WhatsApp for Windows is under attack—a seemingly harmless file might hide a malicious payload thanks to a critical flaw. Are you sure your app’s updated? Discover how a tiny oversight could open the door for cyber threats.

https://thedefendopsdiaries.com/understanding-the-whatsapp-for-windows-vulnerability-cve-2025-30401/

#whatsappvulnerability
#cve202530401
#cybersecurity
#remotecodeexecution
#windowssecurity

Getting Root on Cheap WiFi Repeaters, the Long Way Around - What can you do with a cheap Linux machine with limited flash and only a single fr... - https://hackaday.com/2024/09/05/getting-root-on-cheap-wifi-repeaters-the-long-way-around/ #remotecodeexecution #reverseengineering #networkhacks #wifirepeater #openwrt #linux #curl #uart #cve #rce #ssh

South Korean hackers exploited WPS Office zero-day to deploy malware
#cybersecurity #zeroday #REMOTECODEEXECUTION https://www.bleepingcomputer.com/news/security/apt-c-60-hackers-exploited-wps-office-zero-day-to-deploy-spyglace-malware/

PHP vulnerability allows attackers to run malicious code on Windows servers - Enlarge

A critical vulnerability in the PHP programming langu... - https://arstechnica.com/?p=2029943 #remotecodeexecution #vulnerabilities #security #biz⁢ #php

Critical Vulnerability in Fluent Bit: CVE-2024-4323

Date: May 20, 2024
CVE: CVE-2024-4323
Vulnerability Type: Memory Corruption
CWE: [[CWE-787]], [[CWE-119]]
Sources: Tenable

Issue Summary

Tenable Research has identified a critical memory corruption vulnerability in Fluent Bit, designated CVE-2024-4323, within its built-in HTTP server. This vulnerability, termed "Linguistic Lumberjack," affects versions 2.0.7 through 3.0.3 and allows potential denial of service, information disclosure, or remote code execution. The issue has been fixed in the main branch and will be included in the upcoming 3.0.4 release.

Technical Key Findings

The vulnerability is rooted in improper handling of data types in the "inputs" array of the /api/v1/traces endpoint. When non-string values, such as integers or negative integers, are passed, it can lead to memory corruption. Exploits could include crashes from wild copies, heap overwrites, and disclosure of adjacent memory, potentially leading to remote code execution under specific conditions.

Vulnerable Products

• Fluent Bit versions 2.0.7 to 3.0.3

Impact Assessment

Exploitation of CVE-2024-4323 can result in significant disruptions such as service crashes, leakage of sensitive information, and in severe cases, remote code execution, which can compromise entire systems relying on Fluent Bit for logging and monitoring.

Patches or Workarounds

Users should upgrade to Fluent Bit version 3.0.4 or later. If upgrading is not immediately feasible, restricting access to the vulnerable endpoints is recommended to mitigate potential exploitation.

Tags

#CVE-2024-4323 #FluentBit #MemoryCorruption #CloudSecurity #RemoteCodeExecution #VulnerabilityManagement

Foxit PDF Reader Users Targeted by Malicious PDF Exploit

Date: May 15, 2024
CVE: CVE-2023-36033
Vulnerability Type: Remote Code Execution (RCE)
CWE: [[CWE-20]], [[CWE-78]], [[CWE-94]]
Sources: GBHackers, Checkpoint Research

Issue Summary

Researchers have identified a critical vulnerability in Foxit PDF Reader that allows attackers to execute malicious code on users' systems by exploiting a design flaw in the application's security warnings. The flaw makes it easy for attackers to trick users into approving malicious actions, leading to unauthorized access and data theft.

Technical Key Findings

The vulnerability stems from Foxit Reader's handling of security warnings, which default to an "OK" option. This flaw enables attackers to craft malicious PDFs that, when opened, prompt the user to approve actions unknowingly. Once approved, these actions can download and execute malicious code from a remote server, bypassing standard security detections.

