CyberSecurity news

FlagThis - #securityupdate

info@thehackernews.com (The@The Hacker News //
ConnectWise is initiating a rotation of its ScreenConnect code signing certificates following security concerns identified by a third-party researcher. The issue revolves around how ScreenConnect handled specific configuration data in earlier versions, where configuration data was stored in an unsigned area of the installer. While this area is intended for customization, its coupling with remote control capabilities created a potentially insecure design pattern according to current security standards. The company emphasizes that this action is unrelated to the recent nation-state attacks affecting some of its customers.

ConnectWise is implementing an update to enhance the management of configuration data within ScreenConnect. The company said it's doing so "due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions." The rotation of digital certificates is set to take place by June 13 at 8 p.m. ET. ConnectWise is already updating certificates and agents across its cloud instances of Automate and RMM.

Users of on-premise versions of ScreenConnect or Automate are required to update to the latest build and validate all agents before the June 13th deadline to avoid potential service disruptions. ConnectWise acknowledges the challenges this may pose and has committed to supporting users through the transition. Connectwise customers who use the company’s ScreenConnect, Automate, and ConnectWise RMM solutions are urged to update all agents and/or validate that the update has been deployed by Friday, June 13 at 8:00 p.m. ET, or risk disruptions.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
Classification:
  • HashTags: #Cybersecurity #CodeSigning #SecurityUpdate
  • Company: ConnectWise
  • Target: ConnectWise Users
  • Product: ScreenConnect
  • Feature: code signing certificates
  • Type: ProductUpdate
  • Severity: Medium
@source.android.com //
Google has released its May 2025 Android security bulletin, addressing a total of 46 vulnerabilities. The update includes a fix for CVE-2025-27363, a critical Remote Code Execution (RCE) flaw that is already being actively exploited in the wild. The RCE flaw exists within the Android System component, enabling local code execution without requiring user interaction or elevated privileges.

This vulnerability stems from FreeType, an open-source font rendering library widely embedded in Android. Google's advisory underscores the severity of this actively exploited bug, prompting the U.S. CISA to add it to its Known Exploited Vulnerabilities Catalog. U.S. federal agencies are now under directive to apply the patch by May 27, 2025.

The May 2025 Android security bulletin resolves several other high-impact issues across Android versions 13 through 15. These include multiple Elevation of Privilege (EoP) flaws affecting both the framework and system components. Among them are CVE-2025-0087 and CVE-2025-26426. Users are encouraged to check for updates to ensure their devices are protected from these vulnerabilities. The update is available for Android 13, 14, and 15, with Android vendors notified of the issues at least a month before publication.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • CyberScoop: Google addresses 1 actively exploited vulnerability in May’s Android security update
  • Malwarebytes: Malwarebytes discusses Android fixes 47 vulnerabilities, including one zero-day.
  • securityaffairs.com: SecurityAffairs Google fixed actively exploited Android flaw CVE-2025-27363
  • The Hacker News: The hackernews update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
  • socradar.io: SocRadar: Android’s May 2025 Update Tackles CVE-2025-27363 & More
  • www.bleepingcomputer.com: bleepingcomputer: Google fixes actively exploited FreeType flaw on Android
  • thecyberexpress.com: Google Rolls Out May 2025 Android Security Bulletin, Fixes 46 Vulnerabilities Including CVE-2025-27363
Classification:
@Talkback Resources //
A critical spoofing vulnerability, identified as CVE-2025-30401, has been discovered in WhatsApp for Windows. Meta, the parent company of WhatsApp, has released a security update to address this flaw, which impacts versions prior to 2.2450.6. The vulnerability could allow attackers to trick users and enable remote code execution on their devices. Users of WhatsApp for Windows are strongly advised to update to the latest version immediately to mitigate the risk. This issue arises from a discrepancy in how WhatsApp handles file attachments, specifically the mismatch between the MIME type and file extension handling.

The exploit mechanism involves attackers sending maliciously crafted files with altered file types to potential targets. The WhatsApp application displays attachments based on their MIME type but selects the file opening handler based on the attachment's filename extension. This allows an attacker to craft a malicious file that appears harmless, such as an image, but when opened, executes arbitrary code. The spoofing technique takes advantage of the discrepancy between MIME type and file extension handling, allowing attackers to execute arbitrary code on the victim’s system.

The discovery of CVE-2025-30401 has raised concerns within the cybersecurity community, highlighting the importance of maintaining robust security practices in widely-used applications. While Meta has not reported any exploitation of this vulnerability in the wild, vulnerabilities in messaging applications like WhatsApp are frequently targeted by malicious actors. The impact of a successful exploit could include unauthorized system access and data theft, posing significant risks to users. To ensure protection, users should promptly update their WhatsApp for Windows application to version 2.2450.6 or later.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • securityaffairs.com: WhatsApp fixed a spoofing flaw that could enable Remote Code Execution
  • Talkback Resources: WhatsApp Vulnerability Could Facilitate Remote Code Execution [app] [exp]
  • The DefendOps Diaries: Understanding the WhatsApp for Windows Vulnerability: CVE-2025-30401
  • BleepingComputer: Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices.
  • hackread.com: WhatsApp for Windows Flaw Could Let Hackers Sneak In Malicious Files
  • infosec.exchange: vulnerability CVE-2025-30401 impacting all WhatsApp versions can let attackers execute malicious code on your devices. The flaw can be exploited by attackers by sending maliciously crafted files with altered file types to potential targets:
  • PCMag UK security: WhatsApp Patches Bug That Can Execute Malware on Windows PCs
  • darkwebinformer.com: DarkWebInformer Article on CVE-2025-30401: WhatsApp for Windows Spoofing Prior to Version 2.2450.6
  • cyberinsider.com: WhatsApp for Windows Vulnerable to Spoofing Flaw Leading to Code Execution
  • securityonline.info: SecurityOnline news detail for WhatsApp for Windows Spoofing Vulnerability: Execute Code Risk (CVE-2025-30401)
  • The Register - Security: What a MIME field A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment - and, to be fair, it doesn't take much craft to pull that off.
  • bsky.app: Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices.
  • ComputerWeekly.com: Spoofing vuln threatens security of WhatsApp Windows users
  • www.csoonline.com: CSOOnline article on Whatsapp plugs bug allowing RCE with spoofed filenames
  • Help Net Security: WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401)
  • Malwarebytes: WhatsApp for Windows vulnerable to attacks. Update now!
  • www.bleepingcomputer.com: WhatsApp flaw can let attackers run malicious code on Windows PCs
  • www.scworld.com: Malicious code execution possible with patched WhatsApp flaw
Classification: