Security
Headlines
HeadlinesLatestCVEs

Headline

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM

Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I participated in two educational activities. The first one is an on-line cyber security course for […]

Alexander V. Leonov
#vulnerability#web#windows#microsoft#ubuntu#linux#debian#git#java#oracle#rce#auth#chrome#firefox#blog

Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went.

Alternative video link (for Russia): https://vk.com/video-149273431_456239136

September was quite a busy month for me.

Vulnerability Management courses

I participated in two educational activities. The first one is an on-line cyber security course for my alma mater, Bauman Moscow State Technical University.

Together with Pavel Popov, we recorded three topics: Vulnerability Assessment, Vulnerability Management and Patch Management. About two hours of content.

The second is an online Vulnerability Management course for Positive Technologies, a leading Russian VM-vendor.

I contributed about 30 minutes of content about the importance of Asset Management and the ways of how IT can sabotage the VM-process.

Speaking of education, I received my first certificate in Indonesian language after three months of studying at the PermiraMengajar course. Terima kasih banyak atas kesempatan besar ini!

I am very interested in developing vulnerability management in the Republic of Indonesia and the ASEAN region and I hope that my Bahasa Indonesia skills will help me develop more connections there.

Russian Podcasts

This month has also been quite busy with my media activities. Together with Lev Paley and Maxim Kharask, we launched a weekly news talk show Прожектор по ИБ (“Information Security Spotlight”).

4 numbered episodes and a pilot are already available. The video edit of the show is currently in my hands and we are releasing it on my YouTube channel.

I also appeared as a guest on the Vulnerability Management podcast КиберДуршлаг (“Cyber Colander”) by Positive Technologies. It should be released in October.

Goodbye Tinkoff

On September 18th I left Tinkoff.

I spent a wonderful 6 years and 3 months there. When I got the job, the entire Tinkoff InfoSec team consisted of 5 people, including me and our security director. Now it’s a large and powerful department with recognized unique expertise. A real trendsetter for Russian companies in the financial sector (and not only). 🚀 I hope I have helped in some way to accomplish this beautiful transformation. 😇 I really liked Tinkoff for the pleasant atmosphere, without any toxicity, for adequate and professional management, for my dear colleagues who taught me a lot! 💛 Thank you all very much!

What’s next? I’ll give an update very soon. 🙂 I can only say now, that my Vulnerability Management story is not over, and will receive new impetus and development. 😉

But enough about me. Let’s talk about vulnerabilities.

Microsoft Patch Tuesday

September Microsoft Patch Tuesday. There were 97 CVEs, 35 of them added between Patch Tuesdays.

  • Urgent: 1
  • Critical: 3
  • High: 38
  • Medium: 54
  • Low: 1

The most critical is ****Remote Code Execution**** – Microsoft Edge (CVE-2023-4863). It is quite rare for an RCE vulnerability to be present in both Chrome/Chromium based web browsers (including Edge) and Firefox based web browsers. The CVE-2023-4863 vulnerability was found in libwebp, a library for working with raster images in the WebP format (a replacement for PNG and JPEG). Therefore, any software that can open images in WebP is likely to use libwebp and will therefore be vulnerable. The exploit is available on GitHub and the vulnerability is actively exploited in the wild. Another vulnerability in Edge with a publicly available exploit is Memory Corruption – Microsoft Edge (CVE-2023-4352). Also pay attention to it.

Remote Code Execution – Windows Themes (CVE-2023-38146) “ThemeBleed”. This is a good example of how the criticality of a vulnerability can change overnight. It was ranked 8th in terms of criticality, only due to the RCE type. And a few days after the Path Tuesday, when a write-up and POC were published, the vulnerability became the second most critical. So you never know how things will change and what vulnerability will become truly exploitable and dangerous. Try to fix everything!

The other critical vulnerability is the exploitable in the wild Information Disclosure – Microsoft Word (CVE-2023-36761), which, according to ZDI, actually allows attackers to perform an NTLM Relay attack. NTLM relay attacks allow attackers to sit between clients and servers and relay validated authentication requests in order to access network services.

