A critical vulnerability, tracked as CVE-2023-49606, has been discovered in Tinyproxy, an HTTP/HTTPS proxy tool. This vulnerability allows unauthenticated attackers to execute arbitrary code remotely by sending a specially crafted HTTP connection header.
According to a report by cybersecurity researchers, over 50% of the 90,310 Tinyproxy services exposed on the internet are vulnerable to this attack. The vulnerability is caused by a use-after-free bug in versions 1.10.0 and 1.11.1 of Tinyproxy.
The majority of the publicly accessible vulnerable hosts are located in the United States (32,846), China (7,808), South Korea (18,358), Germany (3,680), and France (5,208).
This vulnerability poses a significant security risk to organizations using Tinyproxy. It is recommended that organizations update to the latest version of Tinyproxy (1.11.2) as soon as possible to mitigate this risk.
Cuckoo Spyware Targets Intel and Arm Macs
A recent discovery by cybersecurity researchers has revealed a new threat to Apple macOS systems. A threat actor is now targeting these systems with new information stealers that exhibit high persistence.
The distribution vector for this malware is still unclear, but evidence suggests that several websites, including dumpmedia.com, tunesolo.com, fondog.com, tunesfun.com, and tunefab.com, may be involved in hosting the malicious binary. These websites pose as service providers, offering applications (both free and paid) that can rip music from streaming services and convert it into MP3 format.
The malware, identified as Cuckoo by Kandji, is a universal Mach-O binary capable of infecting both Intel and Arm-based Macs. Upon downloading the disk image from these websites, a bash shell is spawned to gather host information. Notably, the malware is programmed to exclude Armenia, Belarus, Kazakhstan, Russia, and Ukraine from its targeted locations.
A recent cyber espionage campaign known as ArcaneDoor has been meticulously analyzed by Censys, leading to the conclusion that it likely originates from a state-sponsored threat actor in China, designated as UAT4356. Further investigation into the campaign revealed the exploitation of two vulnerabilities, CVE-2024-20353 and CVE-2024-20359, in Cisco Adaptive Security Appliances to establish persistent Line Runner access. Notably, the campaign primarily targets perimeter network devices from vendors such as Cisco and Microsoft Exchange servers, with a particular focus on Microsoft Exchange servers.
Vulnerabilities Discovered in Xiaomi Android Devices
A recent report has revealed the presence of 20 vulnerabilities affecting various Xiaomi applications and components. These include Gallery, GetApps, Mi Video, MIUI Bluetooth, Phone Services, Print Spooler, Security, Security Core Component, Settings, ShareMe, System Tracing, and Xiaomi Cloud. The report indicates that these vulnerabilities could allow unauthorized access to system-level activities, receivers, and services, as well as the theft of arbitrary files and disclosure of sensitive information such as phone settings and Xiaomi account data. Notably, one of the flaws involves a shell command injection bug that could facilitate the theft of arbitrary files and leak device information.
