Security News

Proof-of-concept exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks. "A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI," VMware said earlier this week.

Hackers are using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration interface. One week after Juniper disclosed and released security updates to patch the four flaws that can be chained to achieve remote code execution, watchTowr Labs security researchers released a proof-of-concept exploit targeting the SRX firewall bugs.

Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks' SRX firewalls and EX switches that could allow remote code execution, as well as a proof-of-concept exploit. Earlier this month, Juniper Networks published an out-of-cycle security bulletin notifying customers using its SRX firewalls and EX switches of vulnerabilities that, chained together, would allow attackers to remotely execute code on vulnerable appliances.

"In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said. The repository masquerades as a PoC for CVE-2023-35829, a recently disclosed high-severity flaw in the Linux kernel.

An authentication bypass vulnerability in the Arcserve Unified Data Protection enterprise data protection solution can be exploited to compromise admin accounts and take over vulnerable instances, MDSec researchers Juan Manuel Fernández and Sean Doherty have found - and have released a PoC exploit for it."At this time, Arcserve is not aware of any active attempts to exploit this vulnerability," the company said on Tuesday, when it pushed out fixes for the flaw.

Proof-of-concept exploit code for the high-severity vulnerability in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure Mobility Client Software for Windows has been published. Cisco Secure Client Software - previously known as Cisco AnyConnect Secure Mobility Client - is unified endpoint security software designed to assist businesses in expanding their network access capabilities and enabling remote employees to connect via both wired and wireless connections, including VPN. In early June, Cisco published a security advisory about CVE-2023-20178, a vulnerability in the client update process of both Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows.

Progress Software on Friday issued a fix for a third critical bug in its MOVEit file transfer suite, a vulnerability that had just been disclosed the day earlier. A researcher who goes by the handle MCKSys Argentina confirmed to The Register that a June 16 MOVEit patch for CVE-2023-35708 mitigated the researcher's PoC exploit code, which was shared in screenshot form.

Progress warned MOVEit Transfer customers to restrict all HTTP access to their environments after info on a new SQL injection vulnerability was shared online today. "Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment," Progress said.

At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service. VulnCheck, which discovered the activity, said, "The individuals creating these repositories have put significant effort into making them look legitimate by creating a network of accounts and Twitter profiles, pretending to be part of a non-existent company called High Sierra Cyber Security."

Hackers are impersonating cybersecurity researchers on Twitter and GitHub to publish fake proof-of-concept exploits for zero-day vulnerabilities that infect Windows and Linux with malware. These malicious exploits are promoted by alleged researchers at a fake cybersecurity company named 'High Sierra Cyber Security,' who promote the GitHub repositories on Twitter, likely to target cybersecurity researchers and firms involved in vulnerability research.