#remote-code-execution

#remote-code-execution

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Quinton Crist, Guy Lederfein, and Lucas Miller of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Microsoft Network File Service (NFS).This bug was originally discovered by Wei in Kunlun Lab with Cyber KunLun.

Multiple criminals, including at least one nation-state group, broke into a US federal government agency's Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution.The snafu happened between November 2022 and early January, according to a joint alert from the FBI, CISA, and America's Multi-State Information Sharing and Analysis Center (MS-ISAC) this week.

Industrial and IoT cybersecurity firm Claroty on Thursday disclosed the details of five vulnerabilities that can be chained in an exploit potentially allowing threat actors to hack certain Netgear routers.The vulnerabilities were first presented at the 2022 Pwn2Own Toronto hacking competition, where white hat hackers earned a total of nearly $1 million for exploits targeting smartphones, printers, NAS devices, smart speakers and routers.

in brief You may have heard news this week that Google is finally updating its authenticator app to add Google account synchronization.Before you rush to ensure your two-factor secrets are safe in the event you lose your device, take heed: The sync process isn't end-to-end encrypted.The lack of synchronization encryption was pointed out in a tweet by two-man developer and security research team Mysk, which said it found the problem by analyzing network traffic during the secret-syncing process.

in brief We'd say you'll never guess which telco admitted to a security breakdown last week, but you totally will: T-Mobile US, and for the second time (so far) this year.For those counting, this also makes the seventh incident in five years at the cellular provider - though this one is small compared to the 37 million subscribers whose data leaked in January.

A subgroup of the Chinese state-sponsored threat actor known as APT41 has been observed using a new denial-of-service (DoS) technique to disable security software, cybersecurity firm Trend Micro reports.Tracked as Earth Longzhi, the APT41 subgroup is known for the targeting of organizations in the Philippines, Taiwan, and Thailand.

A Cl0p ransomware operator affiliated with the FIN11 and TA505 threat actors has been exploiting recently patched PaperCut vulnerabilities since April 13, Microsoft says.Impacting the PaperCut MF/NG print management system and tracked as CVE-2023-27350 (CVSS score of 9.8), the issue can be exploited to bypass authentication and achieve remote code execution (RCE) with System privileges.

Fortinet released 40 security advisories last week to inform customers about the availability of patches for dozens of vulnerabilities, including critical flaws affecting the FortiNAC and FortiWeb products.Two of the advisories have a 'critical' severity rating and 15 of them have been classified as having 'high' severity.

Advanced persistent threat (APT) actors and financially motivated cybercriminals have been spotted exploiting an old Telerik vulnerability as part of an attack that impacted a US government agency, according to a joint alert released on Wednesday by CISA, the FBI, and MS-ISAC.An investigation revealed that a Microsoft Internet Information Services (IIS) web server belonging to a federal civilian executive branch (FCEB) agency hosted a vulnerable instance of the Telerik UI for ASP.NET AJAX application development library.

freshidea - stock.adobe.comBy
Microsoft has issued fixes for a total of 75 newly discovered common vulnerabilities and exposures (CVEs) in its February 2023 Patch Tuesday update, including three zero-day vulnerabilities that, while they have not previously been made public, should be prioritised for patching.

Fortinet says it saw an average of 500 million total malware detections per month in 2022, with Microsoft Windows executables as the primary vehicle
MANILA, Philippines - Cybersecurity firm Fortinet, the world's third largest cybersecurity vendor in terms of market share in Q3 2022, revealed in an annual report published in January that attackers focused the most on vulnerabilities related to remote code execution.

Application vulnerability detection firm Wallarm Detect warns of ongoing exploitation of a critical flaw in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V).Tracked as CVE-2021-39144 (CVSS score of 9.8), the issue was disclosed in October 2022, when VMware announced patches for it, although the affected product had reached end-of-life (EOL) status in January 2022.

Google this week announced patches for more than 50 vulnerabilities as part of the March 2023 security updates for the Android platform.The most severe of these are two remote code execution (RCE) flaws in the System component, both of which were addressed as part of the 2023-03-01 security patch level.

Palo Alto Networks warns of an increase in cyberattacks targeting CVE-2021-35394, a remote code execution (RCE) vulnerability in the Realtek Jungle SDK.Disclosed in August 2021, the vulnerability impacts hundreds of device types that rely on Realtek's RTL8xxx chips, including routers, residential gateways, IP cameras, and Wi-Fi repeaters from 66 different manufacturers, including Asus, Belkin, D-Link, Huawei, LG, Logitech, Netgear, ZTE and Zyxel.

VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software.There are no reports (yet) of nation-state thugs or cybercriminals finding and exploiting these bugs, according to VMware.However, it's a good idea to patch sooner than later to avoid being patient zero.

Google has awarded a total of more than $25,000 to the researchers who reported the vulnerabilities patched with the release of a Chrome 109 update.The company informed users on Tuesday that six security holes have been patched in Chrome, including four reported by external researchers.Two of them are high-severity use-after-free issues affecting the WebTransport and WebRTC components.

Security teams face a busy few days after Microsoft's first monthly Patch Tuesday drop of 2023, which contains fixes for 98 distinct vulnerabilities, 11 of them rated as critical, and one zero-day under active exploitation in the wild, which was uncovered by researchers at Avast.Tracked as CVE-2023-21674, the zero-day is an elevation of privilege (EoP) flaw in Windows Advanced Local Procedure Call (ALPC), which, if successfully exploited, would allow an attacker to gain system privileges.

Researchers recently discovered a Windows code-execution vulnerability that has the potential to rival EternalBlue, the name of a different Windows security flaw used to detonate WannaCry, the ransomware that shut down computer networks across the world in 2017.Just like EternalBlue, CVE-2022-37598, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required.

Microsoft has rounded off 2022 with a typically light Patch Tuesday for December, with a total of 52 patches addressing six critical vulnerabilities and two zero-days of lesser severity.The two zero-day bugs are tracked as CVE-2022-44698, a security feature bypass vulnerability in Windows SmartScreen, which carries a CVSS score of 5.4 and is rated of moderate severity; and CVE-2022-44710, an elevation of privilege (EoP) vulnerability in the DirectX Graphics Kernel, which carries a CVSS score of 7.8 and is rated of important severity.

Microsoft has released fixes for six actively exploited zero-day vulnerabilities in its November Patch Tuesday drop, one of them publicly disclosed and three of them carrying critical Common Vulnerability Scoring System (CVSS) ratings.These zero-days are among a total of 69 different vulnerabilities - 11 critical - that were patched in a slightly lighter than usual update, but one that may prove highly impactful for security teams due to the time of year.

Patch Tuesday November's Patch Tuesday also falls on election day in the US, so let's hope that democracy fares better than Microsoft, which reported six of today's bugs are already being exploited in the wild by miscreants.Another 22 vulnerabilities in the Windows giant's products have been labeled "more likely to be exploited" than not.