π΄ FIN7 Morphs into a Broader, More Dangerous Cybercrime Group π΄
π Read
via "Dark Reading".
Mandiant has now tied the group to at least eight unattributed clusters of activity targeting organizations across various industries and regions.π Read
via "Dark Reading".
Dark Reading
FIN7 Morphs into a Broader, More Dangerous Cybercrime Group
Mandiant has now tied the group to at least eight unattributed clusters of activity targeting organizations across various industries and regions.
βΌ CVE-2022-26358 βΌ
π Read
via "National Vulnerability Database".
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26360 βΌ
π Read
via "National Vulnerability Database".
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26361 βΌ
π Read
via "National Vulnerability Database".
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26359 βΌ
π Read
via "National Vulnerability Database".
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26357 βΌ
π Read
via "National Vulnerability Database".
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26356 βΌ
π Read
via "National Vulnerability Database".
Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak.π Read
via "National Vulnerability Database".
ποΈ Trend Micro warns of active attacks against Apex Central console ποΈ
π Read
via "The Daily Swig".
Scramble to patch security dashboardπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Trend Micro warns of active attacks against Apex Central console
Scramble to patch security dashboard
β Googleβs monthly Android updates patch numerous βget rootβ holes β
π Read
via "Naked Security".
Get the update now... if it's available for your phone. Here's how to check.π Read
via "Naked Security".
Naked Security
Googleβs monthly Android updates patch numerous βget rootβ holes
Get the update nowβ¦ if itβs available for your phone. Hereβs how to check.
ποΈ US government launches Bureau of Cyberspace and Digital Policy to enhance cybersecurity across nation ποΈ
π Read
via "The Daily Swig".
Department will be tasked with addressing the security challenges and opportunities associated with cyberspaceπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US government launches Bureau of Cyberspace and Digital Policy to enhance cybersecurity across nation
Department will be tasked with addressing the security challenges and opportunities associated with cyberspace
β Firefox 99 is out β no major bugs, but update anyway! β
π Read
via "Naked Security".
Firefox's four-weekly updates just dropped - here's what you need to know.π Read
via "Naked Security".
Naked Security
Firefox 99 is out β no major bugs, but update anyway!
Firefoxβs four-weekly updates just dropped β hereβs what you need to know.
βΌ CVE-2022-26982 βΌ
π Read
via "National Vulnerability Database".
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26986 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41245 βΌ
π Read
via "National Vulnerability Database".
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop config file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1243 βΌ
π Read
via "National Vulnerability Database".
CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11.π Read
via "National Vulnerability Database".
π΄ What We Can Learn From Lapsus$ Techniques π΄
π Read
via "Dark Reading".
The group is targeting the biggest weak spot in most security postures: finding anomalous behavior by authorized entities.π Read
via "Dark Reading".
Dark Reading
What We Can Learn From Lapsus$ Techniques
The group is targeting the biggest weak spot in most security postures: finding anomalous behavior by authorized entities.
π΄ Name That Edge Toon: In Deep Water π΄
π Read
via "Dark Reading".
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Edge Toon: In Deep Water
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
π΄ How IP Data Can Help Security Professionals Protect Their Networks π΄
π Read
via "Dark Reading".
Beefing up security requires a combination of forensic efforts and proactive mitigation. IP context aids both.π Read
via "Dark Reading".
Dark Reading
How IP Data Can Help Security Professionals Protect Their Networks
Beefing up security requires a combination of forensic efforts and proactive mitigation. IP context aids both.
β Authorities Fully Behead Hydra Dark Marketplace β
π Read
via "Threat Post".
The popular underground market traded in drugs, stolen data, forged documents and more -- raking in billions in Bitcoin.π Read
via "Threat Post".
Threat Post
Authorities Fully Behead Hydra Dark Marketplace
The popular underground market traded in drugs, stolen data, forged documents and more β raking in billions in Bitcoin.
βΌ CVE-2020-23349 βΌ
π Read
via "National Vulnerability Database".
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28847 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.π Read
via "National Vulnerability Database".