Vulnerable Products

• Foxit Reader

Impact Assessment

Exploitation of this vulnerability can lead to severe consequences, including unauthorized access to sensitive data, remote control of the affected device, and the ability to deploy various malware such as VenomRAT, Agent-Tesla, and others. This can result in data breaches, espionage, and further propagation of malware.

Patches or Workarounds

Foxit has acknowledged the issue and that it would be resolved in version 2024 3.

Tags

#FoxitPDF #CVE2023-36033 #RemoteCodeExecution #Malware #CyberSecurity #APT #VulnerabilityPatch #DataBreach

" Critical Vulnerabilities Alert in ConnectWise Software "

Two vulnerabilities have been identified in ConnectWise's remote desktop software, ScreenConnect, affecting versions 23.9.7 and prior. The first vulnerability (CVE-2024-1708) is a path-traversal issue allowing potential remote code execution or access to sensitive data, rated with a high severity score of 8.4.

The second (CVE-2024-1709) is an authentication bypass, considered critical with a severity score of 10.0, and is easily exploitable with existing proof-of-concept exploits. ConnectWise has issued updates for cloud-hosted instances, but self-hosted deployments need immediate patching. The exposure is global, with significant concentrations in the United States, and it's expected that cybercriminals and nation-state actors will actively exploit these vulnerabilities.

| ---- | ---- | ---- |
| CVE Number | Description | *CVSS Severity* |
| CVE-2024-1708 | ScreenConnect 23.9.7 and prior are affected by a path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. | 8.4 High |
| CVE-2024-1709 | ConnectWise ScreenConnect 23.9.7 and prior are affected by an authentication bypass using an alternate path or channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | 10.0 Critical |

Professionals using ConnectWise must urgently patch their systems to mitigate these vulnerabilities. The discovery underscores the importance of rigorous security practices in protecting IT infrastructures.

Tags: #CyberSecurity #VulnerabilityAlert #ConnectWise #CVE2024_1708 #CVE2024_1709 #PatchManagement #ITSecurity #RemoteCodeExecution #PrivilegeEscalation

Source: Unit42 by Palo Alto Networks

"Critical RCE Flaw Uncovered in SolarWinds Access Rights Manager #CVE2023-40057"

A newly discovered deserialization vulnerability in SolarWinds Access Rights Manager (versions up to 2023.2.2) poses a severe risk, enabling remote code execution. Classified as very critical with a CVSS score of 8.9, this flaw (CVE-2023-40057) could allow authenticated users to execute arbitrary code remotely. Despite its high impact on confidentiality, integrity, and availability, no exploit is currently available. The vulnerability underscores the importance of validating deserialized data to prevent unauthorized access. No mitigation measures have been identified yet, emphasizing the need for heightened vigilance and potential product alternatives.

Stay informed: CVE-2023-40057 Details

Tags: #CyberSecurity #Vulnerability #SolarWinds #RemoteCodeExecution #RCE #Deserialization #CVE2023-40057 #InfoSec

Breaking News: "PixieFail" UEFI Vulnerabilities Exposed!

A critical discovery named "PixieFail" has put millions at risk! Quarkslab's team has identified nine severe vulnerabilities in the UEFI's TianoCore EFI Development Kit II. These flaws can lead to Denial of Service (DoS), DNS cache poisoning, and potential data breaches. Major firms like AMI, Intel, Insyde, and Phoenix Technologies are impacted. Immediate patching is advised!

The vulnerabilities, ranging from CVE-2023-45229 to CVE-2023-45237, have CVSS scores peaking at 8.3. The risks include DNS/DHCP attacks, information exposure, and more. Urging users to remain alert!

