News Heading - 1

Three Vulnerabilities Discovered in Popular Open-Source Graphic Debugger RenderDoc

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

Three critical flaws were found in a popular, cross-platform graphic debugger tool, RenderDoc. Due to its multi-application and operating system (OS) support, the standalone software has gained prominence among developers, particularly in the gaming industry.

RenderDoc is an open-source, MIT licensed software that supports operating systems like Windows, Linux, Nintendo Switch and Android. Its single-frame capture and detailed inspection feature aids in debugging programs across various applications, like Vulkan, OpenGL, D3D12, etc.

The three flaws that were discovered by Qualys Threat Research Unit (TRU) cybersecurity researchers, include, two heap-based buffer overflow and privilege escalation. These vulnerabilities can prove to be a potential threat to security. If exploited, it can allow an attacker to manipulate and control the host’s machines, thereby increasing the risking of ‘’unauthorized access and malicious cyber activity.’’

The three vulnerabilities are:

  • CVE-2023-33865 : The first vulnerability is a symlink vulnerability that a local attacker having no privilege requirement can exploit, helping them gain the privileges of the RenderDoc user.
  • CVE-2023-33864 : The second is an integer underflow that leads to a heap-based buffer overflow that can be exploited by any remote attacker. Using this vulnerability, they can execute arbitrary code on the victim’s machine.
  • CVE-2023-33863 : The third is an integer overflow that develops into a heap-based buffer overflow that can be used by a remote attacker to run arbitrary code on the host machine. Till now, Qualys in its investigation has not exploited this vulnerability, so the threat level of this flaw remains unknown.

On being notified about the vulnerabilities, RenderDoc immediately released a new version of its software – version 1.27, with fixes for these flaws. Version 1.26 and prior continue to have these vulnerabilities, thus remaining susceptible to attacks.

Qualys in its report also advised security teams to fix these vulnerabilities with patches as soon as possible.

Hackers Exploit MOVEit Zero-Day Flaw to Steal Data from Several Big Organizations - 2

Hackers Exploit MOVEit Zero-Day Flaw to Steal Data from Several Big Organizations

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

A zero-day vulnerability found in MOVEit file transfer software was exploited by a prominent ransomware group to attack multiple companies and a provincial government.

According to reports, UK-based BBC, Boots, British Airways (BA) and the government of Nova Scotia, Canada are some of the prominent organizations affected. As this flaw affects all MOVEit transfer versions, the actual number of organizations affected by this vulnerability remains unknown.

Some of the victims, including BBC and BA, revealed that their outsourced payroll provider, Zellis, was affected by the vulnerability. Its dependence on MOVEit transfer software (provided by Progress Software) for providing the payroll services led to this mishap. Zellis in a separate statement also admitted that some of its customers were impacted, although the exact number and names were not revealed.

It stated that containment measures were deployed as soon as it became aware of this vulnerability, including disconnecting servers using MOVEit software, informing appropriate authorities in the UK and Ireland, as well as engaging with external cybersecurity and forensic experts.

This vulnerability was revealed by Progress Software on May 31, when it notified its customers about the flaw found in both MOVEit transfer and Cloud. Although Progress immediately released security patches for this flaw, cybersecurity firms like Mandiant and Rapid7 reported its exploitation by ransom gangs.

The current attacks were attributed to Lace Tempest (FIN11, TA505) which is known to operate the CI0p ransomware site, reported Microsoft. Its modus operandi involves exploiting zero-day flaws to access system databases to steal data for extortion. The gang is also known to threaten and publish data of unwilling victims on its website.

Some of BBC & Boot’s employees’ data that may have been breached include names, National Insurance number, partial home addresses, email IDs and employee numbers.

UK’s National Cyber Security Centre has also advised organizations’ using MOVEit transfer software ‘’to take immediate action by following vendor best practice advice and applying the recommended security updates.”