#web

Against a backdrop of political conflict, a years-long cyber-espionage campaign in South Asia is coming to light.

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected. This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9

### Summary By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). ### Impact Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. ### Technical details #### Vulnerability 1: Open Redirect ##### Description Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. In the specific context of Strapi, this vulnerability allows the SSO token to be stolen, allowing an attacker to authenticate himself within the application. ##### Remediation If possible, applications shoul...

An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface.

Ubuntu Security Notice 6819-2 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.

Ubuntu Security Notice 6821-3 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

Apple Security Advisory 06-10-2024-1 - visionOS 1.2 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2024-3843-03 - An update for cockpit is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

Cybersecurity firm Recorded Future counted 44 health-care-related incidents in the month after Change Healthcare’s payment came to light—the most it’s ever seen in a single month.

The threat group behind breaches at Caesars and MGM moves its business over to a different ransomware-as-a-service operation.