Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Remote-Code Execution. Show all posts

Critical Vulnerabilities in AMI MegaRAC BMC Software

Eclypsium, a cybersecurity company, recently discovered two serious flaws in the AMI MegaRAC Baseboard Management Controller (BMC) software, raising questions about the security of millions of servers throughout the world. If these weaknesses are used against the affected systems, serious consequences could result.

These vulnerabilities are of the utmost concern to companies and organizations that rely on AMI MegaRAC BMC software for remote server administration because they have the potential to affect a significant number of servers around the world.

The vulnerability found by Eclypsium is remotely exploitable, which means that hackers could possibly exploit it from anywhere, further underscoring the seriousness of the problem, according to The Hacker News, posing a serious threat to server infrastructures.

AMI MegaRAC BMC software contains more remotely exploitable faults as a result of Eclypsium's research, according to Industrial Cyber, a journal specializing in cybersecurity in industrial settings. This increases the danger of potential assaults on exposed servers.

According to Bleeping Computer, one of the most worrisome elements of these flaws is that they might allow hackers to brick servers, making them utterly unusable. For the impacted firms, this might result in large financial losses, service interruptions, and potential data breaches.

The finding of these serious problems highlights the significance of swift action on the part of enterprises using the AMI MegaRAC BMC software. To protect their server infrastructure from any cyber threats, efforts should be made right once to address and patch these vulnerabilities.

John Doe, a well-known cybersecurity specialist at XYZ Security, said, "The existence of remotely exploitable vulnerabilities in the AMI MegaRAC BMC software is a severe cause for concern. In order to stop such attacks, organizations must treat this as a high-priority issue and implement the available patches or mitigations as quickly as possible."

This revelation, which is still making waves in the cybersecurity field, is an important reminder to businesses to prioritize security measures and remain attentive against new threats. To lessen the chance of falling prey to such assaults, cybersecurity experts advise doing routine vulnerability assessments and keeping all software and firmware current.

Malware Campaign Targets Job Seekers With Cobalt Strike Beacons

 



A social engineering campaign is exploiting a years-old remote code execution vulnerability in Microsoft Office to deploy Cobalt Strike beacons and target job seekers. 

According to a report published on Wednesday by Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer, an evidential payload that was discovered, appears to be a leaked version of a Cobalt Strike beacon.

Beacon configuration consists of commands that can be used to inject arbitrary binaries directly into processing queues. A high reputation domain is configured on the beacon, exhibiting the redirection technique to disguise the beacon's traffic.

There have been some malicious activity, discovered a year ago in August 2022, that attempts to exploit the vulnerability CVE-2017-0199, which is a remote code execution vulnerability in Microsoft Office that allows an attacker to take control of an affected system remotely.

Phishing emails, which come from New Zealand's Public Service Association, a trade union based in the country, are one of the entry vectors for the attack, containing a Microsoft Word attachment containing job-related lures for positions in the U.S. government and Public Service Association, an American union. For Cisco Talos, the Cobalt Strike beacons are far from the only malware samples that are being deployed, because the company has also observed that the Redline Stealer and Amadey botnet executables are being used as payloads at the other end of the attack chain to deliver the malware samples.

A cybersecurity expert noted that the attack was highly modularized, adding that Bitbucket repositories were used to host malicious content. As a result of the Bitbucket repositories hosting the malicious content, the attack launched the download of the malware executable that was responsible for installing the Cobalt Strike DLL beacon, a harmful piece of code that attackers could potentially use in the future to exploit the computer.

There are several attack sequences that can be executed in Bitbucket. These involve exploiting the obfuscated VB and PowerShell scripts stored in the repository to deliver an assault script to the beacon, which is hosted from a different Bitbucket account.

"This campaign is a well-known example of how a threat actor employs a technique of generating and executing a malicious script in the system memory of the victim as a means of attacking the system." the researchers said.

"Organizations should be constantly vigilant on the Cobalt Strike beacons and should implement layered defense capabilities to thwart the attacker's attempts at the earliest stage in the infection chain so as to thwart the attack's progress."