Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

March 9, 2023

Thursday

FBI is looking into a data breach that affected U.S. House personnel and members.

As a result of their accounts and sensitive personal data being stolen from DC Health Link’s servers, members and employees of the U.S. House of Representatives is the subject of an FBI investigation into a data breach.


Members of the U.S. House, their staff, and their families health insurance coverage are managed by DC Health Link.


As initially reported by DailyCaller, affected individuals received notification of the breach today through email from Catherine L. Szpindor, the U.S. House Chief Administrative Officer.


Yesterday, DC Health Link experienced a major data breach that might have exposed thousands of enrollees’ personally identifiable information (PII). Your information may have been compromised if you are a Member or employee who qualifies for health insurance through D.C. Health Link, according to Szpindor.


Although the FBI has notified me that hundreds of Mernber and House staff members had their account information stolen, I am still unsure of the size and depth of the incident.


It’s crucial to remember that it doesn’t seem like the attack was specifically directed at the House of Representatives or its members at this time.

NEWS 1
FBI is looking into a data breach that affected U.S. House personnel and members.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

A new critical RCE vulnerability alert is released by Fortinet.

With specially crafted queries, an unauthenticated attacker might use a “Critical” vulnerability that affects FortiOS and FortiProxy to execute arbitrary code or cause a denial of service (DoS) on the GUI of susceptible devices.

This buffer underflow vulnerability has the tracking number CVE-2023-25610 and a critical CVSS v3 score of 9.3. When software attempts to read more data from a memory buffer than is available, it accesses nearby memory locations instead, which might result in dangerous behavior or crashes.

According to the security alert released by Fortinet yesterday, the following products are affected even though the company is not currently aware of any instances of active exploitation in the wild:
Versions 7.2.0 through 7.2.3 of FortiOS
Versions 7.0.0 through 7.0.9 of FortiOS
Versions 6.4.0 through 6.4.11 of FortiOS
Versions 6.2.0 through 6.2.12 of FortiOS
6.0, all versions of FortiOS
Versions 7.2.0 through 7.2.2 of FortiProxy
Versions 7.0.0 through 7.0.8 of FortiProxy
Versions 2.0.0 through 2.0.11 of FortiProxy
All versions of FortiProxy 1.2
All versions of FortiProxy 1.1

Fortinet asserts that fifty of the device models named in the security warning are not impacted by the arbitrary code execution component of the fault but just the denial of service component, even if they utilize a vulnerable FortiOS version.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

March 9, 2023 /

Thursday

Hackerzhome News

2

Have you heard?
FortiWeb, FortiOS, FortiNAC, And FortiProxy Are Affected By 40 Flaws For Which Fortinet Has Released Patches Know more!

Passwords can be stolen by hackers utilizing the Bitwarden bug and iframes.

Passwords can be stolen by hackers utilizing the Bitwarden bug and iframes.

Risky behavior in Bitwarden’s credentials autofill feature could let malicious iframes placed on reliable websites capture users’ login information and transmit it to an attacker.

Analysts at Flashpoint claimed Bitwarden initially became aware of the vulnerability in 2018 but decided to permit it in order to accommodate trustworthy websites that employ iframes.

Although Bitwarden’s auto-fill feature is deactivated by default and there aren’t many opportunities to exploit it, according to Flashpoint, there are still websites that fit the bill where motivated threat actors could try to take advantage of these loopholes.

With the help of a web browser plugin, the well-known open-source password management service Bitwarden allows users to save passwords and account usernames in an encrypted vault.

The extension checks to see if a saved login exists for a domain when a user visits that site and offers to fill in the information. When the user loads the page with the auto-fill option enabled, it automatically fills them without their intervention.

Researchers from Flashpoint who were examining Bitwarden found that it also automatically fills forms defined in embedded iframes, including those from external domains.

NEWS 3

Attacks Using the New ScrubCrypt Crypter to Target Oracle WebLogic

Attacks Using the New ScrubCrypt Crypter to Target Oracle WebLogic
NEWS 4

New crypto dubbed ScrubCrypt has been seen being used by the notorious bitcoin miner organization known as 8220 Gang to conduct cryptojacking activities.

Fortinet FortiGuard Labs claims that the attack chain starts when vulnerable Oracle WebLogic servers are successfully exploited to download a PowerShell script that contains ScrubCrypt.

Software known as crypters can alter, conceal, and encrypt malware to avoid detection by security software.

ScrubCrypt has tools to get around Windows Defender security as well as check for the presence of debugging and virtual machine environments. Its author advertises it for sale.

The miner operation is started when the crypter decodes and loads the miner payload into memory in the final stage.

The threat actor has a history of using publicly known vulnerabilities to compromise targets, and the most recent discoveries are no exception.

Also, the development comes after Sydig described attacks carried out by the 8220 Gang between November 2022 and January 2023 to breach weak Oracle WebLogic and Apache web servers to remove the XMRig miner.

Jenkins Security Alert: Potentially Dangerous New Security Flaws

Jenkins, an open-source automation server, has been found to have two serious security flaws that could allow remote code execution on specific platforms.

Cloud security company Aqua has dubbed the holes, identified as CVE-2023-27898 and CVE-2023-27905, CorePlague.

They affect the Update Center and Jenkins server, respectively. Jenkins versions prior to 2.319.2 are all weak points that can be exploited.

The flaws are caused by the way Jenkins handles plugins downloaded from the Update Center, which might allow a threat actor to upload a plugin with a malicious payload and start an XSS attack.

The vulnerability can be used without installing the plugin or even going to the plugin’s URL because it also involves stored XSS, where the JavaScript code is injected into the server.

Uncomfortably, as the open Jenkins Update Center might be “injected by attackers,” the defects could also affect privately hosted Jenkins servers and be abused even in situations when the server is not publicly accessible through the internet.

Nevertheless, the attack depends on the rogue plugin being able to communicate with the Jenkins server and being revealed above the main feed on the “Available Plugin Manager” page.

Jenkins Security Alert Potentially Dangerous New Security Flaws
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: