Security News

Security researchers with Horizon3's Attack Team will release an exploit targeting a vulnerability chain next week for gaining remote code execution on unpatched VMware vRealize Log Insight appliances. Now known as VMware Aria Operations for Logs, vRealize Log Insight makes it easier for VMware admins to analyze and manage terabytes of infrastructure and application logs.

Lexmark has released a security firmware update to fix a severe vulnerability that could enable remote code execution on more than 100 printer models. "Lexmark is not aware of any malicious use against Lexmark products of the vulnerability described in this advisory, but proof of concept code has been publicly published" - Lexmark.

Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain. By chaining two security flaws disclosed last week, threat actors can bypass authentication and execute arbitrary commands on the underlying operating system of Cisco Small Business RV016, RV042, RV042G, and RV082 routers.

A critical remote code execution vulnerability affecting multiple Zoho ManageEngine products is now being exploited in attacks. While investigating attacks that led to the compromise of some of its customers' ManageEngine instances, Rapid7 also observed post-exploitation activity.

Proof-of-concept exploit code is now available for a remote code execution vulnerability in multiple Zoho ManageEngine products. The PoC exploit was tested against ServiceDesk Plus and Endpoint Central, and Horizon3 "Expect this POC to work unmodified on many of the ManageEngine products that share some of their codebase with ServiceDesk Plus or EndpointCentral."

A new critical remote code execution flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application. "By abusing the vulnerability, attackers can deploy malicious ZIP files containing a payload to the victim's Azure application."

A source code audit has revealed two critical vulnerabilities affecting git, the popular distributed version control system for collaborative software development. Aside from the two critical issues, a high severity flaw has also been patched in the Git GUI for Windows.

Over 4,000 Sophos Firewall devices exposed to Internet access are vulnerable to attacks targeting a critical remote code execution vulnerability. Sophos disclosed this code injection flaw found in the User Portal and Webadmin of Sophos Firewall in September and also released hotfixes for multiple Sophos Firewall versions.

On Friday, security researchers with Horizon3's Attack Team warned admins that they created a proof-of-concept exploit for CVE-2022-47966. "The vulnerability is easy to exploit and a good candidate for attackers to 'spray and pray' across the Internet. This vulnerability allows for remote code execution as NT AUTHORITYSYSTEM, essentially giving an attacker complete control over the system," Horizon3 vulnerability researcher James Horseman said.

On Friday, security researchers with Horizon3's Attack Team warned admins that they created a proof-of-concept exploit for CVE-2022-47966."The vulnerability is easy to exploit and a good candidate for attackers to 'spray and pray' across the Internet. This vulnerability allows for remote code execution as NT AUTHORITYSYSTEM, essentially giving an attacker complete control over the system," Horizon3 vulnerability researcher James Horseman said.