Specifically, it concerns the use of security tokens called "nonces" for verifying permissions, which can then be used to pass arbitrary commands for execution, effectively allowing a threat actor to seize control of a
Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

Feb 15, 2024 Threat Intelligence / Vulnerability
Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its  Patch Tuesday updates . Tracked as  CVE-2024-21410  (CVSS score: 9.8), the issue has been described as a case of privilege escalation impacting the Exchange Server. "An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability," the company  said  in an advisory published this week. "The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim's behalf." Successful exploitation of the flaw could permit an attacker to relay a user's leaked Net-NTLMv2 hash against a susceptible Exchange Server and authenticate as the user, Redmond added. The tech giant, in an update to its bulletin, revised
Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros

Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros

Feb 07, 2024 Device Security / Vulnerability
The maintainers of shim have released  version 15.8  to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as  CVE-2023-40547  (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of the Microsoft Security Response Center (MSRC) has been  credited  with discovering and reporting the bug. Major Linux distributions that use shim such as Debian , Red Hat , SUSE , and Ubuntu have all released advisories for the security flaw. "The shim's http boot support (httpboot.c) trusts attacker-controlled values when parsing an HTTP response, leading to a completely controlled out-of-bounds write primitive," Oracle's Alan Coopersmith  noted  in a message shared on the Open Source Security mailing list oss-security. Demirkapi, in a  post  shared on X (formerly Twitter) late last month, said the vulnerability "exists in every Linux bo
Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account

Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account

Feb 03, 2024 Vulnerability / Social Media
The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. "Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the maintainers said in a terse advisory. The vulnerability, tracked as  CVE-2024-23832 , has a severity rating of 9.4 out of a maximum of 10. Security researcher  arcanicanis  has been credited with discovering and reporting it. It has been described as an "origin validation error" ( CWE-346 ), which can typically allow an attacker to "access any functionality that is inadvertently accessible to the source." Every Mastodon version prior to 3.5.17 is vulnerable, as are 4.0.x versions before 4.0.13, 4.1.x versions before 4.1.13, and 4.2.x versions before 4.2.5. Mastodon said it's withholding additional technical specifics about the flaw until February 15, 2024, to give  admins  ampl
Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws

Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws

Jan 30, 2024 Vulnerability / Network Security
Juniper Networks has released out-of-band updates to  address high-severity flaws  in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The vulnerabilities, tracked as  CVE-2024-21619 and CVE-2024-21620 , are rooted in the J-Web component and impact all versions of Junos OS. Two other shortcomings, CVE-2023-36846 and CVE-2023-36851, were  previously disclosed  by the company in August 2023. CVE-2024-21619  (CVSS score: 5.3) - A missing authentication vulnerability that could lead to exposure of sensitive configuration information CVE-2024-21620  (CVSS score: 8.8) - A cross-site scripting (XSS) vulnerability that could lead to the execution of arbitrary commands with the target's permissions by means of a specially crafted request Cybersecurity firm watchTowr Labs has been  credited  with discovering and reporting the issues. The two vulnerabilities have been addressed in the following versions - CVE-2024-21619  - 20.
Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!

Jan 25, 2024 Vulnerability / Software Security
The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier  CVE-2024-23897 , has been described as an arbitrary file read vulnerability through the built-in command line interface ( CLI ) "Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands," the maintainers  said  in a Wednesday advisory. "This command parser has a feature that replaces an @ character followed by a file path in an argument with the file's contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it." A threat actor could exploit this quirk to read arbitrary files on the Jenkins controller file system
PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft

PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft

Jan 18, 2024 Firmware Security / Vulnerability
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface ( UEFI ) specification used widely in modern computers. Collectively dubbed  PixieFail  by Quarkslab, the  nine issues  reside in the TianoCore EFI Development Kit II ( EDK II ) and could be exploited to achieve remote code execution, denial-of-service (DoS), DNS cache poisoning, and leakage of sensitive information. UEFI firmware – which is responsible for  booting the operating system  – from AMI, Intel, Insyde, and Phoenix Technologies are impacted by the shortcomings. EDK II incorporates its own TCP/IP stack called  NetworkPkg  to enable network functionalities available during the initial Preboot eXecution Environment ( PXE , pronounced "pixie") stage, which allows for management tasks in the absence of a running operating system. In other words, it is a client-server interface to  boot a
GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials

GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials

Jan 17, 2024 Vulnerability / Software Security
GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials within a production container. The Microsoft-owned subsidiary said it was made aware of the problem on December 26, 2023, and that it addressed the issue the same day, in addition to rotating all potentially exposed credentials out of an abundance of caution. The rotated keys include the GitHub commit signing key as well as GitHub Actions, GitHub Codespaces, and Dependabot customer encryption keys, necessitating users who rely on these keys to import the new ones. There is no evidence that the high-severity vulnerability, tracked as  CVE-2024-0200  (CVSS score: 7.2), has been previously found and exploited in the wild. "This vulnerability is also present on GitHub Enterprise Server (GHES)," GitHub's Jacob DePriest  said . "However, exploitation requires an authenticated user with an  organization owner role
Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now

Jan 16, 2024 Vulnerability / Network Security
Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). "The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern," Jon Williams, a senior security engineer at Bishop Fox,  said  in a technical analysis shared with The Hacker News. The vulnerabilities in question are listed below - CVE-2022-22274  (CVSS score: 9.4) - A stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote, unauthenticated attacker to cause DoS or potentially result in code execution in the firewall. CVE-2023-0656  (CVSS score: 7.5) - A stack-based buffer overflow vulnerability in the SonicOS allows a remote, unauthenticated attacker to cause DoS, which could result in a crash. While there are no reports of exploitation of the flaws
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows

Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows

Jan 15, 2024 Vulnerability / Browser Security
Cybersecurity researchers have disclosed a now-patched security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system. The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs research team owing to the fact that it takes advantage of a feature called  My Flow  that makes it possible to sync messages and files between mobile and desktop devices. "This is achieved through a controlled browser extension, effectively bypassing the browser's sandbox and the entire browser process," the company  said  in a statement shared with The Hacker News. The issue impacts both the Opera browser and Opera GX. Following responsible disclosure on November 17, 2023, it was addressed as part of  updates  shipped on November 22, 2023. My Flow features a chat-like interface to exchange notes and files, the latter of which can be opened via a web interface, meaning a f
High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners

High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners

Jan 15, 2024 Operational Technology / Network Security
Multiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, if successfully exploited, could allow attackers to execute arbitrary code on affected systems. Romanian cybersecurity firm Bitdefender, which  discovered  the flaw in Bosch BCC100 thermostats last August, said the issue could be weaponized by an attacker to alter the device firmware and implant a rogue version. Tracked as  CVE-2023-49722  (CVSS score: 8.3), the high-severity vulnerability was addressed by Bosch in November 2023. "A network port 8899 is always open in BCC101/BCC102/BCC50 thermostat products, which allows an unauthenticated connection from a local WiFi network," the company  said  in an advisory. The issue, at its core, impacts the WiFi microcontroller that acts as a network gateway for the thermostat's logic microcontroller. By exploiting the flaw, an attacker could send commands to the thermostat, including writing a malicious updat
Cybersecurity Resources