All articles tagged with #rce vulnerability
Over 115,000 WatchGuard Firebox firewalls remain unpatched against a critical RCE vulnerability (CVE-2025-14733) that is actively exploited, prompting urgent patching and mitigation efforts by authorities like CISA to prevent widespread attacks.
Over 92,000 end-of-life D-Link NAS devices are being actively targeted by attackers exploiting a critical remote code execution (RCE) zero-day flaw, resulting from a backdoor and command injection issue. The vulnerability allows threat actors to deploy Mirai malware variants, potentially leading to unauthorized access, data modification, or denial of service. D-Link has stated that these devices are no longer supported and recommends retiring or replacing them, although it's also advised owners to ensure the devices have the latest firmware.
Easy Anti-Cheat has denied responsibility for the recent hacking incident during the Apex Legends Global Series, stating that there is no RCE vulnerability in its software. The hacks, which allowed players to see through walls and use aimbots, led to the postponement of the North American finals. The Anti-Cheat Police Department suggested that an RCE was being abused to inject cheats into streamers' machines, potentially leading to serious security risks. The source of the vulnerability, whether in Easy Anti-Cheat or Apex Legends itself, remains unclear, and Respawn has yet to comment on the issue. The incident raises concerns about the security of playing Apex Legends and the potential impact on other games that use Easy Anti-Cheat.
Fortra has patched a critical remote code execution (RCE) vulnerability, tracked as CVE-2024-25153, in its FileCatalyst file transfer solution, which could allow unauthenticated attackers to upload files outside the intended directory and execute code. The flaw was reported in August 2023 and addressed in FileCatalyst Workflow version 5.1.6 Build 114. Another two security vulnerabilities in FileCatalyst Direct (CVE-2024-25154 and CVE-2024-25155) were also resolved. Users are advised to apply the necessary updates to mitigate potential threats, especially in light of previous exploitation of Fortra's managed file transfer solution by threat actors.
More than 11,500 Juniper Networks devices are vulnerable to a critical remote code execution (RCE) bug, urging admins to apply patches urgently. The vulnerability affects the J-Web configuration interface and could allow attackers to achieve various malicious goals without authentication. The affected Junos OS versions and suggested workarounds have been provided. The disclosure comes after a US directive warning about the dangers of exposing management interfaces to the public web. Additionally, Juniper Networks may soon be acquired by HPE in a deal that could cost around $14 billion.
Juniper Networks has issued security updates to address a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches, which could allow unauthenticated attackers to gain root privileges or launch denial-of-service attacks. The vulnerability, tracked as CVE-2024-21591, affects multiple Junos OS versions and can be mitigated by applying the security updates, upgrading JunOS, or restricting J-Web access to trusted network hosts. The U.S. cybersecurity agency, CISA, has also warned of previous RCE exploits targeting Juniper devices, emphasizing the need for prompt action to secure Internet-exposed networking equipment.
The Kinsing malware is exploiting a critical vulnerability (CVE-2023-46604) in Apache ActiveMQ to compromise Linux systems. Despite a patch being released, thousands of servers remain exposed, allowing ransomware gangs like HelloKitty and TellYouThePass to take advantage. Kinsing targets Linux systems and deploys cryptocurrency miners on vulnerable servers. The malware uses the ProcessBuilder method to execute malicious bash scripts and download additional payloads, evading detection. It establishes persistence through a cronjob and adds a rootkit to ensure its code executes with every process on the system. Organizations are urged to upgrade Apache ActiveMQ to mitigate the threat.
Hackers are actively exploiting the BleedingPipe remote code execution vulnerability in Minecraft mods to take control of servers and players' devices. The vulnerability, caused by incorrect use of deserialization, allows attackers to send crafted network packets to vulnerable servers, enabling them to install malware on connected devices. The flaw impacts numerous Minecraft mods, and a threat actor is actively scanning for vulnerable servers. To protect against BleedingPipe, users should update impacted mods or migrate to fixed forks, use the PipeBlocker mod, and scan for suspicious files.
Adobe has issued a warning about a critical pre-authentication remote code execution (RCE) vulnerability, CVE-2023-29300, in ColdFusion that is actively being exploited in attacks. The vulnerability allows unauthenticated visitors to execute commands on vulnerable ColdFusion servers. Although initially not exploited in the wild, Adobe has confirmed limited attacks. The details of the exploitation are unknown, but a proof-of-concept exploit has been published. Adobe recommends upgrading to the latest version of ColdFusion to patch the vulnerability, while researchers warn that it can be combined with another vulnerability, CVE-2023-29298, to bypass lockdown mode. Adobe has not yet responded to inquiries about the active exploitation.
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a warning about Truebot malware variants that are exploiting a critical remote code execution (RCE) vulnerability in Netwrix Auditor software. The attacks have targeted organizations in the United States and Canada. The vulnerability, tracked as CVE-2022-31199, allows unauthorized attackers to execute malicious code with SYSTEM user privileges. Truebot is associated with the Russian-speaking Silence cybercrime group and is used by the TA505 group to deploy Clop ransomware. The attackers also install the FlawedGrace Remote Access Trojan (RAT) and Cobalt Strike beacons for further malicious activities. Organizations are advised to apply patches, update Netwrix Auditor, and implement mitigation measures.
Fortinet has released firmware updates that fix a critical pre-authentication remote code execution (RCE) vulnerability in SSL VPN devices. The updates were released prior to the disclosure of the vulnerability, which is expected on June 13, 2023. The vulnerability affects all previous versions of Fortinet devices and could be exploited by threat actors to gain initial access to networks for data theft and ransomware attacks. Admins are urged to apply the security updates as soon as possible.