Security News

VMware has released software updates to correct two security vulnerabilities in Aria Operations for Networks that could be potentially exploited to bypass authentication and gain remote code execution."A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI," the company said in an advisory.

A vulnerability in Skype mobile apps can be exploited by attackers to discover a user's IP address - a piece of information that may endanger individuals whose physical security depends on their general location remaining secret. Vulnerability specifics have not been publicly shared since it has yet to be patched, but Cox says it's "Trivially easy to exploit and involves changing a certain parameter related to the link."

Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what's suspected to be a ransomware attack. Attack chains involve the exploitation of CVE-2023-3519, a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could facilitate unauthenticated remote code execution.

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vulnerability to deploy QuiteRAT, downloaded from an IP address previously associated with the Lazarus hacking group. The malware Cisco Talos researchers dubbed QuiteRAT is a simple remote access trojan that's similar to Lazarus Group's MagicRAT malware, only smaller in size.

Ivanti is urging administrators of Ivanti Sentry gateways to patch a newly discovered vulnerability that could be exploited to change configuration, run system commands, or write files onto the vulnerable system. CVE-2023-38035 is an API authentication bypass flaw that may enable unauthenticated attackers to access APIs that are used to configure the Ivanti Sentry on the administrator portal/interface, which runs by default on port 8443.

The U.S. Cybersecurity and Infrastructure Security Agency has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359, relates to a deserialization flaw present in Adobe ColdFusion 2018 and ColdFusion 2021 that could result in arbitrary code execution in the context of the current user without requiring any interaction.

A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Tracked as CVE-2023-40477, the vulnerability has been described as a case of improper validation while processing recovery volumes.

While the CRA doesn't demand companies forward an exploited vulnerability's full technical specifications to ENISA, it does require companies to report on a vulnerability "With details"-and these details could be more than enough to attract the attention of a savvy attacker. As the CERT Guide to Coordinated Vulnerability Disclosure puts it: "Mere knowledge of a vulnerability's existence in a feature of some product is sufficient for a skillful person to discover it for themselves."

Analysts, on the other hand, understand that Zero Trust can only be achieved with comprehensive insight into one's own network. This has increased the percentage of Zero Trust advocates from 24% to 55%. The security model known as Zero Trust is an overarching security strategy designed to continuously audit and verify access to resources, both internally and externally.

CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers.GreyNoise has flagged on Tuesday a sudden spike in IP addresses from which exploitation attempts are coming, and the Cybersecurity and Infrastructure Agency has added the vulnerability to its Known Exploited Vulnerabilities Catalog.