Sitecore Zero-Day Sparks New Round of ViewState Threats
The vulnerability marks the latest example of threat actors weaponizing exposed ASP.NET machine keys for remote injection and deserialization attacks.
.NET is Microsoft's software development platform, and flaws in its runtimes or libraries can expose applications and services to attack.
Search across headline titles and summaries.
Background for this topic.
.NET is Microsoft’s software-development platform: a runtime, standard libraries, language support, and application frameworks used to build web services, APIs, desktop software, and other applications. The name covers modern, cross-platform .NET as well as the older Windows-focused .NET Framework, which have different release and support paths and should be distinguished during vulnerability management.
Security exposure can arise in the runtime, ASP.NET request-handling components, application configuration, and third-party NuGet packages. Vulnerabilities may enable code execution, denial of service, or unauthorized access when affected components are reachable or incorrectly used; insecure deserialization and weak authentication or authorization are recurring application-level concerns. Operators should inventory the exact runtime and framework versions, apply supported security updates, monitor transitive dependencies, and remove obsolete components. Developers should use platform-provided cryptography and TLS appropriately, validate untrusted input, protect secrets outside source code, and configure authentication and authorization explicitly.
Weekly headline count for the current query.
The vulnerability marks the latest example of threat actors weaponizing exposed ASP.NET machine keys for remote injection and deserialization attacks.
Three cybersecurity firms worked with Interpol and authorities in Nigeria, South Africa, Rwanda, and four other African nations to arrest more than 300 cybercriminals.
Developers are pulling in publicly available ASP.NET keys into their environments, without realizing that cyberattackers can use them for clandestine code injection.
The long-active, India-sponsored cyber-threat group targeted multiple entities across Asia, Africa, the Middle East, and even Europe in a recent attack wave that demonstrated the use of a previously unknown post-exploit tool called StealerBot.
AI could be a net positive for security, with a caveat: It could make security teams dangerously complacent.
Pledge stems from Black Hat’s commitment to become a net zero carbon business by 2030.
Code property graphs and a threat feed powered by artificial narrow intelligence help developers incorporate AppSec into DevOps.
The software giant also recorded an increase in attacks on IT services companies as state-backed threat actors have adapted to better enterprise defenses and cast a wider net, Microsoft says.