Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Security Advisory. Show all posts
zero Day vulnerability
File Transfer Tool Security Advisory SQL Unpatched Flaws Vulnerabilities and Exploits zero Day vulnerability

Progress Software Advises MOVEit Customers to Patch Third Severe Vulnerability

 

Customers of MOVEit are being urged by Progress Software to update their software in less than a month to address a third severe vulnerability. 

According to the most recent vulnerability, identified as CVE-2023-35708, an unauthenticated attacker may be able acquire escalated privileges and gain entry to the MOVEit Transfer database through a SQL injection bug.

In a warning, Progress states that, “an attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content.”

Versions of MOVEit Transfer prior to 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3) are affected by the vulnerability.

On June 15, proof-of-concept (PoC) code aimed at exploiting the flaw was made available. Progress quickly responded, noting that the flaw was made public "in a way that did not follow normal industry standards." 

After a zero-day vulnerability was discovered on May 31 and a second severe bug was patched a week later, Progress has now fixed three critical SQL injection flaws in its MOVEit products in around three weeks. CVE-2023-35708 is the most recent of these. 

Security experts discovered evidence indicating that exploitation may have begun two years prior to the initial flaw, CVE-2023-34362, which only began to be widely exploited in late May.

Attacks on the MOVEit zero-day have affected more than 100 organisations. The Cl0p ransomware gang is responsible for the most recent campaign, and it has begun naming some of the victims in public.

The British Broadcasting Corporation, British Airways, Aer Lingus, the Nova Scotia government, the U.S. Department of Energy, the Louisiana Office of Motor Vehicles, the Oregon Department of Transportation, the University of Rochester, the Illinois Department of Innovation & Technology (DoIT), and the Minnesota Department of Education (MDE) are just a few of the organisations that have been identified as victims to date. 

Austria, France, Germany, Luxembourg, the Netherlands, Switzerland, the United Kingdom, and the United States all have victims. Malwarebytes adds that the majority of the victims are in the US. 

On June 9, CVE-2023-35036, the second vulnerability, was made public; however, it does not seem to have been used in the wild. Even though Progress claims to be unaware of any exploits for CVE-2023-35708, it advises users to install the most recent updates as soon as feasible.

“All MOVEit Transfer customers must take action and apply the patch to address the June 15th CVE-2023-35708 vulnerability discovered in MOVEit Transfer,” the company added. 

Customers should stop HTTP and HTTPS traffic, limiting access to localhost only, apply the updates that are available (the June 15th patch also fixes the prior vulnerabilities), and then re-enable HTTP and HTTPS traffic to prevent unauthorised access to the MOVEit Transfer environment. 

To fix the issues, Progress has published both DLL drop-in fixes and entire MOVEit Transfer installers. The company's advisory provides more details on how to apply the updates.
Read more »
Vulnerabilities and Exploits
Arbitrary Files Security Advisory Security Patch Vulnerabilities and Exploits

SonicWall Patches Critical Flaw in SMA 100 Products

 

SonicWall has released a security advisory to warn users regarding a critical flaw impacting some of its Secure Mobile Access (SMA) 100 appliances. The vulnerability spotted as CVE-2021-20034 could potentially allow a remote unauthenticated hacker to delete arbitrary files from the targeted appliance and secure administrator access to the device.

"The vulnerability is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as 'nobody'. There is no evidence that this vulnerability is being exploited in the wild,” researchers explained. 

The critical flaw has received a score of 9.1 out of 10 on the CVSS scale of severity. The products that are affected are SMA 100, 200, 210, 400, 410, and 500v; As there are no temporary mitigations, SonicWall recommends impacted users execute applicable patches as soon as possible. 

Since the start of 2021, SonicWall SMA 100 series appliances have been targeted multiple times by ransomware gangs, with the end goal of moving laterally into the firm’s network.

Earlier, a threat group Mandiant tracked as UNC2447 exploited the CVE-2021-20016 zero-day bug in SonicWall SMA 100 Series VPN appliances to set up a new ransomware strain known as FiveHands. Their attacks targeted multiple North American and European organizations before SonicWall released patches in late February 2021. A similar zero-day flaw was also abused in January in attacks targeting SonicWall's internal systems and later instinctively exploited in the wild. 

Earlier this year in July, SonicWall issued a warning for an increased threat of ransomware attacks targeting unpatched end-of-life (EoL) SMA 100 series and Secure Remote Access (SRA) devices. Security researchers at CrowdStrike and CISA added to SonicWall's warning saying that the ransomware campaign was ongoing.

The latest updates for SMA 100 series products also address two medium-severity flaws, including one that can direct to privilege escalation to root, and one that can be abused for authenticated arbitrary code injection and DoS attacks. 

SonicWall recently revealed that its products are used by more than half a million customers in over 215 countries and territories worldwide. Many of them are deployed on the networks of the world's largest organizations, businesses, and government agencies.
Read more »
Security Advisory
ATM Hacking ATM hacks Bank Canara Canara bank Cyber Fraud Security Advisory

Canara bank issues advisory for ATM users after fraud bid



Over the last few days, a video of a cautious user who spotted a device to read debit card data at a Canara Bank ATM in New Delhi is being circulated widely. The video was shared by a Twitter user @rose_k01. Canara Bank was quick to address the issue, as it responded by ensuring there was no breach of sensitive user data. "It has come to our notice that a video is being circulated on an attempted fraud on one of our ATMs by installing a skimming device. This attempt, which was made in one of our ATMs in Delhi, was found out immediately and the devices were removed expeditiously. Thus no data compromise has happened. We have closed down this particular ATM pending completion of police investigation," Canara Bank said in a tweet.

“We, at Canara Bank take strict measures to safeguard our customers. We immediately located and removed the skimmer from Gowtami Nagar, Delhi ATM," the public sector bank added. The bank further informed through the same tweet that no data has been compromised.

Canara Bank said it has already taken some proactive, preventive and customer friendly measures to protect the interest of customers, so as to prevent loss of their precious money, the bank said further in the tweet.

1) Canara mServe Mobile app: Using the app, customers can switch off their credit or debit cards when not in use thereby preventing any unauthorise use.

2)The bank is installing anti-skimming and terminal security solutions in all the ATMs across the country.

3) For withdrawal of more than ₹10,000 from our ATMs by any of our customers, an OTP facility as additional security feature has been introduced thereby preventing unauthorized use.

4)Bank is flashing Do's/Don'ts to all customers through social media and SMS.

5) Fraudulent transactions due to third-party breaches where neither the customer nor bank is at fault, there cannot be any liability to the customer under the norms on limiting customer liability in unauthorised transactions, in case the incident is reported within three days. Thus the customer is totally protected from any monetary loss.
Read more »
Zero Day exploit
Flash Exploits Security Advisory Vulnerability Zero Day exploit

Update your Adobe flash player to stay safe


Few days after Microsoft published a security advisory about a new critical security bug in IE that is being used in limited and targeted attacks, Adobe has issued an emergency security update to fix a critical vulnerability(CVE-2014-0515) in flash player.

Please note that it is completely unrelated to IE Exploit in which bug was in IE and the flash file(.swf) used for making the attack successful.  But, in this case, the bug exists in the flash player plugin. 

So, people who use vulnerable version of Adobe Flash player likely to be vulnerable to this attack.

If you are using windows or Mac, make sure you have the latest flash player version 13.0.0.206.  If you are using Linux, make sure to update to the latest version 11.2.202.356.

This new zero-day flash exploit was spotted as being used in Watering-hole attacks by researchers at Kaspersky Labs in early April.

According to SecureList, this flash exploit spread from a Syrian Justice Ministry website(jpic.gov.sy).  Researchers believe the attack was designed to compromise the computers of Syrian dissidents complaining about the government.
Read more »
Vulnerability
Joomla vulnerability Security Advisory SQL Injection Vulnerability Vulnerability

Joomla 3.2.2 is vulnerable to SQL Injection and XSS


If your website is running Joomla 3.2.2, you should upgrade your CMS to the latest version.

A new version of Joomla v3.2.3 has been released to address more than 40 bugs and four security vulnerabilities.

One of the patched security flaws is SQL Injection, caused by Inadequate escaping, rated as High severity bug.  It affects versions 3.1.0 through 3.2.2.

Other two security bugs are Cross site scripting vulnerabilities, which have been rated as Medium severity bugs. 

The last one allows unauthorized logins via GMail authentication, caused by inadequate checking. It affects versions 2.5.8 and earlier 2.5.x and 3.2.2 and earlier 3.x.

It doesn't matter whether you do care about the 40 bugs but you always should consider the security fixes.  So, better update your cms immediately before attackers informing you by hacking your site.
Read more »
zero Day vulnerability
Featured IT Security News Security Advisory Windows zero Day vulnerability

CVE-2013-5065: Windows XP Kernel Privilege escalation vulnerability exploited in the wild


Microsoft has issued a warning about new zero-day vulnerability affecting the Windows XP and 2003 Server operating systems.

The bug referred with CVE id "CVE-2013-5065" is a local privilege escalation vulnerability, is reportedly being exploited in the wild.

A successful exploitation allows attackers to run the arbitrary code in Kernel mode(User mode --> kernel mode).  It will get access to install software, modify data or creating accounts with admin privilege.

However, the vulnerability is not exploitable by a remote attacker.

"It does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003." Microsoft security advisory reads.

Though the Microsoft is issued a workarounds for this vulnerability, it is better to switch to the latest version of Windows (7 or 8), as we aware that Microsoft is going to stop supporting Windows xp by April 2014. 
Read more »
Vulnerability
hacker news Remote Code Execution Security Advisory Security News Vulnerability

OpenSSH fixes a critical code execution vulnerability

 

OpenSSH , a tool that provides encrypted communication sessions over a computer network using the SSH protocol, has patched a critical code execution vulnerability.

"A memory corruption vulnerability exists in the post- authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during kex exchange." The security advisory reads.

"If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations."

The vulnerability was identified by an OpenSSH developer Mark Friedl on November 7th.  The fix has immediately been issued.

The flaw is fixed in OpenSSH 6.4 version.  There is security patch available for those users who prefer to continue use OpenSSH 6.2 or 6.3.
Read more »
Security News
Breaking News hacker news IT Security News Security Advisory Security News

WordPress 3.7 released for lazy admins, automatic security update


Wordpress finally come with an idea to put an end to security risks of failing to update the CMS.  Yes, you heard it correctly, they have added a new feature "Automatic update".

The new version 3.7 has no special security bug fixes but they have enabled a good feature that will prevent your CMS being hacked because of outdated versions.

Besides the "Updates while you sleep" feature, they have also added a feature to estimate the strength of your password and "support for automatically installing the right language files and keeping them up to date".

This is quite impressive move from Wordpress.  At least, from now onwards, the lazy admins no need to care about updating the wordpress whenever there is security release, it will be automatically done.

It's just come to mind how many of the lazy admins are going to update to the latest version 3.7!
Read more »
Subscribe to: Posts (Atom)