Following Apple’s March release of patches, Trend Micro reported two of the discovered vulnerabilities. Left unpatched, these macOS flaws can be used by attackers in escalating admin privileges to access restricted information or open systems to attacks.
Read More
We uncovered an updated Bashlite malware designed to add infected internet-of-things devices to a distributed-denial-of-service (DDoS) botnet. Based on the Metasploit module it exploits, the malware targets devices with the WeMo Universal Plug and Play (UPnP) application programming interface (API).
This updated iteration of Bashlite is notable. For one, its arrival method is unique in that it doesn’t rely on specific vulnerabilities (e.g., security flaws assigned with CVEs). It instead abuses a publicly available remote-code-execution (RCE) Metasploit module. It now also sports additional DDoS-related commands, and added new ones that gave the malware cryptocurrency mining and backdoor capabilities. It can also deliver malware that removes competing botnet malware.
Read More
Microsoft’s Patch Tuesday for March addressed 64 vulnerabilities, 17 of which were rated critical, 45 important, one moderate, and another low in severity. Two of these vulnerabilities, CVE-2019-0797 and CVE-2019-0808, were reported to have been actively exploited in the wild. The patches addressed security flaws in a number of Microsoft products and services: .NET Framework, Edge, Exchange, Internet Explorer, Office, Office Services and Web Apps, NuGet, Team Foundation Server, and Windows. Seven of the vulnerabilities were disclosed via Trend Micro’s Zero Day Initiative (ZDI).
Read More
The content management framework Drupal recently fixed a vulnerability (CVE-2019-6340) in their core software, identified as SA-CORE-2019-003. The flaw is categorized as highly critical, exposing vulnerable installations to unauthenticated remote code execution (RCE). The vulnerability affects a substantial portion of Drupal installations, since it impacts the widely installed RESTful Web Services (rest) module.
Read More
On February 19, 2019, Simon Scannell of RIPS Technologies published his findings on core vulnerabilities in WordPress that can lead to remote code execution (RCE). These have been assigned as CVE-2019-8942 and CVE-2019-8943. In a nutshell, these security flaws, when successfully exploited, could enable attackers with at least author privileges to execute hypertext preprocessor (PHP) code and gain full system control. Affected versions of WordPress include versions 5 (prior to 5.0.1) and 4 (prior to 4.9.9). The vulnerabilities have also been disclosed to WordPress’ security team.
This blog post expounds the technical details of the vulnerabilities, specifically, how a potential attack could look like and the parameters that are added to take advantage of a vulnerable WordPress site.
Read More