β Cybersecurity awareness month: Fight the phish! β
π Read
via "Naked Security".
Phishing crooks get to try over and over again. But you only have to make one mistake...π Read
via "Naked Security".
Naked Security
Cybersecurity Awareness Month: Fight the phish!
Phishing crooks get to try over and over again. But you only need to make one mistakeβ¦
ποΈ Ransomware forensics research reveals cybercrime tradecraft secrets ποΈ
π Read
via "The Daily Swig".
Resident REvilπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ransomware forensics research reveals cybercrime tradecraft secrets
Resident REvil
π΄ IDrive Remote Desktop Offers Protection from RDP Cyberattacks and Vulnerabilities π΄
π Read
via "Dark Reading".
Remote Desktop aims to solve vulnerability issues with RDP by implementing robust access and security controls.π Read
via "Dark Reading".
Dark Reading
IDrive Remote Desktop Offers Protection from RDP Cyberattacks and Vulnerabilities
Remote Desktop aims to solve vulnerability issues with RDP by implementing robust access and security controls.
π΄ Forcepoint to Acquire Bitglass π΄
π Read
via "Dark Reading".
Deal will merge Bitglass's security service edge technology with Forcepointβs SASE architecture.π Read
via "Dark Reading".
Dark Reading
Forcepoint to Acquire Bitglass
Deal will merge Bitglass's security service edge technology with Forcepointβs SASE architecture.
βΌ CVE-2021-40541 βΌ
π Read
via "National Vulnerability Database".
PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40191 βΌ
π Read
via "National Vulnerability Database".
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0583 βΌ
π Read
via "National Vulnerability Database".
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-182282956π Read
via "National Vulnerability Database".
βΌ CVE-2021-27002 βΌ
π Read
via "National Vulnerability Database".
NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32028 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27664 βΌ
π Read
via "National Vulnerability Database".
Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20121 βΌ
π Read
via "National Vulnerability Database".
The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and making a series of crafted requests to the device's web interface.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22263 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25633 βΌ
π Read
via "National Vulnerability Database".
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20122 βΌ
π Read
via "National Vulnerability Database".
The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain a shell as root on the target device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39317 βΌ
π Read
via "National Vulnerability Database".
Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable to arbitrary file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the ~/inc/demo-functions.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26588 βΌ
π Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37123 βΌ
π Read
via "National Vulnerability Database".
There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do certain operations which the user are supposed not to do.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41117 βΌ
π Read
via "National Vulnerability Database".
keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This would mean that the library is generating identical P, Q (and thus N) values which, in practical terms, is impossible with RSA-2048 keys. Generating identical values, repeatedly, usually indicates an issue with poor random number generation, or, poor handling of CSPRNG output. Issue 1: Poor random number generation (`GHSL-2021-1012`). The library does not rely entirely on a platform provided CSPRNG, rather, it uses it's own counter-based CMAC approach. Where things go wrong is seeding the CMAC implementation with "true" random data in the function `defaultSeedFile`. In order to seed the AES-CMAC generator, the library will take two different approaches depending on the JavaScript execution environment. In a browser, the library will use [`window.crypto.getRandomValues()`](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L971). However, in a nodeJS execution environment, the `window` object is not defined, so it goes down a much less secure solution, also of which has a bug in it. It does look like the library tries to use node's CSPRNG when possible unfortunately, it looks like the `crypto` object is null because a variable was declared with the same name, and set to `null`. So the node CSPRNG path is never taken. However, when `window.crypto.getRandomValues()` is not available, a Lehmer LCG random number generator is used to seed the CMAC counter, and the LCG is seeded with `Math.random`. While this is poor and would likely qualify in a security bug in itself, it does not explain the extreme frequency in which duplicate keys occur. The main flaw: The output from the Lehmer LCG is encoded incorrectly. The specific [line][https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L1008] with the flaw is: `b.putByte(String.fromCharCode(next & 0xFF))` The [definition](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L350-L352) of `putByte` is `util.ByteBuffer.prototype.putByte = function(b) {this.data += String.fromCharCode(b);};`. Simplified, this is `String.fromCharCode(String.fromCharCode(next & 0xFF))`. The double `String.fromCharCode` is almost certainly unintentional and the source of weak seeding. Unfortunately, this does not result in an error. Rather, it results most of the buffer containing zeros. Since we are masking with 0xFF, we can determine that 97% of the output from the LCG are converted to zeros. The only outputs that result in meaningful values are outputs 48 through 57, inclusive. The impact is that each byte in the RNG seed has a 97% chance of being 0 due to incorrect conversion. When it is not, the bytes are 0 through 9. In summary, there are three immediate concerns: 1. The library has an insecure random number fallback path. Ideally the library would require a strong CSPRNG instead of attempting to use a LCG and `Math.random`. 2. The library does not correctly use a strong random number generator when run in NodeJS, even though a strong CSPRNG is available. 3. The fallback path has an issue in the implementation where a majority of the seed data is going to effectively be zero. Due to the poor random number generation, keypair generates RSA keys that are relatively easy to guess. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27665 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.π Read
via "National Vulnerability Database".
π΄ Handling Threat Intelligence Across Billions of Data Points π΄
π Read
via "Dark Reading".
Graph databases can play a role in threat intelligence and unraveling sprawling data.π Read
via "Dark Reading".
Dark Reading
Handling Threat Intelligence Across Billions of Data Points
Graph databases can play a role in threat intelligence and unraveling sprawling data.
βΌ CVE-2021-25738 βΌ
π Read
via "National Vulnerability Database".
Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.π Read
via "National Vulnerability Database".