Among the Elevation of Privilege vulnerabilities, the most interesting is Elevation of Privilege – Microsoft Streaming Service Proxy (CVE-2023-36802).

The remaining CVEs show no signs of exploitation in the wild.

There were 3 Remote Code Executions in Microsoft Exchange (CVE-2023-36744, CVE-2023-36745, CVE-2023-36756). But these vulnerabilities are unlikely to be exploited. Exploitation requires an attacker to authenticate with LAN-access and have valid Exchange user credentials.

What’s interesting about these MS Exchange CVEs is that Microsoft quietly patched them in August. Therefore, users who installed updates as soon as they became available were not affected by these vulnerabilities for a month. And those who usually make decisions about updating systems based on analysis of CVE IDs did not have all the information, so they could make the wrong decision and remain vulnerable for a month. Regular updates without paying much attention to CVEs seem to be the best strategy when you can’t fully trust your vendor’s data.

The full Vulristics report updated at September 30:

🗒 ms_patch_tuesday_september2023

Bitrix CMS RCE

This month I also drew attention to the critical RCE vulnerability BDU:2023-05857 in Bitrix CMS, which is very popular in Russia.

This vulnerability only has an ID in the Russian BDU FSTEC vulnerability database. It’s a good example of how the world of Security and Vulnerabilities is dividing on clusters. In such clusters people use their own software products, that have their own vulnerabilities, which only their own vulnerability scanners can detect.

RHEL/CentOS 7 can’t be detected, can’t be fixed vulnerability

Speaking of vulnerabilities that cannot be detected, I noted an interesting vulnerability in the Linux kernel CVE-2022-1012.

Interestingly, this is not fixed in RHEL/Centos 7, and these OS versions are not yet in EOL. This means that if you use a vulnerability detection tool that makes detection based on security bulletins or OVAL content, it will not be able to detect such a vulnerability. 🤷‍♂️ You can show this case to your VM vendor, specifically to Linux vulnerability detection specialists.

Qualys TOP 20 vulnerabilities

On September 4th Qualys released their own Top 20 Most Exploited Vulnerabilities list (24 CVE). I collected them in Vulristics comment format.

And I wondered if there were vulnerabilities that were not included in the recent Anglo-Saxon lists. It turned out that 12 CVEs are not included, i.e. exactly one half:

  1. CVE-2012-0158
  2. CVE-2012-0507
  3. CVE-2012-1723
  4. CVE-2013-0074
  5. CVE-2014-6271
  6. CVE-2017-0143
  7. CVE-2017-0144
  8. CVE-2017-0145
  9. CVE-2017-8570
  10. CVE-2018-0802
  11. CVE-2018-8174
  12. CVE-2019-2725

These are Shellshock, MS17-010, 3 RCEs for Office, 2 RCEs for VBScript and Silverlight, 3 vulnerabilities for Oracle Java and WebLogic. Apparently the Anglo-Saxons decided that in 2022 this was no longer relevant. 🤷‍♂️

Vulristics reports:

🗒 Qualys TOP 20 2023
🗒 Qualys TOP 20 2023 NOT in Joint report

Forrester and GigaOm VM Market reports

Now let’s talk about Vulnerability Management market news. In September approximately at the same time two marketing reports were released.

🔻 GigaOm Radar Report for Continuous Vulnerability Management v3.01. You you can get it from Qualys.

🔻 The Forrester Wave™: Vulnerability Risk Management, Q3 2023. You you can get it from Tenable.

It’s not surprising that the companies that provide us the reprints of the reports are named the leaders in those reports. 😏 As usual such reports try to compare incomparable companies and solutions, but IMHO still it’s better than nothing.

R-Vision VM

The biggest news on the Russian VM market in September was the R-Vision conference and the presentation of the R-Vision VM product.

From a vulnerability detection perspective, R-Vision VM is an OVAL/SCAP scanner. For now, MVP only supports Linux distributions.

