π New Bill Would Empower ITC to Protect US IP Owners π
π Read
via "".
If passed, a new bill would strengthen the International Trade Commissionβs ability to fight back against trade secret misappropriation.π Read
via "".
Digital Guardian
New Bill Would Empower ITC to Protect US IP Owners
If passed, a new bill would strengthen the International Trade Commissionβs ability to fight back against trade secret misappropriation.
π΄ Law Enforcement Agencies Seize $375K in Ukraine Ransomware Bust π΄
π Read
via "Dark Reading".
A coordinated effort by law enforcement agencies is viewed as a good sign, but security analysts fear this is just the tip of the iceberg.π Read
via "Dark Reading".
Dark Reading
Law Enforcement Agencies Seize $375K in Ukraine Ransomware Bust
A coordinated effort by law enforcement agencies is viewed as a good sign, but security analysts fear this is just the tip of the iceberg.
π΄ New Atom Silo Ransomware Group Targets Confluence Servers π΄
π Read
via "Dark Reading".
An attack that took place over two days used a recently disclosed vulnerability in Atlassian's Confluence collaboration software.π Read
via "Dark Reading".
Dark Reading
New Atom Silo Ransomware Group Targets Confluence Servers
An attack that took place over two days used a recently disclosed vulnerability in Atlassian's Confluence collaboration software.
βΌ CVE-2021-32672 βΌ
π Read
via "National Vulnerability Database".
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debuggerΓ’β¬β’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41579 βΌ
π Read
via "National Vulnerability Database".
LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32675 βΌ
π Read
via "National Vulnerability Database".
Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38392 βΌ
π Read
via "National Vulnerability Database".
A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41651 βΌ
π Read
via "National Vulnerability Database".
A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32687 βΌ
π Read
via "National Vulnerability Database".
Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39347 βΌ
π Read
via "National Vulnerability Database".
The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases with their payment accounts. This affects versions 3.0.0 - 3.3.9.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41099 βΌ
π Read
via "National Vulnerability Database".
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38400 βΌ
π Read
via "National Vulnerability Database".
An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41578 βΌ
π Read
via "National Vulnerability Database".
mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This would typically lead to code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38396 βΌ
π Read
via "National Vulnerability Database".
The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32628 βΌ
π Read
via "National Vulnerability Database".
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41118 βΌ
π Read
via "National Vulnerability Database".
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings['functionalRichness'] = 0;` or disable DynamicPageList3 to mitigate.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32626 βΌ
π Read
via "National Vulnerability Database".
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32762 βΌ
π Read
via "National Vulnerability Database".
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41100 βΌ
π Read
via "National Vulnerability Database".
Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as means of authentication by the client for less critical requests to the backend, the ability to change the email address with a short-lived token constitutes a privilege escalation attack. Since the attacker can change the password after setting the email address to one that they control, changing the email address can result in an account takeover by the attacker. Short-lived tokens can be requested from the backend by Wire clients using the long lived tokens, after which the long lived tokens can be stored securely, for example on the devices key chain. The short lived tokens can then be used to authenticate the client towards the backend for frequently performed actions such as sending and receiving messages. While short-lived tokens should not be available to an attacker per-se, they are used more often and in the shape of an HTTP header, increasing the risk of exposure to an attacker relative to the long-lived tokens, which are stored and transmitted in cookies. If you are running an on-prem instance and provision all users with SCIM, you are not affected by this issue (changing email is blocked for SCIM users). SAML single-sign-on is unaffected by this issue, and behaves identically before and after this update. The reason is that the email address used as SAML NameID is stored in a different location in the databse from the one used to contact the user outside wire. Version 2021-08-16 and later provide a new end-point that requires both the long-lived client cookie and `Authorization` header. The old end-point has been removed. If you are running an on-prem instance with at least some of the users invited or provisioned via SAML SSO and you cannot update then you can block `/self/email` on nginz (or in any other proxies or firewalls you may have set up). You don't need to discriminate by verb: `/self/email` only accepts `PUT` and `DELETE`, and `DELETE` is almost never used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23857 βΌ
π Read
via "National Vulnerability Database".
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38394 βΌ
π Read
via "National Vulnerability Database".
An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted.π Read
via "National Vulnerability Database".