All articles tagged with #exploits
This weekly cybersecurity recap highlights active exploits and critical vulnerabilities in popular software like Apple, WinRAR, and .NET, along with emerging threats such as OAuth scams, sophisticated phishing campaigns, and state-sponsored cyber espionage, emphasizing the urgent need for timely security updates and vigilance.
Apple has increased its bug bounty reward to $2 million for the most dangerous exploits that could be used for spyware, with the potential total reward reaching $5 million including bonuses, as part of its ongoing efforts to improve security and combat the spyware industry.
A China-based hacking group, Storm-2603, is exploiting vulnerabilities in Microsoft SharePoint servers to deploy Warlock ransomware, affecting over 420 servers globally and targeting various U.S. government agencies and organizations, with Microsoft urging immediate security updates.
Google and Microsoft have identified Chinese-backed hacking groups exploiting a zero-day vulnerability in Microsoft SharePoint to steal data and plant malware, prompting urgent patching efforts worldwide, with multiple organizations already compromised.
Elon Musk's recent claim of setting a world record in Diablo IV by clearing a challenging dungeon in under two minutes is under scrutiny. Fans suspect Musk exploited a known bug that drastically increased health points, allowing for excessive damage output. This aligns with Musk's history of exploiting loopholes and obfuscating details, raising doubts about the legitimacy of his gaming achievement.
A high-severity directory traversal vulnerability in SolarWinds Serv-U file transfer software (CVE-2024-28995) is being actively exploited, allowing attackers to read sensitive files. The flaw affects all versions up to Serv-U 15.4.2 HF 1 and has been patched in version 15.4.2 HF 2. Users are urged to update immediately to mitigate potential threats, as public proof-of-concept exploits make it easy for attackers to leverage this vulnerability.
A three-year-old improper access control bug in Apache Flink, CVE-2020-17519, is being actively exploited, prompting the US government to add it to the Known Exploited Vulnerabilities Catalog. Federal agencies must patch or stop using the software by June 13, and all users should ensure they are updated and check for potential compromises. The flaw allows attackers to read any file on the JobManager's local filesystem via the REST interface, and its exploitation underscores the critical need for timely software updates.
The Raspberry Robin malware has evolved to include one-day exploits targeting vulnerabilities in Windows systems, indicating that the malware operator has access to exploit code or sources. The malware has also implemented new evasion techniques and distribution methods, including the use of Discord to drop malicious files onto targets. Check Point reports an increase in Raspberry Robin's operations, with large attack waves targeting systems worldwide. The malware now leverages exploits for CVE-2023-36802 and CVE-2023-29360 to elevate privileges on infected devices, and it has added new evasion mechanisms to evade security tools and OS defenses. The malware's operators are likely connected to a developer that provides exploit code, and Check Point provides indicators of compromise for identifying Raspberry Robin.
Multiple proof-of-concept exploits have been released for a critical Jenkins vulnerability, allowing unauthenticated attackers to read arbitrary files and execute arbitrary CLI commands. SonarSource researchers discovered two flaws, one enabling data access and the other allowing arbitrary command execution. Jenkins has released fixes for the flaws, but researchers have already reproduced attack scenarios and created working PoC exploits, with reports of hackers actively exploiting the vulnerabilities in the wild.
More than 600 IP addresses are launching thousands of exploit attempts against a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server, which can allow unauthenticated remote code execution (RCE) attacks. Despite Atlassian urging customers to update immediately, over 11,000 instances remain exposed on the internet, with more than 39,000 RCE attempts seen since January 19. Organizations with vulnerable instances are advised to assume a breach, patch, and take precautions, as this follows a string of critical flaws that have plagued the company in recent months.
Check Point Research conducted a comprehensive analysis of attack vectors on Microsoft Outlook, categorizing them into three groups: the "obvious" hyperlink attack vector, the "normal" attachment attack vector, and the "advanced" attack vector involving email reading and special objects. The research highlights the potential security risks introduced by each vector and provides recommendations for users and application developers to enhance security. The analysis emphasizes the importance of maintaining strong security measures and user vigilance when using Outlook to mitigate cyber threats.
Multiple ransomware groups are actively exploiting recently disclosed vulnerabilities in Atlassian Confluence and Apache ActiveMQ. The flaws allow threat actors to create unauthorized accounts and lead to a loss of confidentiality, integrity, and availability. Atlassian has updated its advisory, noting active exploits and increasing the severity of the flaw. The attacks involve mass exploitation of vulnerable Atlassian Confluence servers, originating from IP addresses in France, Hong Kong, and Russia. Additionally, a severe remote code execution flaw in Apache ActiveMQ is being weaponized to deliver a remote access trojan and a ransomware variant. Cybersecurity firms emphasize the need for rapid remediation of these vulnerabilities.
Rumors are circulating about potential developments in the PS5 hacking scene by Christmas. Zecoxao, a well-known figure in the hacking community, has made several predictions, including the release of Sistr0's GoldHEN and cheat support, Sleirsgoevy's investigation into PS5 FPKG support (which has since been debunked), TheFloW's disclosure of a userland and kernel exploit, and a special surprise for the PSP, PS2, and possibly the PS5. While some of these predictions have already been confirmed or are highly likely, the exact timing and release of these developments remain uncertain.
Blizzard has disabled trading in Diablo 4 once again due to a new duplication exploit being used by players. The developer is working on a fix for the issue and has warned that any account engaging in gold and item duplication exploits will be actioned in accordance with the End User License Agreement. This is not the first time trading has been disabled in Diablo 4, as a similar exploit was discovered in August. The game does not have an in-game auction house, so players have been using Discord to trade virtual goods. The exploit has caused disruptions in the game's economy, with some players bidding huge amounts of gold on items. Diablo 4 launched on Steam last week and received mixed reviews.
Microsoft has released its October 2023 Patch Tuesday updates, addressing 103 flaws in its software, including two actively exploited vulnerabilities. The flaws include critical and important security vulnerabilities in various Microsoft products, such as WordPad, Skype for Business, and Windows IIS Server. Additionally, Microsoft has deprecated Visual Basic Script and other vendors have also released security updates to address vulnerabilities in their software.