Chinese Hackers Use HTML Smuggling to Infiltrate European Ministries with PlugX
A Chinese nation-state group has been observed targeting Foreign Affairs ministries and embassies in Europe using HTML smuggling techniques to deliver the PlugX remote access trojan on compromised systems.
Cybersecurity firm Check Point said the activity, dubbed SmugX, has been ongoing since at least December 2022.
"The campaign uses new delivery methods to deploy (most notably – HTML Smuggling) Read More
The Hacker News | #1 Trusted Cybersecurity News Site
OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
[[{“value”:”Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project.
"The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails," OpenJS”}]] Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Critical Apache OFBiz Zero-day Flaw Exploited in the Wild
Researchers uncovered a critical authentication bypass zero-day flaw tracked as CVE-2023-51467, with a CVSS score of 9.8 affecting Apache OFBiz’s open-source enterprise resource planning (ERP) system.
The vulnerability allows attackers to bypass simple Server-Side Request Forgery (SSRF) authentication.
The pre-authenticated RCE vulnerability tracked as CVE-2023-49070 leads to the zero-day SSRF vulnerability CVE-2023-51467 in Apache OFBiz due to an incomplete patch.
“The security measures taken to patch CVE-2023-49070 left the root issue intact, and therefore, the authentication bypass was still present”, the SonicWall threat research team shared with Cyber Security News.
The vulnerability CVE-2023-49070 stems from an outdated, no-longer-maintained XML-RPC component within Apache OFBiz.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.
Details of the Zero-Day Flaw That Affects Apache OfBiz
An open-source enterprise resource planning (ERP) system is called Apache OfBiz. Although it might not sound familiar, it is widely installed in well-known applications, including Atlassian’s JIRA, which more than 120K enterprises use.
Because of this, just like with many supply chain libraries, if threat actors take advantage of this vulnerability, the consequences might be severe.
“This flaw could lead to the exposure of sensitive information or even the ability to execute arbitrary code,” researchers said.
The login functionality contains the vulnerability tracked as CVE-2023-51467. Regardless of the username, password, or other arguments in an HTTP request, researchers found that the magic string requirePasswordChange=Y is the primary source of the authentication bypass.
Because of this, the vulnerability was not entirely fixed by removing the XML RPC code.
Affected Version
This vulnerability impacts Apache OFBiz before 18.12.11.
Patch Now
Anyone running Apache OFbiz is urged to update to version 18.12.11 or higher immediately. To identify any active exploitation of this vulnerability, SonicWall has created an IPS signature, IPS: 15949, in addition to the fix.
Try Kelltron’s cost-effective penetration testing services for free to assess and evaluate the security posture of digital systems.
GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others
GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user.
The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3, and 16.11.5.
The most severe of the Read More