Rapid7 Archives - Cyber Security Minute

Zimbra Credential Theft Vulnerability Exploited in Attacks

Issued by: Security Week

The security hole, tracked as CVE-2022-27924 and described as a Memcache injection issue, allows an unauthenticated attacker to steal cleartext credentials from a targeted Zimbra instance without any user interaction. An attacker can leverage the compromised credentials to access the victim’s emails, from where they could escalate their access within the targeted organization and obtain…

Vulnerabilities

Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut

Issued by: Dark Reading

Zyxel firewalls are under active cyberattack after a critical security vulnerability was disclosed last week that could allow unauthenticated, remote arbitrary code execution. The bug (CVE-2022-30525, CVSS 9.8) was silently patched in April, but no public disclosure was made until last Thursday, May 12, when Rapid7 released a technical report on the issue. It also…

Vulnerabilities

Critical Vulnerability Allows Remote Hacking of Zyxel Firewalls

Issued by: Security Week

The flaw, tracked as CVE-2022-30525, affects ATP, VPN and USG FLEX series firewalls. The vulnerability can be exploited by a remote, unauthenticated attacker for arbitrary code execution as the “nobody” user. The affected products are recommended for businesses and they provide VPN, SSL inspection, intrusion protection, web filtering and email security capabilities. The Shodan search…

Vulnerabilities

Many Internet-Exposed Servers Affected by Exploited Redis Vulnerability

Issued by: Security Week

Tracked as CVE-2022-0543, the security hole has a CVSS score of 10 and is described as an insufficient sanitization in Lua. While Redis statically links the Lua Library, some Debian/Ubuntu packages dynamically link it, leading to a sandbox escape that can be exploited to achieve remote code execution. Both Debian and Ubuntu announced patches for…

Vulnerabilities

Details Disclosed for Recent Vulnerabilities in SonicWall Remote Access Appliances

Issued by: Security Week

The impacted devices include the SMA 200, 210, 400, 410, and 500 edge network access control systems that have the Web Application Firewall (WAF) enabled. The most severe of these vulnerabilities is CVE-2021-20038 (CVSS score of 9.8), an unauthenticated stack-based buffer overflow that could lead to remote code execution (RCE) as the ‘nobody’ user. “The…

Cloud Security

Why the rapid transition to cloud demands that DevOps shift left

Issued by: Help Net Security

To accommodate remote work policies amid COVID-19, companies have increasingly adopted the public cloud to support off-site business continuity. A MarketsandMarkets analysis found that due to the impact of the current crisis, the cloud market is expected to grow from $233 billion in 2019 to $295 billion by 2021. The transition to remote work by…