π’ REvil ransomware group's infrastructure comes back online hinting at fresh campaign π’
π Read
via "ITPro".
The ransomware gang's old deep web infrastructure is now redirecting to a new website with new victimsπ Read
via "ITPro".
IT PRO
REvil ransomware group's infrastructure comes back online hinting at fresh campaign | IT PRO
The ransomware gang's old deep web infrastructure is now redirecting to a new website with new victims
π’ Exclusive: Former Shiseido staff say company was aware of data breach weeks before official notice π’
π Read
via "ITPro".
Fake companies were created using the stolen identities of hundreds of Shiseido employees, former staff claimπ Read
via "ITPro".
IT PRO
Exclusive: Former Shiseido staff say company was aware of data breach weeks before official notice | IT PRO
Fake companies were created using the stolen identities of hundreds of Shiseido employees, former staff claim
π’ Report: UK businesses are less secure when using police-endorsed cyber security tool π’
π Read
via "ITPro".
The cyber security researcher found the developer of the free software to be "incompetent" and the myriad flaws in the cyber crime-fighting monitoring tool left businesses more at risk of cyber attacksπ Read
via "ITPro".
IT PRO
Report: UK businesses are less secure when using police-endorsed cyber security tool | IT PRO
The cyber security researcher found the developer of the free software to be "incompetent" and the myriad flaws in the cyber crime-fighting monitoring tool left businesses more at risk of cyber attacks
π’ Microsoft announces lucrative new bug bounty awards for M365 products and services π’
π Read
via "ITPro".
The new awards will focus on scenario-based weaknesses and offer bonuses of up to 30% for the most severe bugsπ Read
via "ITPro".
ITPro
Microsoft announces lucrative new bug bounty awards for M365 products and services
The new awards will focus on scenario-based weaknesses and offer bonuses of up to 30% for the most severe bugs
π’ Tech leaders share how to break into the tech industry π’
π Read
via "ITPro".
βYou have to feel like a true member of the IT world before you actually become a member"π Read
via "ITPro".
IT PRO
Tech leaders share how to break into the tech industry | IT PRO
βYou have to feel like a true member of the IT world before you actually become a member"
π’ Funky Pigeon site offline after "cyber incident" π’
π Read
via "ITPro".
The WH Smith-owned card site has reported the breach to "the relevant regulators"π Read
via "ITPro".
IT PRO
Funky Pigeon site offline after "cyber incident" | IT PRO
The WH Smith-owned card site has reported the breach to "the relevant regulators"
π’ Encryption battle plays out in Australian Parliament π’
π Read
via "ITPro".
The opposition said that the government is βaddicted to secrecyβπ Read
via "ITPro".
IT PRO
Encryption battle plays out in Australian Parliament | IT PRO
The opposition said that the government is βaddicted to secrecyβ
βΌ CVE-2022-24902 βΌ
π Read
via "National Vulnerability Database".
TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There are no known workarounds. This issue has been patched and users are advised to upgrade to version 2.0.0 or later.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29171 βΌ
π Read
via "National Vulnerability Database".
Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a `callsignCommand`, which is used to obtain the Phabricator metadata for a Gitolite repository. An administrator who is able to edit or add a Gitolite code host and has administrative access to SourcegraphΓ’β¬β’s bundled Grafana instance can change this command arbitrarily and run it remotely. This grants direct access to the infrastructure underlying the Sourcegraph installation. The attack requires: site-admin privileges on the instance of Sourcegraph, Administrative privileges on the bundled Grafana monitoring instance, Knowledge of the gitserver IP address or DNS name (if running in Kubernetes). This can be found through Grafana. The issue is patched in version 3.38.0. You may disable Gitolite code hosts. We still highly encourage upgrading regardless of workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24903 βΌ
π Read
via "National Vulnerability Database".
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24817 βΌ
π Read
via "National Vulnerability Database".
Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also lead to privilege escalation if the controller's service account has elevated permissions. Workarounds include disabling functionality via Validating Admission webhooks by restricting users from setting the `spec.kubeConfig` field in Flux `Kustomization` and `HelmRelease` objects. Additional mitigations include applying restrictive AppArmor and SELinux profiles on the controllerΓ’β¬β’s pod to limit what binaries can be executed. This vulnerability is fixed in kustomize-controller v0.23.0 and helm-controller v0.19.0, both included in flux2 v0.29.0π Read
via "National Vulnerability Database".
βΌ CVE-2022-24899 βΌ
π Read
via "National Vulnerability Database".
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29164 βΌ
π Read
via "National Vulnerability Database".
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running. As the script has access to the Argo Server API (as the victim), so may read information about the victimΓ’β¬β’s workflows, or create and delete workflows. Note the attacker must be an insider: they must have access to the same cluster as the victim and must already be able to run their own workflows. The attacker must have an understanding of the victimΓ’β¬β’s system. We have seen no evidence of this in the wild. We urge all users to upgrade to the fixed versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24878 βΌ
π Read
via "National Vulnerability Database".
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0. Users are recommended to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24877 βΌ
π Read
via "National Vulnerability Database".
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to expose sensitive data from the controllerΓΒ’Γ’β¬ÒβΒ’s pod filesystem and possibly privilege escalation in multi-tenancy deployments. Workarounds include automated tooling in the user's CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-25745 βΌ
π Read
via "National Vulnerability Database".
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25746 βΌ
π Read
via "National Vulnerability Database".
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24884 βΌ
π Read
via "National Vulnerability Database".
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29161 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrators are advised to upgrade their XWiki installation to one of the patched versions. If the upgrade is not possible, it is possible to patch the module xwiki-platform-crypto in a local installation by applying the change exposed in 26728f3 and re-compiling the module.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30294 βΌ
π Read
via "National Vulnerability Database".
In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-free in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30295 βΌ
π Read
via "National Vulnerability Database".
uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2.π Read
via "National Vulnerability Database".