βΌ CVE-2021-39420 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter in search_all.php and the (2) msg parameter in add.attach.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41170 βΌ
π Read
via "National Vulnerability Database".
### Impact Versions prior 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by mistake or maliciously. In theory all users of the package are affected as long as they either deal with direct user input or database values. A multi-step attack on is therefore plausible. ### Patches Version 1.1.1 has addressed this vulnerability. ```php $params = [ 'reverse' => fn($input) => strrev($input), // <-- no longer possible with version ~1.1.1 'value' => 'My website' ] TemplateFunctions::registerClosure('reverse', fn($input) => strrev($input)); // <-- still possible (and nicely isolated) Template::embrace('<h1>{{reverse(value)}}</h1>', $params); ``` ### Workarounds Unfortunately only working with hardcoded values is safe in prior versions. As this likely defeats the purpose of a template engine, please upgrade. ### References As a possible exploit is relatively easy to achieve, I will not share steps to reproduce the issue for now. ### For more information If you have any questions or comments about this advisory: * Open an issue in [our repo](https://github.com/sroehrl/neoan3-template)π Read
via "National Vulnerability Database".
π΄ What Security Strategies Are Driving InfoSec's Decisions Around Defense? π΄
π Read
via "Dark Reading".
The data shows security leaders are focusing on multilayered defenses, including multifactor authentication, threat intelligence, and incident response.π Read
via "Dark Reading".
Dark Reading
What Security Strategies Are Driving InfoSec's Decisions Around Defense?
The data shows security leaders are focusing on multilayered defenses, including multifactor authentication, threat intelligence, and incident response.
β Kaseya ransomware suspect nabbed in Poland, $6m seized from absent colleague β
π Read
via "Naked Security".
Suspects nabbed, millions seized, in ransomware busts across the globe.π Read
via "Naked Security".
Naked Security
Kaseya ransomware suspect nabbed in Poland, $6m seized from absent colleague
Suspects nabbed, millions seized, in ransomware busts across the globe.
π¦Ώ Europol arrests three suspects possibly involved in major ransomware activities π¦Ώ
π Read
via "Tech Republic".
Europol announced new arrests during its "Operation GoldDust." The suspects may have been heavily involved in the Sodinokibi/REvil and GandCrab ransomware activities.π Read
via "Tech Republic".
TechRepublic
Europol arrests three suspects possibly involved in major ransomware activities
Europol announced new arrests during its "Operation GoldDust." The suspects may have been heavily involved in the Sodinokibi/REvil and GandCrab ransomware activities.
βΌ CVE-2021-41253 βΌ
π Read
via "National Vulnerability Database".
Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap buffer overflows. Older versions of Zydis failed to properly initialize the string object within the formatter buffer, forgetting to initialize a few fields, leaving their value to chance. This could then in turn cause zycore functions like `ZyanStringAppend` to make incorrect calculations for the new target size, resulting in heap memory corruption. This does not affect the regular uncustomized Zydis formatter, because Zydis internally doesn't use the string functions in zycore that act upon these fields. However, because the zycore string functions are the intended way to work with the formatter buffer for users of the library that wish to extend the formatter, we still consider this to be a vulnerability in Zydis. This bug is patched starting in version 3.2.1. As a workaround, users may refrain from using zycore string functions in their formatter hooks until updating to a patched version.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23572 βΌ
π Read
via "National Vulnerability Database".
BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40260 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester Tailor Management 1.0 via the (1) eid parameter in (a) partedit.php and (b) customeredit.php, the (2) id parameter in (a) editmeasurement.php and (b) addpayment.php, and the (3) error parameter in index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40261 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php, the (3) firstname, (4) class, and (5) status parameters in student_table.php, the (6) category and (7) class_name parameters in add_class1.php, the (8) fname, (9) mname,(10) lname, (11) address, (12) class, (13) gfname, (14) gmname, (15) glname, (16) rship, (17) status, (18) transport, and (19) route parameters in add_student.php, the (20) fname, (21) mname, (22) lname, (23) address, (24) class, (25) fgname, (26) gmname, (27) glname, (28) rship, (29) status, (30) transport, and (31) route parameters in save_stud.php,the (32) status, (33) fname, and (34) lname parameters in add_user.php, the (35) username, (36) firstname, and (37) status parameters in users.php, the (38) fname, (39) lname, and (40) status parameters in save_user.php, and the (41) activity_log, (42) aprjun, (43) class, (44) janmar, (45) Julsep,(46) octdec, (47) Students and (48) users parameters in table_name.π Read
via "National Vulnerability Database".
π΄ US Charges Ukrainian National for Kaseya Ransomware Attack π΄
π Read
via "Dark Reading".
Yaroslav Vasinskyi is one of seven individuals believed to be responsible for deploying REvil ransomware in attacks against 5,000 organizations.π Read
via "Dark Reading".
Dark Reading
US Charges Ukrainian National for Kaseya Ransomware Attack
Yaroslav Vasinskyi is one of seven individuals believed to be responsible for deploying REvil ransomware in attacks against 5,000 organizations.
π΄ UL Launches SafeCyber Platform to Secure IoT π΄
π Read
via "Dark Reading".
ULβs SafeCyber will allow organizations to manage cybersecurity governance and processes as well as speed up time spent on firmware development.π Read
via "Dark Reading".
Dark Reading
UL Launches SafeCyber Platform to Secure IoT
ULβs SafeCyber will allow organizations to manage cybersecurity governance and processes as well as speed up time spent on firmware development.
β REvil Affiliates Arrested; DOJ Seizes $6.1M in Ransom β
π Read
via "Threat Post".
The U.S. is seeking the extradition of a Ukrainian man, Yaroslav Vasinskyi, whom they suspect is behind the Kaseya supply-chain attacks and other REvil attacks.π Read
via "Threat Post".
Threat Post
REvil Affiliates Arrested; DOJ Seizes $6.1M in Ransom
International law enforcement is squeezing REvil affiliates out of hiding, but the underground is shrugging it off: They know that Russia wonβt touch a hair on the heads of the Russian ransomware operators, experts say. On Monday, Europol announced the arrestβ¦
βοΈ REvil Ransom Arrest, $6M Seizure, and $10M Reward βοΈ
π Read
via "Krebs on Security".
The U.S. Department of Justice said today it arrested a Ukrainian man who deployed ransomware on behalf of the REvil ransomware gang, a Russian cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 million in cryptocurrency sent to another REvil affiliate, and that the State Department is now offering up to $10 million for information leading to the arrest of any key leaders of REvil.π Read
via "Krebs on Security".
Krebsonsecurity
REvil Ransom Arrest, $6M Seizure, and $10M Reward
The U.S. Department of Justice said today it arrested a Ukrainian man who deployed ransomware on behalf of the REvil ransomware gang, a Russian cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said itβ¦
β Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more! β
π Read
via "Naked Security".
The crooks have shown that they're willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.π Read
via "Naked Security".
Naked Security
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
The crooks have shown that theyβre willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.
βΌ CVE-2021-40359 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40366 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31884 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The DHCP client application assumes that the data supplied with the Γ’β¬ΕHostnameΓ’β¬οΏ½ DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)π Read
via "National Vulnerability Database".
βΌ CVE-2021-42025 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow authenticated attackers to manipulate the content of System.FileDocument objects in some cases, regardless whether they have write access to it.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31888 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the Γ’β¬ΕMKD/XMKDΓ’β¬οΏ½ command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)π Read
via "National Vulnerability Database".
βΌ CVE-2021-42021 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the applicationΓ’β¬β’s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40358 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files.π Read
via "National Vulnerability Database".