A database for the notorious RaidForums hacking forums has been leaked online, allowing threat actors and security researchers insight into the people who frequented the forum. […]
Related Posts
New tools, old problems.
New tools, old problems.
This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. She discusses how AI is being used as a possible solution to one of the oldest scams in the book in Japan. Dave and Joe share some listener follow up, one from listener Alan and one from Clinton, who both write in about a recent episode and they share their thoughts on the story of Charlotte Cowles being scammed out of $50,000. Dave shares a story about calendar meeting links, from Calendly, a popular application for scheduling appointments and meetings, being used to spread mac malware. Joe shares write ins from several listeners, some writing in to share experiences with scams they have come across, others writing to warn others on scams they have seen used in the real world. Our catch of the day comes from Zach with an oddity, getting scammed by mail! Read More
The CyberWire
CISA says critical Fortinet RCE flaw now exploited in attacks
CISA says critical Fortinet RCE flaw now exploited in attacks
Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. […] Read More
HashiCorp Cloud Vault Vulnerability Let Attackers Escalate Privileges
HashiCorp Cloud Vault Vulnerability Let Attackers Escalate Privileges
HashiCorp, a leading provider of cloud infrastructure automation software, has disclosed a critical security vulnerability in its Vault secret management platform.
The flaw, identified as CVE-2024-9180, could allow privileged attackers to escalate their privileges to the highly sensitive root policy, potentially compromising the entire Vault instance.
The vulnerability affects Vault Community Edition versions 1.7.7 to 1.17.6 and Vault Enterprise versions 1.7.7 to 1.17.6, 1.16.10, and 1.15.15. HashiCorp has assigned a CVSSv3 score of 7.2 to this high-severity issue, indicating a significant potential impact.
According to the security bulletin, the vulnerability stems from the mishandling of entries in Vault’s in-memory entity cache.
A malicious actor with write permissions to the root namespace’s identity endpoint could manipulate their cached entity record through the identity API, potentially escalating their privileges to Vault’s root policy on the affected node.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
While the impact is somewhat limited due to the manipulated entity record not being propagated across the cluster or persisted to the storage backend, the potential consequences of exploitation are severe.
An attacker successfully exploiting this flaw could gain complete control over the Vault instance, potentially compromising sensitive data and disrupting critical operations.
It’s important to note that the vulnerability only affects entities in the root namespace and does not impact those within standard or administrative namespaces. Additionally, HCP Vault Dedicated is unaffected due to its reliance on administrative namespaces.
HashiCorp has released patched versions to address this vulnerability. Vault Community Edition users should upgrade to version 1.18.0, while Vault Enterprise users should update to version 1.18.0, 1.17.7, 1.16.11, or 1.15.16, depending on their current version.
For organizations unable to immediately upgrade, HashiCorp suggests implementing alternative mitigation strategies. These include using Sentinel EGP policies or modifying the default policy to restrict access to the identity endpoint.
Additionally, monitoring Vault audit logs for entries containing “root” within the “identity_policy” array can help detect potential exploitation attempts.
The discovery of this vulnerability underscores the importance of regular security audits and prompt patching in critical infrastructure components. Organizations using HashiCorp Vault are strongly advised to assess their risk exposure and take appropriate action to secure their environments.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar
The post HashiCorp Cloud Vault Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.