Security News

Two former Tenda router zero-days are anchoring the spread of a Mirai-based botnet called Ttint. For one, on the RAT front, researchers said that it implements 12 remote access functions, that combine with custom command-and-control server commands to carry out tasks like setting up a Socket5 proxy for router devices, tampering with router DNS, setting iptables and executing custom system commands.

The highly popular WordPress plugin File Manager this week received a patch to address an actively exploited zero-day vulnerability. Designed to provide WordPress site admins with copy/paste, edit, delete, download/upload, and archive functionality for both files and folders, File Manager has over 700,000 active installs.

Cisco has warned that hackers are targeting not one, but two unpatched vulnerabilities in the DVMRP feature of IOS XR software that runs on many carrier-grade routers. Over the weekend, the company published an advisory to warn of active attacks targeting a security flaw in the Distance Vector Multicast Routing Protocol feature of IOS XR to cause memory exhaustion denial of service.

A technical support intervention has revealed two zero-day vulnerabilities in the OS running on Cisco enterprise-grade routers that attackers are trying to actively exploit. Cisco plans to release software updates to plug these security holes, but in the meantime administrators are advised to implement one or all of the provided mitigations.

Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend.

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. One of the 120 security holes Microsoft fixed on Aug. 11's Patch Tuesday was CVE-2020-1464, a problem with the way every supported version of Windows validates digital signatures for computer programs.

An attack launched in May 2020 against a South Korean company involved an exploit that chained zero-day vulnerabilities in Windows and Internet Explorer, Kaspersky reported on Wednesday. The vulnerabilities exploited in the attack have now been patched, but they had a zero-day status when exploitation was first observed.

The latest series of Patch Tuesday security updates for Windows 10 includes patches for 17 bugs marked 'Critical' and 97 listed as 'Important'. Microsoft has issued fixes for 120 vulnerabilities - including two zero-day exploits - in its latest Patch Tuesday security update for Windows 10.

vBulletin developers on Monday rushed to address a zero-day remote code execution vulnerability in the forum software, one day after the issue was publicly disclosed. On Sunday, security researcher Amir Etemadieh published information on a new vulnerability in vBulletin, explaining how it can be abused to bypass the patch released in September 2019 for CVE-2019-16759, and also providing proof-of-concept code that demonstrates how easily the flaw can be exploited.

The fix for CVE-2019-16759, a remote code execution vulnerability in vBulletin that was patched in September 2019, is incomplete, security researcher Amir Etemadieh has discovered. It's a quality write-up and contains a one-line PoC exploit and full exploits written Bash, Python and Ruby, as well as instructions on how to implement a fix until a more complete patch is released.