Security News

ShellTorch flaws expose AI servers to code execution attacks
2023-10-03 16:37

The TorchServe flaws discovered by the Oligo Security research team can lead to unauthorized server access and remote code execution on vulnerable instances. Due to insecure deserialization in the SnakeYAML library, attackers can upload a model with a malicious YAML file to trigger remote code execution.

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)
2023-10-02 11:07

Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities in WS FTP Server, another popular secure file transfer solution. CVE-2023-40044 is a.NET deserialization vulnerability that could allow an unauthenticated threat actor to execute remote commands on the underlying WS FTP Server operating system, and can be exploited via a HTTPS POST request.

New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks
2023-09-30 04:14

Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of...

Millions of Exim mail servers exposed to zero-day RCE attacks
2023-09-29 20:11

A critical zero-day vulnerability in all versions of Exim mail transfer agent software can let unauthenticated attackers gain remote code execution on Internet-exposed servers. MTA servers like Exim are highly vulnerable targets, primarily because they are often accessible via the Internet, serving as easy entry points for attackers into a target's network.

Exploit released for Microsoft SharePoint Server auth bypass flaw
2023-09-29 18:06

Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. Janggggg successfully achieved RCE on a Microsoft SharePoint Server using this exploit chain during the March 2023 Pwn2Own contest in Vancouver, earning a $100,000 reward.

Progress Software Releases Urgent Hotfixes for  Multiple Security Flaws in WS_FTP Server
2023-09-29 06:15

Progress Software has issued hotfixes for a critical security vulnerability (with a maximum CVSS score of 10.0) and seven other flaws in its WS_FTP Server Ad hoc Transfer Module and WS_FTP Server manager interface.The most severe flaw, CVE-2023-40044, affects all versions of the software, allowing a pre-authenticated attacker to exploit a .NET deserialization vulnerability to run remote commands.

Progress warns of maximum severity WS_FTP Server vulnerability
2023-09-28 22:02

Progress Software, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS FTP Server software. The company says thousands of IT teams worldwide use its enterprise-grade WS FTP Server secure file transfer software.

Cisco Catalyst SD-WAN Manager flaw allows remote server access
2023-09-28 15:15

Cisco is warning of five new Catalyst SD-WAN Manager products vulnerabilities with the most critical allowing unauthenticated remote access to the server. Cisco Catalyst SD-WAN Manager for WAN is network management software allowing admins to visualize, deploy, and manage devices on wide area networks.

Hackers actively exploiting Openfire flaw to encrypt servers
2023-09-26 14:20

Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers. Although Openfire fixed the issue with versions 4.6.8, 4.7.5, and 4.8.0, released in May 2023, VulnCheck reported that by mid-August 2023, over 3,000 Openfire servers were still running a vulnerable version.

ShadowSyndicate hackers linked to multiple ransomware ops, 85 servers
2023-09-26 09:11

Group-IB analysts attribute with various degrees of confidence ShadowSyndicate's use of the Quantum, Nokoyawa, BlackCat/ALPHV, Clop, Royal, Cactus, and Play ransomware in breaches since July 2022. Based on their findings, researchers believe that the threat actor could be an initial access broker, although evidence suggests that ShadowSyndicate is an affiliate to multiple ransomware operations.