![]() This vulnerability allows users with admin. The researchers urged anyone who has run the software to “ensure your system is in a known clean state, likely requiring a reinstall of the operating system.” The post includes file hashes, IP addresses, and other data people can use to discern if they've been targeted. The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. “But the tool also has the ability to download and execute arbitrary code from an attacker-controlled domain.” Symbols provide additional information about a binary that can be helpful when debugging software issues or while conducting vulnerability research,” the researchers wrote. The specific flaw exists within the SolarWinds.Serialization library. Authentication is required to exploit this vulnerability. Related: SolarWinds Warns of Attacks Targeting Web Help Desk Users. Additional information on the bugs can be found on SolarWinds’ product security page. “On the surface, this tool appears to be a useful utility for quickly and easily downloading symbol information from a number of different sources. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. SolarWinds made no mention of any of these vulnerabilities being exploited in attacks. The tool, first posted to GitHub in September 2022 and removed an hour before this post went live, provided a useful means to debug or analyze software. The post said that in addition to exploiting the current zero-day, the same hacking group appears to be sharing software that also targets researchers. The shellcode used in this exploit is constructed in a similar manner to shellcode observed in previous North Korean exploits. Upon successful exploitation, the shellcode conducts a series of anti-virtual machine checks and then sends the collected information, along with a screenshot, back to an attacker-controlled command and control domain. That campaign first came to public awareness in January 2021 in posts from the same Google research group and, a few days later, Microsoft. Malware used in the campaign closely matches code used in a previous campaign that was definitively tied to hackers backed by the North Korean government, Clement Lecigne and Maddie Stone, both researchers in Google’s Threat Analysis Group, said. The vulnerability was exploited using a malicious file the hackers sent the researchers after first spending weeks establishing a working relationship. ![]() They declined to identify the software or provide details about the vulnerability until the vendor, which they privately notified, releases a patch. The presently unfixed zero-day-meaning a vulnerability that’s known to attackers before the hardware or software vendor has a security patch available-resides in a popular software package used by the targeted researchers, Google researchers said Thursday. ![]() North Korea-backed hackers are once again targeting security researchers with a zero-day exploit and related malware in an attempt to infiltrate computers used to perform sensitive investigations involving cybersecurity. Dmitry Nogaev | Getty Images reader comments 22 with
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |