Saturday , November 23 2024
CISA

CISA Warns Hacker Use OS Command Injection Vulnerabilities to Compromise Systems

infosecbulletin Thursday , July 11 2024 Alert

OS command injection vulnerabilities are a preventable type of weakness in software. Manufacturers can eliminate them by taking a secure design approach. Despite efforts, these vulnerabilities still appear, allowing adversaries to exploit them for harm.

CISA and FBI are releasing this Alert because of recent well-known attacks that took advantage of OS command injection flaws in network devices (CVE-2024-20399, CVE-2024-3400, CVE-2024-21887). These vulnerabilities allowed attackers to remotely execute code on the devices.

CERT-In Flags Multiple Critical Vulnerabilities in Zoom app

By infosecbulletin / Saturday , November 23 2024
CERT-In issued a security advisory for multiple vulnerabilities in the Zoom app that could let attackers access sensitive information, escalate...
Read More
CERT-In Flags Multiple Critical Vulnerabilities in Zoom app

Daily Security Digest Dated 11/23/24

By infosecbulletin / Saturday , November 23 2024
Every day a lot of cyberattack happenings around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Digest Dated 11/23/24

SafetyDetectives’ Research
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)

By infosecbulletin / Friday , November 22 2024
SafetyDetectives researchers found that Microsoft Defender was tricked by malware which allowed cryptocurrency theft from a user while analyzing a...
Read More
SafetyDetectives’ Research Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)

Over 145,000 ICS Across 175 Countries Found Exposed Online

By infosecbulletin / Friday , November 22 2024
A study by Censys found that more than 145,000 Industrial Control Systems (ICS) are exposed online in 175 countries, highlighting...
Read More
Over 145,000 ICS Across 175 Countries Found Exposed Online

World to see AI powered “human washing machines”

By infosecbulletin / Friday , November 22 2024
Osaka-based showerhead maker Science Co. is developing a new version of human washing machine based on cutting-edge technology. The company...
Read More
World to see AI powered “human washing machines”

Hacker compromised over 2000 Palo Alto Networks Firewalls

By infosecbulletin / Friday , November 22 2024
Over 2,000 Palo Alto Networks firewalls have been compromised in a widespread attack using two recently patched vulnerabilities (CVE-2024-0012 and...
Read More
Hacker compromised over 2000 Palo Alto Networks Firewalls

“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records

By infosecbulletin / Thursday , November 21 2024
Renowned cybersecurity researcher Jeremiah Fowler uncovered a non-password-protected database having over 1.1 million records linked to Conduitor Limited (Forces Penpals)....
Read More
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records

CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE

By infosecbulletin / Wednesday , November 20 2024
Trend Micro released a security update for Deep Security 20 Agent Manual Scan Command Injection RCE Vulnerability (CVE-2024-51503) that resolves...
Read More
CVE-2024-51503 Trend Micro released updates for Deep Security Agent RCE

Apple Releases Patch for two Actively Exploited Zero-Day

By infosecbulletin / Wednesday , November 20 2024
Apple released critical updates for its various products including for iOS, iPadOS, macOS, visionOS, and Safari to fix two zero-day...
Read More
Apple Releases Patch for two Actively Exploited Zero-Day

Maxar Space Data Leak, Company admit, Investigation ongoing!

By infosecbulletin / Tuesday , November 19 2024
Maxar Space Systems has verified a major data breach that exposed particular information of current and former workers. The breach...
Read More
Maxar Space Data Leak, Company admit, Investigation ongoing!

OS command injection vulnerabilities occur when manufacturers do not correctly validate and sanitize user input when creating commands to run on the operating system. Creating software that blindly trusts user input without proper validation or sanitization can enable attackers to execute harmful commands, endangering customers.

CISA and FBI want CEOs and business leaders at technology companies to ask their technical teams to analyze past issues and make a plan to prevent them in the future.

To further prevent these vulnerabilities, technical leaders should:

Ensure software uses functions that generate commands in safer ways by preserving the intended syntax of the command and its arguments
Review their threat models
Use modern component libraries
Conduct code reviews
And implement aggressive adversarial product testing to ensure the quality and security of their code throughout the development lifecycle.

To read the full report click here.

 

Check Also

Paloalto networks

Hacker compromised over 2000 Palo Alto Networks Firewalls

Over 2,000 Palo Alto Networks firewalls have been compromised in a widespread attack using two …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin