Security News

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)
2024-03-14 14:06

A recently fixed SQL injection vulnerability in Fortinet's FortiClient Endpoint Management Server solution has apparently piqued the interest of many: Horizon3's Attack Team means to publish technical details and a proof-of-concept exploit for it next week, and someone is attempting to sell a PoC for less than $300 via GitHub. "An improper neutralization of special elements used in an SQL Command vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests," the company's product security incident response team pithily states in the associated advisory.

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)
2024-03-14 10:53

Arcserve has fixed critical security vulnerabilities in its Unified Data Protection solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC exploit script demonstrating the attack, as well as one for triggering a third flaw that can lead to denial of service.

A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs
2024-01-31 16:20

A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported versions of Windows could spell trouble for enterprise defenders. "I have only tested the whole thing a few times in a domain network consisting of a Windows 10 machine and a Windows Server 2022 domain controller. I was able to crash the event log service of the domain controller as an unprivileged user from the Windows 10 machine, and that was about it."

PoC for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)
2024-01-24 13:22

Proof-of-concept exploit code for a critical vulnerability in Fortra's GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. CVE-2024-0204 was privately reported by Mohammed Eldeeb and Islam Elrfai of Spark Engineering Consultants in early December 2023, and Fortra's GoAnywhere MFT customers got an advance warning with instructions on how to remediate the vulnerability.

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems
2024-01-11 14:16

Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to...

Hackers are exploiting critical Apache Struts flaw using public PoC
2023-12-13 16:19

Hackers are attempting to leverage a recently fixed critical vulnerability in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. Apache Struts is an open-source web application framework designed to streamline the development of Java EE web apps, offering a form-based interface and extensive integration capabilities.

Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens
2023-12-03 09:00

Strategies for cultivating a supportive culture in zero-trust adoptionIn this Help Net Security interview, Wolfgang Goerlich, Advisory CISO at Cisco, discusses the benefits of implementing a mature zero-trust model for both security and business outcomes, revealing a decrease in reported security incidents and enhanced adaptability. Vigil: Open-source LLM security scannerVigil is an open-source security scanner that detects prompt injections, jailbreaks, and other potential threats to Large Language Models.

PoCs for critical Arcserve UDP vulnerabilities released
2023-11-29 14:32

Arcserve has fixed critical security vulnerabilities in its Unified Data Protection solution, PoCs for which have been published by Tenable researchers on Monday. Arcserve UDP is a popular enterprise data protection, backup and disaster recovery solution that improves organizations' resilience to ransomware attacks.

PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)
2023-11-27 10:44

A proof-of-concept exploit for a high-severity flaw in Splunk Enterprise that can lead to remote code execution has been made public. Splunk Enterprise is a solution that ingests a variety of data generated by an organization's business infrastructure and applications.

New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar
2023-11-15 13:49

Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as CVE-2023-46604 (CVSS...