Details of the vulnerabilities:

• CVE-2023-45229 (CVSS: 6.5) - Integer underflow in DHCPv6 Advertise messages processing (IA_NA/IA_TA options).
• CVE-2023-45230 (CVSS: 8.3) - Buffer overflow in DHCPv6 client via extended Server ID option.
• CVE-2023-45231 (CVSS: 6.5) - Out-of-bounds read in truncated options of ND Redirect messages.
• CVE-2023-45232 (CVSS: 7.5) - Infinite loop caused by unknown options in Destination Options header.
• CVE-2023-45233 (CVSS: 7.5) - Infinite loop from PadN option parsing in Destination Options header.
• CVE-2023-45234 (CVSS: 8.3) - Buffer overflow from DNS Servers option processing in DHCPv6 Advertise messages.
• CVE-2023-45235 (CVSS: 8.3) - Buffer overflow in Server ID option handling from DHCPv6 proxy Advertise messages.
• CVE-2023-45236 (CVSS: 5.8) - Predictable TCP Initial Sequence Numbers.
• CVE-2023-45237 (CVSS: 5.3) - Weak pseudorandom number generator usage.

For more, visit The Hacker News.

Tags: #CyberSecurity #UEFI #Vulnerabilities #RemoteCodeExecution #DoS #DataTheft #FirmwareSecurity

" Alert: Androxgh0st Botnet Targets AWS & Microsoft Credentials! "

The cybersecurity realm is on high alert with the emergence of Androxgh0st, a botnet malware exploiting vulnerabilities to steal AWS and Microsoft credentials. It's a Python-scripted threat, targeting sensitive .env files and leveraging SMTP for credential scanning and web shell deployment. Key vulnerabilities exploited include CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773, allowing remote code execution and file uploads. This critical development warrants immediate attention and proactive defense strategies.

Tags: #CyberSecurity #Botnet #Androxgh0st #Vulnerability #AWS #Microsoft #SMTP #PHP #CVE20179841 #CVE201815133 #CVE202141773 #RemoteCodeExecution #CyberAttack

Sources:

• "Androxgh0st Botnet Malware Steals AWS, Microsoft Credentials" by Tushar Subhra Dutta on GBHackers. https://gbhackers.com/androxgh0st-botnet-malware/
• "US Gov Issues Warning for Androxgh0st Malware Attacks" by Ionut Arghire on SecurityWeek. https://www.securityweek.com/us-gov-issues-warning-for-androxgh0st-malware-attacks/

Mitre - CVE-2017-9841
Mitre - CVE-2018-15133
Mitre - CVE-2021-41773

" Critical Apache Struts Vulnerability Alert! CVE-2023-50164 "

Hackers are exploiting a critical vulnerability in Apache Struts (CVE-2023-50164), a popular Java EE web app framework used widely in various industries. This flaw allows unauthorized remote code execution, posing a severe threat to organizations using Struts versions 2.0.0 through 2.5.32 and 6.0.0 through 6.3.0.1. Attackers can manipulate file upload parameters for path traversal, leading to malicious file uploads and potentially gaining control over the server. An immediate upgrade to Struts 2.5.33 or 6.3.0.2 is vital to mitigate this risk.

Source: BleepingComputer, [trganda.github.io](https://trganda.github.io/notes/security/vulnerabilities/apache-struts/Apache-Struts-Remote-Code-Execution-Vulnerability-(-S2-066-CVE-2023-50164), Qualys ThreatPROTECT

Author Credits: Bill Toulas (BleepingComputer), Diksha Ojha (Qualys ThreatPROTECT)

Tags: #CyberSecurity #ApacheStruts #Vulnerability #CVE2023-50164 #RemoteCodeExecution #InfoSec

Meanwhile, CVE-2023-22524 could allow an attacker to achieve code execution by leveraging WebSockets to bypass Atlassian Companion’s blocklist and macOS Gatekeeper protections.

