Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Exploits

Plex media server seen exploited in the wild utilizing a 3 year old RCE

Kyle by Kyle
March 11, 2023
in Exploits
0
Plex RCE responsible-for lastpass breach
92
SHARES
1.3k
VIEWS
Share on FacebookShare on Twitter

CISA, the cybersecurity and infrastructure agency, has included a severe remote code execution (RCE) vulnerability in the Plex Media Server, which is nearly three years old, in its list of security vulnerabilities used in targeted attacks. The flaw, identified as CVE-2020-5741, enables cybercriminals with administrator rights to execute arbitrary Python code remotely, using low-complexity attacks that do not require any user interaction.

You might also like

New TPM 2.0 exploit attackers to access or overwrite sensitive data

Google reports a rise in ransomware attacks

Cross-Site Scripting (XSS) attack method steals your browser’s auto-fill credentials

An attacker with “admin access to a Plex Media Server could abuse the Camera Upload feature to make the server execute malicious code,” the Plex Security team stated in an advisory published in May 2020 when the exploit was patched with Plex Media Server 1.19.3.

“This could be done by setting the server data directory to overlap with the content location for a library on which Camera Upload was enabled. This issue could not be exploited without first gaining access to the server’s Plex account.”

CISA has not provided any details regarding the attacks that involved CVE-2020-5741, but it is believed that this may be linked to a recent disclosure by LastPass. This disclosure revealed that a senior DevOps engineer’s computer was hacked last year to install a keylogger by exploiting a third-party media software RCE vulnerability.

The attackers managed to access the engineer’s credentials and LastPass corporate vault, resulting in a significant data breach in August 2022. The threat actors were able to exfiltrate LastPass production backups and critical database backups, which caused widespread damage.

LastPass was hacked due to this Plex RCE exploit

Although LastPass did not specify which software flaw was used to gain access to the engineer’s computer, Ars Technica reported that the vulnerable software package was Plex. Interestingly, in August, Plex informed its customers about a data breach and asked them to reset their passwords, after LastPass announced its own data breach.

In addition to the Plex vulnerability, on Friday, CISA added another vulnerability, tracked as CVE-2021-39144, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability is considered to be of critical severity and has been exploited since early December in VMware’s Cloud Foundation.

In November 2021, a binding operational directive (BOD 22-01) was issued, which requires all federal agencies in the US to secure their systems against attacks until March 31st, in order to prevent potential network attacks that exploit these two vulnerabilities.

Although BOD 22-01 only applies to federal agencies, CISA strongly recommends that all organizations patch these vulnerabilities to protect themselves against ongoing attacks.

Tags: LastpassPlexRCE
Share47Tweet19
Kyle

Kyle

Co-owner, writer, and editor at ZeroSecurity. Security, Blockchain, and SEO enthusiast. "Formal education will make you a living; self-education will make you a fortune."

Recommended For You

New TPM 2.0 exploit attackers to access or overwrite sensitive data

by Paul Anderson
March 5, 2023
0
New TPM 2.0 Exploit

Two buffer overflow vulnerabilities have been discovered in the Trusted Platform Module (TPM) 2.0 specification, which could give cybercriminals unauthorized access to or the ability to overwrite sensitive...

Read more

Google reports a rise in ransomware attacks

by Paul Anderson
July 15, 2022
0
Google reports a rise in ransomware attacks

In the 3rd issue of the recently released, Threat Horizons, Google's Cybersecurity Action Team (GCAT) provides organizations with information about emerging risks and actionable mitigation. Bad actors have...

Read more

Cross-Site Scripting (XSS) attack method steals your browser’s auto-fill credentials

by Christi Rogalski
July 11, 2022 - Updated on February 23, 2023
0
Cross-Site Scripting (XSS) attack method steals your browser’s auto-fill credentials

Cross-site scripting, also known as XSS, attacks rank high on lists of common cybersecurity risks. It is the injection of malicious code into the web application to exploit...

Read more

Citrix exploit CWE-284 allows hackers to reset admin password

by Christi Rogalski
July 8, 2022
0
Citrix CWE-284 CVE-2022-27511 exploit

A critical bug has been identified in the Citrix Application Delivery Management console (ADM) that, if exploited, could lead to a serious security breach including allowing the attackers...

Read more

Follina Exploit Being Deployed by Chinese APT Group TA413

by Kyle
June 3, 2022
0
Chinese APT TA413

A Chinese state-sponsored hacking group, given the call sign "TA413", has been identified using the new Microsoft Office zero-day exploit, Follina, to launch attacks. Microsoft has tagged this...

Read more
Next Post
Update-resistant malware infects SonicWall security appliances

Update-resistant malware infects SonicWall security appliances

Related News

BreachForums Owner Arrested and Charged

BreachForums Owner Arrested and Charged

March 17, 2023
ChipMixer platform tied to crypto laundering scheme – seized by authorities

ChipMixer platform tied to crypto laundering scheme – seized by authorities

March 17, 2023
NSA intercepting U.S. Routers

NSA intercepting U.S. Routers

June 6, 2014 - Updated on March 17, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.