Hacks

It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers. Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [ 1 ,  2 ] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC and Gateway products that could allow anyone to leverage them to take full control over potential enterprise targets. Just before the last Christmas and year-end holidays, Citrix  announced  that its Citrix Application Delivery Controller (ADC) and Citrix Gateway are vulnerable to a critical path traversal flaw (CVE-2019-19781) that could allow an unauthenticated attacker to perform arbitrary code execution on vulnerable servers. Citrix confirmed that the flaw affects all supported version of the software, including: Citrix ADC and Citrix Gateway version 13.0 all supporte...

Critical SQLite vulnerabilities named “Magellan 2.0” discovered in World’s most popular browser Google Chrome let hackers exploit the Chromium render process and execute the remote code. SQLite is a well-known database that widely used in popular embedded database software, and SQLite is a popular choice for local/client storage in application software such as web browsers and operating systems. The vulnerability affects the users who all are using Chrome that is prior to 79.0.3945.79 with WebSQL enabled, and the researchers confirmed that the other devices such as PC/Mobile devices/IoT devices may also be affected depends on the attack surface. The vulnerability was initially discovered by the Tencent Blade Team, and they have successfully tested in Chrome and exploited the vulnerability in Chromium render process. Tencent Blade Team @tencent_blade Magellan 2.0 on its way! Blade researcher @ leonwxqian found another set of vulnerabilities in # SQLite...

Researchers discovered a  newly patched Windows Zero-day vulnerability  exploit already used in Operation WizardOpium attacks along with Chrome Zero-day exploit in last month. The attack was initially observed by Kaspersky researchers who have already uncovered a Google Chrome 0-day exploit that was used in the part of the attack. Further detailed investigation revealed that the exploit for Google Chrome embeds a 0-day EoP exploit ( CVE-2019-1458 ) that is used to gain higher privileges on the infected machine and also escape the Chrome process sandbox. Researchers observed the 2 different stages in EoP exploit, one is a tiny PE loader and another one is an actual exploit. Kaspersky products detect this exploit with the verdict PDM: Exploit.Win32.Generic. EoP exploit indicates that the vulnerability it used belongs to the win32k.sys driver and that the EoP exploit was the 0-day exploit, and it was confirmed by the researchers when they have tested with an exp...

Researchers discovered a critical vulnerability in Docker that allows an attacker to take complete control of the host and the containers associated with it. The Docker vulnerability resides in the copy command (cp) used in containers platforms such as  Docker ,  Podman , and  Kubernetes . This command can be used to copy files & folders between the container and the local file system. The commands can be used like below: docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|- docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH Docker Copy Command Vulnerability According to researchers, this is the first Docker cp command that leads to a full container escape after the runC vulnerability identified in February. The vulnerability can be exploited by the attacker if the docker already compromised with any previous vulnerabilities or if the user runs a malicious container image from an untrusted source. “If the user then executes the vulnerable cp command to ...