November 7, 2023 – WafdogBlog

VMware Tools vulnerability enables privilege escalation

Two critical vulnerabilities have been identified in VMware Tools and labeled CVE-2023-34057 and CVE-2023-34058. These vulnerabilities are related to local privilege escalation and SAML token signature bypass. These vulnerabilities have a high severity rating of 7.5 (High) and 7.8 (High) respectively. One of these vulnerabilities was identified in macOS systems. VMware has taken immediate action …

VMware Tools vulnerability enables privilege escalation Read More »

Backdoor Implanted on Hacked Cisco Devices

The threat actor modified the backdoor on Cisco devices by exploiting two zero-day vulnerabilities in the IOS XE software, making it harder to detect when using previous fingerprinting techniques. Examination of network traffic to a compromised device revealed that the threat actor updated the implant to include additional header validation. As a result, the implant …

Backdoor Implanted on Hacked Cisco Devices Read More »

PoC exploits for Critix and VMware vulnerability published

VMware, a provider of virtualization services, has notified its customers of the discovery of a proof-of-concept (PoC) exploit for a recently patched vulnerability in Aria Operations for Logs. This high severity vulnerability, identified as CVE-2023-34051 with a CVSS score of 8.1, involves an authentication bypass that could potentially lead to remote code execution. According to …

PoC exploits for Critix and VMware vulnerability published Read More »

DDoS attack exploits HTTP/2 rapid reset vulnerability

Cloudflare announced Thursday that it has successfully mitigated thousands of high-volume HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed vulnerability called HTTP/2 Rapid Reset. Among these attacks, 89 exceeded the 100 million requests per second (RPS) mark. In a report shared with The Hacker News, the web infrastructure and security company stated, “The …

DDoS attack exploits HTTP/2 rapid reset vulnerability Read More »

USB stick with lost millions of euros now crackable

According to Unciphered, crypto experts claim to have found a way to unlock an encrypted USB hard drive on which German programmer Stefan Thomas allegedly lost 7,002 Bitcoins (BTC) worth over 200 million euros. However, Thomas has shown a certain unwillingness to cooperate and appears unwilling to release the USB hard drive, as Wired reports. …

USB stick with lost millions of euros now crackable Read More »

Unpatched Cisco zero-day vulnerability actively attacked

Cisco has issued a serious warning regarding a critical security vulnerability that is unpatched and actively being exploited in the wild. This security flaw affects the IOS XE software. This zero-day vulnerability, identified as CVE-2023-20198, has been assigned the highest severity rating of 10.0 on the CVSS rating system. It’s important to note that this …

Unpatched Cisco zero-day vulnerability actively attacked Read More »

D-Link confirms a data breach

D-Link, a Taiwanese manufacturer of networking devices, has admitted to a data breach in which, according to their own statements, “low-sensitive and semi-public information” was exposed. The company clarified that this data did not originate from the cloud but likely came from an outdated D-View 6 system, which had reached the end of its lifecycle …

D-Link confirms a data breach Read More »

Hackers compromise USB devices used by government agencies

A continuous cyber espionage campaign called TetrisPhantom is targeting government institutions in the Asia-Pacific (APAC) region. The attackers have secretly collected sensitive data from government organizations in APAC by using secure USB drives with hardware encryption, typically used for secure data storage and transmission between computer systems. Kaspersky has identified this campaign in its APT …

Hackers compromise USB devices used by government agencies Read More »

Massive DDoS attack exploits zero-day vulnerability in HTTP/2 Rapid Reset

A unique DDoS attack based on HTTP/2 targeted multiple Google services and cloud users. The attackers utilized an advanced method called HTTP/2 Rapid Reset to exploit a zero-day vulnerability in the HTTP/2 protocol, identified as CVE-2023-44487, which could be used for DDoS attacks. The reported scale of the attack was as follows: Amazon successfully defended …

Massive DDoS attack exploits zero-day vulnerability in HTTP/2 Rapid Reset Read More »

ShellBot uses hexadecimal IPs to attack Linux SSH servers

The individuals responsible for ShellBot use IP addresses in hexadecimal notation to gain access to poorly managed Linux SSH servers and implement the DDoS malware. According to a recent report from the AhnLab Security Emergency Response Center (ASEC), the general process remains unchanged, but the download URL used by these threat actors to install ShellBot …

ShellBot uses hexadecimal IPs to attack Linux SSH servers Read More »