Security News

A vulnerability in Polkit's pkexec component identified as CVE-2021-4034 is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system, researchers warn today. Researchers at Qualys information security company found that the pkexec program could be used by local attackers to increase privileges to root on default installations of Ubuntu, Debian, Fedora, and CentOS. They warn that PwnKit is likely exploitable on other Linux operating systems as well.

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247, the issue is an " input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation," Microsoft Threat Intelligence Center said.

An Iranian state-sponsored actor has been observed scanning and attempting to abuse the Log4Shell flaw in publicly-exposed Java applications to deploy a hitherto undocumented PowerShell-based modular backdoor dubbed "CharmPower" for follow-on post-exploitation. Log4Shell aka CVE-2021-44228 concerns a critical security vulnerability in the popular Log4j logging library that, if successfully exploited, could lead to remote execution of arbitrary code on compromised systems.

Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances. This comes about a month after Sonicwall issued a patch for the security hole, which was discovered and privately disclosed by Rapid7's Jake Baines to Sonicwall in October.

Check Point Research said Africa had the highest amount with an average of 1,582 per week per organization. For 2021 as a whole, the number of cyberattacks against corporate networks soared by 50% from the previous year, cyber threat intelligence provider Check Point Research said in a report released on Monday.

A team of security researchers has discovered serious flaws in the way the modern internet parses URLs: Specifically, that there are too many URL parsers with inconsistent rules, which has created a worldwide web easily exploited by savvy attackers. We don't even need to look very hard to find an example of URL parsing being manipulated in the wild to devastating effect: The late-2021 Log4j exploit is a perfect example, the researchers said in their report.

Attackers are taking advantage of the comment feature in Google Docs to send people emails with malicious links, says Avanan. A new report released Thursday by email security provider Avanan looks at a new phishing campaign that abuses a popular feature in Google Docs to deploy malicious emails.

Attackers are using the "Comments" feature of Google Docs to send malicious links in a phishing campaign targeted primarily at Outlook users, researchers have discovered. Researchers from email collaboration and security firm Avanan, a CheckPoint company, first observed "a new, massive wave of hackers leveraging the comment feature in Google Docs" in December, Avanan Cybersecurity Researcher/Analyst Jeremy Fuchs wrote in a report published Thursday.

A new malware campaign is taking advantage of a vulnerability in the way Microsoft digitally signs a specific file type. As described on Wednesday by cyber threat intelligence firm Check Point Research, an attack using the infamous Zloader banking malware aims to steal account credentials and other private data and has already infected 2,170 unique machines that downloaded the malicious DLL file involved in the exploit.

Threat actors are exploiting Microsoft's digital signature verification to steal user credentials and other sensitive information by delivering the ZLoader malware, which previously has been used to distribute Ryuk and Conti ransomware, researchers have found. Researchers at Check Point Research discovered the cybercriminal group Malsmoke delivering the campaign, which they traced back to November 2021, according to a report posted online Wednesday.