Leaderboard

Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. "An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution," VMware noted in an advisory on October 19, 2023. James Horseman from Horizon3.ai and the Randori Attack Team have been credited with discovering and reporting the flaw. Horizon3.ai has since made available a PoC for the vulnerability, prompting VMware to revise its advisory this week. It's worth noting that CVE-2023-34051 is a patch bypass for a set of critical flaws that were addressed by VMware earlier this January that could expose users to remote code execution attacks. "This patch bypass would not be very difficult for an attacker to find," Horseman said. "This attack highlights the importance of defense in depth. A defender can't always trust that an official patch fully mitigates a vulnerability." The disclosure comes as Citrix released an advisory of its own, urging customers to apply fixes for CVE-2023-4966 (CVSS score: 9.4), a critical security vulnerability affecting NetScaler ADC and NetScaler Gateway that has come under active exploitation in the wild. "We now have reports of incidents consistent with session hijacking, and have received credible reports of targeted attacks exploiting this vulnerability," the company said this week, corroborating a report from Google-owned Mandiant. The exploitation efforts are also likely to ramp up in the coming days given the availability of a PoC exploit, dubbed Citrix Bleed. "Here we saw an interesting example of a vulnerability caused by not fully understanding snprintf," Assetnote researcher Dylan Pindur said. "Even though snprintf is recommended as the secure version of sprintf it is still important to be careful. A buffer overflow was avoided by using snprintf but the subsequent buffer over-read was still an issue." The active exploitation of CVE-2023-4966 has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to the Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies in the U.S. to apply the latest patches by November 8, 2023. The latest developments also follow the release of updates for three critical remote code execution vulnerabilities in SolarWinds Access Rights Manager (CVE-2023-35182, CVE-2023-35185, and CVE-2023-35187, CVSS scores: 9.8) that remote attackers could use to run code with SYSTEM privileges. Source: https://thehackernews.com/2023/10/alert-poc-exploits-released-for-citrix.html

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known vulnerabilities in Roundcube and Zimbra, for which proofs-of-concept are available online." Winter Vivern, also known as TA473 and UAC-0114, is an adversarial collective whose objectives align with that of Belarus and Russia. Over the past few months, it has been attributed to attacks against Ukraine and Poland, as well as government entities across Europe and India. The group is also assessed to have exploited another flaw Roundcube previously (CVE-2020-35730), making it the second nation-state group after APT28 to target the open-source webmail software. The new security vulnerability in question is CVE-2023-5631 (CVSS score: 5.4), a stored cross-site scripting flaw that could allow a remote attacker to load arbitrary JavaScript code. A fix was released on October 14, 2023. Attack chains mounted by the group commence with a phishing message that incorporates a Base64-encoded payload in the HTML source code that, in turn, decodes to a JavaScript injection from a remote server by weaponizing the XSS flaw. "In summary, by sending a specially crafted email message, attackers are able to load arbitrary JavaScript code in the context of the Roundcube user's browser window," Faou explained. "No manual interaction other than viewing the message in a web browser is required." The second-stage JavaScript (checkupdate.js) is a loader that facilitates the execution of a final JavaScript payload that allows the threat actor to exfiltrate email messages to a command-and-control (C2) server. "Despite the low sophistication of the group's toolset, it is a threat to governments in Europe because of its persistence, very regular running of phishing campaigns, and because a significant number of internet-facing applications are not regularly updated although they are known to contain vulnerabilities," Faou said. Source: https://thehackernews.com/2023/10/nation-state-hackers-exploiting-zero.html

multam, am si uitat de treaba aia, cumva nici nu am luat-o in seama crezand ca nu-i nimic de ea.

Comentariile aduse de @Zatarra au fost extrem de pretioase si pot sa zic ca le-am luat in considerare cam pe toate cand am decis sa trecem la urmatorul nivel cu serverele virtuale in ultimile luni. Am decis sa construim un cloud Openstack si sa ne bazam pe el in crearea serverelor virtuale si pot sa zic ca a fost o alegere foarte buna, atat pentru scalabilitatea noastra din spate cat si pentru functionalitatile pe care le putem oferi clientilor. Le-am actualizat in postul initial dar tin sa readuc in discutie ca acum folosim imagini cloud, pe care le configuram cu cloud-init. Dupa maxim 5 minute de la comanda aveti panoul pregatit si credentialele in dashboard. Zona de clienti a fost actualizata complet, cu o tema mult mai moderna si care ne reprezinta identitatea vizuala: https://cloudforest.ro/clients/ In concluzie, v-am pregatit si 5 cupoane de 10 euro fiecare sa incercati noile VPS-uri, valabile pentru VPS-urile cloud In cazul in care nu vreti sa va lasati datele cardului la checkout, alegeti PayPal ca modalitate de plata, apoi click pe "Intoarce-te la comerciant" 5NP2GY0AX0 AEBY9P7IXY H2USEJQB34 HKUK7PF58F JE6LX4M89E Daca exista cerere pentru cupoane extra, voi mentine lista actualizata. Spor!