π Friday Five 2/25 π
π Read
via "".
Ransomware hits the industrial sector, behind the scenes of stalkerware network, and more - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 2/25
Ransomware hits the industrial sector, behind the scenes of a stalkerware network, and more - catch up on the infosec news of the week with the Friday Five!
βΌ CVE-2021-38993 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962.π Read
via "National Vulnerability Database".
βοΈ Russia Sanctions May Spark Escalating Cyber Conflict βοΈ
π Read
via "Krebs on Security".
President Biden joined European leaders this week in enacting economic sanctions against Russia in response its military invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russian retaliation against America and its allies, which could escalate into cyber attacks on Western financial institutions and energy infrastructure.π Read
via "Krebs on Security".
Krebsonsecurity
Russia Sanctions May Spark Escalating Cyber Conflict
President Biden joined European leaders this week in enacting economic sanctions against Russia in response its military invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russianβ¦
β Microsoft Exchange Bugs Exploited by βCubaβ Ransomware Gang β
π Read
via "Threat Post".
The ransomware gang known as Cuba is increasingly shifting to exploiting Exchange bugs β including crooks' favorites, ProxyShell and ProxyLogon β as initial infection vectors.π Read
via "Threat Post".
Threat Post
Microsoft Exchange Bugs Exploited by βCubaβ Ransomware Gang
The ransomware gang known as Cuba is increasingly shifting to exploiting Exchange bugs β including crooks' favorites, ProxyShell and ProxyLogon β as initial infection vectors.
π΄ Ukrainian Troops Targeted in Phishing Attacks by Suspected Belarusian APT π΄
π Read
via "Dark Reading".
Ukraine's Computer Emergency Response Team calls out UNIC1151 nation-state hacking group out of Belarus as behind the attacks.π Read
via "Dark Reading".
Dark Reading
Ukrainian Troops Targeted in Phishing Attacks by Suspected Belarusian APT
Ukraine's Computer Emergency Response Team calls out UNIC1151 nation-state hacking group out of Belarus as behind the attacks.
βΌ CVE-2022-25061 βΌ
π Read
via "National Vulnerability Database".
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22489 βΌ
π Read
via "National Vulnerability Database".
There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0615 βΌ
π Read
via "National Vulnerability Database".
Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25264 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22429 βΌ
π Read
via "National Vulnerability Database".
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25019 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38602. Reason: This candidate is a reservation duplicate of CVE-2021-38602. Notes: All CVE users should reference CVE-2021-38602 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42952 βΌ
π Read
via "National Vulnerability Database".
All pervious versions before October 25, 2021 of Zepl Notebooks are affeced by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22426 βΌ
π Read
via "National Vulnerability Database".
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22431 βΌ
π Read
via "National Vulnerability Database".
There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25260 βΌ
π Read
via "National Vulnerability Database".
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).π Read
via "National Vulnerability Database".
βΌ CVE-2021-37027 βΌ
π Read
via "National Vulnerability Database".
There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23985 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22430 βΌ
π Read
via "National Vulnerability Database".
There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44132 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21209 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25062 βΌ
π Read
via "National Vulnerability Database".
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.π Read
via "National Vulnerability Database".