Western:
🔹 Debian v. 7-11
🔹 RHEL v. 6-9
🔹 Ubuntu v. 14.04-23.04
🔹 Suse SLED/SLES 11, 12, 15

Russian:
🔻 RedOS v. 7.3
🔻 AstraLinux v. 17

And the very fact that a VM-vendor can present an MVP solution that supports only Linux systems shows how important the role, that Linux now plays in Russia. Russian distributions especially.

R-Vision also published an article in which they presented their ideas for building an ideal vulnerability management process in organizations. Actually, it looks quite nice.

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

Related news

7-Year-Old 0-Day in Microsoft Office Exploited to Drop Cobalt Strike

By Deeba Ahmed Hackers are dusting off old tricks! A recent attack exploited vulnerabilities in systems running outdates Microsoft Office to deliver Cobalt Strike malware. Learn how to protect yourself! This is a post from HackRead.com Read the original post: 7-Year-Old 0-Day in Microsoft Office Exploited to Drop Cobalt Strike

Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyberattack

The targeted operation utilized CVE-2017-8570 as the initial vector and employed a notable custom loader for Cobalt Strike, yet attribution to any known threat actor remains elusive.

Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack

By Deeba Ahmed Veriti Research exposes surge in Androxgh0st attacks, exploiting CVEs and building botnets for credential theft. Patch systems, monitor for web shells, and use behavioral analysis to protect yourself. This is a post from HackRead.com Read the original post: Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack

Raspberry Robin Malware Upgrades with Discord Spread and New Exploits

The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that "Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time," Check Point said in a report this

Gentoo Linux Security Advisory 202401-34

Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.

Themebleed Windows 11 Themes Arbitrary Code Execution

When an unpatched Windows 11 host loads a theme file referencing an msstyles file, Windows loads the msstyles file, and if that file's PACKME_VERSION is 999, it then attempts to load an accompanying dll file ending in _vrf.dll. Before loading that file, it verifies that the file is signed. It does this by opening the file for reading and verifying the signature before opening the file for execution. Because this action is performed in two discrete operations, it opens the procedure for a time of check to time of use vulnerability. By embedding a UNC file path to an SMB server we control, the SMB server can serve a legitimate, signed dll when queried for the read, but then serve a different file of the same name when the host intends to load/execute the dll.

8220 Gang Targets Telecom and Healthcare in Global Cryptojacking Attack

By Deeba Ahmed The 8220 gang, believed to be of Chinese origins, was first identified in 2017 by Cisco Talos when they targeted Drupal, Hadoop YARN, and Apache Struts2 applications for propagating cryptojacking malware. This is a post from HackRead.com Read the original post: 8220 Gang Targets Telecom and Healthcare in Global Cryptojacking Attack

CVE-2023-48660: DSA-2023-443: Dell PowerMaxOS 5978, Dell Unisphere 360, Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, and Dell PowerMax EEM Secu

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group (TAG) have been

Red Hat Security Advisory 2023-5447-01

Red Hat Security Advisory 2023-5447-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

Apple, Microsoft, and Google Just Fixed Multiple Zero-Day Flaws

Plus: Mozilla patches 10 Firefox bugs, Cisco fixes a vulnerability with a rare maximum severity score, and SAP releases updates to stamp out three highly critical flaws.

Apple, Microsoft, and Google Just Fixed Multiple Zero-Day Flaws

Plus: Mozilla patches 10 Firefox bugs, Cisco fixes a vulnerability with a rare maximum severity score, and SAP releases updates to stamp out three highly critical flaws.

Red Hat Security Advisory 2023-5236-01

Red Hat Security Advisory 2023-5236-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.

RHSA-2023:5224: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.

RHSA-2023:5223: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.

RHSA-2023:5201: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.

RHSA-2023:5192: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker cou...

Debian Security Advisory 5497-2

Debian Linux Security Advisory 5497-2 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

RHSA-2023:5187: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw ...

