Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.

Valid

Reported on

Jul 24th 2023

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 5 months ago

We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back 5 months ago

Please check it with the latest version 3.1.16, not the one on the demo page.

okay i will check and give you a Feedback.

I could re-produce some of the issues.

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

This vulnerability will not receive a CVE

This vulnerability is scheduled to go public on Sep 30th 2023

Hello. Thank you. Can you please assign it a CVE.

Hello. Thank you. Can you please assign it a CVE.

Hello. Thank you. Can you please assign it a CVE.

@admin could you please assign a CVE?

@admin thank you for your time and effort.

May i kindly ask you to assign me a CVE for this Vulnerability as this will help me further in my researches etc.

Thank you very much for your efforts again and hope hearing from you soon.

Best regards Ahmed Hassan

to join this conversation

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 5 months ago

We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back 5 months ago

Please check it with the latest version 3.1.16, not the one on the demo page.

okay i will check and give you a Feedback.

I could re-produce some of the issues.

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

This vulnerability will not receive a CVE

This vulnerability is scheduled to go public on Sep 30th 2023

Hello. Thank you. Can you please assign it a CVE.

Hello. Thank you. Can you please assign it a CVE.

Hello. Thank you. Can you please assign it a CVE.

@admin could you please assign a CVE?

@admin thank you for your time and effort.

May i kindly ask you to assign me a CVE for this Vulnerability as this will help me further in my researches etc.

Thank you very much for your efforts again and hope hearing from you soon.

Best regards Ahmed Hassan

to join this conversation

CVE-2023-6890: stored XSS Bypass in the FAQ Fields in phpmyfaq

Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

CVE-2021-1980: October 2021 Security Bulletin | Qualcomm

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

CVE-2021-1909: September 2021 Security Bulletin | Qualcomm




In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability.


We recommend users upgrade the version of Linkis to version 1.3.2.





**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2023-27603

Phishers racked up an enormous haul of stolen cryptocurrency via rogue Google ads. Time to check if you're free from bad ad worry.
The post Rogue ads phishing for cryptocurrency: Are you secure? appeared first on Malwarebytes Labs.

Bad ads are at it again. Rogue Google ads caused no end of misery for cryptocurrency enthusiasts, costing them roughly $4.31 million between the 12th and the 21st of April. This is an astonishing slice of cryptocurrency cash to lose for the sake of clicking on something in a search engine.

The bogus links were at the top of results for Terra blockchain projects. Searches for projects like Astroport or Anchor resulted in the below search results:

> Our security team conducted an analysis of this incident and discovered that the bulk of this attack was from google phishing ads. Users would search well know projects on the Terra blockchain such as @anchor\_protocol or @astroport\_fi only to click on the first link by google. pic.twitter.com/aucIcnsCd7
> 
> — SlowMist (@SlowMist\_Team) April 21, 2022

The design of the phish page is quite similar to many that we’ve seen. They’re quite basic, and include little beyond a set of “connect your wallet” buttons. However, as you can see in the below tweet, they’re after people’s seed phrase:

> These may look like normal ads and some even show the same domain names, but once you click on the link, the domain name actually changes. When clicked, it'll prompt you to connect your wallet, however instead of connecting, users are asked to input their seed phrase. pic.twitter.com/OZjifaJ17m
> 
> — SlowMist (@SlowMist\_Team) April 21, 2022

We’ve talked about seed/recovery phishing several times. Seed phrases are your keys to the kingdom, and giving them to a phisher could have serious consequences. It’s no wonder these phishers made off with so much money.

**The problem with bad ads**

Rogue adverts have been around pretty much for as long as paid adverts have existed. They’ve been the stomping ground of exploit kits, ransomware, fake tech support scams, and much more for years.

One of the main ways to hurt yourself in a search engine used to be SEO poisoning. That didn’t involve ads, but rather involved the search results themselves being bad. If a site got compromised and the content altered, innocent looking results could end up whisking you away to spam or malware. Alongside SEO poisoning, which search engines really tried to clamp down on, bogus ads started making major inroads.

