~Chińscy hackerzy przeniknęli do komputerów Departamentu Skarbu USA. Włamali się do dostawcy usługi zdalnego dostępu.

Najpierw zhackowali jednego z dostawców – tj. firmę BeyondTrust (zapewniającą w szczególności usługi związane ze zdalnym dostępem). A dokładniej – zhackowali usługę zapewniającą zdalny dostęp… i taki dostęp uzyskali na komputerach m.in. jednego z klientów firmy – tj. Departamentu Skarbu USA. Następnie hackerzy wykradli stamtąd „pewne dane”. W trakcie dochodzenia...

#WBiegu #Apt #Chiny #CommandInjection #Hack #Usa #ZdalnyDostęp

https://sekurak.pl/chinscy-hackerzy-przenikneli-do-komputerow-departamentu-skarbu-usa-wlamali-sie-do-dostawcy-uslugi-zdalnego-dostepu/

🚨 Did you know? A command injection vulnerability could grant attackers root access to critical industrial systems, putting essential operations at risk! 😱

Our latest blog post explores Cisco’s critical CVE-2024-20418 vulnerability, which affects URWB Access Points. With no workarounds available, it’s a reminder of the importance of proactive patching and system updates in high-stakes environments.

🔐 Cyber Tip: Prioritize patch management in your network to avoid costly breaches. High-severity vulnerabilities, especially those impacting root access, should never be delayed.

What’s your experience with patching critical infrastructure? Let’s discuss!

Read more about this vulnerability here: https://guardiansofcyber.com/threats-vulnerabilities/command-injection-cisco/

#Cybersecurity #GuardiansOfCyber #CommandInjection #CriticalVulnerability #Cisco #NetworkSecurity #IndustrialSecurity #PatchManagement #DataProtection #IoTSecurity

FBI urges software developers to end command injection

https://stackdiary.com/fbi-urges-software-developers-to-end-command-injection/

#Cybersecurity #Software #Coding #Development #Security #FBI #CISA #Tech #Programming #Innovation #Safety #Protection #Hackers #Vulnerabilities #CommandInjection #SecureCode #Digital #Technology #CodingLife #DevOps #SecurityAlert #IT #SoftwareDev #Cyber #DataProtection #OnlineSafety #TechNews #BugBounty #Infosec #TechUpdate #SecureByDesign

👉 In June 2024, 215 #zeroday #vulnerabilities, including 71 #XSS and 69 #SQLi vulnerabilities, were detected.

Read the detailed June Zero-Day vulnerability report and protect yourself against the latest #cyberthreats: https://bit.ly/4cVOi2a

#zerodayvulnerabilities #0day #zerodayexploit #zerodaythreats #sqli #sqlinjection #csrf #commandinjection #apptrana #indusfacewas

💉 #commandinjection is a type of #cyberattack that involves injecting malicious commands into a system through vulnerable input fields.

🔒🛡️ Protecting against it is crucial to prevent unauthorized access, #databreaches, and potential system compromise.

To learn more: https://bit.ly/45VGBah

#commandinjectionattack #codeinjection #injectionattacks #owasp #applicationsecurity #vulnerabilities #waap #waf #apptrana #indusface

👉 In May 2024, 169 #zeroday #vulnerabilities, including 71 XSS vulnerabilities, were detected.

Get your copy of the report and protect yourself against the latest #cyberthreats: https://bit.ly/3RnYXdO

#zerodayvulnerabilities #0day #zerodayexploit #zerodaythreats #xss #sqlinjection #csrf #commandinjection #apptrana #indusfacewas

👉 In April 2024, 260 #Zeroday #vulnerabilities including 112 #SQLi vulnerabilities were detected.
100% of these zero-day vulnerabilities were blocked by #AppTrana's core rules (96%), premium rules, and custom rules(4%).

📌 Get the full report and protect yourself against the latest #cyberthreats: https://bit.ly/4dLbn9l

#zerodayvulnerabilities #zerodayattacks #0day #zerodaythreats #commandinjection #CSRF #sqlinjection #xssattacks #indusfacewas #indusface

Cisco IMC Command Injection Vulnerability Alert

Date: April 17, 2024
CVE: CVE-2024-20356
Vulnerability Type: Command Injection
CWE: [[CWE-78]]
Sources: Cisco Security Advisory

Issue Summary

A critical vulnerability has been identified in the Cisco Integrated Management Controller (IMC) web-based management interface. This flaw allows authenticated, remote attackers with Administrator-level privileges to perform command injection attacks, potentially gaining root access to the affected systems. Cisco has acknowledged the vulnerability and provided software updates to mitigate the issue.

Technical Key findings

The vulnerability results from inadequate input validation of command strings by the web-based management interface. Attackers can exploit this by sending specially crafted commands to the interface, which are then executed with elevated privileges.