ThemeBleed exploit is another reason to patch Windows quickly

Categories: Exploits and vulnerabilities Categories: News Tags: theme Tags: themepack Tags: Microsoft Tags: cve-2023-38146 Tags: msstyles An exploit has been released for a vulnerability in .themes that was patched in the September 2023 Patch Tuesday update. (Read more...) The post ThemeBleed exploit is another reason to patch Windows quickly appeared first on Malwarebytes Labs.

Chrome Read-Only Property Overwrite

Chrome suffers from a read-only property overwrite in TurboFan.

Turns out even the NFL is worried about deepfakes

With the popularity of pay-for-shoutout services like Cameo, it’d be fairly easy for someone to develop a convincing enough deepfake of a player and try to steal someone’s money by saying they could prank their fantasy football league for $50.

Turns out even the NFL is worried about deepfakes

With the popularity of pay-for-shoutout services like Cameo, it’d be fairly easy for someone to develop a convincing enough deepfake of a player and try to steal someone’s money by saying they could prank their fantasy football league for $50.

Ubuntu Security Notice USN-6368-1

Ubuntu Security Notice 6368-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. It was discovered that Thunderbird did not properly manage memory when handling WebP images. If a user were tricked into opening a malicious WebP image file, an attacker could potentially exploit these to cause a denial of service or execute arbitrary code.

Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors. Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity. The update is in addition to 35 flaws patched in the Chromium-based Edge browser since last month's

Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors. Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity. The update is in addition to 35 flaws patched in the Chromium-based Edge browser since last month's

Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days

Categories: Business Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Adobe Tags: Android Tags: Apple Tags: Chrome Tags: SAP Tags: Exchange Tags: Visual Studio Tags: CVE-2023-36761 Tags: CVE-2023-36802 Tags: CVE-2023-29332 Tags: Azure Microsoft's September 2023 Patch Tuesday is another important one. It patches two vulnerabilities which are known to be actively exploited. (Read more...) The post Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days appeared first on Malwarebytes Labs.

Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days

Categories: Business Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Adobe Tags: Android Tags: Apple Tags: Chrome Tags: SAP Tags: Exchange Tags: Visual Studio Tags: CVE-2023-36761 Tags: CVE-2023-36802 Tags: CVE-2023-29332 Tags: Azure Microsoft's September 2023 Patch Tuesday is another important one. It patches two vulnerabilities which are known to be actively exploited. (Read more...) The post Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days appeared first on Malwarebytes Labs.

Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird

Mozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser. The shortcoming, assigned the identifier CVE-2023-4863, is a heap buffer overflow flaw in the WebP image format that could result in arbitrary code execution when

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.

Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days

Microsoft disclosed 65 vulnerabilities across its suite of products and software Tuesday, only five of which are considered critical, which is very low compared to Microsoft’s usual security updates.

Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days

Microsoft disclosed 65 vulnerabilities across its suite of products and software Tuesday, only five of which are considered critical, which is very low compared to Microsoft’s usual security updates.

Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days

Microsoft disclosed 65 vulnerabilities across its suite of products and software Tuesday, only five of which are considered critical, which is very low compared to Microsoft’s usual security updates.

Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days

Microsoft disclosed 65 vulnerabilities across its suite of products and software Tuesday, only five of which are considered critical, which is very low compared to Microsoft’s usual security updates.

Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days

Microsoft disclosed 65 vulnerabilities across its suite of products and software Tuesday, only five of which are considered critical, which is very low compared to Microsoft’s usual security updates.

