Skip to main content

Hackers News😱

Hackers actively exploit high-severity networking vulnerabilities.




Hackers are actively exploiting two unrelated high-severity vulnerabilities that allow unauthenticated access or even a complete takeover of networks run by Fortune 500 companies and government organizations.

The most serious exploits are targeting a critical vulnerability in F5’s Big-IP advanced delivery controller, a device that’s typically placed between a perimeter firewall and a Web application to handle load balancing and other tasks. The vulnerability, which F5 patched three weeks ago, allows unauthenticated attackers to remotely run commands or code of their choice. Attackers can then use their control of the device to hijack the internal network it’s connected to.

Comments

Post a Comment

Popular posts from this blog

REMOTE CODE EXECUTION😱

SIGRed: Another Critical Wormable Remote Code Execution Vulnerability Attackers often abuse Windows DNS servers to gain access to targeted networks. The recent discovery of SIGRed, a critical, wormable remote code execution (RCE) vulnerability in the Windows DNS server can probably prove to be a jackpot for threat actors. This is not just another vulnerability Check Point security researcher Sagi Tzaik found the vulnerability ( CVE-2020-1350 ) that existed in the operating system's code for 17 years. The successful exploitation of such a vulnerability could have a severe impact. Microsoft  has warned that the vulnerability (CVSS base score of 10.0) could allow an attacker to craft malicious DNS queries for Windows DNS servers (versions from 2003 to 2019), and achieve arbitrary code execution that could lead to the breach of an organizations’ entire infrastructure. When triggered by a malicious DNS query, the vulnerability leads to a heap-based buffer overflow, allowing the attacker...
2 comments
Read more