Security News

On Friday, security researchers with Horizon3's Attack Team warned admins that they created a proof-of-concept exploit for CVE-2022-47966. "The vulnerability is easy to exploit and a good candidate for attackers to 'spray and pray' across the Internet. This vulnerability allows for remote code execution as NT AUTHORITYSYSTEM, essentially giving an attacker complete control over the system," Horizon3 vulnerability researcher James Horseman said.

On Friday, security researchers with Horizon3's Attack Team warned admins that they created a proof-of-concept exploit for CVE-2022-47966."The vulnerability is easy to exploit and a good candidate for attackers to 'spray and pray' across the Internet. This vulnerability allows for remote code execution as NT AUTHORITYSYSTEM, essentially giving an attacker complete control over the system," Horizon3 vulnerability researcher James Horseman said.

More than 1,600 instances of the Cacti device monitoring tool reachable over the internet are vulnerable to a critical security issue that hackers have already started to exploit. In early December 2022, a security advisory warned of a critical command injection vulnerability in Cacti that could be exploited without authentication.

Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities, with proof-of-concept exploits now publicly available. The three vulnerable plugins were discovered by Tenable security researcher Joshua Martinelle, who reported them responsibly to WordPress on December 19, 2022, along with proofs of concept.

Hackers are actively exploiting a critical vulnerability patched recently in Control Web Panel, a tool for managing servers formerly known as CentOS Web Panel. On January 3, researcher Numan Türle at Gais Cyber Security, who had reported the issue around October last year, published a proof-of-concept exploit and a video showing how it works.

Cisco has acknowledged one critical and two medium-severity vulnerabilities affecting some of its Small Business series of routers, but won't be fixing them as the devices "Have entered the end-of-life process." Proof-of-concept exploit code for CVE-2023-20025 and CVE-2023-20026 is available online, but there is currently no indication of any of these flaws being exploited by attackers.

Cisco warned customers today of a critical authentication bypass vulnerability with public exploit code affecting multiple end-of-life VPN routers. The security flaw was found in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 routers by Hou Liuyang of Qihoo 360 Netlab.

The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild.It's also worth noting that the U.S. Cybersecurity and Infrastructure Security Agency has added the vulnerability to its Known Exploited Vulnerabilities catalog, urging federal agencies to apply patches by January 31, 2023.

Patch Tuesday Microsoft fixed 98 security flaws in its first Patch Tuesday of 2023 including one that's already been exploited and another listed as publicly known. Microsoft explains how to trigger this upgrade in the alert as Childs notes: "Situations like this are why people who scream 'Just patch it!' show they have never actually had to patch an enterprise in the real world."

The MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed last week. "We will be sharing more detailed information with our customers and peers in the security community so that, collectively, we can all better defend against these types of exploits in the future," Rackspace noted in its final update on the concluded forensic investigation.