**Big numbers, big rewards**

Ad fraud costs billions each year. Any network could potentially allow a bad actor onboard, and that’s before you consider that there are rogue ad networks who simply don’t care what’s being pushed to end-users. Slow, cumbersome static ads were replaced by real time bidding, and techniques to push bad content became ever more inventive.

On top of that, you have the usual tricks like fingerprinting and browser search string agents to ensure your bad content reaches specific people. For example, only allowing certain mobile users to land on your mobile-centric scam page. Or how about stopping users at a gateway to see if they run exploitable types of software before letting them progress to the exploit page?

The SEO poisoning tactics all look a bit antiquated next to the “paid-for ad might lose you a fortune” merry-go-round.

**Blink and you’ll miss it?**

The big problem with paid ads in search engines is one of assumed legitimacy. The fact that they usually appear at the top of the page originally led to complaints that they were being mixed up with “proper” results. This brought about many changes to make it clearer that paid ads were just that.

Sadly, people still struggle with figuring out paid ads vs organic. Close to 60% in one survey didn’t know the difference. This is despite changes from search engine providers for both desktop and mobile platforms.

> Last year, our search results on mobile gained a new look. That’s now rolling out to desktop results this week, presenting site domain names and brand icons prominently, along with a bolded “Ad” label for ads. Here’s a mockup: pic.twitter.com/aM9UAbSKtv
> 
> — Google SearchLiaison (@searchliaison) January 13, 2020

Does the word “Ad” next to the result in Google really leap out enough to be noticeable? Or when “Ad” appears in Yahoo! or the additional “Ads related to…” under the main ads? How about Bing’s very tiny “Ad” next to the results?

I vaguely recall a search engine placing paid results in a prominent box a few years back, but I suppose I could just be mixing it up with a screenshot of someone _highlighting_ a rogue advert instead.

**Avoiding bad ads**

There’s multiple ways to avoid bad ads, but some of them come at a cost to either yourself or the sites serving the ads. It’s one of those very personal choices for which there’s no single fit. I’m not going to suggest you do any of these; I’m merely going to give you examples of what people do and leave the decision in your hands.

1.  Some folks have simply had enough of adverts. They’ll install ad-blockers, hit the “disallow all” button, and that’s that. However, one drawback is that sites you like may not work. You’ve definitely seen a “please unblock our ads to continue” message at this point. Some sites take a hard line on this, and it’s a case of unblock or go elsewhere. Others will allow you to choose whether to view the site with the ads still blocked, or add them to your “safe site” list. Sometimes this goodwill gesture is enough to have the visitor unblock the ads. If it doesn’t and someone becomes a repeat visitor anyway (with ads still blocked), then the site loses ad revenue.
2.  Others may go down the script blocker route. This may allow ads, but will potentially contribute to preventing forms of redirect and/or malicious script loading. Script blocking tools are a lot better than they used to be, with more customisation available than ever before. In the bad old days, it was mostly a case of “enable this and break hundreds of websites”. The trade-off here is that you may end up enabling something that renders the site usable, but also allows for bad things to happen.
3.  Security tools. This is one of the more hands-on ways to shut bad things down. Browser extensions, security tools with real-time protection, regular security scans, and keeping your system (and programs) up to date will all help keep exploits, phishing pages, and malware far away, even with all adverts enabled. Nothing is guaranteed, of course, and that’s why several layers of defence tailored to your specific requirements will do significant heavy lifting on your behalf.

Rogue ad attacks are sadly a fact of internet life, and targeting cryptocurrency enthusiasts means potentially massive payouts in comparison to some other forms of phishing. With no way to get your stolen coins back in most cases, it’s not something you can afford to ignore. Start shoring up those defences now, and have a long think about the level of advert exposure you’re comfortable with.

Rogue ads phishing for cryptocurrency: Are you secure?

A biotech threat intelligence group is gaining supporters as urgency mounts around an overlooked vulnerable sector.

A new partnership between the cybersecurity nonprofit Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) and the Johns Hopkins University Applied Physics Laboratory (APL), which works on emerging research with US government agencies, is highlighting the need for more resources to better secure biomedical, bioindustrial, and biomanufacturing entities.

The Covid-19 pandemic sparked regular people around the world to think about the logistics of vaccine development and production in a tangible and immediate way. But the so-called bioeconomy is silently embedded everywhere, from breeding programs used in agriculture to the development of biofuels. And as industry after industry faces a reckoning about the state of their cybersecurity defenses, researchers are increasingly realizing that the bioeconomy is vulnerable. During the pandemic, for example, Russia, China, and other state actors raced to hack vaccine makers and distributors for intelligence gathering, in a scramble that US officials warned could have been disruptive.

“A lot of the bioeconomy is small companies; that’s the real lifeblood of American biotech,” says BIO-ISAC cofounder Charles Fracchia. “Imagine if Moderna got hacked four years ago, even with some totally non-sophisticated malware, or they faced a ransomware attack. Small companies can go bankrupt really easily, and then we lose the work they're doing for the future. I'm very grateful that APL understood the mission of the BIO-ISAC and joined as a founding member. They want to help.”

Information sharing and analysis centers exist for many industries, from financial services to health care. And Charles Frick, a principal staff member at APL, says that the lab has been supporting ISACs and collaborating with them for many years. During the George W. Bush and Barack Obama administrations, Frick says, APL collaborated with the Department of Homeland Security and the National Security Agency to study the most efficient methods for large-scale threat intelligence sharing and security automation. APL participated in a 2018 financial services pilot for automatically screening and processing machine-readable threat intelligence data in which a process that had one taken 14 hours got whittled down to eight minutes.

All of this matters, because digital attacks on critical services and trends in attacks creep up quickly. The more information an organization can not only gather but also share, the better chance others have of defending themselves against similar hacks. APL's funding for the BIO-ISAC will go toward regular operations, including research, information sharing, and public disclosures. And crucially, it will also support incident response services the BIO-ISAC is launching so biotech and biomanufacturing organizations have someone to call if they're dealing with a digital attack or otherwise suspect that something is wrong. The services will be pay what you can to make them accessible to as many organizations as possible. Depending on demand, though, the BIO-ISAC may not have the capacity immediately to respond to every request. But the group hopes to begin filling a crucial gap in the services that are currently available.

“As we start identifying threats, it's a natural fit for us to say, well, we have an existing set of capabilities and skills that can be applied to this area, and we've demonstrated our ability to work with ISACs in collaboration," says Brian Haberman, an APL program area manager. "So this accomplishes our mission of supporting national priorities in a much faster way when you’re not going it alone. It's the biggest bang for your buck."

A few years ago, the idea of designating US election systems as government “critical infrastructure” was controversial to some. The designation simply unlocks funding and expanded resources from US government agencies, including the Cybersecurity and Infrastructure Security Agency, for critical sectors that work in the public interest. But while health care, food, and agriculture industries obviously have critical infrastructure designations that cover parts of the bioeconomy, the sector as a whole doesn't specifically have its own designation. Instead the US government has classified the bioeconomy with a “critical emerging tech” label.  As a result, groups like the BIO-ISAC are working ad hoc in a largely open field.

“The bioeconomy is an emerging sector of our economy if we really want to make meaningful change and impact, now is the time to get involved—not after it’s already this big thing and we try to go in reverse," says Andrew Kilianski, senior director for emerging infectious diseases at the International AIDS Vaccine Initiative. "We’ve done some of these sectors where we try to build out IT infrastructure and cybersecurity defenses later and it doesn’t work well." Kiliansk worked closely with the US government's Covid Operation Warp Speed initiative and a new member of the BIO-ISAC's national security advisory board.

“There's that squishy, beautiful life sciences spirit that, hey, we share everything, we’re open," Kilianski adds. "But now these discoveries have huge commercial value, not just societal value, and that makes all of this even more sensitive.”

The Hidden Race to Protect the US Bioeconomy From Hacker Threats

The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example

CVE-2023-2179

In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872.

**June 2022 Product Security Bulletin**

Published 2022-06-06

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and TV chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

**CVEs**

High

CVE-2022-21745

Medium

CVE-2022-21746, CVE-2022-21747, CVE-2022-21748, CVE-2022-21749, CVE-2022-21750, CVE-2022-21751, CVE-2022-21752, CVE-2022-21753, CVE-2022-21754, CVE-2022-21755, CVE-2022-21756, CVE-2022-21757, CVE-2022-21758, CVE-2022-21759, CVE-2022-21760, CVE-2022-21761, CVE-2022-21762

****Details****

CVE

**CVE-2022-21745**

Title

Use after free in WIFI Firmware

Severity

High

Vulnerability Type

EoP

CWE

CWE-416 Use After Free

Description

In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8695, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 10.0, 11.0, 12.0

CVE

**CVE-2022-21746**

Title

Improper input validation in imgsensor

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-20 Improper Input Validation

Description

In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6885, MT6893, MT8167, MT8167S, MT8168, MT8175, MT8362A, MT8365, MT8788

Affected Software Versions

Android 9.0, 10.0, 11.0, 12.0

CVE

**CVE-2022-21747**

Title

Improper input validation in imgsensor

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-20 Improper Input Validation

Description

In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6885, MT6893, MT8167, MT8167S, MT8168, MT8173, MT8362A, MT8365, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797

Affected Software Versions

Android 9.0, 10.0, 11.0, 12.0

CVE

**CVE-2022-21748**

Title

Improper access control in telephony

Severity

Medium

Vulnerability Type

ID

CWE

CWE-284 Improper Access Control

Description

In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2022-21749**

Title

Improper access control in telephony

Severity

Medium

Vulnerability Type

ID

CWE

CWE-284 Improper Access Control

Description

In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT8321, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2022-21750**

Title

Improper input validation in WLAN driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2022-21751**

Title

Improper input validation in WLAN driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6771, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797

Affected Software Versions

Android 11.0

CVE

**CVE-2022-21752**

Title

Improper input validation in WLAN driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8695, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2022-21753**

Title

Improper input validation in WLAN driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8695, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2022-21754**

Title

Improper input validation in WLAN driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8695, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2022-21755**

Title

Improper input validation in WLAN driver

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8695, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2022-21756**

Title

Improper input validation in WLAN driver

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8695, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2022-21757**

Title

Uncontrolled resource consumption in WIFI Firmware

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-400 Uncontrolled Resource Consumption

Description

In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6877, MT6885, MT6889, MT6983, MT6985, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2022-21758**

Title

Double free in ccu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-415 Double Free

Description

In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6833, MT6853, MT6873, MT6877, MT6885, MT6893

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2022-21759**

Title

Buffer copy without checking size of input ('classic buffer overflow') in power service

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Description

In power service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6739, MT6761, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6879, MT6885, MT6891, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 11.0, 12.0

CVE

**CVE-2022-21760**

Title

Integer overflow or wraparound in apusys driver

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-190 Integer Overflow or Wraparound

Description

In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT9636, MT9638, MT9666

Affected Software Versions

Android 12.0

CVE

**CVE-2022-21761**

Title

Integer overflow or wraparound in apusys driver

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-190 Integer Overflow or Wraparound

Description

In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT9636, MT9638, MT9666

Affected Software Versions

Android 11.0

CVE

**CVE-2022-21762**

Title

Integer overflow or wraparound in apusys driver

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-190 Integer Overflow or Wraparound

Description

In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT9636, MT9638, MT9666

Affected Software Versions

Android 12.0

****Vulnerability Type Definition****

Abbreviation

**Definition**

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

**Version**

**Date**

**Description**

1.0

June 6, 2022

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.

