Category Archives: Vulnerabilities
Barracuda urges customers to replace Email Security Gateway
In a recent development, enterprise security company Barracuda has issued a warning to its customers regarding the use of email security gateway (ESG) appliances affected by a newly disclosed zero-day exploit. The company strongly advises customers to replace these appliances immediately to mitigate potential security risks. This article explores the vulnerability, the recommended course of action, and the implications of the exploit.
Introduction
The security landscape is constantly evolving, with new threats emerging every day. In light of this, it is crucial for organizations to stay vigilant and take necessary measures to protect their systems and data. Barracuda, a leading enterprise security company, has identified a zero-day exploit affecting its email security gateway (ESG) appliances. This exploit has been actively exploited since October 2022, making it imperative for Barracuda customers to take immediate action. In this article, we will delve into the details of the vulnerability, the remediation measures recommended … Read the rest
Zero-day vulnerability in the MOVEit file transfer application
Learn about the zero-day vulnerability in the MOVEit file transfer application and how it can potentially compromise data security.
Introduction
In the digital age, file transfer applications play a vital role in securely exchanging information. However, vulnerabilities can emerge, posing significant risks to data security. One such concern is the zero-day vulnerability in the MOVEit file transfer application. This article aims to shed light on this vulnerability, its implications, and preventive measures that can be taken to safeguard sensitive information.
Zero-day Vulnerability in the MOVEit File Transfer Application
The MOVEit file transfer application, widely used for its reliable and secure data transfer capabilities, recently came under scrutiny due to a zero-day vulnerability. This vulnerability refers to a flaw that cyber attackers exploit before developers become aware of it. It leaves systems exposed to potential attacks until a patch or fix is released.
The zero-day vulnerability in the MOVEit file transfer … Read the rest
Critical Jetpack Plugin Flaw Addressed in Urgent WordPress Update for Millions of Sites
Protect your website now! Urgent WordPress Update resolves critical Jetpack Plugin flaw, effecting millions of sites worldwide. Stay safe online!
Introduction
In the world of web development, WordPress has been the go-to platform for millions of websites. Its extensive range of plugins provides added functionality and features to enhance the user experience. However, recently a critical flaw was discovered in the Jetpack plugin, which put millions of sites at risk. In response, an urgent WordPress update was released to fix this vulnerability and ensure the security of these websites. In this article, we will delve into the details of this critical flaw, the impact it had on the sites, and how the WordPress update resolves the issue.
What is Jetpack Plugin and its Importance?
Before we dive into the critical flaw, let’s understand what the Jetpack plugin is and why it is widely used. Jetpack is a powerful WordPress plugin … Read the rest
Vulnerability With Arris Routers
Security researcher Yerodin Richards has found an authenticated remote code execution vulnerability in Arris routers. ISPs typically provide these routers in loan for customers’ telephony and internet access. In a bizarre twist, he used the verification against itself to demonstrate the vulnerability.
Affected devices
The Arris router exploit allows a hacker to remotely access the device, says Richards. The bug is found in older TG2482A, TG2492, and SBG10 models, which can be commonly found in the Caribbean and Latin America. Richards says Arris told him it no longer supports the devices.
The vulnerability
The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. CVE-2022-45701 is a newly discovered issue. When testing for shell script command injection, the researcher found that $ is accepted by the web application. That was promising, but when paired into $( , it was neutralized. This implies that the developer was intentionally … Read the rest
Is Your Microsoft Exchange Server Vulnerable to ProxyNotShell Flaw?
According to the non-profit Shadowserver Foundation, there are approximately 60,000 IP addresses with internet-facing Microsoft Exchange Server instances still vulnerable to CVE-2022-41082.
This might look like a standard Exchange Server bug, but it’s actually a lot worse. It’s really two flaws in one. The first flaw is a server-side request forgery in the Exchange API. The second is a remote code execution bug. We call this bug ProxyNotShell because it’s reminiscent of the ProxyShell bugs that plagued Microsoft servers earlier this year.
Microsoft did not patch this vulnerability until its November Patch Tuesday release. It was a long wait, but Microsoft said it was necessary to protect customers. You should still take action, though — follow Microsoft’s instructions for the Autodiscover endpoint to mitigate the vulnerability until it can be patched.
