The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: remote code execution

1-Click Hack Found in Popular Desktop Apps — Check If You're Using Them

1-Click Hack Found in Popular Desktop Apps — Check If You're Using Them

April 15, 2021Ravie Lakshmanan
Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble. "Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction," the researchers  said . "Code execution can be achieved either when a URL pointing to a malicious executable (.desktop, .jar, .exe, …) hosted on an internet accessible file share (nfs, webdav, smb, …) is opened, or an additional vulnerability in the opened application's URI handler is exploited." Put differently; the flaws stem from an insufficient validation of URL input that, when opened with the help of the u
Another Critical RCE Flaw Discovered in SolarWinds Orion Platform

Another Critical RCE Flaw Discovered in SolarWinds Orion Platform

March 25, 2021Ravie Lakshmanan
IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE). Chief among them is a JSON deserialization flaw that allows an authenticated user to execute arbitrary code via the  test alert actions  feature available in the Orion Web Console, which lets users simulate network events (e.g., an unresponsive server) that can be configured to trigger an alert during setup. It has been rated critical in severity. A second issue concerns a high-risk vulnerability that could be leveraged by an adversary to achieve RCE in the Orion Job Scheduler. "In order to exploit this, an attacker first needs to know the credentials of an unprivileged local account on the Orion Server," SolarWinds  said  in its release notes. The advisory is light on technical specifics,
Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now

Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now

March 22, 2021Ravie Lakshmanan
The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning (ERP) system. Tracked as  CVE-2021-26295 , the flaw affects all versions of the software prior to  17.12.06  and employs an "unsafe deserialization" as an attack vector to permit unauthorized remote attackers to execute arbitrary code on a server directly. OFBiz  is a Java-based web framework for automating enterprise processes and offers a wide range of functionality, including accounting, customer relationship management, manufacturing operations management, order management, supply chain fulfillment, and warehouse management system, among others. Specifically, by exploiting this flaw, a malicious party can tamper with serialized data to insert arbitrary code that, when deserialized, can potentially result in remote code execution. "An unauthe
Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites

Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites

March 17, 2021Ravie Lakshmanan
Researchers have disclosed vulnerabilities in multiple WordPress plugins that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios. The flaws were uncovered in  Elementor , a website builder plugin used on more than seven million sites, and  WP Super Cache , a tool used to serve cached pages of a WordPress site. According to Wordfence, which discovered the security weaknesses in Elementor, the bug concerns a set of  stored cross-site scripting  (XSS) vulnerabilities (CVSS score: 6.4), which occurs when a malicious script is injected directly into a vulnerable web application. In this case, due to a lack of validation of the HTML tags on the server-side, a bad actor can exploit the issues to add executable JavaScript to a post or page via a crafted request. "Since posts created by contributors are typically reviewed by editors or administrators before publishing, any JavaScript added to one of these posts would
Cisco Releases Security Patches for Critical Flaws Affecting its Products

Cisco Releases Security Patches for Critical Flaws Affecting its Products

February 26, 2021Ravie Lakshmanan
Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. "An attacker could exploit this vulnerability by sending a crafted request to the affected API," the company  said  in an advisory published yesterday. "A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices." The bug, tracked as CVE-2021-1388, ranks 10 (out of 10) on the CVSS vulnerability scoring system and stems from an improper token validation in an API endpoint of Cisco ACI MSO installed the Application Services Engine. It affects ACI MSO versions running a 3.0 release of the software. The ACI Multi-Site Orchestrator lets customers monitor and m
Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

February 23, 2021Ravie Lakshmanan
VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. "A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server," the company  said  in its advisory. The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a maximum of 10, making it critical in severity. "In our opinion, the RCE vulnerability in the vCenter Server can pose no less a threat than the infamous vulnerability in Citrix (CVE-2019-19781)," said Positive Technologies' Mikhail Klyuchnikov, who discovered and reported the flaw to VMware. "The error allows an unauthorized user to send a specially crafted request, which will later give them the opportunity
Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams

Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams

December 07, 2020Ravie Lakshmanan
A zero-click remote code execution (RCE) bug in Microsoft Teams desktop apps could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a target's system. The issues were reported to the Windows maker by  Oskars Vegeris , a security engineer from Evolution Gaming, on August 31, 2020, before they were addressed at the end of October. Microsoft did not assign a CVE to this vulnerability, stating "it's currently Microsoft's policy to not issue CVEs on products that automatically updates without user's interaction." "No user interaction is required, exploit executes upon seeing the chat message," Vegeris explained in a technical write-up. The result is a "complete loss of confidentiality and integrity for end users — access to private chats, files, internal network, private keys and personal data outside MS Teams," the researcher added. Worse, the RCE is cross-platform — af
Researcher Discloses Critical RCE Flaws In Cisco Security Manager

