CyberSecurity news
FlagThis - #deserialization
|
@www.bleepingcomputer.com - 21d
Attackers are actively exploiting a deserialization vulnerability, identified as CVE-2025-0994, in Trimble’s Cityworks Server AMS. This flaw allows for remote code execution on Microsoft IIS web servers. The exploitation involves hackers deploying Cobalt Strike beacons for initial network access after gaining the ability to remotely execute commands. Cityworks is primarily used by local governments, utilities, and public works organizations for asset and work order management.
CISA has added the Cityworks vulnerability to its Known Exploited Vulnerabilities catalog, urging organizations to apply necessary updates and search for indicators of compromise. Furthermore, Microsoft has warned of code injection attacks using publicly disclosed ASP.NET machine keys, which can lead to the delivery of the Godzilla post-exploitation framework. It is advised to not copy keys from publicly available resources, as this poses a higher risk than stolen keys because they are available in multiple code repositories.
Share:
References :
Classification:
@gbhackers.com - 33d
A critical vulnerability has been discovered in Meta's Llama framework, a popular open-source tool for developing generative AI applications. This flaw, identified as CVE-2024-50050, allows remote attackers to execute arbitrary code on servers running the Llama-stack framework. The vulnerability arises from the unsafe deserialization of Python objects via the 'pickle' module, which is used in the framework's default Python inference server method 'recv_pyobj'. This method handles serialized data received over network sockets, and due to the inherent insecurity of 'pickle' with untrusted sources, malicious data can be crafted to trigger arbitrary code execution during deserialization. This risk is compounded by the framework's rapidly growing popularity, with thousands of stars on GitHub.
The exploitation of this vulnerability could lead to various severe consequences, including resource theft, data breaches, and manipulation of the hosted AI models. Attackers can potentially gain full control over the server by sending malicious code through the network. The pyzmq library, which Llama uses for messaging, is a root cause as its 'recv_pyobj' method is known to be vulnerable when used with untrusted data. While some sources have given the flaw a CVSS score of 9.3, others have given it scores as low as 6.3 out of 10.
Share:
References :
Classification:
Pierluigi Paganini@Security Affairs - 4d
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities affect Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM), posing significant risks to organizations. The advisory issued by CISA strongly urges immediate remediation to mitigate the threat of potential exploitation.
These vulnerabilities include CVE-2017-3066 in Adobe ColdFusion and CVE-2024-20953 in Oracle Agile PLM. The agency has set a deadline of March 17, 2025, for federal agencies to secure their networks against these flaws. Active exploitation attempts have been reported, highlighting the urgency of applying necessary updates.
Share:
References :
Classification:
|