Security News

Perceived weaknesses in the security of Microsoft's Visual Studio IDE are being raised once again this week with a fresh single-click exploit. Following the 2021 targeting of security researchers by North Korea's state-sponsored offensive cyber group Lazarus, Microsoft rolled out trusted locations to prevent malicious Visual Studio projects being used to achieve remote code execution.

If you're running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability in the libcue library. Discovered by GitHub security researcher Kevin Backhouse, CVE-2023-43641 affects the libcue library, which is used for parsing cue sheets that contain the layout of tracks on a CD. Libcue is also used by an application called tracker-miners, which indexes files in users' home directory.

A new security flaw has been disclosed in the libcue library impacting GNOME Linux systems that could be exploited to achieve remote code execution (RCE) on affected hosts. Tracked as...

A memory corruption vulnerability in the open-source libcue library can let attackers execute arbitrary code on Linux systems running the GNOME desktop environment. Libcue, a library designed for parsing cue sheet files, is integrated into the Tracker Miners file metadata indexer, which is included by default in the latest GNOME versions.

Ransomware gangs are now targeting a recently patched critical vulnerability in JetBrains' TeamCity continuous integration and deployment server. The flaw allows unauthenticated attackers to gain remote code execution after successfully exploiting an authentication bypass weakness in low-complexity attacks that don't require user interaction.

A critical zero-day vulnerability in all versions of Exim mail transfer agent software can let unauthenticated attackers gain remote code execution on Internet-exposed servers. MTA servers like Exim are highly vulnerable targets, primarily because they are often accessible via the Internet, serving as easy entry points for attackers into a target's network.

An inside look at NetSPI's impressive Breach and Attack Simulation platformIn this Help Net Security interview, Scott Sutherland, VP of Research at NetSPI, delves into the intricacies of their Breach and Attack Simulation platform and discusses how it offers unique features - from customizable procedures to advanced plays - that help organizations maximize their ROI. How companies can take control of their cybersecurityIn this Help Net Security interview, Baya Lonqueux, CEO at Reciproc-IT, discusses the evolving cybersecurity landscape and the essential skillsets needed for teams working in this field. Critical Trend Micro vulnerability exploited in the wildTrend Micro has fixed a critical zero-day vulnerability in several of its endpoint security products for enterprises that has been spotted being exploited in the wild.

New research has found that close to 12,000 internet-exposed Juniper firewall devices are vulnerable to a recently disclosed remote code execution flaw. VulnCheck, which discovered a new exploit for CVE-2023-36845, said it could be exploited by an "Unauthenticated and remote attacker to execute arbitrary code on Juniper firewalls without creating a file on the system."

An estimated 12,000 Juniper SRX firewalls and EX switches are vulnerable to a fileless remote code execution flaw that attackers can exploit without authentication. In a later technical report, watchTowr Labs released a PoC that chained the CVE-2023-36845 and CVE-2023-36846 flaws, allowing the researchers to remotely execute code by uploading two files to a vulnerable device.

Three high-severity Kubernetes vulnerabilities could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster. "The Kubernetes framework uses YAML files for basically everything - from configuring the Container Network Interface to pod management and even secret handling," Peled explained.