Threat actors could exploit an already addressed critical security flaw in the widely used Node library vm2 sandbox module to facilitate remote command execution, according to The Hacker News.
Discovered by application security company Oxeye, the vulnerability, dubbed as 'Sandbreak' and tracked as CVE-2022-36067, stems from a Node.js error mechanism in escaping the sandbox. Such a security bug could allow the evasion of the vm2 sandbox environment to enabale shell command execution in systems hosting the sandbox, said researchers. Users of vm2 have been urged to immediately apply the software update addressing the flaw, which was issued on August 28. "Sandboxes serve different purposes in modern applications, such as examining attached files in email servers, providing an additional security layer in web browsers, or isolating actively running applications in certain operating systems. Given the nature of the use cases for sandboxes, it's clear that the vm2 vulnerability can have dire consequences for applications that use vm2 without patching," said Oxeye.
Gigabyte has released BIOS updates aimed at removing a firmware backdoor discovered by Eclypsium in over 270 of its motherboard models, which could have been exploited to facilitate the deployment of a Windows binary that would then prompt payload retrieval and execution, SecurityWeek reports.
Attacks exploiting a zero-day in the MOVEit Transfer file transfer app to compromise various servers and facilitate data exfiltration efforts have been admitted by the Clop ransomware operation, also known as Lace Tempest, TA505, and FIN11, after the intrusions have been attributed to the group by Microsoft, reports BleepingComputer.