Over 900,000 devices are impacted by an arbitrary code execution vulnerability in MikroTik RouterOS.

https://www.securityweek.com/code-execution-vulnerability-impacts-900k-mikrotik-devices/

More than 900,000 MikroTik devices are impacted by a RouterOS vulnerability leading to arbitrary code execution, vulnerability intelligence provider VulnCheck reports.

Tracked as CVE-2023-30799 (CVSS score of 9.1), the issue is described as a privilege escalation bug impacting RouterOS versions before 6.49.7 and RouterOS long-term versions through 6.48.6.

“A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system,” a NIST advisory reads.

The vulnerability was initially disclosed in June 2022, at the REcon conference, but no CVE identifier was assigned to it. Proof-of-concept (PoC) code demonstrating how a root shell can be obtained on a RouterOS x86 virtual machine was also published at the time.

MikroTik patched the bug in RouterOS stable 6.49.7 in October 2022, without detailing it, VulnCheck says. Patches were released for the RouterOS long-term version as well.
https://nvd.nist.gov/vuln/detail/CVE-2023-30799

The first attempts to exploit CVE-2023-24489, a recent critical Citrix ShareFile remote code execution vulnerability, have been observed

https://www.securityweek.com/exploitation-of-recent-citrix-sharefile-rce-vulnerability-begins/

CoinsPaid says North Korean hacking group Lazarus is likely responsible for the recent theft of $37 million in cryptocurrency.

Apple has told developers writing apps for its shiny stuff that they will soon have to explain why their programs use certain sensitive APIs.

Cupertino claims it’s doing so to discourage app makers from trying to track users through digital fingerprinting.

Two weeks after the initial disclosure, Zimbra has released security updates that patch a zero-day vulnerability exploited in attacks targeting Zimbra Collaboration Suite (ZCS) email servers.

Now tracked as CVE-2023-38750, the security flaw is a reflected Cross-Site Scripting (XSS) discovered by security researcher Clément Lecigne of Google Threat Analysis Group.

While consumers are usually the ones worried about their information being exposed in data breaches, it’s now the hacker’s turn, as the notorious Breached cybercrime forum’s database is up for sale and member data shared with Have I Been Pwned.

Yesterday, the Have I Been Pwned data breach notification service announced that visitors can check if their information was exposed in a data breach of the Breached cybercrime forum.

Accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel are among the latest victims that the Russian ransomware crew Clop claims to have compromised via the MOVEit vulnerability.

Halpalentoyhtiö Ryanair on haastettu oikeuteen häiritsevästä kasvojentunnistusteknologian käytöstä. Reutersin mukaan syyte on nostettu Espanjassa Euroopan digitaalisten oikeuksien keskuksen (NYOB) toimesta.

Kasvojentunnistus vaaditaan tietyiltä asiakkailta. NYOB:n mukaan vaatimukset ilmenevät silloin, kun asiakas on ostanut yhtiön lennon matkatoimistolta heidän omien nettisivujen tai sovelluksen sijasta.

NAIROBI — Cyber attackers targeted a digital platform used by Kenya’s government to deliver services, the country’s technology minister said, highlighting the vulnerabilities of the system.

The attack on the e-Citizen platform in recent days caused system outages that left users unable to access a broad range of government services, ranging from passport applications to electricity payments. Some private companies were also affected.

Hackers allegedly connected to the North Korean government are using fake U.S.
military job-recruitment documents to lure people into downloading malware staged on legitimate — but compromised — South Korean e-commerce sites.