Windows Installer EOP (CVE-2023-21800)
This blog post describes the details and methodology of our research targeting the Windows Installer (MSI) installation technology.
CVE-2023-27532
Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.
PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)
A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available.
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966
Numerous threat actors were detected abusing a critical CVE-2022-47966 RCE vulnerability affecting products from ManageEngine. Read our advisory.
CVD, EU-DSGVO and revDSG - A personal responsible disclosure experience of a data breach in the Swiss cyber landscape in 2022/23
n late November 2022, a few days after ETH Alumni launched their new feature “Who is who” which allows them to look up and connect to other members, I came across a severe access control vulnerability. Without any authorization over the internet, it allowed extracting at least 35418 member profiles, including full name, postal address, nationality, title, graduation field, study start year, gender, profile picture and hashed passwords.
OpenSSL fixes High Severity data-stealing bug – patch now!
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English…
Apple patches are out – old iPhones get an old zero-day fix at last!
Don’t delay, especially if you’re still running an iOS 12 device… please do it today!
New GTA Online exploit now allows cheaters to ban your account
a new Grand Theft Auto: Online exploit now allows cheaters to ban or delete peoples online profile and edit their stats
Zoom Patches High Risk Flaws on Windows, MacOS Platforms
Video messaging giant Zoom has released patches for multiple security vulnerabilities that expose both Windows and macOS users to malicious hacker attacks.
Jenkins discloses dozens of zero-day bugs in multiple plugins
On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched.
Hacker claims to be selling Twitter data of 400 million users
A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. They're asking $200,000 for an exclusive sale.
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
he maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service.
CVE-2022-21661: Exposing Database Info via WordPress SQL Injection
In October of this year, we received a report from ngocnb and khuyenn from GiaoHangTietKiem JSC covering a SQL injection vulnerability in WordPress. The bug could allow an attacker to expose data stored in a connected database. This vulnerability was recently addressed as CVE-2022-21661 ( ZDI-22-020
Firefox fixes fullscreen fakery flaw – get the update now! – Naked Security
What’s so bad about a web page going fullscreen without warning you first?
Compromising Plesk via its REST API
Compromising Plesk via its REST API, CSRF, CORS misconfiguration, add db user, add backdoor, add secret token, cookieless CSRF
Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)
Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.
SHA-3 Buffer Overflow
Over the past few months, I’ve been coordinating the disclosure of a new vulnerability that I’ve found. Today is the disclosure date, so I am excited that I can finally talk about what I’ve been working on! The vulnerability has been assigned CVE-2022-37454 and bug reports are available for Python, PHP, PyPy, SHA3 for Ruby, and XKCP.
Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability
n April, VMware patched a vulnerability CVE-2022-22954. It causes server-side template injection because of the lack of sanitization on parameters “deviceUdid” and “devicetype”. It allows attackers to inject a payload and achieve remote code execution on VMware Workspace ONE Access and Identity Manager. FortiGuard Labs published Threat Signal Report about it and also developed IPS signature in April.
Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
Command & Control (C2) frameworks are a very sensitive component of Red Team operations. Often, a Red Team will be in a highly privileged position on a target’s network, and a compromise of the C2 framework could lead to a compromise of both the red team operator’s system and control over beacons established on a target’s systems. As such, vulnerabilities in C2 frameworks are high priority targets for threat actors and Counterintelligence (CI) operations. On September 20, 2022, HelpSystems published an out-of-band patch for Cobalt Strike which stated that there was potential for Remote Code Execution (RCE).
On Bypassing eBPF Security Monitoring
There are many security solutions available today that rely on the Extended Berkeley Packet Filter (eBPF) features of the Linux kernel to monitor kernel functions. Such a paradigm shift in the latest monitoring technologies is being driven by a variety of reasons
Jamf Threat Labs identifies macOS Archive Utility vulnerability allowing for Gatekeeper bypass (CVE-2022-32910)
Read how macOS vulnerability in Archive Utility could lead to the execution of an unsigned and unnotarized application without displaying security prompts.
CVE-2022-41352
On September 25, 2022, CVE-2022-41352 was filed for Zimbra Collaboration Suite. The vulnerability is a remote code execution flaw that arises from unsafe usage…
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, GTSC Blue Team experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e., a 0-day vulnerability, thus immediately came up with a temporary containment plan.
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network. The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. As we dug into the issue, we realized this was in fact CVE-2007-4559. The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive. Over the course of our research into the impact of this vulnerability we discovered that hundreds of thousands of repositories were vulnerable to this vulnerability. While the vulnerability was originally only marked as a 6.8, we were able to confirm that in most cases an attacker can gain code execution from the file write.
PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin
Late evening, on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in BackupBuddy, a WordPress plugin we estimate has around 140,000 active installations. This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information. ...Read More
Researchers found one-click exploits in Discord and Teams
A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Spotify and many others
Realtek SDK Vulnerability Exposes Routers From Many Vendors to Remote Attacks
A serious vulnerability affecting the eCos SDK made by Taiwanese semiconductor company Realtek could expose the networking devices of many vendors to remote attacks.
Zimbra Credential Theft Vulnerability Exploited in Attacks
CISA has urged organizations to patch a recent Zimbra credential theft vulnerability after reports of exploitation in the wild.
![[CVE-2022-34918] A crack in the Linux firewall](https://rdl.ink/render/https%3A%2F%2Fwww.randorisec.fr%2Fimg%2Fblog%2Ftux.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
[CVE-2022-34918] A crack in the Linux firewall
In our previous article Yet another bug into Netfilter, I presented a vulnerability found within the netfilter subsystem of the Linux kernel. During my investigation, I found a weird comparison that does not fully protect a copy within a buffer. It led to a heap buffer overflow that was exploited to obtain root privileges on Ubuntu 22.04.