Category: New Exploits

Cat Links New Exploits, Recent Cyberscurity Events

Zero-Day Bug in MOVEit Massively Exploited

Posted on Zamrax

A critical zero-day vulnerability in Progress Software’s MOVEit Transfer app has been actively exploited by a threat group with likely links to financially motivated organizations. The exploit allows unauthorized access to the application’s database through an SQL injection flaw, enabling attackers to steal sensitive data uploaded by users. The attacks began prior to the vulnerability being disclosed, highlighting the urgency to patch the flaw. Promptly applying the patches and reviewing systems for signs of compromise is crucial to prevent data breaches and potential future ransomware attacks on affected organizations. … Continue readingZero-Day Bug in MOVEit Massively Exploited

Cat Links New Exploits

Critical GitLab Vulnerability CVE-2023-2825

Posted on Zamrax

A recently discovered critical security flaw, identified as CVE-2023-2825, has exposed vulnerabilities within GitLab, a widely used web-based Git repository for developers. The flaw allows unauthenticated attackers to gain access to arbitrary files on the system, potentially compromising sensitive data such as user tokens, files, and credentials. Promptly reported during a bug bounty campaign by security researcher “pwnie,” this vulnerability has been addressed with the release of a patch, version 16.0.1. Cybersecurity professionals are strongly advised to update their installations immediately and maintain vigilance against Advanced Persistent Threats (APTs), recognizing the importance of meticulous software maintenance in securing Git repositories. … Continue readingCritical GitLab Vulnerability CVE-2023-2825

Cat Links New Exploits

Barracuda Email Security Appliances Compromise

Posted on Zamrax

Barracuda, a leading provider of email and network security solutions, has released software patches in response to a zero-day vulnerability discovered on May 19. This vulnerability, identified as CVE-2023-2868, exploits the use of .tar files sent via email and allows attackers to remotely execute code with the privileges of the Email Security Gateway (ESG) software. While the patches effectively address the vulnerability in ESG, Barracuda advises additional analysis of customer environments. The company has promptly notified clients and initiated a comprehensive assessment to identify any potential additional vulnerabilities related to the zero-day exploit. … Continue readingBarracuda Email Security Appliances Compromise

Cat Links New Exploits

KeePass Master Password Recovery Local Exploit

Posted on Zamrax

A critical vulnerability has been discovered in the popular password manager software KeePass, allowing for the retrieval of the master password in plain text. This vulnerability arises from remnants of passwords stored in the system’s RAM, which can be exploited by malicious actors. KeePass has acknowledged the issue and plans to release a patch in the coming months, but until then, users are advised to remain vigilant and take necessary precautions. The potential consequences of this vulnerability highlight the importance of continuous monitoring and protection of digital assets. … Continue readingKeePass Master Password Recovery Local Exploit

Cat Links New Exploits

TurkoRat Malware in NMP Package

Posted on Zamrax

TurkoRat malware has infiltrated code packages, posing a significant threat to Node.js developers by stealing sensitive information. ReversingLabs uncovered the attack involving disguised packages named “nodejs-encrypt-agent” that imitated a popular package, tricking developers into installing the malicious software. The malware, utilizing the “pkg” package from npm, executed hidden commands to activate the malicious code, impacting thousands of downloads before being removed from the npm library along with other affected packages. … Continue readingTurkoRat Malware in NMP Package

Copyright © 2024 Dmitrii "Zamrax" Strizhkov | Signify Dark by WEN Themes