βΌ CVE-2021-34855 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13592.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34856 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13581.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41176 βΌ
π Read
via "National Vulnerability Database".
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. **No user details are leaked, nor is any user data affected, this is simply an annoyance at worst.** This is fixed in version 1.6.3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34861 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12104.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34862 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13270.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34857 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13601.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21319 βΌ
π Read
via "National Vulnerability Database".
Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34864 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the WinAppHelper component. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13543.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34859 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13697.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34860 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the getpage parameter provided to the webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-12103.π Read
via "National Vulnerability Database".
βοΈ Conti Ransom Gang Starts Selling Access to Victims βοΈ
π Read
via "Krebs on Security".
The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti's malware who refuse to negotiate a ransom payment are added to Conti's victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked.π Read
via "Krebs on Security".
Krebsonsecurity
Conti Ransom Gang Starts Selling Access to Victims
The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti's malware who refuse to negotiate a ransom payment are added to Conti's victim shaming blog, where confidential files stolen fromβ¦
βΌ CVE-2021-39220 βΌ
π Read
via "National Vulnerability Database".
Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39221 βΌ
π Read
via "National Vulnerability Database".
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Contacts application is upgraded to 4.0.3. As a workaround, one may use a browser that has support for Content-Security-Policy.π Read
via "National Vulnerability Database".
β BillQuick Billing App Rigged to Inflict Ransomware β
π Read
via "Threat Post".
A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, itβs also let malicious actors remotely execute code and deploy ransomware.π Read
via "Threat Post".
Threat Post
BQE Web Suite Billing App Rigged to Inflict Ransomware
An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, itβs also let malicious actors execute code and deploy ransomware.
β Groove Calls for Cyberattacks on US as REvil Payback β
π Read
via "Threat Post".
The bold move signals a looming clash between Russian ransomware groups and the U.S.π Read
via "Threat Post".
Threat Post
Groove Calls for Cyberattacks on US as REvil Payback
Bold move signals looming clash between Russian ransomware groups and the U.S.
π΄ Who's In Your Wallet? Exploring Mobile Wallet Security π΄
π Read
via "Dark Reading".
Security flaws in contactless payments for transportation systems could lead to fraud for stolen devices, researchers find.π Read
via "Dark Reading".
Dark Reading
Who's In Your Wallet? Exploring Mobile Wallet Security
Security flaws in contactless payments for transportation systems could lead to fraud for stolen devices, researchers find.
π΄ Industrial Goods & Services Tops Ransomware Targets in 2021 π΄
π Read
via "Dark Reading".
While the industrial goods and services sector saw a decline in attacks during the third quarter, it remains the most targeted sector for ransomware this year.π Read
via "Dark Reading".
Dark Reading
Industrial Goods & Services Tops Ransomware Targets in 2021
While the industrial goods and services sector saw a decline in attacks during the third quarter, it remains the most targeted sector for ransomware this year.
β Defending Assets You Donβt Know About Against Cyberattacks β
π Read
via "Threat Post".
No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David βmooseβ Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality.π Read
via "Threat Post".
Threat Post
Defending Assets You Donβt Know About, Against Cyberattacks
No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David βmooseβ Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality.
π΄ SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat π΄
π Read
via "Dark Reading".
Microsoft says the group has attacked more than 140 service providers, and compromised 14 of them, between May and October of this year.π Read
via "Dark Reading".
Dark Reading
SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat
Microsoft says the group has attacked more than 140 service providers and compromised 14 of them between May and October of this year.
βΌ CVE-2021-41177 βΌ
π Read
via "National Vulnerability Database".
Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or `UserRateThrottle`) was thus not rate limited on instances not having a memory cache backend configured. In the case of a default installation, this would notably include the rate-limits on the two factor codes. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 22.2.0. As a workaround, enable a memory cache backend in `config.php`.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41179 βΌ
π Read
via "National Vulnerability Database".
Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn't enforced for pages marked as public. Any page marked as `@PublicPage` could thus be accessed with a valid user session that isn't authenticated. This particularly affects the Nextcloud Talk application, as this could be leveraged to gain access to any private chat channel without going through the Two-Factor flow. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading.π Read
via "National Vulnerability Database".