Researcher Discloses Critical RCE Flaws In Cisco Security Manager

November 16, 2020Ravie Lakshmanan
Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager (CSM) a week after the networking equipment maker quietly released patches with version 4.22 of the platform. The development comes after Code White researcher Florian Hauser (frycos) yesterday publicly disclosed proof-of-concept ( PoC ) code for as many as 12 security vulnerabilities affecting the  web interface of CSM  that makes it possible for an unauthenticated attacker to achieve remote code execution (RCE) attacks. The flaws were responsibly reported to Cisco's Product Security Incident Response Team (PSIRT) three months ago, on July 13. "Since Cisco PSIRT became unresponsive and the published release 4.22 still doesn't mention any of the vulnerabilities,"  claimed frycos  in a tweet, citing the reasons for going public with the PoCs yesterday. Cisco Security Manager  is an end-to-end enterprise solution that allows organizations to enforce access policies
Microsoft Releases September 2020 Security Patches For 129 Flaws

Microsoft Releases September 2020 Security Patches For 129 Flaws

September 08, 2020Swati Khandelwal
As part of this month's Patch Tuesday, Microsoft today released a fresh batch of security updates to fix a total of 129 newly discovered security vulnerabilities affecting various versions of its Windows operating systems and related software. Of the 129 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, ChakraCore, SQL Server, Exchange Server, Office, ASP.NET, OneDrive, Azure DevOps, Visual Studio, and Microsoft Dynamics — that received new patches, 23 are listed as critical, 105 are important, and one is moderate in severity. Unlike the past few months, none of the security vulnerabilities the tech giant patched in September are listed as being publicly known or under active attack at the time of release or at least not in knowledge of Microsoft. A memory corruption vulnerability ( CVE-2020-16875 ) in Microsoft Exchange software is worth highlighting all the critical flaws. The exploitation of this flaw could allow an attacker to run
Google Researcher Reported 3 Flaws in Apache Web Server Software

Google Researcher Reported 3 Flaws in Apache Web Server Software

August 24, 2020Ravie Lakshmanan
If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to cause a crash and denial of service. The flaws, tracked as CVE-2020-9490, CVE-2020-11984, CVE-2020-11993, were uncovered by Felix Wilhelm of Google Project Zero, and have since been addressed by the Apache Foundation in the latest version of the software ( 2.4.46 ). The first of the three issues involve a possible remote code execution vulnerability due to a buffer overflow with the "mod_uwsgi" module (CVE-2020-11984), potentially allowing an adversary to view, change, or delete sensitive data depending on the privileges associated with an application running on the server. "[A] Malici
A New vBulletin 0-Day RCE Vulnerability and Exploit Disclosed Publicly

A New vBulletin 0-Day RCE Vulnerability and Exploit Disclosed Publicly

August 11, 2020Swati Khandelwal
A security researcher earlier today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability affecting the widely used internet forum software vBulletin that's already under active exploitation in the wild. vBulletin is a widely used proprietary Internet forum software package based on PHP and MySQL database server that powers over 100,000 websites on the Internet, including Fortune 500 and Alexa Top 1 million companies websites and forums. In September last year, a separate anonymous security researcher publicly disclosed a then-zero-day RCE vulnerability in vBulletin , identified as CVE-2019-16759 , and received a critical severity rating of 9.8, allowing attackers to execute malicious commands on the remote server without requiring any authentication to log into the forum. A day after the disclosure of CVE-2019-16759, the vBulletin team released security patches that resolved the issue, but it t
Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users

Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users

August 07, 2020Swati Khandelwal
A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury that governs the execution of laws relating to national banks. According to a press release published by the OCC on Thursday, Capital One failed to establish appropriate risk management before migrating its IT operations to a public cloud-based service, which included appropriate design and implementation of certain network security controls, adequate data loss prevention controls, and effective dispositioning of alerts. The OCC also said that the credit card provider also left numerous weaknesses in its cloud-based data storage in an internal audit in 2015 as well as failed to patch security
Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products

Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products

July 08, 2020Ravie Lakshmanan
Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WAN Optimization edition (WANOP) networking products. Successful exploitation of these critical flaws could let unauthenticated attackers perform code injection, information disclosure, and even denial-of-service attacks against the gateway or the authentication virtual servers . Citrix confirmed that the aforementioned issues do not impact other virtual servers, such as load balancing and content switching virtual servers. Among the affected Citrix SD-WAN WANOP appliances include models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. The networking vendor also reiterated that these vulnerabilities were not connected to a previously fixed zero-day NetScaler flaw (tagged as CVE-2019-19781 ) that allowed bad actors to perform arbitrary code execution even without proper authentication. It also said there's no evidence
Critical Bugs and Backdoor Found in GeoVision's Fingerprint and Card Scanners