CVE-2022-21745: June 2022

The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping when the 'Save Data SendMail' feature is enabled. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-3092: data-list-table.php in smtp-mail/trunk/includes – WordPress Plugin Repository

By Habiba Rashid
The Stealth Soldier malware is capable of stealing browser data, recording audio and video, and much more.
This is a post from HackRead.com Read the original post: Advanced Espionage Malware “Stealth Soldier” Hits Libyan Firms

The Stealth Soldier campaign marks the possible reappearance of a threat actor known as “The Eye on the Nile” since its last operation in 2019.

Check Point Research has recently uncovered a series of highly-targeted espionage attacks in Libya, shedding light on a previously undisclosed backdoor called Stealth Soldier. This sophisticated malware operates as a custom modular backdoor with surveillance functionalities, including file exfiltration, screen and microphone recording, keystroke logging, and stealing browser information.

The campaign, which appears to be targeting Libyan organizations, marks the possible re-appearance of a threat actor known as “The Eye on the Nile” since its last operation in 2019.

Stealth Soldier, an implant used in limited and targeted attacks, has shown active maintenance with the latest version, Version 9, compiled in February 2023. Check Point Research’s investigation began with the discovery of multiple files submitted to VirusTotal between November 2022 and January 2023 from Libya.

These files, named in Arabic, such as “هام وعاجل.exe” (Important and Urgent.exe) and “برقية 401.exe” (Telegram 401.exe), turned out to be downloaders for different versions of the Stealth Soldier malware.

The execution flow of Stealth Soldier starts with the downloader, which triggers the infection chain. Although the delivery mechanism of the downloader remains unknown, social engineering is suspected.

The malware’s infection process involves downloading multiple files from the Command and Control (C&C) server, including the loader, watchdog, and payload. These components work together to establish persistence and execute the surveillance functionalities.

First, the loader downloads an internal module called PowerPlus to enable PowerShell commands and create persistence. Then, the watchdog periodically checks for updated versions of the loader and runs it accordingly. Finally, the payload collects data, receives commands from the C&C server, and executes various modules based on the attacker’s instructions.

The victim’s information collected by the Stealth Soldier’s payload includes the hostname, username, drive list, and files within specific directories. The malware supports various commands, including directory listing, file upload, screenshot capture, microphone recording, keylogging, browser credential extraction, and PowerShell command execution. 

Check Point Research identified three different versions of Stealth Soldier (Versions 6, 8, and 9), each with slight variations in functionality, filenames, and persistence mechanisms.

Additionally, the investigation uncovered a set of phishing domains linked to the campaign, with some masquerading as websites belonging to the Libyan Ministry of Foreign Affairs.  The phishing domains, hosted on IP addresses associated with previous malicious activities, indicated a likely intention to conduct phishing campaigns.

Check Point Research also discovered similarities between this recent operation and the “Eye on the Nile” campaign, previously linked to government-backed bodies by Amnesty International and Check Point Research. The overlapping infrastructure suggests a possible connection between the two campaigns, indicating the persistence and adaptability of the threat actor behind them.

The Stealth Soldier malware campaign targeting Libyan organizations highlights the increasing sophistication of cyber espionage operations. The use of custom backdoors and advanced surveillance capabilities poses significant threats to targeted entities’ data security and privacy.

Detecting and mitigating advanced threats like Stealth Soldier requires a combination of proactive threat intelligence, user awareness, and effective security solutions to ensure a resilient defence against evolving cyber threats.

**RELATED ARTICLES**

1.  Facebook removes accounts over iOS, Android malware
2.  Worok Hackers Hit Orgs, Govts in Asia, Middle East, Africa
3.  Russia used Triton malware to sabotage Saudi petro plant

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Search

lenovo warranty check/lookup | check warranty status | lenovo support us