Security News

After a number of top traders of FIFA's Ultimate Team game last week reported that their accounts had been taken over and cleared of points and thousands of dollars in game currency, EA launched an investigation. The company discovered that phishers managed to "Exploit human error" among EA's customer support staff to compromise less than 50 top trader accounts, the company wrote in a post on its website Tuesday.

A security vulnerability in VMware's Cloud Foundation, ESXi, Fusion and Workstation platforms could pave the way for hypervisor takeover in virtual environments - and a patch is still pending for some users. ESXi is a bare-metal hypervisor that installs on a server and partitions it into multiple virtual machines.

An attacker with an account with the site - such as a subscriber, shopping account holder or member - can take advantage of the holes, which are a privilege-escalation bug and an SQL-injection problem, according to researchers at Sucuri. Essentially, the plugin can send commands to various REST API endpoints, and it performs a permissions check to make sure no one's doing anything they're not allowed to do.

A proof-of-concept tool has been published that leverages two Windows Active Directory bugs fixed last month that, when chained, can allow easy Windows domain takeover. Both vulnerabilities are described as a "Windows Active Directory domain service privilege-escalation" bugs and are of high severity, with a CVSS criticality score of 7.5 out of 10.

Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains.Redmond's warning to immediately patch the two bugs - both allowing attackers to impersonate domain controllers - comes after a proof-of-concept tool that can leverage these vulnerabilities was shared on Twitter and GitHub on December 11.

Critical security vulnerabilities in SonicWall's Secure Mobile Access 100-series VPN appliances could allow an unauthenticated, remote user to execute code as root. "The vulnerability is due to the SonicWall SMA SSLVPN Apache httpd server GET method of mod cgi module environment variables use a single stack-based buffer using `strcat,'" according to SonicWall's security advisory, issued Tuesday.

A high-severity security vulnerability in CloudLinux's Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers. Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for real-time website protection and web-server security.

Around six million Sky Broadband customer routers in the UK were affected by a critical vulnerability that took over 17 months to roll out a fix to customers. DNS rebinding attacks are used to bypass a browser security measure called Same Origin Policy, which blocks a site from sending requests to websites other than its own origin.

The UK government has published guidance describing what technologies may be caught within the National Security and Investment Act 2021, which is set to give ministers the power to halt mergers and acquisitions. The guidance says that "If an entity you are acquiring performs a certain activity, it could put you in scope of the National Security and Investment Act and you may be legally required to tell the government about it. This guidance tells you what these activities are."

According to SentinelOne's SentinelLabs, the bug in question specifically resides in a message type that allows nodes to send cryptographic keys to each other. According to the researcher, that common header contains a "Header size" allocation, which is the actual header size shifted to the right by two bits; and a "Message size" allocation that is equal to the length of the entire TIPC message.