A code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall. The vulnerability has been fixed.
A code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall. The vulnerability has been fixed.
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network. The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network. The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.
Unpatched 15-year old Python bug allows code execution in 350k projects
A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than 350,000 open-source repositories and can lead to code execution.
Unpatched 15-year old Python bug allows code execution in 350k projects
A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than 350,000 open-source repositories and can lead to code execution.
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. As we dug into the issue, we realized this was in fact CVE-2007-4559. The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive. Over the course of our research into the impact of this vulnerability we discovered that hundreds of thousands of repositories were vulnerable to this vulnerability. While the vulnerability was originally only marked as a 6.8, we were able to confirm that in most cases an attacker can gain code execution from the file write.
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. As we dug into the issue, we realized this was in fact CVE-2007-4559. The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive. Over the course of our research into the impact of this vulnerability we discovered that hundreds of thousands of repositories were vulnerable to this vulnerability. While the vulnerability was originally only marked as a 6.8, we were able to confirm that in most cases an attacker can gain code execution from the file write.
Malicious OAuth applications abuse cloud email services to spread spam
Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange Online service to launch spam runs.
Malicious OAuth applications abuse cloud email services to spread spam
Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange Online service to launch spam runs.
Iranian State Actors Conduct Cyber Operations Against the Government of Albania
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to execution of encryption and wiper attacks. Additional information concerning files used by the actors during their exploitation of and cyber attack against the victim organization is provided in Appendices A and B.
Iranian State Actors Conduct Cyber Operations Against the Government of Albania
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to execution of encryption and wiper attacks. Additional information concerning files used by the actors during their exploitation of and cyber attack against the victim organization is provided in Appendices A and B.