T mobile security breach number11/18/2023 "The cyber threat landscape has become more volatile, and, as a result, we've seen claims become more severe and more common than ever," said Chris Hendricks, head of Coalition incident response. Ransomware: Only getting worse, if insurance is a metricĬyber insurance firm Coalition has released a mid-year look at the state of cyber security insurance, and found an increase in claims. Once the vulnerability was publicly released, the actors acted quickly to capitalize on the severity," Unit 42 explained. "Based on a timeline of events, we believe the threat actor had created the infrastructure and payload independently from the fake PoC. Unit 42 said it's unlikely whalersplonk specifically targeted security researchers, and likely aimed to compromise other threat actors who take advantage of new PoCs. The fake PoC script was based on another PoC that exploited an SQL injection vulnerability with the ultimate goal of installing the VenomRAT malware. Only four days after the Zero Day Initiative disclosed the vulnerability a fake PoC was uploaded to GitHub by a threat actor using the alias "whalersplonk." Researchers from Palo Alto Networks' Unit 42 said they've discovered a fake PoC for a remote code execution vulnerability in WinRAR that was identified on August 17. There are plenty of reasons why security researchers publish proof of concept (PoC) code for the vulnerabilities they discover, but some ingenious malware actor has figured out PoCs are also a clever way to distribute malware. Warning: That PoC might contain more than you bargain for CVSS 7.2 – CVE-2023-41179: Trend Micro's Apex One, both on-prem and SaaS versions, contain a vulnerability in their third party AV uninstaller module that can allow an attacker to execute arbitrary commands.CVSS 8.8 – CVE-2017-6884: Zyxel EMG2926 home router firmware contains a command injection vulnerability in its implementation of nslookup.CVSS 8.8 – CVE-2023-28434: GitHub's Minio multi-cloud object storage framework contains a vulnerability that can be used to bypass metadata bucket name checking to allow for arbitrary object placement.CVSS 9.3 – CVE-2022-31462: Owl Labs Meeting Owl software version 5.2.0.15 contains a hardcoded backdoor password derived from the device's serial number, and it can be found in Bluetooth broadcast data.CVSS 9.8 – CVE-2021-3129: Ignition error page software before 2.5.2, as used in the Laravel PHP framework and other suites, lets unauthenticated users execute arbitrary code.Several known vulnerabilities were spotted being exploited in the wild this week: CVSS 8.2 – CVE-2023-38557: Siemens Spectrum Power 7 software versions prior to V23Q3 are assigning improper access rights to update scripts, giving an attacker a way to elevate their privileges.CVSS 9.4 – CVE-2023-4523: Real Time Automation's 460 series MCBS gateways are vulnerable to cross-site scripting.CVSS 9.6 – Multiple CVEs: Rockwell's Connected Components Workbench software also has some serious vulnerabilities – in this case a series that could be used to allow an attacker to exploit heap corruption with specially crafted HTML.CVSS 9.8 – CVE-2023-2071: Rockwell's FactoryTalk View Machine Edition software versions 13.0 and 12.0 and prior also contain a vulnerability that can be used to trigger RCE.CVSS 9.8 – CVE-2023-2262: A whole bunch of Rockwell Automation 1756 series Logix comms modules are vulnerable to an RCE exploit.Some rather serious OT vulnerabilities to point out this week, too: Patch – or if that's not an option, disable either direct transfers or security policies, which will prevent the vulnerability from being exploited.Ītlassian also addressed a quartet of rather serious issues in a patch this week, including an RCE vulnerability in Bitbucket Data Center and Server and a DoS vulnerability in Confluence's similarly named products. Gitlab this week released a security update for Enterprise Edition that addresses a critical issue allowing an attacker to run pipelines as an arbitrary user via scheduled security scan policies, which was itself a bypass of a previous security issue.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |