Sec posts on cve research

Cybersecurity experts have discovered yet another malware-as-a-service ( MaaS ) threat called  BunnyLoader  that's being advertised for sale on the cybercrime underground. "BunnyLoader provides various functionalities such as downloading and executing a second-stage payload, stealing browser credentials and system information, and much more," Zscaler ThreatLabz researchers Niraj Shivtarkar and Satyam Singh  said  in an analysis published last week. Among its other capabilities include running remote commands on the infected machine, a keylogger to capture keystrokes, and a clipper functionality to monitor the victim's clipboard and replace content matching cryptocurrency wallet addresses with actor-controlled addresses. A C/C++-based loader offered for $250 for a lifetime license, the malware is said to have been under continuous development since its debut on September 4, 2023, with new features and enhancements that incorporate anti-sandbox and antivirus evasion te...

Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as  CVE-2023-20109 , and has a CVSS score of 6.6. It impacts all versions of the software that have the GDOI or G-IKEv2 protocol enabled. The company  said  the shortcoming "could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash." It further noted that the issue is the result of insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature and it could be weaponized by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attackers Th...

Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. Tracked as  CVE-2023-40044 , the flaw has a CVSS score of 10.0, indicating maximum severity. All versions of the software are impacted by the flaw. "In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system," the company  said  in an advisory. Assetnote security researchers Shubham Shah and Sean Yeoh have been credited with discovering and reporting the vulnerability The list of remaining flaws, impacting WS_FTP Server versions prior to 8.8.2, is as follows - CVE-2023-42657  (CVSS score: 9.9) - A directory traversal vulnerability that could be exploited to perform file operations. CVE-2023-40045 ...

The findings come from Malwarebytes, which revealed that unsuspecting users can be tricked into visiting booby-trapped sites and installing malware directly from Bing Chat conversations. Introduced by Microsoft in February 2023, Bing Chat is an  interactive search experience  that's powered by OpenAI's large language model called  GPT-4 . A month later, the tech giant  began   exploring  placing ads in the conversations. But the move has also opened the doors for threat actors who resort to malvertising tactics and propagate malware. "Ads can be inserted into a Bing Chat conversation in various ways," Jérôme Segura, director of threat intelligence at Malwarebytes,  said . "One of those is when a user hovers over a link and an ad is displayed first before the organic result." In an example highlighted by the cybersecurity vendor, a Bing Chat query to download a legitimate software called Advanced IP Scanner returned a link that, when hovered, displayed ...

The North Korea-linked  Lazarus Group  has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted company were contacted by a fake recruiter via LinkedIn and tricked into opening a malicious executable file presenting itself as a coding challenge or quiz," ESET security researcher Peter Kálnai  said  in a technical report shared with The Hacker News. The attack is part of a long-standing spear-phishing campaign called  Operation Dream Job  that's orchestrated by the hacking crew in an attempt to lure employees working at prospective targets that are of strategic interest, enticed them with lucrative job opportunities to activate the infection chaina Earlier this March, the Slovak cybersecurity company detailed an attack wave aimed at Linux users that involved the use of bogus HSBC job offers to launch...