Fortinet Issues Patch to Correct Critical RCE Vulnerability in FortiManager and FortiAnalyzer
A critical remote code execution use-after-free vulnerability has been identified that affects Fortinet’s FortiManager and FortiAnalyzer network management solutions. If exploited, a non-authenticated remote attacker could execute code on vulnerable devices with root privileges, which would give the attacker full control of vulnerable devices. The flaw, tracked as CVE-2021-32589, was discovered by security researcher Cyrille Chatras...
MosaicLoader Malware Downloader Distributed Via Internet Ads for Cracked Software
Bitdefender security researchers have identified a new malware variant dubbed MosaicLoader, which is being distributed in a worldwide campaign disguised as cracked software. The malware acts as a downloader of secondary payloads and was named due to the complex internal structure designed to evade detection by security solutions and hamper researchers’ attempts at reverse engineering the malware. The threat actor behind the campaign...
Two More Windows Print Spooler Vulnerabilities Identified
A further zero-day vulnerability has been identified in Windows Print Spooler that could be exploited via remote print servers under the attacker’s control to gain administrative privileges on Windows machines. The vulnerability affects all current versions of Windows. The latest vulnerability was identified by Mimikatz creator, Benjamin Delpy. Delpy developed an exploit for the flaw which uses the Queue-Specific Files feature of...
Nested Archive Technique used in Phishing Campaign Delivering the BazarBackdoor
A new phishing campaign is underway that delivers the BazarBackdoor malware using a nested archive method, which involves putting compressed archives within another compressed archive. Using a single compressed archive is not sufficient to hide malware from many secure email gateway solutions, which have the capability to scan inside archive files. However, many email security solutions do not check any deeper than this, so adding a...
SonicWall: Users of Unpatched SRA and SMA 100 Series Appliances Face Imminent Risk of Ransomware Attacks
SonicWall has issued an urgent warning for users of its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running 8.x firmware. SonicWall has learned of threat actors targeting a known vulnerability in the firmware using stolen credentials. SonicWall explained in its alert that ransomware attacks are imminent and urgent action must be taken to prevent exploitation of the flaw. SonicWall has corrected the...