Vulnerable products

• 5000 Series Enterprise Network Compute Systems (ENCS)
• Catalyst 8300 Series Edge uCPE
• UCS C-Series M5, M6, and M7 Rack Servers (standalone mode)
• UCS E-Series Servers
• UCS S-Series Storage Servers (standalone mode)

Impact assessment

Successful exploitation allows attackers to elevate privileges to root, leading to full system control. This can result in unauthorized access, data leakage, and potential interruption of operations.

Patches or workaround

No workarounds are available. Cisco recommends updating to the latest firmware versions provided in their security advisory to address this vulnerability.

Tags

#Cisco #CVE-2024-20356 #CommandInjection #CIMC #ITSecurity #PatchManagement

In March 2024, 183 #zeroday #vulnerabilities, including 83 #XSS vulnerabilities, were detected.

Get the full report and protect yourself against the latest #cyberthreats: https://bit.ly/4bhOHeP

#zerodayvulnerability #zerodaythreats #0day #cybersecurity #cyberattacks #sqlinjection #commandinjection #zerpdayexploit #csrf #webappscanner #ddos #botattacks #indusface

Palo Alto Networks #GlobalProtect 0day exploited since at least March 26 - https://www.bleepingcomputer.com/news/security/palo-alto-networks-zero-day-exploited-since-march-to-backdoor-firewalls/ #paloaltonetworks #commandinjection #vulnerability #infosec #cybersecurity #cve20243400

🔴 Krytyczny 0day w VPN od PaloAlto (podatność jest wykorzystywana w realnych atakach). CVSS 10/10.

Podatny jest GlobalProtect. „GlobalProtect is more than a VPN. It provides flexible, secure remote access for all users everywhere.” Podatność umożliwia zdobycie roota na urządzeniu PaloAlto – bez konieczności jakiegokolwiek uwierzytelnienia (!). Unauth Command Injection. Producent informuje, że luka jest wykorzystywana w realnych atakach. Podatne są linie: PAN-OS 10.2 /...

#WBiegu #CommandInjection #Paloalto

https://sekurak.pl/%f0%9f%94%b4-krytyczny-0day-w-vpn-od-paloalto-podatnosc-jest-wykorzystywana-w-realnych-atakach-cvss-10-10/

Critical Command Injection Vulnerability in Palo Alto Networks PAN-OS

Date: 2024-04-12
CVE: CVE-2024-3400
Vulnerability Type: Command Injection
CWE: [[CWE-77]]
Sources: Palo Alto Networks Security Advisory
Exploited in the wild: Yes, Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability.

Issue Summary

A severe command injection vulnerability identified as CVE-2024-3400 affects the GlobalProtect gateway feature of PAN-OS, allowing unauthenticated remote attackers to execute arbitrary code with root privileges. This vulnerability impacts specific versions of PAN-OS (PAN-OS 11.1 < 11.1.2-h3, PAN-OS 11.0 < 11.0.4-h1, PAN-OS 10.2 < 10.2.9-h1) with the configurations for both GlobalProtect gateway and device telemetry enabled.

Technical Key Findings

The vulnerability allows for OS command injection through improperly neutralized special elements in commands. This flaw can be exploited remotely without user interaction due to its network-based attack vector and low complexity.

Vulnerable Products

Affected products include certain versions of PAN-OS 10.2, 11.0, and 11.1 when both GlobalProtect gateway and device telemetry are enabled.

Impact Assessment

Exploitation could lead to complete system compromise, enabling attackers to disrupt operations or steal sensitive information.

Patches or Workarounds

Hotfix releases for affected PAN-OS versions are expected by April 14, 2024. A mitigation through Threat ID 95187 is available for those with Threat Prevention subscriptions, or by temporarily disabling device telemetry until the device is upgraded to a fixed PAN-OS version.

Tags

#PaloAltoNetworks #CVE-2024-3400 #Cybersecurity #CommandInjection #NetworkSecurity

CVE-2024-3400 PAN-OS: OS Command Injection #Vulnerability in #GlobalProtect Gateway

A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

This issue will be fixed in hotfix releases of PAN-OS 10.2.9-h1 (ETA: By 4/14), PAN-OS 11.0.4-h1 (ETA: By 4/14), and PAN-OS 11.1.2-h3 (ETA: By 4/14), and in all later PAN-OS versions.

ref: https://security.paloaltonetworks.com/CVE-2024-3400 #paloaltonetworks #commandinjection #vulnerability #infosec #cybersecurity #cve20243400

A critical vulnerability, named BatBadBut, was discovered in the Rust programming language, affecting not just Rust but also Erlang, Go, Python, Ruby, and potentially others. This vulnerability, with a severity score of 10/10, could allow attackers to execute arbitrary commands on Windows systems by exploiting how Rust handles batch files. The issue arises from Rust's standard library improperly escaping arguments when invoking batch files on Windows, leading to potential command injection. The vulnerability has been addressed with a fix in Rust version 1.77.2, which developers are urged to update to. Other programming languages and systems, including Node.js, PHP, and Java, are also affected and are working on patches.

https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/

https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html

#cybersecurity #rust #batbadbut #vulnerability #erlang #go #python #ruby #nodejs #php #java #windows #commandinjection #RyotaK #Grub4K #flattsecurity

👉 Concerned about #vulnerabilities on your sites?

