remote code execution | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have discovered a new critical vulnerability ( CVE-2020-7247 ) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers. OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems. According to Qualys Research Labs, who discovered this vulnerability, the issue resides in the OpenSMTPD's sender address validation function, called smtp_mailaddr(), which can be exploited to execute arbitrary shell commands with elevated root privileges on a vulnerable server just by sending specially crafted SMTP messages to it. The flaw affects OpenBSD version 6.6 and works against the default configuration for both, the locally enabled interface as well as remotely if the daemon has been enabled to listen on all interfaces and accepts external mail. "Exploit

It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers. Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [ 1 , 2 ] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC and Gateway products that could allow anyone to leverage them to take full control over potential enterprise targets. Just before the last Christmas and year-end holidays, Citrix announced that its Citrix Application Delivery Controller (ADC) and Citrix Gateway are vulnerable to a critical path traversal flaw (CVE-2019-19781) that could allow an unauthenticated attacker to perform arbitrary code execution on vulnerable servers. Citrix confirmed that the flaw affects all supported version of the software, including: Citrix ADC and Citrix Gateway version 13.0 all supported build

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system. VNC (virtual network computing) is an open source graphical desktop sharing protocol based on RFB (Remote FrameBuffer) that allows users to remotely control another computer, similar to Microsoft's RDP service. The implementation of the VNC system includes a "server component," which runs on the computer sharing its desktop, and a "client component," which runs on the computer that will access the shared desktop. In other words, VNC allows you to use your mouse and keyboard to work on a remote computer as if you are sitting in front of it. There are numerous VNC applications, both free and commercial, compatible with widely used operating systems like Linux, macOS, Windows, and Android. Considering

The recent controversies surrounding the WhatsApp hacking haven't yet settled, and the world's most popular messaging platform could be in the choppy waters once again. The Hacker News has learned that last month WhatsApp quietly patched yet another critical vulnerability in its app that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and files stored on them. The vulnerability — tracked as CVE-2019-11931 — is a stack-based buffer overflow issue that resided in the way previous WhatsApp versions parse the elementary stream metadata of an MP4 file, resulting in denial-of-service or remote code execution attacks. To remotely exploit the vulnerability, all an attacker needs is the phone number of targeted users and send them a maliciously crafted MP4 file over WhatsApp, which eventually can be programmed to install a malicious backdoor or spyware app on the compromised devices silently. The vulnerability

If you're using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you. A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow unauthenticated remote attackers to compromise targeted servers, and connected network devices. Written in native PHP, rConfig is a free, open source network device configuration management utility that allows network engineers to configure and take frequent configuration snapshots of their network devices. According to the project website, rConfig is being used to manage more than 3.3 million network devices, including switches, routers, firewalls, load-balancer, WAN optimizers. What's more worrisome? Both vulnerabilities affect all versions of rConfig, including the latest rConfig ver

No, it's not a patch Tuesday. It's the third Tuesday of the month, and as The Hacker News shared an early heads-up late last week on Twitter, Adobe today finally released pre-announced out-of-band security updates to patch a total of 82 security vulnerabilities across its various products. The affected products that received security patches today include: Adobe Acrobat and Reader Adobe Experience Manager Adobe Experience Manager Forms Adobe Download Manager Out of 82 security vulnerabilities, 45 are rated critical, and all of them affect Adobe Acrobat and Reader and which, if exploited successfully, could lead to arbitrary code execution in the context of the current user. A majority of critical-rated vulnerabilities (i.e., 26) in Adobe Acrobat and Reader reside due to use-after-free, 6 due to out-of-bounds write, 4 are type confusion bugs, 4 due to untrusted pointer dereference, 3 are heap overflow bugs, one buffer overrun and one race condition issue. Ad

A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac's built-in terminal app. Tracked as CVE-2019-9535 , the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS) and conducted by cybersecurity firm Radically Open Security (ROS). "MOSS selected iTerm2 for a security audit because it processes untrusted data, and it is widely used, including by high-risk targets (like developers and system administrators)," Mozilla says. According to a blog post published today by Mozilla, the RCE flaw resides in the tmux integration feature of iTerm2, which, if exploited, could allow an attacker to execute arbitrary commands by providing malicious output to the terminal. As shown in the video demonstration, potential attack vectors for this vulnerability include connecting

After releasing a patch for a critical zero-day remote code execution vulnerability late last month, vBulletin has recently published a new security patch update that addresses 3 more high-severity vulnerabilities in its forum software. If left unpatched, the reported security vulnerabilities, which affect vBulletin 5.5.4 and prior versions, could eventually allow remote attackers to take complete control over targeted web servers and steal sensitive user information. Written in PHP, vBulletin is a widely used proprietary Internet forum software package that powers over 100,000 websites on the Internet, including Fortune 500 and Alexa Top 1 million companies websites and forums. Discovered by application security researcher Egidio Romano, the first vulnerability, tracked as CVE-2019-17132 , is a remote code execution flaw, while the other two are SQL injection issues, both assigned a single ID as CVE-2019-17271 . vBulletin RCE and SQLi Flaws The RCE flaw resides in the w

A picture is worth a thousand words, but a GIF is worth a thousand pictures. Today, the short looping clips, GIFs are everywhere—on your social media, on your message boards, on your chats, helping users perfectly express their emotions, making people laugh, and reliving a highlight. But what if an innocent-looking GIF greeting with Good morning, Happy Birthday, or Merry Christmas message hacks your smartphone? Well, not a theoretical idea anymore. WhatsApp has recently patched a critical security vulnerability in its app for Android, which remained unpatched for at least 3 months after being discovered, and if exploited, could have allowed remote hackers to compromise Android devices and potentially steal files and chat messages. WhatsApp Remote Code Execution Vulnerability The vulnerability, tracked as CVE-2019-11932 , is a double-free memory corruption bug that doesn't actually reside in the WhatsApp code itself, but in an open-source GIF image parsing library th

A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Exim maintainers today released an urgent security update— Exim version 4.92.3 —after publishing an early warning two days ago, giving system administrators an early head-up on its upcoming security patches that affect all versions of the email server software from 4.92 up to and including then-latest version 4.92.2. Exim is a widely used, open source mail transfer agent (MTA) developed for Unix-like operating systems like Linux, Mac OSX or Solaris, which runs almost 60 percent of the Internet's email servers today for routing, delivering and receiving email messages. This is the second time in this month when the Exim maintainers have released an urgent security update. Earlier this month, the team patched a critical remote code execution flaw (

An anonymous hacker today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability in vBulletin—one of the widely used internet forum software, The Hacker News has learned. One of the reasons why the vulnerability should be viewed as a severe issue is not just because it is remotely exploitable, but also doesn't require authentication. Written in PHP, vBulletin is a widely used proprietary Internet forum software package that powers more than 100,000 websites on the Internet, including Fortune 500 and Alexa Top 1 million companies websites and forums. According to details published on the Full Disclosure mailing list, the hacker claims to have found a remote code execution vulnerability that appears to affect vBulletin versions 5.0.0 till the latest 5.5.4. The Hacker News has independently verified that the flaw works, as described, and affects the latest version of vBulletin software, which even

Get your update caps on. Microsoft today released its monthly Patch Tuesday update for September 2019, patching a total of 79 security vulnerabilities in its software, of which 17 are rated critical, 61 as important, and one moderate in severity. Two of the security vulnerabilities patched by the tech giant this month are listed as "publicly known" at the time of release, one of which is an elevation of privilege vulnerability (CVE-2019-1235) in Windows Text Service Framework (TSF), more likely related to a 20-year-old flaw Google security researcher disclosed last month . Two other vulnerabilities patched this month are reported as being actively exploited in the wild by hackers, both are privilege elevation flaws—one resides in the Windows operating system and the other in Windows Common Log File System Driver. Besides these, Microsoft has released patches for four critical RCE vulnerabilities in Windows built-in Remote Desktop Client application that could enabl

Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project's maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers. Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its build infrastructure—that surprisingly persisted into various releases of Webmin (1.882 through 1.921) and eventually remained hidden for over a year. With over 3 million downloads per year, Webmin is one of the world's most popular open-source web-based applications for managing Unix-based systems, such as Linux, FreeBSD, or OpenBSD servers. Webmin offers a simple user interface (UI) to manage users and groups, databases, BIND, Apache, Postfix, Sendmail, QMail, backups, firewalls, monitoring and alerts, and much more. The story started when Turkish researcher Özkan Mustafa Akkuş publicly presented a zero-day remote code execution vul

A German security researcher has publicly disclosed details of a serious vulnerability in one of the most popular FTP server applications, which is currently being used by more than one million servers worldwide. The vulnerable software in question is ProFTPD , an open source FTP server used by a large number of popular businesses and websites including SourceForge, Samba and Slackware, and comes pre-installed with many Linux and Unix distributions, like Debian. Discovered by Tobias Mädel , the vulnerability resides in the mod_copy module of the ProFTPD application, a component that allows users to copy files/directories from one place to another on a server without having to transfer the data to the client and back. According to Mädel, an incorrect access control issue in the mod_copy module could be exploited by an authenticated user to unauthorizedly copy any file on a specific location of the vulnerable FTP server where the user is otherwise not allowed to write a file.

The same security vulnerabilities that were recently reported in Zoom for macOS also affect two other popular video conferencing software that under the hood, are just a rebranded version of Zoom video conferencing software. Security researchers confirmed The Hacker News that RingCentral, used by over 350,000 businesses, and Zhumu, a Chinese version of Zoom, also runs a hidden local web server on users' computers, just like Zoom for macOS. The controversial local web server that has been designed to offer an automatic click-to-join feature was found vulnerable to remote command injection attacks through 3rd-party websites. Security researcher Jonathan Leitschuh initially provided a proof-of-concept demonstrating how the vulnerable web server  could eventually allow attackers to turn on users laptop's webcam and microphone remotely. The flaw was later escalated to remote code execution attack by another security researcher, Karan Lyons , who has now published a new v

The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet. As suspected, it turns out that the core issue—a locally installed web server by the software—was not just allowing any website to turn on your device webcam, but also could allow hackers to take complete control over your Apple's Mac computer remotely. Reportedly, the cloud-based Zoom meeting platform for macOS has also been found vulnerable to another severe flaw (CVE-2019-13567) that could allow remote attackers to execute arbitrary code on a targeted system just by convincing users into visiting an innocent looking web-page. As explained in our previous report by Swati Khandelwal, the Zoom conferencing app contained a critical vulnerability ( CVE-2019-13450 ) that resides in the way its click-to-join feature is implemented, which automatically turns on users' webcam when they visit an in

Microsoft today released its monthly batch of software security updates for the July month to patch a total of 77 vulnerabilities, 14 are rated Critical, 62 are Important, and 1 is rated Moderate in severity. The July 2019 security updates include patches for various supported versions of Windows operating systems and other Microsoft products, including Internet Explorer, Edge, Office, Azure DevOps, Open Source Software, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Exchange Server. Details of 6 security vulnerabilities, all rated important, were made public before a patch was released, none of which were found being exploited in the wild. However, two new privilege escalation vulnerabilities, one affects all supported versions of the Windows operating system, and the other affects Windows 7 and Server 2008, have been reported as being actively exploited in the wild. Both actively exploited vulnerabilities lead to elevation of privilege, one (CVE-2019-1132)

Okay, folks, it's time to update your Firefox web browser once again—yes, for the second time this week. After patching a critical actively-exploited vulnerability in Firefox 67.0.3 earlier this week, Mozilla is now warning millions of its users about a second zero-day vulnerability that attackers have been found exploiting in the wild. The newly patched issue ( CVE-2019-11708 ) is a "sandbox escape" vulnerability, which if chained together with the previously patched "type confusion" bug ( CVE-2019-11707 ), allows a remote attacker to execute arbitrary code on victims' computers just by convincing them into visiting a malicious website. Browser sandboxing is a security mechanism that keeps third-party processes isolated and confined to the browser, preventing them from damaging other sensitive parts of a computer's operating system. "Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent proc

Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server. According to Oracle, the vulnerability—which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10—is already being exploited in the wild by an unnamed group of attackers. Oracle WebLogic is a Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services on the cloud, which is popular across both, cloud environment and conventional environments. The reported vulnerability is a deserialization issue via XMLDecoder in Oracle WebLogic Server Web Services that could allow unauthorized remote attackers to execute arbitrary code on the targeted servers and take control over them. "This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password," the advisor

Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers. Discovered by security researchers at CheckPoint , the vulnerabilities reside in the administrative panel of Ministra TV platform, which if exploited, could allow attackers to bypass authentication and extract subscribers' database, including their financial details. Besides this, the flaws could also allow attackers to replace broadcast and steam any content of their choice on the TV screens of all affected customer networks. Ministra TV platform, previously known as Stalker Portal, is a software written in PHP that works as a middleware platform for media streaming services for managing Internet Protocol television (IPTV), video-on-demand (VOD) and over-the-top (OTT) content, licenses and their subscribers. Deve