Security News

A critical security flaw in Ivanti's mobile endpoint management code was exploited and used to compromise 12 Norwegian government agencies before the vendor plugged the hole. On Monday, the US government's Cybersecurity and Infrastructure Security Agency added CVE-2023-35078 to its Known Exploited Vulnerabilities Catalog that should be urgently patched.

A severe privilege escalation issue impacting MikroTik RouterOS could be weaponized by remote malicious actors to execute arbitrary code and seize full control of vulnerable devices. Cataloged as CVE-2023-30799, the shortcoming is expected to put approximately 500,000 and 900,000 RouterOS systems at risk of exploitation via their web and/or Winbox interfaces, respectively, VulnCheck disclosed in a Tuesday report.

Despite increased cybersecurity discussions at the C-suite and boardroom level, a sharp juxtaposition has emerged between executives who believe that every security alert is being addressed and the teams on the ground addressing the alerts. 70% of executives believe that all alerts are being handled by their security team, while only 36% of front-line roles responsible for managing alerts agree.

Atlassian has released updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems. CVE-2023-22505 and CVE-2023-22508 allow an "Authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction," the company said.

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. "For instance, misconfigured Custom Actions running as NT AUTHORITYSYSTEM can be exploited by attackers to execute local privilege escalation attacks."

The US government is warning that threat actors breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week. Because the targeted NetScaler ADC appliance was in a segregated environment on the network, the hackers were not able to move laterally to a domain controller, CISA says.

Threat actors have breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week.Because the targeted NetScaler ADC appliance was in a segregated environment on the network, the hackers were not able to move laterally to a domain controller, CISA says.

Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware. "These new vulnerabilities range in severity from High to Critical, including unauthenticated remote code execution and unauthorized device access with superuser permissions," Eclypsium researchers Vlad Babkin and Scott Scheferman said in a report shared with The Hacker News.

Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller software made by hardware and software company American Megatrends International. MegaRAC BMC provides admins with "Out-of-band" and "Lights-out" remote system management capabilities, enabling them to troubleshoot servers as if they were physically in front of the devices.

Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. "The acquired admin privileges can further be leveraged to exploit another vulnerability allowing attackers to execute arbitrary code on the Apache OpenMeetings server."