A recent MIT Technology Review Report revealed that 66 zero-day attacks in 2021 were recorded in 2021, nearly double the attacks in 2020. For example, security researchers discovered a security flaw in Fortinet's web application firewall that permits attackers to run arbitrary malicious codes on severs and devices protected using the security solution. Attackers can compromise the vulnerability to compromise devices, escalate privileges, and control them. For example, they may install crypto-mining malware or a persistent shell.
In addition, cPanel & WHM web hosting platform was found to contain privilege escalation and remote code execution vulnerabilities. cPanel hosts at least 168,000 websites. When demonstrating the discovered flaws, security researchers state that a stored XSS permits malicious actors to escalate privileges and execute harmful commands on the server using root privileges. In addition, since cPanel & WHM helps users execute shell commands directly from the browser via web terminals, XSS attacks enable remote code execution on the server using root privileges.
Also, a vulnerability was discovered on Slack's file sharing platform that permits hackers to de-anonymize workspace group members. The XSLeak technique resists SameSite=Lax (an attribute that allows users to declare whether cookies are restricted as first-party or same-site). Exploiting the vulnerability can de-anonymize Slack users and cause spear-phishing attacks, browser fingerprinting, or leak a victim's IP address.
Orange Tsai, a security researcher, also unearthed severe Microsoft Exchange exploits. The pre-authenticated RCE vulnerability was among other zero-day exploits that were exploited, causing hundreds of thousands of company messaging servers to be compromised worldwide. After further research, Orange Tsai found that ProxyLogon is an entirely new attack surface with multiple security weaknesses. These include cryptographic bugs, server-side flaws, and client-side security weaknesses. Exploiting these vulnerabilities could enable hackers to execute arbitrary malicious code on Microsoft Exchange Server Instances and permit attackers to view user passwords in plaintext.
We can help!
Are you looking for ongoing advisory services to assist in identifying vulnerabilities and security policies that should be in place and help improve your security posture? The team at Inception Security™ has been leveraged to enhance the security posture of fortune 100 companies, small and medium-sized businesses. Our team has a depth of knowledge in the cybersecurity industry and will be able to provide value to your business right away.
Contact Inception Security if your company is looking for advisory services.