Security
Headlines
HeadlinesLatestCVEs

Headline

Cyber-Threat Group Targets Critical RCE Vulnerability in 'Bleed You' Campaign

More than 1,000 systems are exposed to a campaign hunting weak Windows servers and more.

DARKReading
#vulnerability#mac#windows#rce#auth

The “Bleed You” campaign is trying to take advantage of a known remote code execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions, and more than 1,000 systems are unpatched and vulnerable to compromise.

The critical flaw, tracked as CVE-2022-34721, has been under active attack since September, a new report from Cyfirma warns, affecting vulnerable Windows OS, Windows Servers, along with Windows protocol and services. Once they achieve compromise the threat actors move laterally to deploy ransomware and other malware, the team observed.

The threat actors speak Mandarin but also have ties to the Russian cybercriminals, according to Cyfirma, which adds that the attacks aren’t limited to a specific sector with targets across retail, government, IT services, and more. Victims likewise were spread across a number of mostly Western countries, including Canada, the UK, and the US.

“Attackers are actively exploiting vulnerable Windows Server machines via the IKE and AuthIP IPsec Keying Modules by exporting this bug. Users are recommended to apply patches and fixes as soon as possible to reduce the severity of exploitation of the vulnerability,” Cyfirma’s researchers advised. “The researchers observed that unknown hackers are sharing the exploit link on the underground forums as well.”

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Related news

CVE-2022-45103: DSA-2022-340: Dell Unisphere for PowerMax, Dell Unisphere for PowerMax vApp, Dell Solutions Enabler vApp, Dell Unisphere 360, Dell VASA Provider vApp, and Dell PowerMax EMB Mgmt Security Update for Mu

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.

Go Update iOS, Chrome, and HP Computers to Fix Serious Flaws

Plus: WhatsApp plugs holes that could be used for remote execution attacks, Microsoft patches a zero-day vulnerability, and more.

Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB

Hello everyone! Let’s take a look at Microsoft’s September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays (as usual, they were in Microsoft Edge), the final number is 90. Much less than usual. Alternative […]

Update now! Microsoft patches two zero-days

Categories: News Tags: CVE-2022-37969 Tags: CVE-2022-23960 Tags: CVE-2022-35805 Tags: CVE-2022-34700 Tags: CVE-2022-34718 Tags: CVE-2022-34721 Tags: CVE-2022-34722 Tags: Microsoft Tags: Adobe Tags: Android Tags: Apple Tags: Cisco Tags: Google Tags: Samsung Tags: SAP Tags: VMWare The September 2022 Patch Tuesday updates includes two zero-day vulnerabilities, one of which is known to be used in attacks (Read more...) The post Update now! Microsoft patches two zero-days appeared first on Malwarebytes Labs.

Microsoft's Latest Security Update Fixes 64 New Flaws, Including a Zero-Day

Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low in severity. The patches are in addition to 16 vulnerabilities that Microsoft addressed in its

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

This month's Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16, which includes a nifty new privacy and security feature called "Lockdown Mode." And Adobe axed 63 vulnerabilities in a range of products.

Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs

In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.

CVE-2022-34721

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34722.

Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Asheer Malhotra.  Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company’s hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month.  September's security update features five critical vulnerabilities, 10 fewer than were included in last month’s Patch Tuesday. There are two moderate-severity vulnerabilities in this release and a low-security issue that’s already been patched as a part of a recent Google Chromium update. The remainder is considered “important.”  The most serious vulnerability exists in several versions of Windows Server and Windows 10 that could allow an attacker to gain the ability to execute remote code (RCE) by sending a singular, specially crafted IPv6 packet to a Windows node where IPSec is enabled. CVE-2022-34718 only affects instances that have IPSec enabled. This vulnerability has a severity score of 9.8 out of 10 and is considered “more likely...

DARKReading: Latest News

Faux ChatGPT, Claude API Packages Deliver JarkaStealer