Tag: vulnerability

Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw
News

Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw

The cryptocurrency exchange Kraken disclosed that an anonymous security researcher had taken advantage of a "very critical" zero-day vulnerability in its system to pilfer $3 million worth of digital assets, and was refusing to give them back. The researcher's defect Bounty program notice concerning a defect that "allowed them to artificially inflate their balance on our platform" was posted by Nick Percoco, Chief Security Officer of Kraken, on X (formerly Twitter). No further details were provided. The business claimed to have found a security flaw in minutes after receiving the notice, which essentially allowed an attacker to start a deposit on our platform and transfer money into their account before the deposit was completed read more about Kraken Crypto Exchange Hit by $3 Millio...
ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models
News

ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

Software patches have been released by ASUS to fix a serious security vulnerability that was affecting its routers and could be used by hostile actors to get beyond authentication. The vulnerability, identified as CVE-2024-3080, has a CVSS score of 9.8 out of a possible 10.0. According to a description of the vulnerability provided by the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC), some ASUS router models have an authentication bypass vulnerability that makes it possible for unauthenticated remote attackers to log in to the device. The Taiwanese company also addressed a high-severity buffer overflow vulnerability known as CVE-2024-3079 (CVSS score: 7.2), which may be used as a weapon by remote attackers with administrative rights to take control of ...
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
News

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

Information has surfaced on a new serious security vulnerability affecting PHP that, in some cases, might be used to accomplish remote code execution. The flaw, identified as CVE-2024-4577, is said to be a CGI argument injection vulnerability that affects all PHP versions that are installed on Windows computers. The vulnerability, according to security researcher DEVCORE, allows one to go around defenses put in place for another security weakness, CVE-2012-1823. Security researcher Orange Tsai stated, "The team did not notice the Best-Fit feature of encoding conversion within the Windows operating system while implementing PHP." Due to this error, attackers without authorization can now get beyond read more about New PHP Vulnerability Exposes Windows Servers to Remote Code Execut...
Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts
News

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

Updates have been released by Progress Software to fix a serious security vulnerability affecting the Telerik Report Server. This vulnerability might allow a remote attacker to circumvent authentication and create rogue administrator users. With a maximum score of 10.0, the issue, identified as CVE-2024-4358, has a CVSS score of 9.8. An unauthenticated attacker can access Telerik Report Server restricted functionality using an authentication bypass vulnerability in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, the company stated in an alert. In addition to upgrading to the most recent version, Progress Software advises users to check the users list read more about Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts. Ge...
MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks
News

MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks

A known security vulnerability in Microsoft Exchange Server is being used by an unidentified threat actor to launch keylogger malware attacks against organizations in the Middle East and Africa. Positive Technologies, a Russian cybersecurity company, reported that it has identified more than 30 victims, including banks, government organizations, IT firms, and educational institutions. The year 2021 was the first compromise in history. The business stated in a report released last week that "this keylogger was collecting account credentials into a file accessible via a special path from the internet." Russia, the United Arab Emirates, Kuwait, Oman, Niger, Nigeria, Ethiopia, Mauritius, Jordan, and Lebanon are among the nations that the intrusion set targets read more MS Exchange Se...
“Linguistic Lumberjack” Vulnerability Discovered in Popular Logging Utility Fluent Bit
News

“Linguistic Lumberjack” Vulnerability Discovered in Popular Logging Utility Fluent Bit

Researchers studying cybersecurity have uncovered a serious security vulnerability in Fluent Bit, a well-known logging and analytics tool. This vulnerability might be used to cause denial-of-service (DoS), expose confidential information, or execute code remotely. Tenable Research has given the vulnerability, which is tracked as CVE-2024-4323, the codename Linguistic Lumberjack. Version 3.0.4 has the fixes for versions 2.0.7 through 3.0.3 that are affected. The problem is related to a memory corruption event that could enable remote code execution, DoS attacks, or information leaking in Fluent Bit's integrated HTTP server. It is specifically related to using endpoints like /api/v1/traces and /api/v1/trace to submit maliciously constructed queries to the monitoring API read more L...
Apache Cordova App Harness Targeted in Dependency Confusion Attack
News

Apache Cordova App Harness Targeted in Dependency Confusion Attack

Researchers have discovered a vulnerability related to dependency confusion that affects the Cordova App Harness, an Apache project that has been archived. Because package managers scan public repositories before private registries, dependency confusion attacks can occur. This means that a threat actor can publish a malicious package with the same name to a public package repository. As a result, the malicious package is unintentionally downloaded by the package management from the public repository rather than the private repository. Should it be successful, there might be dire repercussions, including deploying the software for every downstream consumer read more Apache Cordova App Harness Targeted in Dependency Confusion Attack. Get up to date on the latest cybersecurity news ...
Russia’s APT28 Exploited Windows Print Spooler Flaw to Deploy ‘GooseEgg’ Malware
News

Russia’s APT28 Exploited Windows Print Spooler Flaw to Deploy ‘GooseEgg’ Malware

The nation-state threat actor with ties to Russia, identified as APT28, used a Microsoft Windows Print Spooler component security hole to distribute GooseEgg, a previously unidentified bespoke virus. According to reports, the post-compromise tool was in use as early as April 2019 and may have been in use since June 2020. It took advantage of a vulnerability that has since been fixed that allowed for privilege escalation (CVE-2022-38028, CVSS score: 7.8). Microsoft fixed it in upgrades that were made available in October 2022, and the National Security Agency (NSA) of the United States is credited with first bringing attention to the issue at that time. APT28, also known as Fancy Bear and Forest Blizzard (formerly Strontium), weaponized the bug in attacks against government, non-g...
Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks
News

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

Users of the enterprise file transfer program CrushFTP are being advised to update to the most recent version after a security weakness was found to be intentionally exploited in the wild. In an alert published on Friday, CrushFTP stated that "users can escape their VFS and download system files with CrushFTP v11 versions below 11.1." "This has been patched in v11.1.0." Nevertheless, users that are running their CrushFTP instances in a limited environment within a demilitarized zone (DMZ) are shielded from the attacks. It has been acknowledged that Simon Garrelou of Airbus CERT found and reported the vulnerability. It does not yet have a CVE assigned to it. It is believed that U.S. organizations have been the primary target of these hacks, and the intelligence collection activ...
Critical ‘BatBadBut’ Rust Vulnerability Exposes Windows Systems to Attacks
News

Critical ‘BatBadBut’ Rust Vulnerability Exposes Windows Systems to Attacks

A serious security vulnerability in the Rust standard library might be used to launch command injection attacks against Windows users. The vulnerability, identified by the tracking number CVE-2024-24576, has a maximum severity of 10.0 on the CVSS. That being stated, it only affects situations in which Windows batch files are called with untrusted parameters. According to a working group advisory published on April 9, 2024, the Rust standard library does not appropriately escape arguments when calling batch files (with the bat and cmd extensions) on Windows using the Command API. Bypassing the escaping, an attacker with control over the inputs given to the generated process might execute any shell command read more Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to...