Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Acunetix vulnerability. Show all posts
Password Security
Acunetix vulnerability administrative privileges Cyber Security device takeover risk IoT device vulnerability Network Security Password Security

Critical Security Flaw in SEIKO EPSON Devices Allows Unauthorized Access

 

A recent security vulnerability identified as CVE-2024-47295 poses a serious risk for several SEIKO EPSON devices, potentially granting attackers administrative control. This vulnerability stems from a weak initial password setup within SEIKO EPSON’s Web Config software, which manages network device settings for products like printers and scanners.

Web Config, a tool for configuring SEIKO EPSON devices via web browsers, lacks an administrative password on affected models when first connected to a network without prior configuration. This absence of a password allows any network user to establish a new password, gaining full access to the device.

The vulnerability report notes, “If the administrator password on the affected device is left blank, anyone accessing it through Web Config can set a new password.” An attacker with administrative rights could manipulate device settings, interrupt operations, or use the device to infiltrate broader network systems.

Currently, there is no available patch to fix this vulnerability. SEIKO EPSON urges users to set an administrative password immediately upon installation and network connection. The company’s Security Guidebook stresses this step in section 3, advising users to configure Web Config settings and secure the device with a strong password to block unauthorized access and mitigate the risk of this exploit.

SEIKO EPSON also advises caution with all networked devices. Unsecured IoT devices are frequently targeted by cybercriminals, and the CVE-2024-47295 vulnerability has received a CVSS score of 8.1, highlighting its high-risk level. Best practices to reduce risk include:

  • Using Strong, Unique Passwords: Set complex passwords during initial setup and avoid defaults.
  • Restricting Network Access: Limit access to trusted users and networks only.
  • Monitoring Device and Network Activity: Regularly review configurations and monitor network traffic for unusual activity.
With these steps, users can enhance device security and safeguard against potential threats.
Read more »
WordPress
Acunetix vulnerability Cyber Attacks Cyber flaws FBI Iranian hackers Ransomware Threat SQL VPNS WordPress

FBI Issued a Warning to U.S Firms Concerning Iranian Hackers

 

The FBI issues a warning concerning Iranian hackers, posing as radical right organization Proud Boys during the 2020 presidential election, have now broadened operations, launching cyberattacks against a variety of industry divisions and spreading propaganda hostile to Saudi Arabia. 

"Over time, as Iranian operators have evolved both the strategic priorities and tradecraft, the hackers have matured into more proficient malicious attackers being capable of performing a whole spectrum of operations," read a Microsoft report.

Ransomware works by encrypting a device's data and making it inaccessible until the hacker receives a ransom payment. 

In a recent alert, the FBI stated, in addition to its election-related operation, the Emennet malicious attacker has been engaged in "conventional cyber exploitation activity," targeting industries such as news, transportation, tourism, oil and petrochemicals, telecoms, and financial services. It has been using VPNs to launch attacks on websites operated by certain software applications, such as WordPress, which cybercriminals can exploit to launch hacks in countries other than the United States, Europe, and the Middle East. 

The hackers employed multiple free source and commercial tools in activities, including SQLmap, Acunetix, DefenseCode, Wappalyzer, Dnsdumpster, Netsparker, wpscan, and Shodan, to mask location. The threat actor picked possible victims during the discovery phase of the hacking operations by browsing the web for prominent corporations representing various sectors. For initial access, the hackers would try to locate flaws in the program. 

"In certain cases, the goal may have been to target a large assortment of networks/websites inside a specific sector rather than a specific target company. Emennet would also attempt to discover hosting/shared hosting services in other scenarios," according to the FBI. 

Users must keep personal anti-virus and anti-malware products up to date, patch obsolete software, and make use of reliable web hosting companies, according to the authorities. In any case, Iran's state-sponsored hacker organizations aren't the only ones who have exploited the BIG-IP flaw.
Read more »
Vulnerability
Acunetix vulnerability Buffer Overflow Featured Vulnerability

Buffer Overflow vulnerability in Acunetix scanner allows to hack the noobs who attack your website

Danor Cohen, a Security researcher who recently discovered the 'WinRAR file spoofing vulnerability', has discovered one more zero day vulnerability.  This time it is Buffer Overflow vulnerability in one of the popular web application vulnerability scanner 'Acunetix'.

There is a feature in Acunetix that allows to scan the additional domains or subdomains detected during the scan.

"It learns about the external related domains from the external sources that appear at the scanned website, for example: "<a href=http://externalSource.com/ ></a>"

Danor found that if the 'external' source url's length is larger than 268Bytes, the Acunetix vulnerability scanner will get crashed.

For Ex:
 <A href= “http://AAAAAAAAAAAAAAAAAAAAAAAAAA...........AAAAA”>

Researcher managed to exploit this vulnerability and successfully launched an executable file(calc.exe). By modifiying the code, one can infect the computers of newbies with a malware who attempt to scan their websites.

More technical details are available at his blog post.

Here is Proof of concept video:


*Update*:
Acunetix says this vulnerability affects only the illegitimate(cracked) copies of Acunetix WVS.

"The blogger seems to have managed to pull his exploit by using a cracked version of v8. The cracked version, probably required the replacement of the official executable with a vulnerable one." Acunetix says.

"Once again we want to re-assure all users of legitimate installations of Acunetix WVS that they are in no danger, and are not affected by this at all"
Read more »
Subscribe to: Posts (Atom)