New ‘ALBeast’ Vulnerability Exposes Weakness in AWS Application Load Balancer
As many as 15,000 applications using Amazon Web Services’ (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications.
That’s according to findings from Israeli cybersecurity company Miggo, which dubbed the problem ALBeast.
“This vulnerability allows attackers to Read More
Microsoft .NET Framework & Visual Studio Flaw Let Attackers Write or Delete Files
[[{“value”:”
A vulnerability, CVE-2023-36049 has been identified in the Microsoft .NET Framework and Visual Studio, posing a serious threat to the integrity of FTP servers.
If exploited, this flaw could allow attackers to write or delete files, compromising the security of applications and data.
The .NET Framework, a cornerstone of software development on Microsoft Windows, facilitates the creation and execution of applications within a managed execution environment.
However, a flaw in its design related to handling FTP commands has opened a door for cyber attackers.
FTP, or File Transfer Protocol, is a standard network protocol for transferring computer files between a client and server on a computer network.
It operates on a dual-connection system, one for commands and the other for data transfer.
The vulnerability stems from the .NET Framework’s improper user input validation, specifically in how FTP command parameters and FTP URI requests are processed.
FTP commands have the following syntax:
<command> <SP> [parameters] <CRLF>
Vulnerability Unveiled
A detailed analysis reveals that the flaw is due to the .NET Framework’s FtpControlStream class, which inadequately validates FTP command parameters, allowing attackers to inject malicious commands.
For instance, when handling parameters that include Carriage Return Line Feed (CRLF) characters, the system fails to properly sanitize the input, leading to potential unauthorized file operations.
Source code snippet illustrating the vulnerability
The Trend Micro Research Team recently uncovered a vulnerability in .NET Framework and Visual Studio, allowing privilege escalation.
Document
Integrate ANY.RUN in your company for Effective Malware Analysis
Malware analysis can be fast and simple. Just let us show you the way to:
Interact with malware safely
Set up virtual machine in Linux and all Windows OS versions
Work in a team
Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox: ..
Justin Hung and Yazhi Wang of the team have detailed the issue in a report through the Trend Micro Vulnerability Research Service.
The vulnerability has since been patched. Attackers can exploit this vulnerability by sending specially crafted requests to FTP servers.
Successful exploitation could enable unauthorized individuals to write or delete files on the server, potentially leading to data loss, data corruption, or unauthorized access to sensitive information.
The attack vector is particularly concerning for applications that rely on the .NET Framework for FTP operations.
Given the widespread use of the .NET Framework in enterprise environments, this vulnerability has a significant potential impact.
Mitigation and Response
Microsoft has responded to this critical vulnerability by releasing a patch.
The update addresses the flaw by improving the validation process for FTP command parameters and URI requests.
Administrators and developers must apply this patch promptly to protect their systems from potential attacks.
For those unable to apply the patch immediately, a temporary mitigation strategy involves refusing FTP URIs from untrusted sources and filtering FTP traffic to detect and block suspicious activity.
Monitoring FTP traffic for multiple commands sent in a single packet can help identify attempts to exploit this vulnerability, although this approach may yield false positives in regular traffic.
The discovery of this vulnerability underscores the importance of rigorous input validation in software development.
Maintaining the security of software frameworks and applications as cyber threats evolve is paramount.
Users and administrators are urged to apply the provided patch and follow best practices for network security to safeguard against potential exploits.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Google Chrome Patches Six High-Severity Vulnerabilities
Google has released a critical security update for its Chrome browser, addressing six high-severity vulnerabilities that could potentially lead to browser crashes and other serious security issues.
The update, version 126.0.6478.114/115 for Windows and Mac and 126.0.6478.114 for Linux is part of Google’s ongoing efforts to enhance the security of its widely-used web browser.
Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot
Details of the Vulnerabilities
The six vulnerabilities patched in this update include:
CVE-2024-6100: Type Confusion in V8
Severity: High
Reported by: Seunghyun Lee (@0x10n) participating in SSD Secure Disclosure’s TyphoonPWN 2024 on June 4, 2024
Reward: $20,000
Description: This vulnerability involves type confusion in the V8 JavaScript engine, which could allow attackers to execute arbitrary code within the browser’s sandbox.
CVE-2024-6101: Inappropriate Implementation in WebAssembly
Severity: High
Reported by: @ginggilBesel on May 31, 2024
Reward: $7,000
Description: This flaw is due to inappropriate implementation in WebAssembly, potentially leading to unexpected behavior or crashes.
CVE-2024-6102: Out of Bounds Memory Access in Dawn
Severity: High
Reported by: wgslfuzz on May 7, 2024
Reward: TBD
Description: This vulnerability involves out-of-bounds memory access in Dawn, a web graphics library, which could be exploited to cause crashes or execute arbitrary code.
CVE-2024-6103: Use After Free in Dawn
Severity: High
Reported by: wgslfuzz on June 4, 2024
Reward: TBD
Description: This issue is a use-after-free vulnerability in Dawn, which could allow attackers to execute arbitrary code or cause the browser to crash.
Google has emphasized the importance of applying this update as soon as possible to mitigate the risks associated with these vulnerabilities.
The company has credited several external researchers for their contributions to identifying and reporting these issues, highlighting the collaborative nature of cybersecurity efforts.
How to Update Chrome
Users can update their Chrome browser by following these steps:
Open Google Chrome.
Click the three vertical dots in the top right corner of the window.
Select “Settings.”
Scroll down and click on “About Chrome.”
Chrome will automatically check for updates. If an update is available, it will be downloaded and installed automatically.
After the update is installed, restart your Chrome browser to apply the changes.
This latest update is part of Google’s regular security maintenance schedule, which aims to address vulnerabilities promptly and keep users safe from potential threats.
By following these steps, users can ensure that their Chrome browser is up to date, which is crucial for maintaining security and accessing the latest features.
FreeWebinar! 3 Security Trends to Maximize MSP Growth -> Register For Free