This week in security, an issue in Owncloud is being actively exploited, although the public exploit does not work against default installs. NXP, a chip manufacturer, experienced a security breach where a threat group gained access to their network for over two years, potentially compromising chip designs and vulnerability reports. Two 0-day attacks are in the wild, targeting a popular router and a Network Video Recorder, but the devices affected have not been specified. Researchers discovered vulnerabilities in fingerprint sensors used for Windows Hello login, allowing for bypassing authentication. Additionally, a new attack called BLUFFS targets Bluetooth connections. A Cyberlink installer was found to contain malicious code, and a service called "Have I Been Squatted" checks for typosquatting domains. Lastly, an AI model, ChatGPT, breaks when asked to repeat a word indefinitely.
Security researchers have identified a severe vulnerability in ownCloud, an open-source filesharing server app, that allows hackers to gain full control of vulnerable servers. The vulnerability, rated with a severity score of 10, enables attackers to obtain passwords and cryptographic keys by sending a simple web request to a static URL. Researchers have observed "mass exploitation" of the vulnerability, with the number of IP addresses attempting to exploit it steadily increasing. While some experts believe the threat may be limited due to specific conditions required for exploitation, there are still concerns given the large number of ownCloud servers in use. ownCloud has also recently fixed two other high-severity vulnerabilities. Users are advised to follow mitigation steps provided by ownCloud to protect their systems.
Hackers are actively exploiting a critical vulnerability in ownCloud, an open-source file synchronization and sharing solution. Tracked as CVE-2023-49103, the flaw allows remote attackers to execute phpinfo() through the ownCloud 'graphapi' app, exposing sensitive data such as admin passwords, mail server credentials, and license keys in containerized deployments. Threat tracking firms have observed mass exploitation of the vulnerability, with over 11,000 exposed instances detected. ownCloud administrators are urged to delete the vulnerable file, disable the 'phpinfo' function in Docker containers, and change potentially exposed secrets to mitigate the risk.
ownCloud has disclosed three critical vulnerabilities, including sensitive data exposure, in its open source file-sharing software. The most severe vulnerability allows attackers to access admin passwords, mail server credentials, and license keys. Another vulnerability enables unauthorized access, modification, or deletion of files without authentication. The third vulnerability bypasses subdomain validation, allowing attackers to redirect callbacks to a domain controlled by them. ownCloud has released patches and recommends applying fixes, including disabling the "Allow Subdomains" option. The company serves over 600 enterprise customers and millions of users across various sectors.
