|
28 Jul 23
Cyber Threat Roundup
A collection of recent open-source items of interest to the Defense Industrial Base
|
|
WordPress Ninja Forms Plugin Flaw lets Hackers Steal Submitted Data
Popular WordPress form-building plugin Ninja Forms contains three vulnerabilities that could allow attackers to achieve privilege escalation and steal user data. The developers released version 3.6.26 on July 4th, 2023, to fix the vulnerabilities. However, WordPress.org stats show that only roughly half of all NinjaForms users have downloaded the latest release, leaving about 400,000 sites vulnerable to attacks.
https://www.bleepingcomputer.com/news/security/wordpress-ninja-forms-plugin-flaw-lets-hackers-steal-submitted-data/
|
|
Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required
Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an "extremely severe" flaw that could result in pre-authenticated remote code execution on affected installations. Tracked as CVE-2023-38646, the issue impacts open-source editions prior to 0.46.6.1 and Metabase Enterprise versions before 1.46.6.1. While there is no evidence that the issue has been exploited in the wild, data gathered by the Shadowserver Foundation shows that 5,488 out of the total 6,936 Metabase instances are vulnerable as of July 26, 2023.
https://thehackernews.com/2023/07/major-security-flaw-discovered-in.html
|
|
Hackers Abusing Windows Search Feature to Install Remote Access Trojans
The novel attack technique, per Trellix, takes advantage of the "search-ms:" URI protocol handler, which offers the ability for applications and HTML links to launch custom local searches on a device, and the "search:" application protocol, a mechanism for calling the desktop search application on Windows. In such attacks, threat actors have been observed creating deceptive emails that embed hyperlinks or HTML attachments containing a URL that redirects users to compromised websites. This triggers the execution of JavaScript that makes use of the URI protocol handlers to perform searches on an attacker-controlled server.
https://thehackernews.com/2023/07/hackers-abusing-windows-search-feature.html
|
|
Zimbra Patches Zero-Day Vulnerability Exploited in XSS Attacks
Two weeks after the initial disclosure, Zimbra has released security updates that patch a zero-day vulnerability exploited in attacks targeting Zimbra Collaboration Suite (ZCS) email servers. While Zimbra did not indicate that the zero-day was also being exploited in the wild when it first disclosed the vulnerability and urged users to fix it manually, Google TAG's Maddie Stone revealed that the vulnerability was discovered while being exploited in a targeted attack. CISA has also set a deadline of three weeks for compliance, ordering them to mitigate the flaw on all unpatched devices by August 17th.
https://www.bleepingcomputer.com/news/security/zimbra-patches-zero-day-vulnerability-exploited-in-xss-attacks/
|
|
Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches
Cybersecurity agencies in Australia and the U.S. published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. These vulnerabilities are common and hard to prevent outside the development process since each use case is unique and cannot be mitigated with a simple library or security function. Additionally, malicious actors can detect and exploit them at scale using automated tools.
https://thehackernews.com/2023/07/cybersecurity-agencies-warn-against.html
|
|
|
|
