Security News

Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains.Redmond's warning to immediately patch the two bugs - both allowing attackers to impersonate domain controllers - comes after a proof-of-concept tool that can leverage these vulnerabilities was shared on Twitter and GitHub on December 11.

Critical security vulnerabilities in SonicWall's Secure Mobile Access 100-series VPN appliances could allow an unauthenticated, remote user to execute code as root. "The vulnerability is due to the SonicWall SMA SSLVPN Apache httpd server GET method of mod cgi module environment variables use a single stack-based buffer using `strcat,'" according to SonicWall's security advisory, issued Tuesday.

A high-severity security vulnerability in CloudLinux's Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers. Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for real-time website protection and web-server security.

Around six million Sky Broadband customer routers in the UK were affected by a critical vulnerability that took over 17 months to roll out a fix to customers. DNS rebinding attacks are used to bypass a browser security measure called Same Origin Policy, which blocks a site from sending requests to websites other than its own origin.

The UK government has published guidance describing what technologies may be caught within the National Security and Investment Act 2021, which is set to give ministers the power to halt mergers and acquisitions. The guidance says that "If an entity you are acquiring performs a certain activity, it could put you in scope of the National Security and Investment Act and you may be legally required to tell the government about it. This guidance tells you what these activities are."

According to SentinelOne's SentinelLabs, the bug in question specifically resides in a message type that allows nodes to send cryptographic keys to each other. According to the researcher, that common header contains a "Header size" allocation, which is the actual header size shifted to the right by two bits; and a "Message size" allocation that is equal to the length of the entire TIPC message.

Vulnerabilities in the Brizy Page Builder plugin for WordPress sites could be chained together to allow attackers to completely take over a website, according to researchers. The two fresh bugs can both be chained with the re-introduced access control vulnerability to allow complete site takeover, researchers explained.

Some perpetrators hire cheap human labor, for staging larger scale account takeover attacks. Hacker intervention can occasionally circumvent standard authentication measures for blocking account takeover fraud.

SonicWall has patched a critical security flaw impacting several Secure Mobile Access 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices. The SMA 100 series appliances vulnerable to attacks targeting the improper access control vulnerability tracked as CVE-2021-20034 includes SMA 200, 210, 400, 410, and 500v. There are no temporary mitigations to remove the attack vector, and SonicWall strongly urges impacted customers to deploy security updates that address the flaw as soon as possible.

Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances services that could have been exploited by a malicious actor "To access other customers' information" in what the researcher described as the "First cross-account container takeover in the public cloud." Azure Container Instances is a managed service that allows users to run Docker containers directly in a serverless cloud environment, without requiring the use of virtual machines, clusters, or orchestrators.