CVE-2023-38146

Windows Themes Remote Code Execution Vulnerability

CVE-2023-36756

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2023-36744

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2023-36802

Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

CVE-2023-36761

Microsoft Word Information Disclosure Vulnerability

CVE-2023-36745

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2023-4863

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

New Agent Tesla Variant Uses Excel Exploit to Infect Windows PCs

By Deeba Ahmed FortiGuard Discovers Phishing Campaign Distributing New Agent Tesla Variant to Windows Devices. This is a post from HackRead.com Read the original post: New Agent Tesla Variant Uses Excel Exploit to Infect Windows PCs

Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant

The Iranian threat actor tracked as APT34 has been linked to a new phishing attack that leads to the deployment of a variant of a backdoor called SideTwist. “APT34 has a high level of attack technology, can design different intrusion methods for different types of targets, and has supply chain attack capability,” NSFOCUS Security Labs said in a report published last week. APT34, also known by

Debian Security Advisory 5479-1

Debian Linux Security Advisory 5479-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems

The health, manufacturing, and energy sectors are the most vulnerable to ransomware.

Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems

The health, manufacturing, and energy sectors are the most vulnerable to ransomware.

Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems

The health, manufacturing, and energy sectors are the most vulnerable to ransomware.

Researchers Share New Insights Into RIG Exploit Kit Malware's Operations

The RIG exploit kit (EK) touched an all-time high successful exploitation rate of nearly 30% in 2022, new findings reveal. "RIG EK is a financially-motivated program that has been active since 2014," Swiss cybersecurity company PRODAFT said in an exhaustive report shared with The Hacker News. "Although it has yet to substantially change its exploits in its more recent activity, the type and

Majority of Ransomware Attacks Last Year Exploited Old Bugs

New research shows that 57 vulnerabilities that threat actors are currently using in ransomware attacks enable everything from initial access to data theft.

Chinese Hackers Keep Targeting Group-IB Cybersecurity Firm

By Deeba Ahmed An APT group known as Tonto Team has tried targeting the Singapore-based Group-IB cybersecurity firm for the second time. This is a post from HackRead.com Read the original post: Chinese Hackers Keep Targeting Group-IB Cybersecurity Firm

Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of KEV Catalog

CISA’s Known Exploited Vulnerabilities Catalog has become a valuable repository of vulnerabilities to be patched. A pair of reports analyze the vulnerabilities under attack to understand the kind of threats organizations should be prioritizing.

Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as 'Critical'

Microsoft has revised the severity of a security vulnerability it originally patched in September 2022, upgrading it to "Critical" after it emerged that it could be exploited to achieve remote code execution. Tracked as CVE-2022-37958 (CVSS score: 8.1), the flaw was previously described as an information disclosure vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism. SPNEGO,

CVE-2022-38765: Canon Medical Software Security Updates

Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.

CVE-2022-43333: Security Advisory: Telenia Software TVOX

Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php.

Cybercrime Group TA558 Targeting Hospitality, Hotel, and Travel Organizations

A financially motivated cybercrime group has been linked to an ongoing wave of attacks aimed at hospitality, hotel, and travel organizations in Latin America with the goal of installing malware on compromised systems. Enterprise security firm Proofpoint, which is tracking the group under the name TA558 dating all the way back to April 2018, called it a "small crime threat actor." "Since 2018,

Most Q2 Attacks Targeted Old Microsoft Vulnerabilities

The most heavily targeted flaw last quarter was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago.

CVE-2022-1012: Invalid Bug ID

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

CVE-2022-1012

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

RHSA-2022:5819: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1012: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak * CVE-2022-32250: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

RHSA-2022:5834: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1012: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak * CVE-2022-32250: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

Red Hat Security Advisory 2022-5636-01

Red Hat Security Advisory 2022-5636-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

Microsoft Office Most Exploited Software in Malware Attacks – Report

By Deeba Ahmed Research reveals that around 80% of all malware attacks used MS Office flaws. Atlas VPN has shared its… This is a post from HackRead.com Read the original post: Microsoft Office Most Exploited Software in Malware Attacks – Report

Microsoft Office Most Exploited Software in Malware Attacks – Report

By Deeba Ahmed Research reveals that around 80% of all malware attacks used MS Office flaws. Atlas VPN has shared its… This is a post from HackRead.com Read the original post: Microsoft Office Most Exploited Software in Malware Attacks – Report

ICYMI: A Microsoft Warning, Follina, Atlassian, and More

Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday. "The group has actively updated its techniques and payloads

RHSA-2022:5249: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1012: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak * CVE-2022-1729: kernel: race condition in perf_event_open leads to privilege escalation * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root * CVE-2022-27666: kernel: buffer overf...

