Security News

WordPress fixes POP chain exposing websites to RCE attacks
2023-12-07 20:10

WordPress is a highly popular open-source content management system used for creating and managing websites.The project's security team discovered a Property Oriented Programming chain vulnerability that was introduced in WordPress core 6.4, which under certain conditions could allow arbitrary PHP code execution.

Atlassian patches critical RCE flaws across multiple products
2023-12-06 15:49

Atlassian has published security advisories for four critical remote code execution vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. All security issues addressed received a critical-severity score of at least 9.0 out of 10, based on Atlassian's internal assessment. Due to the popularity of Atlassian products and their extensive deployment in corporate environments, system administrators should prioritize applying the available updates.

Atlassian fixes four critical RCE vulnerabilities, patch quickly!
2023-12-06 14:51

Atlassian has released security updates for four critical vulnerabilities in its various offerings that could be exploited to execute arbitrary code. CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that can lead to remote code execution.

December Android updates fix critical zero-click RCE flaw
2023-12-04 19:37

Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution bug. "The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation," the advisory explains.

Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens
2023-12-03 09:00

Strategies for cultivating a supportive culture in zero-trust adoptionIn this Help Net Security interview, Wolfgang Goerlich, Advisory CISO at Cisco, discusses the benefits of implementing a mature zero-trust model for both security and business outcomes, revealing a decrease in reported security incidents and enhanced adaptability. Vigil: Open-source LLM security scannerVigil is an open-source security scanner that detects prompt injections, jailbreaks, and other potential threats to Large Language Models.

PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)
2023-11-27 10:44

A proof-of-concept exploit for a high-severity flaw in Splunk Enterprise that can lead to remote code execution has been made public. Splunk Enterprise is a solution that ingests a variety of data generated by an organization's business infrastructure and applications.

Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits
2023-11-20 16:54

The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems. Kinsing malware targets Linux systems and its operator is notorious for leveraging known flaws that are often overlooked by system administrators.

Exploit for CrushFTP RCE chain released, patch now
2023-11-18 15:06

A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords. Today, Converge published a proof-of-concept exploit for the CVE-2023-43177 flaw, making it critical for CrushFTP users to install the security updates as soon as possible.

CISA warns of actively exploited Juniper pre-auth RCE exploit chain
2023-11-13 17:23

CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution attacks as part of a pre-auth exploit chain. The alert comes one week after Juniper updated its advisory to notify customers that the flaws found in Juniper's J-Web interface have been successfully exploited in the wild.

TellYouThePass ransomware joins Apache ActiveMQ RCE attacks
2023-11-06 15:34

Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. One week after Apache patched this critical ActiveMQ vulnerability, Huntress Labs and Rapid7 both reported spotting attackers exploiting the bug to deploy HelloKitty ransomware payloads on customers' networks.