Amazon’s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug

Amazon’s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug

,

The « hotpatch » released by Amazon Web Services (AWS) in response to the Log4Shell vulnerabilities could be leveraged for container escape and privilege escalation, allowing an attacker to seize control of the underlying host.
« Aside from containers, unprivileged processes can also exploit the patch to escalate privileges and gain root code execution, » Palo Alto Networks Unit 42 researcher Yuval

,

The « hotpatch » released by Amazon Web Services (AWS) in response to the Log4Shell vulnerabilities could be leveraged for container escape and privilege escalation, allowing an attacker to seize control of the underlying host.
« Aside from containers, unprivileged processes can also exploit the patch to escalate privileges and gain root code execution, » Palo Alto Networks Unit 42 researcher Yuval

, ,
https://thehackernews.com/2022/04/amazons-hotpatch-for-log4j-flaw-found.html

Lenovo a laissé traîner des backdoors dans des millions de PC portables

Lenovo a laissé traîner des backdoors dans des millions de PC portables,

Plus d’une centaine de modèles grand public contenaient des portes dérobées permettant d’implémenter des malwares particulièrement persistants directement dans le firmware UEFI.

,

Plus d’une centaine de modèles grand public contenaient des portes dérobées permettant d’implémenter des malwares particulièrement persistants directement dans le firmware UEFI.

, ,
https://www.01net.com/actualites/lenovo-a-laisse-trainer-des-backdoors-dans-des-millions-de-pc-portables-2055955.html

Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails

Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails,

An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims’ inboxes.
« The code vulnerability […] can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client, » SonarSource security researcher Simon Scannell said in a report published

,

An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims’ inboxes.
« The code vulnerability […] can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client, » SonarSource security researcher Simon Scannell said in a report published

, ,
https://thehackernews.com/2022/04/unpatched-bug-in-rainloop-webmail-could.html

Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

Critical Chipset Bugs Open Millions of Android Devices to Remote Spying,

Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices.
According to Israeli cybersecurity company Check Point, the issues could be used as a launchpad to carry out remote code execution (RCE) attacks simply by

,

Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices.
According to Israeli cybersecurity company Check Point, the issues could be used as a launchpad to carry out remote code execution (RCE) attacks simply by

, ,
https://thehackernews.com/2022/04/critical-chipset-bug-opens-millions-of.html

New Incident Report Reveals How Hive Ransomware Targets Organizations

New Incident Report Reveals How Hive Ransomware Targets Organizations,

A recent Hive ransomware attack carried out by an affiliate involved the exploitation of « ProxyShell » vulnerabilities in the Microsoft Exchange Server that were disclosed last year to encrypt an unnamed customer’s network.
« The actor managed to achieve its malicious goals and encrypt the environment in less than 72 hours from the initial compromise, » Varonis security researcher, Nadav Ovadia, 

,

A recent Hive ransomware attack carried out by an affiliate involved the exploitation of « ProxyShell » vulnerabilities in the Microsoft Exchange Server that were disclosed last year to encrypt an unnamed customer’s network.
« The actor managed to achieve its malicious goals and encrypt the environment in less than 72 hours from the initial compromise, » Varonis security researcher, Nadav Ovadia, 

, ,
https://thehackernews.com/2022/04/new-incident-report-reveals-how-hive.html

Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure

Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure,

The Five Eyes nations have released a joint cybersecurity advisory warning of increased malicious attacks from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine.
« Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks, » authorities from Australia,

,

The Five Eyes nations have released a joint cybersecurity advisory warning of increased malicious attacks from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine.
« Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks, » authorities from Australia,

, ,
https://thehackernews.com/2022/04/five-eyes-nations-warn-of-russian-cyber.html

Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021

Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021,

Google Project Zero called 2021 a « record year for in-the-wild 0-days, » as 58 security vulnerabilities were detected and disclosed during the course of the year.
The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, only 25 0-day exploits were detected in 2020.
« The large uptick in in-the-wild 0-days in 2021 is due to

,

Google Project Zero called 2021 a « record year for in-the-wild 0-days, » as 58 security vulnerabilities were detected and disclosed during the course of the year.
The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, only 25 0-day exploits were detected in 2020.
« The large uptick in in-the-wild 0-days in 2021 is due to

, ,
https://thehackernews.com/2022/04/google-project-zero-detects-record.html

2021 : année record pour la découverte de failles zero-day réellement exploitées

2021 : année record pour la découverte de failles zero-day réellement exploitées,

L’industrie de la cybersécurité a considérablement amélioré sa capacité de détection, avec près de 60 failles zero-day trouvées l’année passée. Mais il reste encore du chemin à parcourir.

,

L’industrie de la cybersécurité a considérablement amélioré sa capacité de détection, avec près de 60 failles zero-day trouvées l’année passée. Mais il reste encore du chemin à parcourir.

, ,
https://www.01net.com/actualites/2021-annee-record-pour-la-decouverte-de-failles-zero-day-reellement-exploitees-2055952.html

Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System

Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System,

Details have emerged about a now-patched security vulnerability in the Snort intrusion detection and prevention system that could trigger a denial-of-service (DoS) condition and render it powerless against malicious traffic.
Tracked as CVE-2022-20685, the vulnerability is rated 7.5 for severity and resides in the Modbus preprocessor of the Snort detection engine. It affects all open-source Snort

,

Details have emerged about a now-patched security vulnerability in the Snort intrusion detection and prevention system that could trigger a denial-of-service (DoS) condition and render it powerless against malicious traffic.
Tracked as CVE-2022-20685, the vulnerability is rated 7.5 for severity and resides in the Modbus preprocessor of the Snort detection engine. It affects all open-source Snort

, ,
https://thehackernews.com/2022/04/researchers-detail-bug-that-could.html

[eBook] The Ultimate Security for Management Presentation Template

[eBook] The Ultimate Security for Management Presentation Template,

Are you a CISO, CIO, or IT Director?
In your role, you’re responsible for breach protection – which means you oversee and govern the process of designing, building, maintaining, and continuously enhancing your organization’s security program. 
But getting buy-in from leadership can be difficult when they are a non-technical audience.
On top of managing your organization’s breach protection

,

Are you a CISO, CIO, or IT Director?
In your role, you’re responsible for breach protection – which means you oversee and govern the process of designing, building, maintaining, and continuously enhancing your organization’s security program. 
But getting buy-in from leadership can be difficult when they are a non-technical audience.
On top of managing your organization’s breach protection

, ,
https://thehackernews.com/2022/04/ebook-ultimate-security-for-management.html