SonarSource researchers discovered that IT infrastructure monitoring software Checkmk had four security vulnerabilities, which could be leveraged to achieve total server takeovers, according to The Hacker News.
Such security flaws include a code injection bug within watolib's aut.php and an arbitrary file read flaw in NagVis, both of which are critical in severity, and the medium-severity command injection flaw in Checkmk's Livestatus wrapper and Python API and server-side request forgery flaw within the host registration API.
"These vulnerabilities can be chained together by an unauthenticated, remote attacker to gain code execution on the server running Checkmk version 2.1.0p10 and lower," said SonarSource researcher Stefan Schiller.
Threat actors could leverage the chained flaws to obtain Checkmk GUI access.
"This access can further be turned into remote code execution by exploiting a Code Injection vulnerability in a Checkmk GUI subcomponent called watolib, which generates a file named auth.php required for the NagVis integration," added Schiller.
Patches for the vulnerabilities have been issued as part of an update in September.
SiliconAngle reports that mounting security alert fatigue has prompted Torq to introduce its new HyperSOC system based on its Hyperautomation Platform using artificial intelligence to enable security operation center response automation, management, and monitoring in a bid to bolster the investigation and remediation of cybersecurity threats.
Moldovan botnet operator Alexander Lefterov, also known as Alipatime, Alipako, and Uptime, has been indicted by the U.S. Department of Justice for his involvement in widespread attacks against U.S.-based computers, BleepingComputer reports.
CyberScoop reports that over 100 Ukrainian local government and police documents uploaded to VirusTotal in February were discovered to have been infected with the OfflRouter malware, which dates back to 2015 and could only spread through already compromised files and removable media devices.