Found 257 bookmarks
Custom sorting
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, GTSC Blue Team experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e., a 0-day vulnerability, thus immediately came up with a temporary containment plan.
#gteltsc.vn#EN#2022#Microsoft-Exchange#Exchange#0-day#RCE#vulnerability#campaign#IoCs
·gteltsc.vn·
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network. The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.
#Microsoft#EN#2022#CVE-2022-37972#Endpoint-Configuration-Manager#patch#vulnerability
·securityweek.com·
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. As we dug into the issue, we realized this was in fact CVE-2007-4559. The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive. Over the course of our research into the impact of this vulnerability we discovered that hundreds of thousands of repositories were vulnerable to this vulnerability. While the vulnerability was originally only marked as a 6.8, we were able to confirm that in most cases an attacker can gain code execution from the file write.
#trellix#EN#2022#CVE-2007-4559#tarfile#Python#vulnerability
·trellix.com·
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin
PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin
Late evening, on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in BackupBuddy, a WordPress plugin we estimate has around 140,000 active installations. This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information. ...Read More
#wordfence#EN#2022#Wordpress#vulnerability#0-day#BackupBuddy#plugin
·wordfence.com·
PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin
CVE-2022-35650 Analysis
CVE-2022-35650 Analysis
CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
#Anna#0x1337#CVE-2022-35650#Analysis#Moodle#vulnerability#PHP
·0x1337.ninja·
CVE-2022-35650 Analysis
[CVE-2022-34918] A crack in the Linux firewall
[CVE-2022-34918] A crack in the Linux firewall
In our previous article Yet another bug into Netfilter, I presented a vulnerability found within the netfilter subsystem of the Linux kernel. During my investigation, I found a weird comparison that does not fully protect a copy within a buffer. It led to a heap buffer overflow that was exploited to obtain root privileges on Ubuntu 22.04.
#randorisec#EN#2022#CVE-2022-34918#Linux#netfilter#Vulnerability#analysis
·randorisec.fr·
[CVE-2022-34918] A crack in the Linux firewall
Retbleed – serious vulnerability discovered in microprocessors
Retbleed – serious vulnerability discovered in microprocessors
12.07.2022 - Security researchers from the ETH Zürich have discovered a serious security vulnerability in Intel and AMD microprocessors. The vulnerability, called Retbleed, potentially allows an attacker to access any memory area. Initial countermeasures have already been defined. The NCSC has assigned the internationally valid CVE identifiers for the vulnerability of both manufacturers.
#NCSC#EN#2022#retbleed#Vulnerability#CVE-2022-29900#CVE-2022-29901
·ncsc.admin.ch·
Retbleed – serious vulnerability discovered in microprocessors
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
This blog post describes an unchecked return value vulnerability found and exploited in September 2021 by Alex Plaskett, Cedric Halbronn and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group. We successfully exploited it at Pwn2Own 2021 competition in November 2021 when targeting the Western Digital PR4100.
#CVE-2022-23121#nccgroup#EN#2022#Netatalk#WesternDigital#vulnerability#AppleDouble
·research.nccgroup.com·
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
Vulnerability Analysis - CVE-2022-1388
Vulnerability Analysis - CVE-2022-1388
CVE-2022-1388 is a critical vulnerability (CVSS 9.8) in the management interface of F5 Networks’ BIG-IP solution that enables an unauthenticated attacker to gain remote code execution on the system through bypassing F5’s iControl REST authentication. The vulnerability was first discovered by F5’s internal product security team and disclosed publicly on May 4, 2022.
#CVE-2022-1388#randori#EN#2022#critical#vulnerability#F5#BIG-IP#RCE
·randori.com·
Vulnerability Analysis - CVE-2022-1388
Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). - GitHub - Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
#GitHub#EN#2022#no-fix#vulnerability#Windows#LDAP#domain#signing#KrbRelayUp#privilege#escalation
·github.com·
Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impact on vulnerable devices by deploying payloads and performing other malicious actions via arbitrary root code execution.
#Nimbuspwn#microsoft#EN#2022#CVE-2022-29799#CVE-2022-29800#vulnerability#Linux#D-Bus#TOCTOU#networkd-dispatcher
·microsoft.com·
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
CVE-2022-22965 Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
CVE-2022-22965 Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
Trend Micro Threat Research observed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965, which allows malicious actors to weaponize and execute the Mirai botnet malware. The exploitation allows threat actors to download the Mirai sample to the “/tmp” folder and execute them after permission change using “chmod”. We began seeing malicious activities at the start of April 2022. We also found the malware file server with other variants of the sample for different CPU architectures.
#CVE-2022-22965#trendmicro#EN#2022#Spring4Shell#Vulnerability#SpringFramework#Tomcat
·trendmicro.com·
CVE-2022-22965 Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
PROPHET SPIDER Exploits Citrix ShareFile
PROPHET SPIDER Exploits Citrix ShareFile
At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 — a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller — to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a webshell that enabled the downloading of additional tools. This incident highlights how PROPHET SPIDER continues to evolve their tradecraft while continuing to exploit known web-server vulnerabilities.
#CrowdStrike#PROPHETSPIDER#EN#2022#CVE-2021-22941RCE#webshell#ShareFile#vulnerability#Citrix
·crowdstrike.com·
PROPHET SPIDER Exploits Citrix ShareFile
Armis Finds Three Critical Zero-Day Vulnerabilities in APC Smart-UPS Devices, Dubbed "TLStorm," Exposing More than 20 Million Enterprise Devices
Armis Finds Three Critical Zero-Day Vulnerabilities in APC Smart-UPS Devices, Dubbed "TLStorm," Exposing More than 20 Million Enterprise Devices
Vulnerabilities found in widely-used Uninterruptible Power Supplies could allow attackers to bypass security features and remotely take over or damage critical industrial, medical, and enterprise devices
#TLStorm#armis#UPS#APC#prnewswire#2022#EN#vulnerability
·prnewswire.com·
Armis Finds Three Critical Zero-Day Vulnerabilities in APC Smart-UPS Devices, Dubbed "TLStorm," Exposing More than 20 Million Enterprise Devices
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
On Feb. 4, Linux announced CVE-2022-0492, a new privilege escalation vulnerability in the kernel. CVE-2022-0492 marks a logical bug in control groups (cgroups), a Linux feature that is a fundamental building block of containers. The issue stands out as one of the simplest Linux privilege escalations discovered in recent times: The Linux kernel mistakenly exposed a privileged operation to unprivileged users.
#paoloaltonetworks#vulnerability#CVE-2022-0492#Linux#cgroups#containers#escalation#docker
·unit42.paloaltonetworks.com·
New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?