#Cybersecurity #Atlassian #Vulnerabilities #RCE #RemoteCodeExecution

https://cybersec84.wordpress.com/2023/12/07/atlassian-rolls-out-crucial-software-patches-to-thwart-remote-code-execution-vulnerabilities/

" Exim Mail Servers Under Siege: New Critical Flaws Unearthed "

A recent disclosure has unveiled multiple security vulnerabilities in the Exim mail transfer agent, posing a significant threat to information disclosure and remote code execution. The flaws, reported anonymously in June 2022, include:

• CVE-2023-42114 (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
• CVE-2023-42115 (CVSS score: 9.8) - Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
• CVE-2023-42116 (CVSS score: 8.1) - Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability
• CVE-2023-42117 (CVSS score: 8.1) - Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability
• CVE-2023-42118 (CVSS score: 7.5) - Exim libspf2 Integer Underflow Remote Code Execution Vulnerability
• CVE-2023-42119 (CVSS score: 3.1) - Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability

The most severe among these is CVE-2023-42115, enabling remote, unauthenticated attackers to execute arbitrary code on affected Exim installations. The Exim maintainers have already provided fixes for some of these vulnerabilities, while discussions are ongoing regarding the remaining issues.

This disclosure follows a history of security flaws in Exim, including the notorious 21Nails vulnerabilities and a critical Exim vulnerability (CVE-2019-10149, CVSS score: 9.8) exploited by the state-sponsored Sandworm group from Russia.

Source: The Hacker News

Tags: #Exim #CyberSecurity #Vulnerabilities #RemoteCodeExecution #InformationDisclosure #CVE202342115 #CVE202342116 #CVE202342117 #CVE202342118 #CVE202342119 #CVE202342114

Critical vulnerabilities in Exim threaten over 250k email servers worldwide - Enlarge (credit: Getty Images)

Thousands of servers running th... - https://arstechnica.com/?p=1972409 #remotecodeexecution #vulnerabilities #security #exploits #biz⁢ #email #exim #rce

" Juniper Firewalls Under Siege: Over 12,000 Vulnerable Devices Exposed! "

New research reveals nearly 12,000 internet-facing Juniper firewall devices are susceptible to a recently disclosed remote code execution flaw. The vulnerability, identified as CVE-2023-36845, allows an unauthenticated remote attacker to execute arbitrary code without creating a file on the system. This medium-severity flaw in the J-Web component of Junos OS can be weaponized by adversaries to control certain environment variables. Juniper Networks patched this alongside other vulnerabilities last month. A proof-of-concept (PoC) exploit by watchTowr combined CVE-2023-36846 and CVE-2023-36845 to upload malicious PHP files and achieve code execution. Jacob Baines points out, "Firewalls are interesting targets to APT as they help bridge into the protected network and can serve as useful hosts for C2 infrastructure." Juniper has acknowledged the vulnerability but is unaware of any successful exploits against its customers. However, they've detected exploitation attempts in the wild, urging users to apply necessary patches.

Source: The Hacker News

Tags: #Juniper #Firewall #Cybersecurity #Vulnerability #CVE202336845 #RemoteCodeExecution #JunosOS #APT #ThreatLandscape

" #KubernetesAlert: High-Severity Flaws Target Windows Endpoints! "

Three critical vulnerabilities have been unearthed in Kubernetes, enabling remote code execution on Windows nodes within clusters. These flaws, identified as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, boast CVSS scores of 8.8. Akamai's Tomer Peled, who responsibly disclosed these issues, emphasized, "Attackers only need to apply a malicious YAML file on the cluster to exploit." Major cloud platforms like AWS, Google Cloud, and Microsoft Azure have all issued advisories. The root cause? A glaring oversight in input sanitization in the Windows-specific Kubelet porting.

Source: The Hacker News

Tags: #Kubernetes #Cybersecurity #Vulnerability #WindowsNodes #RemoteCodeExecution #CloudSecurity #Akamai #AWS #GoogleCloud #Azure #Kubelet

MITRE CVE-2023-3676
MITRE CVE-2023-3893
MITRE CVE-2023-3955

Controlling your server with a reverse shell attack https://t.co/65HlGDRf9T
#reverseShell #remoteCodeExecution #RCE #security #devsecops https://t.co/LqKB3vOawI

Millions of servers inside data centers imperiled by flaws in AMI BMC firmware - Enlarge (credit: Getty Images)

Two years ago, ransomware crook... - https://arstechnica.com/?p=1955540 #baseboardmanagementcontroller #remotecodeexecution #vulnerabilities #security #updates #biz⁢ #bmc