Security News

Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes.

More details have emerged about a set of now-patched cross-site scripting flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities. "The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of which could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads," Orca security researcher Lidor Ben Shitrit said in a report shared with The Hacker News.

Notepad++ version 8.5.7 has been released with fixes for multiple buffer overflow zero-days, with one marked as potentially leading to code execution by tricking users into opening specially crafted files. GitHub's security researcher Jaroslav Lobačevski reported the vulnerabilities in Notepad++ version 8.5.2 to the developers over the last couple of months.

The U.S. Cybersecurity and Infrastructure Security Agency on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. "Nation-state advanced persistent threat actors exploited CVE-2022-47966 to gain unauthorized access to a public-facing application, establish persistence, and move laterally through the network," according to a joint alert published by the agency, alongside Federal Bureau of Investigation, and Cyber National Mission Force.

Patches have been released to address two new security vulnerabilities in Apache SuperSet that could be exploited by an attacker to gain remote code execution on affected systems. Outside of these weaknesses, the latest version of Superset also remediates a separate improper REST API permission issue that allows for low-privilege users to carry out server-side request forgery attacks.

A recently flagged phishing campaign aimed at delivering the Agent Tesla RAT to unsuspecting users takes advantage of old vulnerabilities in Microsoft Office that allow remote code execution. "Despite fixes for CVE-2017-11882/CVE-2018-0802 being released by Microsoft in November, 2017 and January, 2018, this vulnerability remains popular amongst threat actors, suggesting there are still unpatched devices in the wild, even after over five years," says Fortinet researcher Xiaopeng Zhang.

Nine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories. "The most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution on an engineering workstation," Nozomi Networks said in a report published last week.

An unknown threat actor has been observed weaponizing high-severity security flaws in the MinIO high-performance object storage system to achieve unauthorized code execution on affected servers. Cybersecurity and incident response firm Security Joes said the intrusion leveraged a publicly available exploit chain to backdoor the MinIO instance.

Data from the human vs. machine challenge could provide a framework for government and enterprise policies around generative AI. OpenAI, Google, Meta and more companies put their large language models to the test on the weekend of August 12 at the DEF CON hacker conference in Las Vegas. The Generative Red Team Challenge organized by AI Village, SeedAI and Humane Intelligence gives a clearer picture than ever before of how generative AI can be misused and what methods might need to be put in place to secure it.

Researchers have discovered serious security vulnerabilities in two widely used data center solutions: CyberPower's PowerPanel Enterprise Data Center Infrastructure Management platform and Dataprobe's iBoot Power Distribution Unit. "An attacker could chain these vulnerabilities together to gain full access to these systems - which alone could be leveraged to commit substantial damage. Furthermore, both products are vulnerable to remote code injection that could be leveraged to create a backdoor or an entry point to the broader network of connected data center devices and enterprise systems," Trellix researchers noted.