Security News

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data
2024-02-06 10:14

Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with...

Ivanti devices hit by wave of exploits for latest security hole
2024-02-05 20:45

Ivanti first disclosed the newest bug in the SAML component of of Ivanti Connect Secure and Ivanti Policy Secure appliances on January 31. "At the time of publication, the exploitation of CVE-2024-21893 appears to be targeted. Ivanti expects the threat actor to change their behavior and we expect a sharp increase in exploitation once this information is public - similar to what we observed on 11 January following the 10 January disclosure," Ivanti warned last week.

Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs
2024-02-03 09:30

Criminals could remotely tamper with the data that apps used by airplane pilots rely on to inform safe takeoff and landing procedures, according to fresh research. In a scenario that elicits strong memories of that nail-biting flight scene from Die Hard 2, researchers investigating electronic flight bags found the app used by Airbus pilots was vulnerable to remote data manipulation, given the right conditions.

FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities
2024-02-01 15:21

The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell and PwnKit vulnerabilities for lateral movement and privilege escalation. The FritzFrog botnet, initially identified in August 2020, is a peer-to-peer botnet powered by malware written in Golang.

Exploit released for Android local elevation flaw impacting 7 OEMs
2024-01-31 19:15

A proof-of-concept exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers is now publicly available on GitHub. Tracked as CVE-2023-45779, the flaw was discovered by Meta's Red Team X in early September 2023 and was addressed in Android's December 2023 security update without disclosing details an attacker could use to discern and exploit it.

45k Jenkins servers exposed to RCE attacks using public exploits
2024-01-29 22:06

Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution flaw for which multiple public proof-of-concept exploits are in circulation. Depending on the instance's configuration, attackers could decrypt stored secrets, delete items from Jenkins servers, and download Java heap dumps.

Exploits released for critical Jenkins RCE flaw, patch now
2024-01-28 15:17

Multiple proof-of-concept exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. SonarSource researchers discovered two flaws in Jenkins that could enable attacks to access data in vulnerable servers and execute arbitrary CLI commands under certain conditions.

New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits
2024-01-25 07:21

A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation. Arctic Wolf...

Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug
2024-01-24 15:04

Horizon3's exploit takes advantage of age-old path traversal weaknesses in Tomcat-based applications where requests to vulnerable endpoints that contain /.;/ allow attackers to access forbidden pages, such as the admin account creation page in GoAnywhere MFT. If remote attackers exploit the same path traversal technique when submitting the form to create a new admin user, the account will be created, giving the bad guys admin privileges. Zach Hanley, chief attack engineer at Horizon3, said the clearest indicator of compromise would be noticing any new additions to the Admin Users group in the GoAnywhere MFT admin portal.

Exploit released for Fortra GoAnywhere MFT auth bypass bug
2024-01-23 23:16

Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT software that allows attackers to create new admin users on unpatched instances via the administration portal. GoAnywhere MFT is a web-based managed file transfer tool that helps organizations transfer files securely with partners and keep audit logs of who accessed all shared files.