Critical Bugs and Backdoor Found in GeoVision's Fingerprint and Card Scanners

June 25, 2020Ravie Lakshmanan
GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners that could've potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks. In a report shared exclusively with The Hacker News, enterprise security firm Acronis said it discovered the vulnerabilities last year following a routine security audit of a Singapore-based major retailer. "Malicious attackers can establish persistence on the network and spy on internal users, steal data — without ever getting detected," Acronis said. "They can reuse your fingerprint data to enter your home and/or personal devices, and photos can be easily reused by malicious actors to perpetrate identity theft based on biometric data." In all, the flaws affect at least 6 device families, with over 2,500 vulnerable devices discovered online across Brazil, US, Germany, Ta
Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities

Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities

June 09, 2020Mohit Kumar
Microsoft today released its June 2020 batch of software security updates that patches a total of 129 newly discovered vulnerabilities affecting various versions of Windows operating systems and related products. This is the third Patch Tuesday update since the beginning of the global Covid-19 outbreak, putting some extra pressure on security teams struggling to keep up with patch management while proceeding with caution that should not break anything during this lockdown season. The 129 bugs in the June 2020 bucket for sysadmins and billions of users include 11 critical vulnerabilities—all leading to remote code execution attacks—and 118 classified as important in severity, mostly leading to privilege escalation and spoofing attacks. According to the advisories Microsoft released today, hackers, fortunately, don't appear to be exploiting any of the zero-day vulnerabilities in the wild, and details for none of the flaws addressed this month was disclosed publicly before thi
An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now

An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now

May 11, 2020Mohit Kumar
If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability. Maintainers of the vBulletin project recently announced an important patch update but didn't reveal any information on the underlying security vulnerability, identified as CVE-2020-12720 . Written in PHP programming language, vBulletin is a widely used Internet forum software that powers over 100,000 websites on the Internet, including forums for some Fortune 500 and many other top companies. Considering that the popular forum software is also one of the favorite targets for hackers, holding back details of the flaw could, of course, help many websites apply patches before hackers can exploit them to compromise sites, servers, and their user databases. However, just like previous times, researchers and hackers have already started reverse-engineering the software patch to locate and understan
Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability

Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability

May 03, 2020Ravie Lakshmanan
Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework , a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert. Tracked as CVE-2020-11651 and CVE-2020-11652 , the disclosed flaws could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The issues were fixed by SaltStack in a release published on April 29th. "We expect that any competent hacker will be able to create 100% reliable exploits for these issues in under 24 hours," F-Secure researchers had previously warned in an advisory last week. LineageOS, a maker of an open-source operating system based on Android, said it detected the intrusion on May 2nd at around 8 pm Pacific Time. "Around 8 pm PST on May 2nd, 2020, an attacker used a CVE in our SaltStack master to gain access to our infrastructure," the company n
CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers

CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers

April 17, 2020Ravie Lakshmanan
The United States Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution (RCE) vulnerability in Pulse Secure VPN servers—even if they have already patched it. The warning comes three months after another CISA alert urging users and administrators to patch Pulse Secure VPN environments to thwart attacks exploiting the vulnerability. "Threat actors who successfully exploited CVE-2019-11510 and stole a victim organization's credentials will still be able to access — and move laterally through — that organization's network after the organization has patched this vulnerability if the organization did not change those stolen credentials," CISA said. CISA has also released a tool to help network administrators look for any indicators of compromise associated with the flaw.
Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions

Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions

March 23, 2020Mohit Kumar
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft , both unpatched flaws are being used in limited, targeted attacks and impact all supported versions of the Windows operating system—including Windows 10, 8.1 and Server 2008, 2012, 2016, and 2019 editions, as well as Windows 7 for which Microsoft ended its support on January 14, 2020. Both vulnerabilities reside in the Windows Adobe Type Manager Library , a font parsing software that not only parses content when open with a 3rd-party software but also used by Windows Explorer to display the content of a file in the 'Preview Pane' or 'Details Pane' without having users to open it. The flaws exist in Microsoft Windows when the Adobe Type Manager Library improperly "handles a specially-crafted multi-master font - Adobe Type
Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed

Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed

March 11, 2020Ravie Lakshmanan
Shortly after releasing its monthly batch of security updates , Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 ( SMBv3 ) network communication protocol. It appears Microsoft originally planned to fix the flaw as part of its March 2020 Patch Tuesday update only, but, for some reason, it pulled the plug at the last minute, which apparently did not stop a tech company from accidentally leaking the existence of the unpatched flaw. The yet-to-be patched flaw (tracked as CVE-2020-0796 ), if exploited successfully, could allow an attacker to execute arbitrary code on the target SMB Server or SMB Client. The belated acknowledgment from Microsoft led some researchers to call the bug " SMBGhost ." "To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.