Mitel VoIP Bug Exploited in Ransomware Attacks
Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.
Remote code execution lets attackers run commands on a target system, enabling full compromise; patch exposed software and restrict privileges.
Search across headline titles and summaries.
Background for this topic.
Remote code execution (RCE) is the ability of an attacker to make a system run attacker-chosen code from a remote position, usually by exploiting a flaw in a network-facing application, service, protocol, or the processing of untrusted content. Unlike simple unauthorized access, successful RCE can run with the privileges of the affected process, enabling actions such as accessing data, changing configuration, disrupting a service, establishing persistence, or moving to other systems. Exploitability depends on factors including network reachability, authentication requirements, configuration, and whether execution is constrained.
Defenders should prioritize exposed RCE vulnerabilities in vulnerability management: inventory reachable assets, apply fixes or vendor mitigations, and restrict access or disable vulnerable functionality where patching is not immediately possible. Least privilege and service isolation limit the damage if exploitation succeeds. Secure input handling, safe deserialization, and avoiding unnecessary shell invocation reduce common attack paths. Monitoring for unusual process creation and outbound connections can support detection; suspected exploitation warrants prompt investigation, preservation of relevant logs, credential rotation where appropriate, and checks for persistence.
Weekly headline count for the current query.
Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.
Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.
Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.
The vulnerability is 'critical' with a CVSS severity rating of 9.8 out of 10.
The so-called 'Spring4Shell' bug has cropped up, so to speak, and could be lurking in literally millions of Java applications.
The security vendor's appliance suffers from an authentication-bypass issue.
Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February.
Both vulnerabilities are use-after-free issues in Mozilla's popular web browser.
The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that's found in a massive number of VoIP implementations.
The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that's found in a massive number of VoIP implementations.
Adobe updated its recent out-of-band security advisory to add another critical bug, while researchers put out a PoC for the one it emergency-fixed last weekend.
On the plus side, only instances with non-standard not recommended configurations are vulnerable. On the downside, those configurations aren't easy to track down, and it's easy as pie to exploit.
The vendor issued an emergency fix on Sunday, and eCommerce websites should update ASAP to avoid Magecart card-skimming attacks and other problems.
A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview.
The plug-in’s default settings spawned flaws that could allow for full site takeover but have since been fixed in an update that users should immediately install, Wordfence researchers said.
The company's RV line of small-business routers contains 15 different security vulnerabilities that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating.
The issue in the file-sharing and interop platform also affects Red Hat, SUSE Linux and Ubuntu packages.