Tag Archive for: PoC

Week in review: 11 search engines for cybersecurity research, PoC for RCE in Juniper firewall released

/in


Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Adapting authentication to a cloud-centric landscape
In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud transformation affects authentication strategies.

What makes a good ASM solution stand out
In this Help Net Security interview, Patrice Auffret, CTO at Onyphe, explains how the traditional perimeter-based security view is becoming obsolete.

What does optimal software security analysis look like?
In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security.

PoC for no-auth RCE on Juniper firewalls released
Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit.

Easy-to-exploit Skype vulnerability reveals users’ IP address
A vulnerability in Skype mobile apps can be exploited by attackers to discover a user’s IP address – a piece of information that may endanger individuals whose physical security depends on their general location remaining secret.

Qakbot botnet disrupted, malware removed from 700,000+ victim computers
The Qakbot botnet has been crippled by the US Department of Justice (DOJ): 52 of its servers have been seized and the popular malware loader has been removed from over 700,000 victim computers around the world.

The removal of Qakbot from infected computers is just the first step
The Qakbot botnet has been disrupted by an international law enforcement operation that culminated last weekend, when infected computers started getting untethered from it by specially crafted FBI software.

Cisco VPNs with no MFA enabled hit by ransomware groups
Since March 2023 (and possibly even earlier), affiliates of the Akira and LockBit ransomware operators have been breaching…

Source…

Hackers exploit WordPress vulnerability within hours of PoC exploit release

/in


Threat actors have started exploiting a recently disclosed vulnerability in WordPress, within 24 hours of the proof-of-concept (PoC) exploit being published by the company, according to a blog by Akamai.

The high-severity vulnerability — CVE-2023-30777, which affects the WordPress Advanced Custom Fields plugin — was identified by a Patchstack researcher on May 2.

The exploitation of the vulnerability leads to a cross-site scripting (XSS) attack in which a threat actor can inject malicious scripts, redirects, advertisements, and other forms of URL manipulation into a victim site. This could, in turn, push those illegitimate scripts to visitors of that affected site. The plugin has over two million active users across the world.

“This vulnerability allows any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by tricking privileged users to visit the crafted URL path. The described vulnerability was fixed in version 6.1.6, also fixed in version 5.12.6,” Patchstack said in a detailed report on May 5 that  included an example of a payload. 

Security researchers at Akamai have now found that there has been a significant attack attempt within 48 hours of the sample code being posted. Threat actors have used the sample to scan for vulnerable websites that have not applied the patch or upgraded to the latest version. 

Response time for attackers is rapidly decreasing

The observation highlights that the response time for attackers is rapidly decreasing, increasing the need for vigorous and prompt patch management, Akamai said in the blog. 

Source…

ESET Internet Security Crash PoC

/in



Google shares PoC exploit for critical Windows 10 Graphics RCE bug

/in


Google shares PoC exploit for critical Windows 10 Graphics RCE bug

Project Zero, Google’s 0day bug-hunting team, shared technical details and proof-of-concept (PoC) exploit code for a critical remote code execution (RCE) bug affecting a Windows graphics component.

The Project Zero researchers discovered the vulnerability, tracked as CVE-2021-24093, in a high-quality text rendering Windows API named Microsoft DirectWrite.

They reported the bug to the Microsoft Security Response Center in November. The company released security updates to address it on all vulnerable platforms on February 9, during this month’s Patch Tuesday.

Impacts Windows 10 versions up to 20H2

The security flaw impacts multiple Windows 10 and Windows Server releases up to version 20H2, the latest released version.

After the 90-day disclosure deadline, Project Zero published a proof-of-concept exploit code that can be used to reproduce the bug in browsers running on fully-patched Windows 10 1909 systems.

“Attached is the proof-of-concept TrueType font together with an HTML file that embeds it and displays the AE character,” the researchers said.

“It reproduces the crash shown above on a fully updated Windows 10 1909, in all major web browsers. The font itself has been subset to only include the faulty glyph and its dependencies.”

From heap-based buffer overflow to RCE

The DirectWrite API is used as the default font rasterizer by major web browsers such as Chrome, Firefox, and Edge for rendering web font glyphs.

Since these web browsers use the DirectWrite API for font rendering, the security flaw can be leveraged by attackers to trigger a memory corruption state that may allow them to execute arbitrary code on the targets’ systems remotely.

Attackers can exploit CVE-2021-24093 by tricking targets into visiting websites with maliciously crafted TrueType fonts that trigger a heap-based buffer overflow in the fsg_ExecuteGlyph API function.

Google patched a similar actively exploited zero-day in the popular FreeType text rendering library used to target Chrome users.

In November,…

Source…