Security News
Building a culture of security awareness in healthcare begins with leadershipIn this Help Net Security interview, Ken Briggs, General Counsel at Salucro, discusses how fostering a culture of security awareness has become paramount for healthcare organizations. PoC exploit for exploited MOVEit vulnerability releasedAs more victim organizations of Cl0p gang's MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data.
In case you were wondering, there were 26 Remote Code Execution patches, including four dubbed "Critical", although three of those seem to related bugs that were found and fixed together in a single Windows component. RCE patches generally cause the most concern, because they deal with bugs that can, in theory at least, be exploited by attackers who don't yet have a foothold on your network, which means they represent possible ways of criminals breaking-and-entering in the first place.
Today is Microsoft's June 2023 Patch Tuesday, with security updates for 78 flaws, including 38 remote code execution vulnerabilities. While thirty-eight RCE bugs were fixed, Microsoft only listed six flaws as 'Critical,' including denial of service attacks, remote code execution, and privilege elevation.
Fortinet says a critical FortiOS SSL VPN vulnerability that was patched last week "May have been exploited" in attacks impacting government, manufacturing, and critical infrastructure organizations. On Friday, Fortinet released security updates to address the vulnerability before disclosing additional details today.
Horizon3 security researchers have released proof-of-concept exploit code for a remote code execution bug in the MOVEit Transfer managed file transfer solution abused by the Clop ransomware gang in data theft attacks. With the release of this RCE PoC exploit, more threat actors will likely move quickly to deploy it in attacks or create their own custom versions to target any unpatched servers left exposed to Internet access.
Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution.The vulnerability, tracked as CVE-2023-27997, is "Reachable pre-authentication, on every SSL VPN appliance," Lexfo Security researcher Charles Fol, who discovered and reported the flaw, said in a tweet over the weekend.
Fortinet has released several versions of FortiOS, the OS/firmware powering its Fortigate firewalls and other devices, without mentioning that they include a fix for CVE-2023-27997, a remote code execution flaw that does not require the attacker to be logged in to exploit it. The vulnerability has been fixed in FortiOS versions 7.2.5, 7.0.12, 6.4.13, 6.2.15 and, apparently also in v6.0.17.
Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices. While not mentioned in the release notes, security professionals and admins have hinted that the updates quietly fixed a critical SSL-VPN RCE vulnerability that would be disclosed on Tuesday, June 13th, 2023.
A researcher has published a working exploit for a remote code execution flaw impacting ReportLab Toolkit, a popular Python library used by numerous projects to generate PDF files from HTML input. ReportLab Toolkit is used by multiple projects as a PDF library and has approximately 3.5 million monthly downloads on PyPI. The problem stems from the ability to bypass sandbox restrictions on 'rl safe eval,' whose role is to prevent malicious code execution, leading to the attacker accessing potentially dangerous Python built-in functions.
D-Link has fixed two critical-severity vulnerabilities in its D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code.D-View is a network management suite developed by the Taiwanese networking solutions vendor D-Link, used by businesses of all sizes for monitoring performance, controlling device configurations, creating network maps, and generally making network management and administration more efficient and less time-consuming.