❌

Normal view

There are new articles available, click to refresh the page.
Today β€” 5 July 2024Main stream

Splunk Addresses Critical Vulnerabilities in Enterprise and Cloud Platforms

βœ‡Cybersecurity News and Magazine
By: Ashish Khaitan
5 July 2024 at 09:26

Splunk Vulnerability 1

Splunk has released a comprehensive set of security updates to address 16 vulnerabilities across its Splunk Enterprise and Cloud Platform. These updates include fixes of several Splunk vulnerabilities, including high-severity issues, emphasizing the critical nature of maintaining robust cybersecurity practices in enterprise environments. Among the latest updates, the Splunk vulnerability CVE-2024-36985, a remote code execution (RCE) via the External Lookup in Splunk Enterprise, is one of the most critical vulnerabilities. This vulnerability involves a Remote Code Execution (RCE) risk through an external lookup mechanism in Splunk Enterprise.Β 

Fixing Splunk Vulnerability with New Updates

[caption id="attachment_80556" align="alignnone" width="1527"]Splunk Vulnerability Source: Splunk[/caption] This vulnerability affects versions prior to 9.0.10, 9.1.5, and 9.2.2. Attackers exploiting this flaw can execute arbitrary commands by leveraging the "copybuckets.py" script within the "splunk_archiver" application. This issue highlights the importance of upgrading to the latest Splunk versions promptly or temporarily disabling the affected application to mitigate risks. Another significant vulnerability, CVE-2024-36984, allows authenticated users in Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows to execute arbitrary code through a serialized session payload. This exploit occurs when untrusted data is serialized via the collect SPL command, enabling attackers to execute malicious code within the payload. "Splunk rates this vulnerability as 8.8, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. If the Splunk Enterprise instance disabled splunk_archiver, there is no impact and the severity is Informational", says Splunk.

Comprehensive Security Measures and Recommendations

Splunk has advised users to update their installations to the latest versions to protect against these vulnerabilities effectively. Additionally, mitigating actions such as disabling the "splunk_archiver" application can provide interim protection until updates can be applied. The company emphasizes the importance of proactive security practices and prompt patch management to safeguard enterprise data and infrastructure. In addition to the critical vulnerabilities mentioned, Splunk's security updates also cover issues such as persistent cross-site scripting (XSS) in various endpoints, command injection, denial of service (DoS), and insecure file uploads. Each issue is addressed with specific patches or mitigation recommendations tailored to enhance system security. While Splunk has not reported active exploitation of these vulnerabilities in the wild, the proactive release of security updates underscores their commitment to maintaining the integrity and security of their platforms. Users are strongly encouraged to implement these updates and follow recommended security practices to mitigate potential risks effectively. Stay informed and prioritize cybersecurity measures to safeguard your Splunk deployments against emerging threats and vulnerabilities. Regular updates and vigilance are key to maintaining a secure environment in the cybersecurity domain.
Before yesterdayMain stream

Researchers Uncover UEFI Vulnerability Affecting Intel CPUs

βœ‡Security Boulevard
By: Wajahat Raja
3 July 2024 at 03:00

Cybersecurity researchers have recently uncovered a UEFI vulnerability in the Phoenix SecureCore UEFI firmware, which affects a variety of Intel Core desktop and mobile processors. This now-patched vulnerability, identified as CVE-2024-0762 with a CVSS score of 7.5, has been termed β€œUEFIcanhazbufferoverflow.” It involves a buffer overflow caused by an unsafe variable in the Trusted Platform […]

The post Researchers Uncover UEFI Vulnerability Affecting Intel CPUs appeared first on TuxCare.

The post Researchers Uncover UEFI Vulnerability Affecting Intel CPUs appeared first on Security Boulevard.

β€œRegreSSHion” vulnerability in OpenSSH gives attackers root on Linux

βœ‡Ars Technica
By: Dan Goodin
2 July 2024 at 15:03
β€œRegreSSHion” vulnerability in OpenSSH gives attackers root on Linux

Enlarge

Researchers have warned of a critical vulnerability affecting the OpenSSH networking utility that can be exploited to give attackers complete control of Linux and Unix servers with no authentication required.

The vulnerability, tracked as CVE-2024-6387, allows unauthenticated remote code execution with root system rights on Linux systems that are based on glibc, an open source implementation of the C standard library. The vulnerability is the result of a code regression introduced in 2020 that reintroduced CVE-2006-5051, a vulnerability that was fixed in 2006. With thousands, if not millions, of vulnerable servers populating the Internet, this latest vulnerability could pose a significant risk.

Complete system takeover

β€œThis vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, and the creation of backdoors for persistent access,” wrote Bharat Jogi, the senior director of threat research at Qualys, the security firm that discovered it. β€œIt could facilitate network propagation, allowing attackers to use a compromised system as a foothold to traverse and exploit other vulnerable systems within the organization.”

Read 7 remaining paragraphs | Comments

Vanna AI Vulnerability Exposes SQL Databases to Remote Code Execution

βœ‡Cybersecurity News and Magazine
By: Ashish Khaitan
28 June 2024 at 06:30

Vanna AI Vulnerability

A critical security flaw has been uncovered in the Vanna.AI library, exposing SQL databases to potential remote code execution (RCE) attacks through prompt injection techniques. Tracked as CVE-2024-5565 with a CVSS score of 8.1, this Vanna AI vulnerability allows malicious actors to manipulate prompts in Vanna.AI's "ask" function of Vanna.AI, leveraging large language models (LLMs) to execute arbitrary commands. Vanna.AI is a Python-based machine learning library designed to simplify interaction with SQL databases by converting natural language prompts into SQL queries. This functionality, facilitated by LLMs, enables users to query databases simply by asking questions.

