Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack
Microsoft on Tuesday released updates to address a total of 132 new security flaws spanning its software, including six zero-day flaws that it said have been actively exploited in the wild.
Of the 132 vulnerabilities, nine are rated Critical, 122 are rated Important in severity, and one has been assigned a severity rating of "None." This is in addition to eight flaws the tech giant patched in Read More
The Hacker News | #1 Trusted Cybersecurity News Site
PostgreSQL Security Flaws Let Attackers Execute Code
[[{“value”:”
Two vulnerabilities have been identified in pgAdmin of PostgreSQL, which are associated with cross-site scripting and multi-factor authentication bypass.
pgAdmin is an open-source administration tool and development platform for PostgreSQL, which offers multiple features like CI/CD, Server Mode, Workspace customization, and much more.
pgAdmin supports multiple platforms, such as Linux, Unix, macOS, and Windows. However, these vulnerabilities have been assigned CVE-2024-4216 and CVE-2024-4215, with severity 7.4 (High).
Both of these vulnerabilities have been fixed in PostgreSQL.
This vulnerability exists in pgAdmin versions prior to 8.5 specifically inside the /settings/store API response json payload.
Document
Integrate ANY.RUN in Your Company for Effective Malware Analysis
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
Real-time Detection
Interactive Malware Analysis
Easy to Learn by New Security Team members
Get detailed reports with maximum data
Set Up Virtual Machine in Linux & all Windows OS Versions
Interact with Malware Safely
If you want to test all these features now with completely free access to the sandbox:
Exploiting this vulnerability could allow a threat actor to execute malicious script on the client end and steal sensitive cookies.
In order to exploit this vulnerability, researchers used the man-in-the-middle proxy (mitmproxy) and intercepted the POST request to /settings/store which is called for certain purposes like resizing the left menu bar.
The POST request body is modified with “… ”children”: [{”id”:”+3′-alert(‘XSS’)-‘”, …” and sent to the server.
The server then responds with this malicious XSS payload which gets executed as a pop-up in the client browser.
This vulnerability affects pgAdmin versions prior to 8.5, which could allow a threat actor to bypass multi-factor authentication on affected versions.
In order to exploit this vulnerability, a threat actor must have a legitimate username and password to authenticate into the application.
Once authenticated into the application, the threat actor can perform additional actions like managing files and executing SQL queries regardless of the MFA enrollment status.
The maintainers have fixed both of these vulnerabilities, and necessary patches have been rolled out.
Users of pgAdmin for PostgreSQL are recommended to upgrade to pgAdmin v4 8.6 to prevent the exploitation of these vulnerabilities by threat actors.
Is Your Network Under Attack? – Read CISO’s Guide to Avoiding the Next Breach – Download Free Guide
Developer Of Hive RAT Arrested By Authorities for Stealing Login Credentials
[[{“value”:”
A San Fernando Valley man has been taken into custody by federal authorities on criminal charges related to a purported scheme to sell and distribute Hive remote access trojan (RAT).
This gave buyers control over the victims’ computers and allowed them to view the victims’ login credentials, private messages, and other personal data.
The 24-year-old Van Nuys resident Edmond Chakhmakhchyan, also known by his screen name “Corruption,” was taken into custody on Wednesday. The Australian Federal Police (AFP) and the FBI collaborated on this cooperative law enforcement operation.
About four years ago, Chakhmakhchyan allegedly started working with the person who created the Hive RAT, also known as “Firebird.”
The author advertised the RAT’s many features, specifically its ability to remotely access victim computers and intercept data and communications without the victim’s knowledge.
The FireBird RAT is highly functional malware with various capabilities. Cybercriminals may be able to get user-level access over a targeted machine.
This malicious malware can manage the Windows Registry, which holds data, settings, and other items related to installed hardware and software. As a result, it may issue commands to manage connected hardware and install and remove apps.
Promoting the Hive Remote Access Trojan (RAT) on the “Hack Forums”
According to the indictment, Chakhmakhchyan and the creator of the malware allegedly came to an agreement whereby Chakhmakhchyan would promote the Hive remote access trojan (RAT) on the “Hack Forums” website, take Bitcoin payments for licenses to use the RAT and offer customer support to those who bought the licenses.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .
In particular, the malware buyers would transfer Hive RAT to secured systems and obtain unauthorized access to these systems.
From there, the RAT buyer may close or disable applications, peruse files, log keystrokes, access incoming and outgoing communications, and obtain victim passwords and other login credentials for cryptocurrency wallets and bank accounts, all without the victims’ knowledge or consent.
As per the indictment, Chakhmakhchyan emailed buyers after promoting the Hive RAT.
He clarified to one of the buyers that the malware let “the Hive RAT user access another person’s computer without that person knowing about the access.”
Chakhmakhchyan agreed to sell the Hive RAT after the buyer informed him that the victim had project files valued at over $5,000 and $20,000 in Bitcoin kept in a blockchain wallet. It is said that Chakhmakhchyan also sold a license for the Hive RAT to a law enforcement agency undercover agent.
Chakhmakhchyan is Accused Of Conspiracy
“The indictment specifically charges Chakhmakhchyan with one count of conspiracy – to advertise a device as an interception device, to transmit a code to intentionally cause damage to a protected computer, and to intentionally access a computer to obtain information – as well as one count of advertising a device as an interception device”, the U. S Department of Justice.
The maximum statutory penalty for each count is five years in federal prison.
The defendant is deemed innocent unless and until they are proven guilty beyond a reasonable doubt in a court of law, and an indictment is only an allegation.
The Commonwealth Director of Public Prosecutions will handle the prosecution of an Australian national who has been charged by the Australian Federal Police with involvement in the development and selling of the malware.
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.