Every version of the PuTTY tools from 0.68 to 0.80 inclusive has a critical vulnerability in the code that generates signatures from ECDSA private keys which use the NIST P521 curve. (PuTTY, or Pageant, generates a signature from a key when using it to authenticate you to an SSH server.)
Researchers uncover a fresh wave of the Raspberry Robin campaign spreading malware through malicious Windows Script Files (WSFs) since March 2024.
#attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability
As the creator of the world’s first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world’s best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system.
In a previous blog post we described a process injection vulnerability affecting all AppKit-based macOS applications. This research was presented at Black Hat USA 2022, DEF CON 30 and Objective by the Sea v5. This vulnerability was actually the second universal process injection vulnerability we reported to Apple, but it was fixed earlier than the first. Because it shared some parts of the exploit chain with the first one, there were a few steps we had to skip in the earlier post and the presentations. Now that the first vulnerability has been fixed in macOS 13.0 (Ventura) and improved in macOS 14.0 (Sonoma), we can detail the first one and thereby fill in the blanks of the previous post.
This vulnerability was independently found by Adam Chester and written up here under the name “DirtyNIB”. While the exploit chain demonstrated by Adam shares a lot of similarity to ours, our attacks trigger automatically and do not require a user to click a button, making them a lot more stealthy. Therefore we decided to publish our own version of this write-up as well.
Attackers could exploit a high-severity cross-site Scripting (XSS) vulnerability in the WP-Members Membership WordPress plugin to inject arbitrary scripts into web pages, according to an advisory from security firm Defiant.
A new Denial-of-Service (DoS) attack targets application-layer protocols that draw on the User Datagram Protocol (UDP) for end-to-end communication. The vulnerability affects both legacy and contemporary protocols. Discovered by Christian Rossow and Yepeng Pan, the attack puts an estimated 300,000 Internet hosts and their networks at risk.
Akamai security researcher Tomer Peled recently discovered a high-severity vulnerability in Kubernetes that was assigned CVE-2023-5528 with a CVSS score of 7.2.
The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster.
This vulnerability can lead to full takeover on all Windows nodes in a cluster.
This vulnerability can be exploited on default installations of Kubernetes (earlier than version 1.28.4), and was tested against both on-prem deployments and Azure Kubernetes Service.
In this blog post, we provide a proof-of-concept YAML file as well as an Open Policy Agent (OPA) rule for blocking this vulnerability.
Learn how NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects.
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
he National Research Center for Applied Cybersecurity ATHENE has uncovered a critical flaw in the design of DNSSEC, the Security Extensions of DNS (Domain Name System). DNS is one of the fundamental building blocks of the Internet. The design flaw has devastating consequences for essentially all DNSSEC-validating DNS implementations and public DNS providers, such as Google and Cloudflare. The ATHENE team, led by Prof. Dr. Haya Schulmann from Goethe University Frankfurt, developed “KeyTrap”, a new class of attacks: with just a single DNS packet hackers could stall all widely used DNS implementations and public DNS providers. Exploitation of this attack would have severe consequences for any application using the Internet including unavailability of technologies such as web-browsing, e-mail, and instant messaging. With KeyTrap, an attacker could completely disable large parts of the worldwide Internet. The researchers worked with all relevant vendors and major public DNS providers over several months, resulting in a number of vendor-specific patches, the last ones published on Tuesday, February 13. It is highly recommended for all providers of DNS services to apply these patches immediately to mitigate this critical vulnerability.