Vanna AI Vulnerability Leads to Remote Code Execution (RCE)

The Vanna AI vulnerability was first identified by cybersecurity researchers at JFrog. They found that by injecting malicious prompts into the "ask" function, attackers could bypass security controls and force the library to execute unintended SQL commands. This technique, known as prompt injection, exploits the inherent flexibility of LLMs in interpreting user inputs. According to JFrog, "Prompt injection vulnerabilities like CVE-2024-5565 highlight the risks associated with integrating LLMs into user-facing applications, particularly those involving sensitive data or backend systems. In this case, the flaw in Vanna.AI allows attackers to subvert intended query behavior and potentially gain unauthorized access to databases." The issue was also independently discovered and reported by Tong Liu through the Huntr bug bounty platform, highlighting its significance and widespread impact potential.

Understanding Prompt Injection and Its Implications

Prompt injection exploits the design of LLMs, which are trained on diverse datasets and thus susceptible to misinterpreting prompts that deviate from expected norms. While developers often implement pre-prompting safeguards to guide LLM responses, these measures can be circumvented by carefully crafted malicious inputs. "In the context of Vanna.AI," explains JFrog, "prompt injection occurs when a user-supplied prompt manipulates the SQL query generation process, leading to unintended and potentially malicious database operations. This represents a critical security concern, particularly in applications where SQL queries directly influence backend operations."

Technical Details and Exploitation

The Vanna AI vulnerability arises primarily from how Vanna.AI handles user prompts within its ask function. By injecting specially crafted prompts containing executable code, attackers can influence the generation of SQL queries. This manipulation can extend to executing arbitrary Python code, as demonstrated in scenarios where the library dynamically generates Plotly visualizations based on user queries. "In our analysis," notes JFrog, "we observed that prompt injection in Vanna.AI allows for direct code execution within the context of generated SQL queries. This includes scenarios where the generated code inadvertently includes malicious commands, posing a significant risk to database security." Upon discovery, Vanna.AI developers were promptly notified and have since released mitigation measures to address the CVE-2024-5565 vulnerability. These include updated guidelines on prompt handling and additional security best practices to safeguard against future prompt injection attacks. "In response to CVE-2024-5565," assures JFrog, "Vanna.AI has reinforced its prompt validation mechanisms and introduced stricter input sanitization procedures. These measures are crucial in preventing similar vulnerabilities and ensuring the continued security of applications leveraging LLM technologies."

Dark Web Actor Advertises a Google Chrome Sandbox Escape Exploit for $1 Million

βœ‡Cybersecurity News and Magazine
By: Ashish Khaitan
27 June 2024 at 04:55

Sandbox Escape exploit

A dark web actor is advertising a zero-day exploit targeting Google Chrome. The exploit specifically targets versions 126.0.6478.126 and 126.0.6478.127 of Google Chrome for Windows, specifically the 21H1 and 21H2 versions. This exploit, which allows for Sandbox escape, was put up for sale by a threat actor identified as 'ctf' on the XSS forum. The threat actor's post on the forum detailed the nature of the exploit, highlighting its capability to execute remote code on affected systems potentially. The asking price for this exploit was set at an exorbitant $1 million, payable in cryptocurrencies like Monero or Bitcoin. Notably, the threat actor did not provide a proof-of-concept demonstration but insisted on dealing through a mutually agreed-upon guarantor or middleman.

Dark Web Actor Selling Sandbox Escape Exploit

[caption id="attachment_79184" align="alignnone" width="1352"]Sandbox Escape Exploit Source: Dark Web[/caption] Sandbox escape vulnerabilities like these pose a significant risk by allowing malicious actors to break out of the confinement typically imposed by security measures such as sandboxes. Such exploits can enable attackers to execute arbitrary code on a system beyond the restricted environment, thereby potentially compromising sensitive data or even gaining full control over the affected machine. In a separate incident earlier this year, vulnerabilities in the sandboxing mechanism of Judge0, an online code execution system, were also reported. These vulnerabilities, described as critical, could similarly enable attackers to perform sandbox escapes and gain root permissions on the host machine. Tanto Security, an Australian cybersecurity firm, highlighted the severity of these flaws, which could be exploited to achieve a complete system takeover.

The Threat of Sandbox Escape Vulnerabilities

Judge0, known for facilitating online code execution for various applications including e-learning platforms and code editors, experienced these vulnerabilities due to issues in its sandbox setup scripts. Specifically, flaws in the isolation mechanism allowed attackers to manipulate symbolic links and execute arbitrary code outside the designated sandbox environment. The ongoing emergence of such sandbox escape vulnerabilities highlights the importance of cybersecurity practices and prompt patch management. Organizations and individuals are advised to remain vigilant, apply security updates promptly, and employ defense-in-depth strategies to mitigate the risks posed by such exploits. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Exploring Git Vulnerabilities: Latest Fixes and Updates

βœ‡Security Boulevard
By: Rohan Timalsina
12 June 2024 at 05:00

Multiple security issues were found in Git, a popular distributed version control system. The Ubuntu security team has proactively addressed Git vulnerabilities by releasing updates for various versions of the Ubuntu operating system, including Ubuntu 24.04 LTS, Ubuntu 23.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS. Β  Git Vulnerabilities Fixed in Ubuntu Updates Β  Security […]

The post Exploring Git Vulnerabilities: Latest Fixes and Updates appeared first on TuxCare.

The post Exploring Git Vulnerabilities: Latest Fixes and Updates appeared first on Security Boulevard.

❌
❌