Apparently N-able N-central has critical flaws that are being exploited in the wild. https://www.bleepingcomputer.com/news/security/cisa-warns-of-n-able-n-central-flaws-exploited-in-zero-day-attacks/

I am not surprised at all. Their software security leaves a lot to desire. Recently they downplayed actually critical flaw #CVE_2024_5445 (RCE as SYSTEM via MiTM as "low") as seen here:

https://sintonen.fi/advisories/n-able-ecosystem-agent-improper-certificate-validation.txt

"The vulnerability reported does not constitute an RCE, the Ecosystem agent is designed to run installation packages in a privileged context and the agent is doing what it should do when it receives such packages to install over the APIs."'

#cybersecurity #infosec

"HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

MadeYouReset exploits a mismatch caused by stream resets between HTTP/2 specifications and the internal architectures of many real-world web servers. This results in resource exhaustion, and a threat actor can leverage this vulnerability to perform a distributed denial of service attack (DDoS)."

https://kb.cert.org/vuls/id/767506

#CVE_2025_8671 #infosec #cybersecurity

A reminder that upgrading your server might shut down parts of the security related components and leave services unintentionally exposed.

Upgrading should not be done without proper filtering of unwanted incoming traffic (via for example a firewall in front of the server).

Here we can see some database passwords and cryptographic secrets exposed during #debian13 upgrade due to PHP being down while the httpd was not.

#infosec #cybersecurity

Couple of vulnerabilities I found from #Eaton Rack PDU G4:

ETN-VA-2025-1002: Multiple vulnerabilities detected in Eaton G4 PDU

#CVE_2025_48393
CVSS v3.1 Base Score – 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack.

#CVE_2025_48394
CVSS v3.1 Base Score – 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

An attacker with authenticated and privileged access could modify the contents of a nonsensitive file by traversing the path in the limited shell of the CLI.

These vulnerabilities are fixed in firmware version 3.5.0 and later. It is recommended to upgrade the device firmware as soon as possible.

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1002.pdf

#infosec #cybersecurity

Sudo versions 1.9.14 to 1.9.17 (inclusive) have two critical vulnerabilities:

• local privilege escalation via chroot option (CVE-2025-32463) https://www.openwall.com/lists/oss-security/2025/06/30/3
• local privilege escalation via host option (CVE-2025-32462) https://www.openwall.com/lists/oss-security/2025/06/30/2

#cve_2025_32463 #cve_2025_32462 #infosec #cybersecurity

Insecure defaults can lead to surprises. When creating FIFO sockets with systemd, be sure to note that SocketMode defaults to 0666 - that is world readable and writable. That is: any local user can communicate with the FIFO. If your FIFO is used to perform privileged operations you must ensure that either the FIFO file itself is located in secured location or set SocketMode to stricter value.

I spotted one such insecure use in cloud-init: the hotplug FIFO was world writable. This is CVE-2024-11584 and fixed in cloud-init 25.1.3.

The commit fixing this is in https://github.com/canonical/cloud-init/pull/6265

#CVE_2024_11584 #ubuntu #systemd #infosec #cybersecurity

The timeline in the "SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem" advisory is mind blowing:

https://seclists.org/fulldisclosure/2025/Jun/17

#CVE_2025_26412 #infosec #cybersecurity #vulnerability

If you're creating an application that displays URLs to users (chat app for example), please make sure to apply spoof checks to avoid use of UTF-8 confusables in IDN homograph attacks. You may want to block URLs with hostnames that get flagged, or display them in #punycode instead.

As an example, see https://github.com/chromium/chromium/tree/main/components/url_formatter/spoof_checks

In particular https://github.com/chromium/chromium/blob/8e070073d47861b8bfc7548dce8fcfc708a356fb/components/url_formatter/spoof_checks/idn_spoof_checker.cc#L177 is quite interesting read.

#cybersecurity #infosec

If there were a single thing I'd want to convey to potential future #cybersecurity professionals: Hacking is fun, but reporting is the most important part.

You can be the best hacker in the world, but all that is in vain if you can't convey what you did and how to prevent it.

You should spend time getting better at reporting, along with the technical skills.

#thoughtoftheday

Today Finland is voting in county and municipal #elections. Unsurprisingly the idiot Russian "hacking crew" is DDoSing websites of the political parties.

Newsflash: The voting is pen & paper. No websites are involved in the voting process. You gain absolutely nothing by DDoSing the party websites.

#infosec #cybersecurity

In case you haven't noticed #nis2directive is in effect in Finland now:

"Finnish Parliament has passed the government proposal for a national #Cybersecurity Act to implement the EU Cybersecurity Directive (NIS 2 Directive). As regards public administration, the relevant requirements included in the Directive are laid down in the Act on Information Management in Public Administration."

Interestingly this also increases the duties and responsibilities of The Finnish Transport and Communications Agency Traficom:

"The Cybersecurity Act also entails new supervisory duties for Traficom compared to the old NIS Directive. In future, Traficom will be the competent authority supervising cybersecurity issues also in the following sectors: postal and courier services, space, public administration, managed service providers, managed security service providers, research, and the manufacture of vehicles and other transport equipment."

ref: https://traficom.fi/en/news/cybersecurity-act-passed-parliament-obligations-under-nis-2-directive-enter-force-8-april-2025

The fallout from the malicious tj-actions/changed-files is still being investigated. It is fortuitous that this malicious commit was identified fairly quickly, as further compromise of major OSS components and projects could lead to a kind of chain reaction.

• https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
• https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/

#infosec #cybersecurity