However, CrowdStrike published a blog post last month revealing a new exploit chain called “OWASSRF” that can bypass Microsoft’s … Read the rest
Workaround For One-Click 0Day Vulnerability Follina
Microsoft announced its workaround for a zero-day vulnerability that has already been used by hackers. A threat actor already has exploited the vulnerability to target organizations in Russia and Tibet, researchers said. This vulnerability was identified back in April and is dubbed ‘Follina’.
Microsoft’s own tool reported a flaw in the way it handled remote control of its products. The remote-control execution (RCE) flaw, tracked as CVE-2022-3019, is associated with the Microsoft Support Diagnostic Tool (MSDT), which, ironically, itself collects information about bugs in the company’s products and reports to Microsoft Support.
If hackers get into your system, they can install programs, view, change, or delete your data, or create new accounts.
… Read the rest“A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word,” Microsoft explained in its guidance on the Microsoft Security Response Center. “An attacker who successfully exploits
Synology And QNAP Critical Netatalk Vulnerability
Synology and QNAP has warned its customers that it has found serious vulnerabilities in its NAS devices. The flaws, which exist in its network-attached storage (NAS) appliances, could allow attackers to gain remote access to vulnerable systems, modify data or execute malicious code.
QNAP, urged its users to disable their NAS devices’ AFP file service protocol. The company warned that the protocol was vulnerable to security flaws and advised customers to wait until it fixed the problem.
During the Pwn2Own contest, The NCC Group’s EDG team exploited a remote code execution security flaw in Western Digital’s PR4100 NAS. This vulnerability was rated at 9.8/10 severity by the Common Vulnerability Scoring System and is tracked as CVE-2022-23121.
Synology identified and reported three other vulnerabilities (i.e., CVE-2022-23125, CVE-2022-23122, CVE-2022-0194) that are rated the same.
QNAP declared that Netatalk vulnerabilities affect multiple QTS and QuTS hero operating systems as well … Read the rest
Vulnerability in Spring Java framework called Spring4Shell
Spring4Shell CVE-2022-22965, a critical vulnerability has been found in Spring, an open source programming framework for the Java platform. It could allow hackers to take control of your system. Details about the vulnerability were leaked to the public before the patch was released. Fortunately, only a small number of users have been affected.
The VMware developers who created the Spring Framework released patches to fix vulnerable applications, so we recommend that all companies using Spring Framework versions 5.3 and 5.2 immediately upgrade to versions 5.3.18 or 5.2.20.
Why is Spring4Shell vulnerability dangerous?
The vulnerability is serious. An attacker can remotely execute malicious code on your site. The vulnerability is in the RCE class, which means that an attacker can exploit it to do whatever he wants, such as steal credit card numbers or install malware. The vulnerability specifically affects Spring MVC and Spring WebFlux applications running under Java Development Kit … Read the rest
OpenSSL Infinite Loop Vulnerability
The US National Security Agency (NSA) officials have recently discovered a vulnerability in the OpenSSL cryptographic library. This vulnerability can be used to conduct denial-of-service attacks and can be easily weaponized by its potential attackers.
OpenSSL is a popular cryptography library used to encrypt data and verify digital signatures. The bug affects the BN_mod_sqrt() function, which is used to calculate the modular square root and parses certificates that use elliptic curve public key encryption. This vulnerability has been given the identifier CVE-2022-0778.
If an attacker submits a certificate with broken curve parameters, the program will go into an infinite loop and crash. This will cause denial of service.
… Read the rest“Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack,” OpenSSL said in a March 15 security advisory. “The infinite loop
APC Smart UPS Zero Day Vulnerability
Three critical Zero Day vulnerabilities have been uncovered in popular uninterruptible power supply APC-SMART UPS devices. They could be exploited and used to bring down infrastructure and even cause physical harm. A malicious actor could exploit these flaws and cause severe service disruptions, data loss, and even lead to a potential injury.
Researchers from Armis Labs recently found a flaw in APC Smart-UPS, which could be catastrophic for millions of businesses around the world. A subsidiary of Schneider Electric, APC is one of the leading suppliers of UPS devices worldwide. These devices are essential for companies that require high availability, such as hospitals. The flaw has been dubbed TLStorm and is a result of an unprotected remote management interface.
Cybersecurity researchers are warning businesses to prepare for digital disasters. There’s a high risk of cyber and physical damage if the vulnerabilities are exploited, according to a report published online on … Read the rest