2025-06-26
24°C
Advertisement
Social Good

【My Mothers Friend 5】

2025-06-26 05:38:23 8192 views admin
Home / Social Good / 【My Mothers Friend 5】

The My Mothers Friend 5U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just added new exploits to its actively exploited list, as first noticed by BleepingComputer.

CISA's actions basically serve as a warning to U.S. federal agencies about vulnerabilities currently being exploited in the wild. 

One exploit being tracked, CVE-2023-20118, allows hackers to remotely "execute arbitrary commands" on certain VPN routers. These routers include Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325.

You May Also Like

"An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface," CISA wrote. "A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data."

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

In order to take advantage of this exploit, an attacker would need admin credentials. However, as BleepingComputer points out, hackers could take advantage of another vulnerability, CVE-2023-20025, in order to bypass authentication. 

Another vulnerability added by CISA is CVE-2018-8639. This bug affects a broad swath of Windows operating systems including Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, and Windows 10 Servers.

Related Stories
  • Hackers are targeting your password manager app
  • New 'browser syncjacking' cyberattack lets hackers take over your computer via Chrome
  • U.S. Treasury confirms it was breached by China-backed hackers
  • Hackers take over Google Chrome extensions in cyberattack
  • These Apple bugs were used by hackers in the wild. Now there's a fix.

According to CISA, this vulnerability "exists in Windows when the Win32k component fails to properly handle objects in memory." A bad actor with local access to the vulnerable system can utilize the exploit to run arbitrary code in kernel mode. BleepingComputer reports that a bad actor could use this vulnerability to "alter data or create rogue accounts with full user rights to take over vulnerable Windows devices."

Microsoft and Cisco have not yet released their own security warning regarding these two exploits.

Topics Cybersecurity

Tags: Entertainment Science Tech Life Deals Social Good Digital Culture Games Shopping
hdk

vxm

Expert writer and contributor. Passionate about sharing knowledge and insights on various topics.

Related Articles