Found 324 bookmarks
Custom sorting
SHA-3 Buffer Overflow
SHA-3 Buffer Overflow
Over the past few months, I’ve been coordinating the disclosure of a new vulnerability that I’ve found. Today is the disclosure date, so I am excited that I can finally talk about what I’ve been working on! The vulnerability has been assigned CVE-2022-37454 and bug reports are available for Python, PHP, PyPy, SHA3 for Ruby, and XKCP.
#mouha.be#EN#2022#CVE-2022-37454#SHA-3#Buffer-Overflow#vulnerability#XKCP
·mouha.be·
SHA-3 Buffer Overflow
Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability
Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability
n April, VMware patched a vulnerability CVE-2022-22954. It causes server-side template injection because of the lack of sanitization on parameters “deviceUdid” and “devicetype”. It allows attackers to inject a payload and achieve remote code execution on VMware Workspace ONE Access and Identity Manager. FortiGuard Labs published Threat Signal Report about it and also developed IPS signature in April.
#fortinet#EN#2022#VMware#CVE-2022-22954#vulnerability#Campaigns#deviceUdid#devicetype
·fortinet.com·
Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability
Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
Command & Control (C2) frameworks are a very sensitive component of Red Team operations. Often, a Red Team will be in a highly privileged position on a target’s network, and a compromise of the C2 framework could lead to a compromise of both the red team operator’s system and control over beacons established on a target’s systems. As such, vulnerabilities in C2 frameworks are high priority targets for threat actors and Counterintelligence (CI) operations. On September 20, 2022, HelpSystems published an out-of-band patch for Cobalt Strike which stated that there was potential for Remote Code Execution (RCE).
#securityintelligence#EN#2022#RCE#Cobalt-Strike#HelpSystems#Vulnerability#Analysis
·securityintelligence.com·
Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, GTSC Blue Team experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e., a 0-day vulnerability, thus immediately came up with a temporary containment plan.
#gteltsc.vn#EN#2022#Microsoft-Exchange#Exchange#0-day#RCE#vulnerability#campaign#IoCs
·gteltsc.vn·
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network. The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.
#Microsoft#EN#2022#CVE-2022-37972#Endpoint-Configuration-Manager#patch#vulnerability
·securityweek.com·
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. As we dug into the issue, we realized this was in fact CVE-2007-4559. The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive. Over the course of our research into the impact of this vulnerability we discovered that hundreds of thousands of repositories were vulnerable to this vulnerability. While the vulnerability was originally only marked as a 6.8, we were able to confirm that in most cases an attacker can gain code execution from the file write.
#trellix#EN#2022#CVE-2007-4559#tarfile#Python#vulnerability
·trellix.com·
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin
PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin
Late evening, on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in BackupBuddy, a WordPress plugin we estimate has around 140,000 active installations. This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information. ...Read More
#wordfence#EN#2022#Wordpress#vulnerability#0-day#BackupBuddy#plugin
·wordfence.com·
PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin
CVE-2022-35650 Analysis
CVE-2022-35650 Analysis
CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
#Anna#0x1337#CVE-2022-35650#Analysis#Moodle#vulnerability#PHP
·0x1337.ninja·
CVE-2022-35650 Analysis
[CVE-2022-34918] A crack in the Linux firewall
[CVE-2022-34918] A crack in the Linux firewall
In our previous article Yet another bug into Netfilter, I presented a vulnerability found within the netfilter subsystem of the Linux kernel. During my investigation, I found a weird comparison that does not fully protect a copy within a buffer. It led to a heap buffer overflow that was exploited to obtain root privileges on Ubuntu 22.04.
#randorisec#EN#2022#CVE-2022-34918#Linux#netfilter#Vulnerability#analysis
·randorisec.fr·
[CVE-2022-34918] A crack in the Linux firewall
Retbleed – serious vulnerability discovered in microprocessors
Retbleed – serious vulnerability discovered in microprocessors
12.07.2022 - Security researchers from the ETH Zürich have discovered a serious security vulnerability in Intel and AMD microprocessors. The vulnerability, called Retbleed, potentially allows an attacker to access any memory area. Initial countermeasures have already been defined. The NCSC has assigned the internationally valid CVE identifiers for the vulnerability of both manufacturers.
#NCSC#EN#2022#retbleed#Vulnerability#CVE-2022-29900#CVE-2022-29901
·ncsc.admin.ch·
Retbleed – serious vulnerability discovered in microprocessors
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
This blog post describes an unchecked return value vulnerability found and exploited in September 2021 by Alex Plaskett, Cedric Halbronn and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group. We successfully exploited it at Pwn2Own 2021 competition in November 2021 when targeting the Western Digital PR4100.
#CVE-2022-23121#nccgroup#EN#2022#Netatalk#WesternDigital#vulnerability#AppleDouble
·research.nccgroup.com·
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
Vulnerability Analysis - CVE-2022-1388
Vulnerability Analysis - CVE-2022-1388
CVE-2022-1388 is a critical vulnerability (CVSS 9.8) in the management interface of F5 Networks’ BIG-IP solution that enables an unauthenticated attacker to gain remote code execution on the system through bypassing F5’s iControl REST authentication. The vulnerability was first discovered by F5’s internal product security team and disclosed publicly on May 4, 2022.
#CVE-2022-1388#randori#EN#2022#critical#vulnerability#F5#BIG-IP#RCE
·randori.com·
Vulnerability Analysis - CVE-2022-1388
Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). - GitHub - Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
#GitHub#EN#2022#no-fix#vulnerability#Windows#LDAP#domain#signing#KrbRelayUp#privilege#escalation
·github.com·
Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impact on vulnerable devices by deploying payloads and performing other malicious actions via arbitrary root code execution.
#Nimbuspwn#microsoft#EN#2022#CVE-2022-29799#CVE-2022-29800#vulnerability#Linux#D-Bus#TOCTOU#networkd-dispatcher
·microsoft.com·
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn