SAP patched a critical vulnerability affecting over 40,000 customers and found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50, a core component of several solutions and products deployed in most SAP environments.
The RECON (short for Remotely Exploitable Code On NetWeaver) vulnerability is rated with a maximum CVSS score of 10 out of 10 and can be exploited remotely by unauthenticated attackers to fully compromise unpatched SAP systems according to Onapsis, the company that found and responsibly disclosed RECON to the SAP Security Response Team.
RECON is introduced due to the lack of authentication in
Malware developers are now checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analyzed by researchers.
Any.Run is a malware analysis sandbox service that lets researchers and users safely analyze malware without risk to their computers.
When an executable is submitted to Any.Run, the sandbox service will create a Windows virtual machine with an interactive remote desktop, and execute the submitted file within in it.
Researchers can utilize the interactive Windows desktop to see what behavior the malware is exhibiting, while Any.Run records its network activity, file activity, and
The Zoom web conference Client contained a zero-day vulnerability that could have allowed attackers to execute commands on vulnerable systems remotely.
The exploitation of the vulnerability required at least some form of action on the victim’s end, such as downloading and opening a malicious attachment, however, no security notifications would be triggered during exploitation.
A researcher, who prefers to remain anonymous, reached out to the 0patch team disclosing the vulnerability rather than reporting it directly to Zoom.
Researchers at 0patch then issued a “micropatch” free of charge until Zoom could release their own.
“According to our guidelines, we’re providing