Tag Archive for: RCE

Massive RCE Campaign Wrangles Routers Into Botnet

/in


Nimble and able to pivot on the fly to take advantage of emerging vulnerabilities, a campaign named IZ1H9 has ramped up its malware development to target a range of unpatched router and Internet of Things (IoT) devices and add them to a widening botnet used to launch targeted distributed denial-of-service (DDoS) cyberattacks.

Researchers from FortiGuard Labs flagged the campaign, which was recently updated with 13 new payloads leveraging known vulnerabilities in D-Link devices; Netis wireless routers; Sunhillo SureLine; Geutebruck IP cameras; and Yealink Device Management, Zyxel devices, TP-Link Artcher, Korenix Jetwave, and Totolink routers.

“Based on the trigger counts recorded by our IPS signatures, it is evident that peak exploitation occurred on Sept. 6, with trigger counts ranging from the thousands to even tens of thousands,” the report said. “This highlights the campaign’s capacity to infect vulnerable devices and dramatically expand its botnet through the swift utilization of recently released exploit code, which encompasses numerous CVEs.”

Fortinet recommends organizations apply patches and change default login credentials to prevent further attacks.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Source…

Week in review: 11 search engines for cybersecurity research, PoC for RCE in Juniper firewall released

/in


Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Adapting authentication to a cloud-centric landscape
In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud transformation affects authentication strategies.

What makes a good ASM solution stand out
In this Help Net Security interview, Patrice Auffret, CTO at Onyphe, explains how the traditional perimeter-based security view is becoming obsolete.

What does optimal software security analysis look like?
In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security.

PoC for no-auth RCE on Juniper firewalls released
Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit.

Easy-to-exploit Skype vulnerability reveals users’ IP address
A vulnerability in Skype mobile apps can be exploited by attackers to discover a user’s IP address – a piece of information that may endanger individuals whose physical security depends on their general location remaining secret.

Qakbot botnet disrupted, malware removed from 700,000+ victim computers
The Qakbot botnet has been crippled by the US Department of Justice (DOJ): 52 of its servers have been seized and the popular malware loader has been removed from over 700,000 victim computers around the world.

The removal of Qakbot from infected computers is just the first step
The Qakbot botnet has been disrupted by an international law enforcement operation that culminated last weekend, when infected computers started getting untethered from it by specially crafted FBI software.

Cisco VPNs with no MFA enabled hit by ransomware groups
Since March 2023 (and possibly even earlier), affiliates of the Akira and LockBit ransomware operators have been breaching…

Source…

Week in review: Security Onion 2.4 released, WinRAR vulnerable to RCE

/in


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Week in review

Network detection and response in the modern era
In this Help Net Security interview, David Gugelmann, CEO at Exeon, sheds light on the current cyber threats and their challenges for network security. He discusses the role of Network Detection and Response (NDR) solutions that leverage machine learning algorithms to improve threat detection and streamline incident response.

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure
North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe and the US.

Maintaining consistent security in diverse cloud infrastructures
In this Help Net Security interview, Kennedy Torkura, CTO at Mitigant, discusses the complexity of maintaining clear visibility into cloud environments, why it poses such a challenge for CISOs, and how they can prepare to address potential issues.

Anticipating the next wave of IoT cybersecurity challenges
In this Help Net Security interview, Roland Atoui, Managing Director at Red Alert Labs, discusses the intricacies of transitioning from isolated IoT setups to interconnected environments, examining the broadening attack surface and the nuanced complexities this evolution imposes.

AI and the evolution of surveillance systems
In this Help Net Security interview, Gerwin van der Lugt, CTO at Oddity, discusses the future of surveillance and AI’s influence. He also delves into how organizations can prevent their systems from perpetuating biases or violating individual rights.

IEEE 802.11az provides security enhancements, solves longstanding problems
In this Help Net Security interview, Jonathan Segev, IEEE 802.11 Task Group (TG) Chair of next-generation positioning (TGaz) at IEEE, discusses IEEE 802.11az. The new standard will enable accuracy to less than 0.1 meters, which is a significant improvement from the current Wi-Fi location accuracy of 1-2 meters.

8 open-source OSINT tools you should try
Open-Source Intelligence (OSINT) refers to…

Source…

Unpatched Samsung Chipset Vulnerabilities Open Android Users to RCE Attacks

/in


A newly disclosed set of vulnerabilities in Samsung chipsets has exposed millions of Android mobile phone users to potential remote code execution (RCE) attacks, until their individual device vendors make patches available for the flaws.

Until then, the best bet for users who want to protect against the threat is to turn off Wi-Fi calling and Voice-over-LTE settings on their devices, according to the researchers from Google’s Project Zero who discovered the flaws.

In a blog post last week, the researchers said they had reported as many as 18 vulnerabilities to Samsung in the company’s Exynos chipsets, used in multiple mobile phone models from Samsung, Vivo, and Google. Affected devices include Samsung Galaxy S22, M33, M13, M12, A71, and A53, Vivo S16, S15, S6, X70, X60, and X30, and Google’s Pixel 6 and Pixel 7 series of devices.

Android Users Face Complete Compromise

Four of the vulnerabilities in the Samsung Exynos chipsets give attackers a way to completely compromise an affected device, with no user interaction needed and requiring the attacker to only know the victim’s phone number, Project Zero threat researcher Tim Willis wrote.

“Tests conducted by Project Zero confirm that those four vulnerabilities [CVE-2023-24033, CVE-2023-26496, CVE-2023-26497, and CVE-2023-26498] allow an attacker to remotely compromise a phone at the baseband level,” Willis said. “With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.” 

The security researcher identified the remaining 14 vulnerabilities in Samsung Exynos chipsets as being somewhat less severe.

In an emailed statement, Samsung said it had identified six of the vulnerabilities as potentially impacting some of its Galaxy devices. The company described the six flaws as not being “severe” and said it had released patches for five of them in a March security update. Samsung will release a patch for the sixth flaw in April. The company did not respond to a Dark Reading request seeking information on whether it will release patches for all 18 vulnerabilities that Google disclosed. It’s also unclear whether, or…

Source…