Fortinet has patched a critical remote code execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) for managing endpoint devices.

The flaw, identified as CVE-2024-48788, stems from an SQL injection error in a direct-attached storage component of the server. It gives unauthenticated attackers a way to execute arbitrary code and commands with system admin privileges on affected systems, using specially crafted requests.…

Read More

DarkGate malware operators have been exploiting a now-patched Windows SmartScreen bypass flaw through a phishing campaign that distributes fake Microsoft software installers to propagate the malicious code.

Trend Micro researchers, among others, discovered a then zero-day Internet Shortcut Files security feature bypass vulnerability tracked as CVE-2024-21412 earlier this year, which Microsoft patched as part of its February raft of Patch Tuesday updates.…

Read More
In a concerning development for website owners and administrators, hackers have been exploiting a vulnerability in the popular Popup Builder plugin for WordPress, resulting in the infection of over 3,300 websites worldwide. This security flaw, officially tracked as CVE-2023-6000, allows malicious actors to execute cross-site scripting (XSS) attacks on websites that are using outdated versions of the Popup Builder plugin, specifically versions 4.2.3 and older. …
Read More

Mar 14, 2024NewsroomContainer Security / Vulnerability

Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances.

“The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,” Akamai security researcher Tomer Peled said.…

Read More

The exploitation of a high-severity Kubernetes vulnerability can lead to arbitrary code execution with System privileges on all Windows endpoints in a cluster, Akamai warns.

The issue, tracked as CVE-2023-5528 and impacting default Kubernetes installations, exists in the way the open source container orchestration system processes YAML files, which it uses for virtually every function.…

Read More

Mar 14, 2024NewsroomMalware / Cyber Attack

A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers.

“During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass CVE-2024-21412 that led to malicious Microsoft (.MSI)…

Read More

Mar 14, 2024The Hacker NewsVulnerability / Network Security

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems.

“An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests,” the company said in an advisory.…

Read More

Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers.

FortiClient EMS enables admins to manage endpoints connected to an enterprise network, allowing them to deploy FortiClient software and assign security profiles on Windows devices.…

Read More

Chipmakers Intel and AMD have published 10 new security advisories this Patch Tuesday to inform customers about vulnerabilities impacting their products. 

Intel published eight new advisories, including two that describe high-severity vulnerabilities. One of the high-severity issues is a local privilege escalation impacting BIOS firmware for some Intel processors. …

Read More

Mar 13, 2024NewsroomPatch Tuesday / Software Update

Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution.

Of the 61 vulnerabilities, two are rated Critical, 58 are rated Important, and one is rated Low in severity.…

Read More
How to Set Up a Network Research Laboratory: MonikerLink (CVE-2024-21413) Case Study 

Every now and then, you come across a situation where you need to get hands-on to understand how an exploit or malware works and then create a detection rule. Plus, there are times when it’s essential for the attacking machine to be on the local network to capture network traffic or utilize its own detection tools.…

Read More

In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.

 

The Zero Day Initiative (ZDI) recently uncovered a DarkGate campaign in mid-January 2024, which exploited CVE-2024-21412 through the use of fake software installers.…

Read More

While threat actors converged on Ivanti edge devices earlier this year, one of them moved quicker than the rest, deploying a one-day exploit the day after its public disclosure.

Of the five vulnerabilities that came to light in recent months, CVE-2024-21887 stood out. The command injection vulnerability in Ivanti Connect Secure and Policy Secure gateways was rated a “critical” 9.1 out of 10 on the CVSS scale; it has since proven a powerful launchpad for malicious developers.…

Read More