Security
Headlines
HeadlinesLatestCVEs

Headline

Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability

Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that’s bundled along with the software. The complete list of impacted

The Hacker News
#vulnerability#web#windows#backdoor#hard_coded_credentials#samsung#auth#The Hacker News

Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks.

Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that’s bundled along with the software. The complete list of impacted products is as follows -

  • Apex One - version 2019 (on-premise), fixed in SP1 Patch 1 (B12380)
  • Apex One as a Service - fixed in SP1 Patch 1 (B12380) and Agent version 14.0.12637
  • Worry-Free Business Security - version 10.0 SP1, fixed in 10.0 SP1 Patch 2495
  • Worry-Free Business Security Services - fixed in July 31, 2023, Monthly Maintenance Release

Trend Micro said that a successful exploitation of the flaw could allow an attacker to manipulate the component to execute arbitrary commands on an affected installation. However, it requires that the adversary already has administrative console access on the target system.

The company also warned that it has “observed at least one active attempt of potential exploitation of this vulnerability in the wild,” making it essential that users move quickly to apply the patches.

As a workaround, it’s recommending that customers limit access to the product’s administration console to trusted networks.

CISA Adds Nine Flaws to KEV Catalog

The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added nine flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild -

  • CVE-2014-8361 (CVSS score: N/A) - Realtek SDK Improper Input Validation Vulnerability
  • CVE-2017-6884 (CVSS score: 8.8) - Zyxel EMG2926 Routers Command Injection Vulnerability
  • CVE-2021-3129 (CVSS score: 9.8) - Laravel Ignition File Upload Vulnerability
  • CVE-2022-22265 (CVSS score: 7.8) - Samsung Mobile Devices Use-After-Free Vulnerability
  • CVE-2022-31459 (CVSS score: 6.5) - Owl Labs Meeting Owl Inadequate Encryption Strength Vulnerability
  • CVE-2022-31461 (CVSS score: 6.5) - Owl Labs Meeting Owl Missing Authentication for Critical Function Vulnerability
  • CVE-2022-31462 (CVSS score: 8.8) - Owl Labs Meeting Owl Use of Hard-coded Credentials Vulnerability
  • CVE-2022-31463 (CVSS score: 7.1) - Owl Labs Meeting Owl Improper Authentication Vulnerability
  • CVE-2023-28434 (CVSS score: 8.8) - MinIO Security Feature Bypass Vulnerability

It’s worth noting that a fifth flaw impacting Owl Labs Meeting Owl (CVE-2022-31460, CVSS score: 7.4), a case of hard-coded credentials, was previously added to the KEV catalog on June 8, 2022, merely days after Modzero disclosed details of the flaws.

UPCOMING WEBINAR

Level-Up SaaS Security: A Comprehensive Guide to ITDR and SSPM

Stay ahead with actionable insights on how ITDR identifies and mitigates threats. Learn about the indispensable role of SSPM in ensuring your identity remains unbreachable.

Supercharge Your Skills

“By exploiting the vulnerabilities[…], an attacker can find registered devices, their data, and owners from around the world,” the Swiss security consultancy firm said at the time.

“Attackers can also access confidential screenshots of whiteboards or use the Owl to get access to the owner’s network. The PIN protection, which protects the Owl from unauthorized use, can be circumvented by an attacker by (at least) four different approaches.”

Even more troublingly, the devices can be turned into rogue wireless network gateways to a local corporate network remotely via Bluetooth by arbitrary users and can be abused to act as a backdoor to owners’ local networks. It’s currently not known how these vulnerabilities are exploited in the wild.

The security weakness impacting MinIO has come under abuse in recent months, with Security Joes revealing this month that an unnamed threat actor is exploiting it in conjunction with CVE-2023-28432 (CVSS score: 7.5) to achieve unauthorized code execution on susceptible servers and drop follow-on payloads.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Russian Script Kiddie Assembles Massive DDoS Botnet

Over the past year, "Matrix" has used publicly available malware tools and exploit scripts to target weakly secured IoT devices — and enterprise servers.

‘Matrix’ Hackers Deploy Massive New IoT Botnet for DDoS Attacks

Aqua Nautilus researchers have discovered a campaign powering a series of large-scale DDoS attacks launched by Matrix, which…

Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks

A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 (CVSS score: 8.7), the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE)," Akamai researchers Kyle

New LLMjacking Attack Lets Hackers Hijack AI Models for Profit

By Deeba Ahmed Researchers uncover a novel cyberattack scheme called "LLMjacking" exploiting stolen cloud credentials to hijack powerful AI models. This article explores the implications of attackers leveraging large language models (LLMs) for malicious purposes and offers security recommendations for the cloud and AI communities. This is a post from HackRead.com Read the original post: New LLMjacking Attack Lets Hackers Hijack AI Models for Profit

Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack

By Deeba Ahmed Veriti Research exposes surge in Androxgh0st attacks, exploiting CVEs and building botnets for credential theft. Patch systems, monitor for web shells, and use behavioral analysis to protect yourself. This is a post from HackRead.com Read the original post: Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack

CVE-2023-5593: Security Advisories | Zyxel Networks

The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message.

CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation, while removing five bugs from the list due to lack of adequate evidence. The vulnerabilities newly added are below - CVE-2023-42793 (CVSS score: 9.8) - JetBrains TeamCity Authentication Bypass Vulnerability

CVE-2023-41179: DCX

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.

GHSA-2pxw-r47w-4p8c: Privilege Escalation on Linux/MacOS

### Impact An attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. ### Patches ``` commit 67f4ba154a27a1b06e48bfabda38355a010dfca5 Author: Aditya Manthramurthy <[email protected]> Date: Sun Mar 19 21:15:20 2023 -0700 fix: post policy request security bypass (#16849) ``` ### Workarounds Browser API access must be enabled turning off `MINIO_BROWSER=off` allows for this workaround. ### References The vulnerable code: ```go // minio/cmd/generic-handlers.go func setRequestValidityHandler(h http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // ... // For all other requests reject access to reserved buckets bucketName, _ := request2BucketObjectName(r) if isMinioReservedBucket(buc...

Hackers Exploit MinIO Storage System Vulnerabilities to Compromise Servers

An unknown threat actor has been observed weaponizing high-severity security flaws in the MinIO high-performance object storage system to achieve unauthorized code execution on affected servers. Cybersecurity and incident response firm Security Joes said the intrusion leveraged a publicly available exploit chain to backdoor the MinIO instance. The comprises CVE-2023-28432 (CVSS score: 7.5) and

Hackers Exploit MinIO Storage System Vulnerabilities to Compromise Servers

An unknown threat actor has been observed weaponizing high-severity security flaws in the MinIO high-performance object storage system to achieve unauthorized code execution on affected servers. Cybersecurity and incident response firm Security Joes said the intrusion leveraged a publicly available exploit chain to backdoor the MinIO instance. The comprises CVE-2023-28432 (CVSS score: 7.5) and

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows - CVE-2023-28432 (CVSS score - 7.5) - MinIO Information Disclosure Vulnerability  CVE-2023-27350 (CVSS score - 9.8) - PaperCut MF/NG Improper Access Control

CVE-2023-28434: Privilege Escalation on Linux/MacOS

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`.

CVE-2023-28432: Information Disclosure in Cluster Deployment

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.

Threat Actors Using Go-based HinataBot to launch DDoS Attacks

By Deeba Ahmed HinataBot can launch Distributed Denial of Service (DDoS) attacks reaching 3.3 TBPS. This is a post from HackRead.com Read the original post: Threat Actors Using Go-based HinataBot to launch DDoS Attacks

New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks

A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks. "The malware binaries appear to have been named by the malware author after a character from the popular anime series, Naruto, with file name structures such as 'Hinata--,'" Akamai said in a

Majority of Ransomware Attacks Last Year Exploited Old Bugs

New research shows that 57 vulnerabilities that threat actors are currently using in ransomware attacks enable everything from initial access to data theft.

Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices

After dragging their feet for months Owl Labs has released a patch for vulnerabilities that were publicly disclosed a week ago. The company denies the seriousness of the vulnerabilities. The post Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices appeared first on Malwarebytes Labs.

Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices

After dragging their feet for months Owl Labs has released a patch for vulnerabilities that were publicly disclosed a week ago. The company denies the seriousness of the vulnerabilities. The post Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices appeared first on Malwarebytes Labs.

Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices

After dragging their feet for months Owl Labs has released a patch for vulnerabilities that were publicly disclosed a week ago. The company denies the seriousness of the vulnerabilities. The post Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices appeared first on Malwarebytes Labs.

Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices

After dragging their feet for months Owl Labs has released a patch for vulnerabilities that were publicly disclosed a week ago. The company denies the seriousness of the vulnerabilities. The post Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices appeared first on Malwarebytes Labs.

Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices

After dragging their feet for months Owl Labs has released a patch for vulnerabilities that were publicly disclosed a week ago. The company denies the seriousness of the vulnerabilities. The post Update now! Patch against vulnerabilities in Meeting Owl Pro and Whiteboard Owl devices appeared first on Malwarebytes Labs.

CVE-2022-31463

Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used.

CVE-2014-8361: D-Link Technical Support

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

The Hacker News: Latest News

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case