Latest News

### Impact Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. ### Patches Synapse 1.106 introduces a new "leaky bucket" rate limit on remote media downloads to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data to be cached. ### Workarounds Synapse deployments can currently decrease the maximum file size allowed, as well as increase request rate limits. However, this does not as effectively address the issue as a dedicated rate limit on remote media downloads. Server operators may also wish...

Too much access and privilege, plus a host of unsafe cyber practices, plague most workplaces, and the introduction of tools like GenAI will only make things worse.

About Elevation of Privilege – needrestart (CVE-2024-48990) vulnerability. On November 19, Qualys released a security bulletin about five privilege escalation vulnerabilities in the needrestart utility (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003) used in Ubuntu Server, starting with version 21.04. The needrestart utility runs automatically after APT operations (installing, updating, or removing packages). It checks if […]

A massive data leak linked to the MOVEit vulnerability has exposed millions of employee records from major companies. Learn about the impact of this leak, the role of the "data vigilante" Nam3L3ss.

About Path Traversal – Zyxel firewall (CVE-2024-11667) vulnerability. A directory traversal vulnerability in the web management interface of Zyxel firewall could allow an attacker to download or upload files via a crafted URL. The vulnerability affects Zyxel ZLD firmware versions from 5.00 to 5.38, used in the ATP, USG FLEX, USG FLEX 50(W), and USG20(W)-VPN […]

A novel backdoor malware and a loader that customizes payload names for each victim have been added to the threat group's cybercriminal tool set.

Until C-level executives fully understand potential threats and implement effective mitigation strategies, healthcare organizations will remain vulnerable and at risk of disruption.

The Acronis Cyber Protect appliance, in its default configuration, allows the anonymous registration of new protect/backup agents on new endpoints. This API endpoint also generates bearer tokens which the agent then uses to authenticate to the appliance. As the management web console is running on the same port as the API for the agents, this bearer token is also valid for any actions on the web console. This allows an attacker with network access to the appliance to start the registration of a new agent, retrieve a bearer token that provides admin access to the available functions in the web console. The web console contains multiple possibilities to execute arbitrary commands on both the agents (e.g., via PreCommands for a backup) and also the appliance (e.g., via a Validation job on the agent of the appliance). These options can easily be set with the provided bearer token, which leads to a complete compromise of all agents and the appliance itself.

This Metasploit module exploits a missing authentication vulnerability affecting FortiManager and FortiManager Cloud devices to achieve unauthenticated RCE with root privileges. The vulnerable FortiManager versions are 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, and 6.2.0 through 6.2.12. The vulnerable FortiManager Cloud versions are 7.4.1 through 7.4.4, 7.2.1 through 7.2.7, 7.0.1 through 7.0.12, and 6.4 (all versions).

On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Writing a new extension can be created which performs a system command to achieve RCE as the asterisk service user (typically asterisk). Default parking lot in FreePBX is called "Default lot" on the website interface, however its actually parkedcalls. Tested against Asterisk 19.8.0 and 18.16.0 on Freepbx SNG7-PBX16-64bit-2302-1.