Security News
Many cyberattacks begin with the same weakness: user accounts. More specifically, they exploit user credentials, with 89% of web application attacks in 2021 involving stolen or misused usernames and passwords.
Miscreants have reportedly scanned almost 1.6 million websites in attempts to exploit an arbitrary file upload vulnerability in a previously disclosed buggy WordPress plugin. Wordfence disclosed the flaw almost three months ago, and in a new advisory this week warned that criminals are increasing attacks - the WordPress security shop claims it blocked an average of 443,868 attack attempts per day on its customers' sites.
The popular protocol for radio controlled aircraft called ExpressLRS can be hacked in only a few steps, according to a bulletin published last week. The vulnerability in the protocol is tied to the fact some of the information sent over via over-the-air packets is link data that a third-party can use to hijack the connection between drone operator and drone.
A new DFSCoerce Windows NTLM relay attack has been discovered that uses MS-DFSNM, Microsoft's Distributed File System, to completely take over a Windows domain. This service is vulnerable to NTLM relay attacks, which is when threat actors force, or coerce, a domain controller to authenticate against a malicious NTLM relay under an attacker's control.
GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. The security flaw affects all versions of GitLab Enterprise Edition starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, and all versions starting from 15.0 before 15.0.1.
A critical privilege escalation flaw found in two themes used by more than 90,000 WordPress sites can allow threat actors to take over the sites completely, researchers have found. WordFence Threat Intelligence Team researcher Ramuel Gall discovered the flaw, one of five vulnerabilities he found between early April and early May in the Jupiter and JupiterX Premium WordPress themes, he revealed in a blog post published Wednesday.
The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances. "Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so," RubyGems said in a security advisory published on May 6, 2022.
An initial audit from RubyGems reveals that the vulnerability has not been exploited within the last 18 months to alter any gems, but a deeper audit is still in progress with results yet to be announced. This week, RubyGems announced that a critical bug could've enabled any RubyGems.org user to yank versions of a gem that they didn't have authorization for, and replace the gem's contents with newer files.
F5 Networks' BIG-IP multi-purpose networking devices/modules are vulnerable to unauthenticated remote code execution attacks via CVE-2022-1388."This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services," F5 warned yesterday.
F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. The vulnerability is tracked as CVE-2022-1388 and has a CVSS v3 severity rating of 9.8, categorized as critical. According to F5's security advisory, the flaw lies in the iControl REST component and allows a malicious actor to send undisclosed requests to bypass the iControl REST authentication in BIG-IP. Due to the severity of the vulnerability and the widespread deployment of BIG-IP products in critical environments, CISA has also issued an alert today.