Overview Netlab security researchers published a report recently for a new Mirai-based IoT botnet called Ttint. This IoT botnet spreads by exploiting the two Tenda router zero-day vulnerabilities (CVE-2020-10987, second one is not yet disclosed). Ttint is a remote access Trojan based on Mirai botnet code. Traditional Mirai botnet is mostly used to launch a … Continue reading “Tenda Routers Multiple Security Vulnerabilities”
Apache OFBiz Remote Code Execution Vulnerability (CVE-2020-9496)
Overview: On 19 May 2020, Apache published an advisory to address an insecure deserialization vulnerability in Apache OFBiz. The vulnerability occurs due to Java serialization issues while processing requests sent to the “/webtools/control/xmlrpc” URL. This vulnerability may lead to a variety of attacks like stealing user/admin credentials. This issue can be escalated into a Remote … Continue reading “Apache OFBiz Remote Code Execution Vulnerability (CVE-2020-9496)”
Cisco IOS and IOS XE Multiple Vulnerabilities
Multiple vulnerabilities including authorization bypass, DoS, arbitrary code execution and such other critical vulnerabilities were observed in various Cisco IOS and IOS XE devices in September 2020. To this, Cisco published a collated report of all 34 vulnerabilities as an advisory – ERP-74268. In its semi-annual report, published on Sept 24, 2020, Cisco released bundles … Continue reading “Cisco IOS and IOS XE Multiple Vulnerabilities”
OpenSSL Raccoon Vulnerability
A team of researchers has disclosed the details of the timing vulnerability named Raccoon attack in TLS 1.2 and earlier versions. This is a server-side vulnerability that exploits a TLS specification side-channel. Successful exploitation of the vulnerability could lead an attacker to break the encryption and read sensitive communication. In a paper published by Raccoon, … Continue reading “OpenSSL Raccoon Vulnerability”
VPN Vulnerabilities Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA), with contributions from the Federal Bureau of Investigation (FBI), has published a report detailing nefarious activities originating in Iran, targeting several U.S. agencies. Pioneer Kitten and UNC757 were named as malicious actors in the report. Using various tactics, techniques and procedures (TTPs), it was reported that the affected … Continue reading “VPN Vulnerabilities Exploited in the Wild”
Microsoft Windows Netlogon Privilege Escalation Vulnerability (CVE-2020-1472)
A severe bug identified as CVE-2020-1472 with a criticality of 10 is being exploited publicly in the wild. This bug can take over Windows Servers running as Domain Controllers with domain-level privileges from a remote unauthenticated user. A Dutch team, collectively known as Secura, has published an exploit on Github with a technical writeup. According … Continue reading “Microsoft Windows Netlogon Privilege Escalation Vulnerability (CVE-2020-1472)”
PAN-OS Buffer overflow vulnerability (CVE-2020-2040)
Within a span of three months, one more critical vulnerability with a score of 10.0 has been observed in PAN-OS devices. When a Captive Portal or Multi-factor authentication interface is enabled on PAN-OS devices, it is considered to be vulnerable to critical buffer overflow vulnerability. This vulnerability is classified as CWE-120 and assigned CVE-2020-2040, on … Continue reading “PAN-OS Buffer overflow vulnerability (CVE-2020-2040)”
WordPress File Manager Plugin Remote Code Execution Vulnerability
Overview: On 1st September 2020, researchers at Wordfence published a blog regarding a remote code execution vulnerability in WordPress File Manager plugin. Successful exploitation of this vulnerability allows unauthenticated remote attackers to execute commands and upload malicious files and shells on a target website. The vulnerability currently does not have any CVE assigned to it … Continue reading “WordPress File Manager Plugin Remote Code Execution Vulnerability”
Cisco Jabber for Windows Multiple Vulnerabilities (CVE-2020-3495)
Overview Cisco has addressed four vulnerabilities in Cisco Jabber for Windows. The most critical of these vulnerabilities, CVE-2020-3495, when exploited, allows an attacker to execute arbitrary code via a crafted chat message. Description Cisco Jabber is an instant messaging and video-conferencing application. Cisco Jabber uses the Chromium Embedded Framework (CEF) to embed a Chromium-based web … Continue reading “Cisco Jabber for Windows Multiple Vulnerabilities (CVE-2020-3495)”
Slack Remote Code Execution Vulnerability
Overview A critical remote code execution vulnerability was found in the Slack desktop application. Successful exploitation of this vulnerability gives attacker full control over the Slack desktop app and access to private channels, conversations, passwords, tokens, keys etc. Oskarsv, the security researcher who reported the vulnerability says “With any in-app redirect – logic/open redirect, HTML … Continue reading “Slack Remote Code Execution Vulnerability”