Threat actors could leverage three security vulnerabilities in the LiteSpeed Web Server to facilitate arbitrary code execution with elevated privileges and achieve complete server takeovers, SecurityWeek reports.
Palo Alto Networks researchers discovered that the first flaw, tracked as CVE-2022-0073, pertains to a field enabling the use of a specific command to be executed upon server start up.
"This functionality is considered dangerous and therefore mitigations for abusing it were implemented. We managed to bypass the mitigations and abuse this functionality to download and execute a malicious file on the server with the privileges of the user nobody, which is an unprivileged user that traditionally exists in Linux machines," said researchers.
Another high-severity bug, tracked as CVE-2022-0074, could be exploited after abuse of the initial flaw to permit privilege escalation.
Meanwhile, attackers could leverage the path traversal bug, tracked as CVE-2022-0072, for security measure evasion and file access. LiteSpeed has already addressed the vulnerabilities.
Android devices on the latest version of the operating system were discovered to be impacted by a vulnerability that exposes DNS queries upon switching VPN servers despite the activation of the "Always-on VPN" functionality while blocking connections that do not have VPN, according to BleepingComputer.
BleepingComputer reports that online banking accounts across Finland were noted by the country's Transport and Communications Agency, or Traficom, to have been targeted by ongoing Android malware attacks.
BleepingComputer reports that numerous Android apps with over four billion downloads are susceptible to the novel Dirty Stream attack, which involves the exploitation of a flaw in Android's content provider system that could enable arbitrary code execution and secrets compromise.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news