Red Hat Security Advisory 2022-5214-01

Red Hat Security Advisory 2022-5214-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-5267-01

Red Hat Security Advisory 2022-5267-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, information leakage, privilege escalation, and use-after-free vulnerabilities.

RHSA-2022:5267: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1012: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak * CVE-2022-1729: kernel: race condition in perf_event_open leads to privilege escalation * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root * CVE-2022-27666: kernel: buffer ov...

RHSA-2022:5214: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1012: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root * CVE-2022-27666: kernel: buffer overflow in IPsec ESP transformation code

RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealer

The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi, spotted by Romanian company Bitdefender, comes in the wake of Raccoon Stealer temporarily closing the project after one of its team members responsible for critical operations passed away in

China-linked APT Flew Under Radar for Decade

Evidence suggests that a just-discovered APT has been active since 2013.

CVE-2022-21938: Product Security Advisories

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.

Chinese Threat Actor Employs Fake Removable Devices as Lures in Cyber Espionage Campaign

"Aoqin Dragon" has been operating since at least 2013, with targets including government and telecommunications companies in multiple countries.

A Decade-Long Chinese Espionage Campaign Targets Southeast Asia and Australia

A previously undocumented Chinese-speaking advanced persistent threat (APT) actor dubbed Aoqin Dragon has been linked to a string of espionage-oriented attacks aimed at government, education, and telecom entities chiefly in Southeast Asia and Australia dating as far back as 2013. "Aoqin Dragon seeks initial access primarily through document exploits and the use of fake removable devices,"

Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia

An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in the command-and-control (C2)

Bitter APT adds Bangladesh to their targets

Cisco Talos has observed an ongoing malicious campaign since August 2021 from the Bitter APT group that appears to target users in Bangladesh, a change from the attackers' usual victims.As part of this, there's a new trojan based on Apost Talos is calling "ZxxZ," that, among other... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2021-2369: Oracle Critical Patch Update Advisory - July 2021

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically i...

CVE-2020-2978: Oracle Critical Patch Update Advisory - July 2020

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

CVE-2020-2956: Oracle Critical Patch Update Advisory - April 2020

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2019-2808: Oracle Critical Patch Update Advisory - July 2019

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Eternal Synergy Exploit Analysis

Introduction Introduction Recently we announced a series of blog posts dissecting the exploits released by the ShadowBrokers in April 2017; specifically some of the less explored exploits. This week we are going to take a look at Eternal Synergy, an SMBv1 authenticated exploit. This one is particularly interesting because many of the exploitation steps are purely packet-based, as opposed to local shellcode execution.

Update on Petya malware attacks

As happened recently with WannaCrypt, we again face a malicious attack in the form of ransomware, Petya. In early reports, there was a lot of conflicting information reported on the attacks, including conflation of unrelated and misleading pieces of data, so Microsoft teams mobilized to investigate and analyze, enabling our Malware Protection team to release signatures to detect and protect against the malware.

Update on Petya malware attacks

As happened recently with WannaCrypt, we again face a malicious attack in the form of ransomware, Petya. In early reports, there was a lot of conflicting information reported on the attacks, including conflation of unrelated and misleading pieces of data, so Microsoft teams mobilized to investigate and analyze, enabling our Malware Protection team to release signatures to detect and protect against the malware.

Assessing risk for the May 2014 security updates

Today we released eight security bulletins addressing 13 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other six have a maximum severity rating of Important. The table is designed to help you prioritize the deployment of updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max exploit-ability Likely first 30 days impact Platform mitigations and key notes MS14-029(Internet Explorer) Victim browses to a malicious webpage.

CVE-2012-1717: Oracle Java SE Critical Patch Update Advisory - June 2012

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.

Alexander V. Leonov: Latest News

December Microsoft Patch Tuesday