Mar 08, 2024NewsroomNetwork Security / Vulnerability
Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user.
The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user.…
It’s that time of the year when not only do you have to be worried about filing your federal taxes in the U.S., you must also be on the lookout for a whole manner of tax-related scams.
These are something that pop up every year through email, texts, phone calls and even physical mail — phony promises to get your tax return back faster, file your taxes “easy and free” or maximizing your possible return.…
Overview
The SonicWall Capture Labs threat research team became aware of a couple of noteworthy vulnerabilities — an authentication bypass vulnerability and a path traversal vulnerability — in JetBrains TeamCity, assessed their impact and developed mitigation measures for them. TeamCity, a build management and continuous integration server, published an advisory on these vulnerabilities which affect versions before 2023.11.4.…
Cisco on Wednesday announced patches for two high-severity vulnerabilities in Secure Client, the enterprise VPN application that also incorporates security and monitoring capabilities.
The first issue, tracked as CVE-2024-20337, impacts the Linux, macOS, and Windows versions of Secure Client and could be exploited remotely, without authentication, in carriage return line feed (CRLF) injection attacks.…
Publicly available exploits incite unwarranted chaos
Executive SummaryOn March 4, 2024, JetBrains released a blog post detailing the security patch for TeamCity, which is a Continuous Integration and Continuous Delivery (CI/CD) server developed by JetBrains and plays a crucial role within organizations across the globe. …
As of today, a large majority of intrusion sets and threat actors leverage crypters prior to delivering and executing malicious payloads on a target system. They use it to build malware capable of avoiding security solutions. In their campaigns, malicious actors can rely on an open-source, a commercially available or a custom crypter.…
In a recent eye-opening report from cybersecurity experts at Perception Point, a major spike in sneaky online attacks has been uncovered. These attacks, called Business Email Compromise (BEC), zoomed up by a whopping 1,760% in 2023. The bad actors behind these attacks are using fancy tech called generative AI (GenAI) to craft tricky emails that pretend to be from big-shot companies and bosses.…
Hackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday.
Exploitation appears to be massive, with hundreds of new users created on unpatched instances of TeamCity exposed on the public web.
Risk of supply-chain attacksLeakIX, a search engine for exposed device misconfigurations and vulnerabilities, told BleepingComputer that a little over 1,700 TeamCity servers have yet to receive the fix.…
Hackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday.
Exploitation appears to be massive, with hundreds of new users created on unpatched instances of TeamCity exposed on the public web.
Risk of supply-chain attacksLeakIX, a search engine for exposed device misconfigurations and vulnerabilities, told BleepingComputer that a little over 1,700 TeamCity servers have yet to receive the fix.…
Researchers have spotted a concerted cyber compromise campaign targeting cloud servers running vulnerable instances of Apache Hadoop, Atlassian Confluence, Docker, and Redis. The attackers are dropping a cryptomining tool, but also installing a Linux-based reverse shell that would allow potential future targeting and malware infestations.
According to an analysis from Cado Security, in most cases the adversary is hunting for common cloud misconfigurations to exploit.…
Mar 06, 2024NewsroomServer Security / Cryptocurrency
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access.…
A cryptojacking campaign involving Linux malware is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances with new and unique malicious payloads, cybersecurity firm Cado Security warns.
As part of the campaign, the attackers employ four new Golang payloads to automate the discovery and exploitation of vulnerable hosts, as well as a reverse shell and multiple user-mode rootkits to hide their presence.…
S4x24 – Miami – Energy giant Southern Company in the past year set out to inventory all of the hardware, software, and firmware in equipment running in one of its Mississippi substations in an effort to create a software bill of materials (SBOM) for the OT site.…
Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts.
The malicious tools used in the campaign take advantage of the configuration weaknesses and exploit an old vulnerability in Atlassian Confluence to execute code on the machine.…
The US cybersecurity agency CISA on Tuesday added flaws impacting Pixel phones and Sunhillo software to its Known Exploited Vulnerabilities (KEV) catalog.
The exploited Pixel vulnerability is tracked as CVE-2023-21237. When it patched the flaw in June 2023, Google warned that it had been aware of “limited, targeted exploitation”, but the company published its security bulletin for Pixel phones a week after the general Android security bulletin and CVE-2023-21237 went unnoticed. …
Cado Security Labs researchers have recently encountered an emerging malware campaign targeting misconfigured servers running the following web-facing services:
The campaign utilises a number of unique and unreported payloads, including four Golang binaries, that serve as tools to automate the discovery and infection of hosts running the above services.…
After examining the events around the time the file was created, we discovered that the threat actor executed the following actions:
We observed that the initial command employs PowerShell to download a file (curl.tmp) from the URL http://preston[.]melaniebest[.]com/ms/curl.tmp and saves it as curl.exe in the C:WindowsSystem32 directory.…
Mar 06, 2024NewsroomSoftware Security / Vulnerability
VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution.
Tracked as CVE-2024-22252 and CVE-2024-22253, the vulnerabilities have been described as use-after-free bugs in the XHCI USB controller.…