Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689)

Akamai researchers have published a PoC exploit for a critical vulnerability (CVE-2022-34689) in Windows CryptoAPI, which validates public key certificates. “An attacker could manipulate an existing public x.509 certificate to spoof their identity and perform actions such as authentication or code signing as the targeted certificate,” Microsoft said in October 2022, when they announced fixes […]

Continue Reading

Attacks Targeting Realtek SDK Vulnerability Ramping Up

Palo Alto Networks warns of an increase in cyberattacks targeting CVE-2021-35394, a remote code execution (RCE) vulnerability in the Realtek Jungle SDK. Disclosed in August 2021, the vulnerability impacts hundreds of device types that rely on Realtek’s RTL8xxx chips, including routers, residential gateways, IP cameras, and Wi-Fi repeaters from 66 different manufacturers, including Asus, Belkin, […]

Continue Reading

Chinese Hackers Exploit FortiOS Zero-Day Vulnerability to Deploy New Malware

Mandiant recently reported that a group of hackers originating from China utilized a vulnerability within FortiOS SSL-VPN that had only recently been discovered, and marked as a zero-day exploit, in December.  The hackers targeted both a government organization in Europe and an African-based managed service provider with a new, specifically designed malware called ‘BOLDMOVE’ that […]

Continue Reading

FortiOS flaw was exploited to compromise governmental targets (CVE-2022-42475)

A critical vulnerability in FortiOS SSL-VPN (CVE-2022-42475) that Fortinet has issued patches for in November 2022 has been exploited by attackers to compromise governmental or government-related targets, the company has shared. Fortinet says the attackers have advanced capabilities: they were able to reverse-engineer various parts of FortiOS to help them with the creation of the […]

Continue Reading

Rackspace ransomware attack was executed by using previously unknown security exploit

The MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed last week. The exploit chains CVE-2022-41082, a RCE flaw, and CVE-2022-41080, a privilege escalation vulnerability, to achieve unrestricted remote access to vulnerable MS Exchange setups. “We will be sharing […]

Continue Reading

New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080)

Ransomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities (CVE-2022-41082) to achieve remote code execution on Microsoft Exchange servers. The ProxyNotShell exploit chain used CVE-2022-41040, a SSRF vulnerability in the Autodiscover endpoint of Microsoft Exchange, while this new one uses CVE-2022-41080 to achieve privilege escalation through Outlook Web Access […]

Continue Reading