Bbabo NET

Science & Technology News

TOP 5 information security events

Today in the TOP 5 are critical security updates for the Struts 2 framework, the “aspnet_compiler.exe” vulnerability, an RCE vulnerability in the WordPress backup plugin, a report analyzing hacker attacks by FakeSG, Akira and AMOS, and eight vulnerabilities in Dell PowerProtect that pose potential risks for system security. The news was prepared by Pavel Davydov, an analyst at the Jet Infosystems information security center.

Apache fixes critical RCE vulnerability in Struts 2

The Apache Software Foundation has released critical security updates for the Struts 2 framework, addressing the file loading vulnerability CVE-2023-50164 (CVSS 9.8), which can lead to remote code execution. The flaw is the manipulation of file download options to enable path traversal, which could potentially result in a malicious file being downloaded. Affected versions of Struts are 2.0.0 to 2.3.37, 2.5.0 to 2.5.32, and 6.0.0 to 6.3.0. The vulnerability was fixed in Struts versions 2.5.33 and 6.3.0.2. Apache recommends that all Struts 2 users update to the patched version to prevent possible attacks.

The "aspnet_compiler.exe" vulnerability allows malicious code to be downloaded undetected

Trend Micro researchers discovered that the "aspnet_compiler.exe" process was being abused to inject malicious code through the use of the AsyncRAT remote access tool. Attackers also use dynamic DNS to hide their location. Analysis of AsyncRAT components shows the creation of scheduled tasks and the use of various scripts. In addition, the ability of this utility to change server addresses has been identified, making it difficult to identify and block a connection. This study highlights the need for continuous monitoring for early detection of threats, including Ransomware.

RCE vulnerability in WordPress backup plugin

A critical vulnerability has been discovered in the popular WordPress Backup Migration plugin CVE-2023-6553 (CVSS 9.8), which allows remote code execution and full control over websites. The vulnerability was identified by Nex Team researchers and reported to Wordfence through the Bug Bounty program. The issue affects plugin versions up to and including 1.3.6 and can be used in low sophistication attacks. CVE-2023-6553 (CVSS 9.8) allows code execution via PHP code injection in /includes/backup-heart.php. Wordfence warned about the threat and introduced a firewall rule to protect customers, but many websites still use the vulnerable version. The Backup Migration developers promptly released a fix (1.3.8) and encourage users to update the plugin.

A report has been published analyzing the hacker attacks of FakeSG, Akira and AMOS

In the world of cybercrime, a variety of malicious software, so-called crimeware, is widely used. Criminals use different types of malware to attack different platforms. For example, the FakeSG campaign distributes NetSupport RAT through legitimate websites, masquerading as browser update notifications. Another example is the Akira ransomware, which, despite its recent emergence, is actively infecting organizations around the world, targeting large companies in various industries. Akira is similar to Conti in its use of string obfuscation and exclusion lists. The third example is the AMOS stealer, discovered in April 2023, which is a new version written in C. It uses malvertising by copying popular sites to lure users into downloading a malicious DMG file. AMOS is capable of collecting various data, packaging it and sending it to the command and control server.

Cross-site scripting vulnerabilities in Dell PowerProtect products

Eight vulnerabilities in Dell PowerProtect have been discovered that pose potential security risks to systems. The most critical among them: OS Command Injection (CVE-2023-48668, CVSS 8.2; CVE-2023-44277, CVSS 7.7) - vulnerabilities that allow the execution of commands in the operating system and provide attackers with the ability to control the system, as well as Cross-Site Scripting (XSS) (CVE-2023-44286, CVSS 8.8) - a vulnerability that opens up the possibility of introducing malicious code on the client side, which can lead to session theft, and others. It is recommended that you immediately update Dell PowerProtect systems to the latest versions that address these vulnerabilities to ensure system security and stability.

TOP 5 information security events