Take charge and learn how to address open vulnerabilities effectively in this blog - https://bit.ly/4awB0Iq

#websitevulnerabilities #sqlinjection #csrfvulnerabilities #securitymisconfiguration #commandinjection #xss #vulnerabilitymanagement #vulnerabilityassessment #securitypatching #waf #waap #swyftcomply #apptrana #indusface

Wall-Escape Vulnerability Analysis: Implications and Mitigation Strategies

Date: February 27, 2024
CVE: CVE-2024-28085
Vulnerability Type: [[Command Injection]]
CWE: [[CWE-77]], [[CWE-78]], [[CWE-88]]
Sources: [SANS Wall-Escape (CVE-2024-28085)](https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt

Issue Summary

Wall-Escape (CVE-2024-28085) unveils a critical flaw in the wall command from the util-linux package, allowing unprivileged users to execute command-line arguments without proper escape sequence filtering. This vulnerability has existed since 2013, posing a significant risk on systems where wall is setgid and mesg is set to 'y', notably Ubuntu 22.04 and Debian Bookworm.

Technical Key findings

The flaw arises from the mishandling of command-line arguments (argv), which are not sanitized for escape sequences. This oversight enables attackers to inject arbitrary text onto terminals of other users, potentially leading to information leakage or clipboard alteration. The vulnerability is exploitable through crafted wall command executions, leveraging system features to extract sensitive information such as user passwords.

Vulnerable products

• All versions of util-linux since 2013
• Specifically impactful on:
  • Ubuntu 22.04
  • Debian Bookworm

Impact assessment

Successful exploitation can lead to unauthorized information disclosure and manipulation of terminal sessions. On Ubuntu 22.04, attackers can deceive users into revealing passwords. The vulnerability also enables clipboard content alteration on certain terminal emulators.

Patches or workaround

No specific patches were mentioned for CVE-2024-28085. Users are advised to restrict access to the wall command and monitor systems for unusual terminal behavior indicative of exploitation attempts.

Tags

#CVE-2024-28085 #CommandInjection #Ubuntu #Debian #InformationDisclosure #util-linux #TerminalSecurity

In February 2024, 174 #zeroday #vulnerabilities, including 64 #XSS vulnerabilities, were detected.

100% of these zero-day vulnerabilities were blocked by #AppTrana's core rules (92%), premium rules, and custom rules(8%).

Get the full report and protect yourself against the latest #cyberthreats: https://bit.ly/3TfmCx7

#zerodayvulnerability #zerodaythreats #0day #cybersecurity #cyberattacks #sqlinjection #commandinjection #zerpdayexploit #ddos #botattacks #indusface

👉 In January 2024, 257 #zeroday #vulnerabilities, including 120 #XSS vulnerabilities, were detected.

100% of these #0day vulnerabilities were blocked by #AppTrana's core rules (96%), premium rules, and custom rules (4%).

Download your copy of the zero-day report and start securing your business: https://bit.ly/496Ul2x

#zerodayvulnerabilities #sqlinjection #csrf #zerodayexploit #hacking #crosssitescripting #commandinjection #webapplicationscanning #indusfacewas

QNAP naprawia unauth OS Command Injection w QTS/QuTS – CVE-2023-47218, zobacz szczegóły podatności

Na blogu Rapid7 pojawił się obszerny raport opisujący szczegóły podatności oznaczonej identyfikatorem CVE-2023-47218, która dotyka zarówno QTS, jak i QuTS hero. Są to systemy operacyjne dla dysków sieciowych tych z niższej półki (QTS) oraz wyższej (QuTS Hero wspiera np. system plików ZFS). Łatka ukazała się 25 stycznia tego roku, jednak...

#WBiegu #Commandinjection #Exploit #Firmware #Nas #Qnap #Qts

https://sekurak.pl/qnap-naprawia-unauth-os-command-injection-w-qts-quts-cve-2023-47218-zobacz-szczegoly-podatnosci/

"🚨 #QNAPAlert: Multiple Vulnerabilities Unveiled Across QNAP Devices 🚨"

Recent security advisories highlight critical vulnerabilities in QNAP NAS systems, potentially affecting thousands of users globally. These flaws range from command injection to SQL injection. 🛡️💻

Highlights:

• QSA-23-47 addresses a command injection vulnerability, enabling attackers to execute arbitrary commands.
• QSA-23-30 and QSA-24-03 reveal OS injection and improper access control issues.
• QSA-24-05 warns of an OS command and SQL injection vulnerability flaw, granting authenticated users to inject malicious code via a network vector.

Mitigation: Users are urged to update their devices immediately to the latest firmware to protect against these vulnerabilities.

Tags: #CyberSecurity #Vulnerability #QNAP #NAS #CommandInjection #SQLInjection #DataProtection #FirmwareUpdate 🛠️🔐

Source: QNAP Security Advisories & HKCERT Bulletin

#InfoSecExchange #TechTalks 💬🔍