🔏 North Korean Attackers Targeting Healthcare Orgs with Maui Ransomware 🔏
📖 Read
via "".
A new Cybersecurity Advisory via the FBI, CISA, and the U.S. Treasury says cyber actors with the DPRK have been using the ransomware since May 2021.📖 Read
via "".
‼ CVE-2022-31127 ‼
📖 Read
via "National Vulnerability Database".
NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail [signin endpoint](https://next-auth.js.org/getting-started/rest-api#post-apiauthsigninprovider) that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.: `balazs@email.com, <a href="http://attacker.com">Before signing in, claim your money!</a>`. This was previously sent to `balazs@email.com`, and the content of the email containing a link to the attacker's site was rendered in the HTML. This has been remedied in the following releases, by simply not rendering that e-mail in the HTML, since it should be obvious to the receiver what e-mail they used: next-auth v3 users before version 3.29.8 are impacted. (We recommend upgrading to v4, as v3 is considered unmaintained. next-auth v4 users before version 4.9.0 are impacted. If for some reason you cannot upgrade, the workaround requires you to sanitize the `email` parameter that is passed to `sendVerificationRequest` and rendered in the HTML. If you haven't created a custom `sendVerificationRequest`, you only need to upgrade. Otherwise, make sure to either exclude `email` from the HTML body or efficiently sanitize it.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31126 ‼
📖 Read
via "National Vulnerability Database".
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31125 ‼
📖 Read
via "National Vulnerability Database".
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33047 ‼
📖 Read
via "National Vulnerability Database".
OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31111 ‼
📖 Read
via "National Vulnerability Database".
Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value transferred. It is recommended that an emergency upgrade to be planned and EVM execution temporarily paused in the mean time. The issue is patched in Frontier master branch commit fed5e0a9577c10bea021721e8c2c5c378e16bf66 and polkadot-v0.9.22 branch commit e3e427fa2e5d1200a784679f8015d4774cedc934. This vulnerability affects only EVM internal states, but not Substrate balance states or node. You can temporarily pause EVM execution (by setting up a Substrate `CallFilter` that disables `pallet-evm` and `pallet-ethereum` calls before the patch can be applied.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2316 ‼
📖 Read
via "National Vulnerability Database".
HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2318 ‼
📖 Read
via "National Vulnerability Database".
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31124 ‼
📖 Read
via "National Vulnerability Database".
openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key's sensitive field can thus expose the raw value of that field. Users are advised to upgrade to version 0.0.6, which no longer includes the raw field value in the error message. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31129 ‼
📖 Read
via "National Vulnerability Database".
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31131 ‼
📖 Read
via "National Vulnerability Database".
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended that the Nextcloud Mail app is upgraded to 1.12.2. There are no known workarounds for this issue. ### Workarounds No workaround available ### References * [Pull request](https://github.com/nextcloud/mail/pull/6600) * [HackerOne](https://hackerone.com/reports/1579820) ### For more information If you have any questions or comments about this advisory: * Create a post in [nextcloud/security-advisories](https://github.com/nextcloud/security-advisories/discussions) * Customers: Open a support ticket at [support.nextcloud.com](https://support.nextcloud.com)📖 Read
via "National Vulnerability Database".
🕴 Apple Debuts Spyware Protection for State-Sponsored Cyberattacks 🕴
📖 Read
via "Dark Reading".
Apple's new Lockdown Mode protects devices targeted by sophisticated state-sponsored mercenary spyware attacks.📖 Read
via "Dark Reading".
Dark Reading
Apple Debuts Spyware Protection for State-Sponsored Cyberattacks
Apple's new Lockdown Mode protects devices targeted by sophisticated state-sponsored mercenary spyware attacks.
🕴 North Korean State Actors Deploy Surgical Ransomware in Ongoing Cyberattacks on US Healthcare Orgs 🕴
📖 Read
via "Dark Reading".
US government warns healthcare and public-health organizations to expect continued attacks involving the manually operated "Maui" ransomware.📖 Read
via "Dark Reading".
Dark Reading
North Korean State Actors Deploy Surgical Ransomware in Ongoing Cyberattacks on US Healthcare Orgs
US government warns healthcare and public-health organizations to expect continued attacks involving the manually operated "Maui" ransomware.
‼ CVE-2022-20752 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-3173 ‼
📖 Read
via "National Vulnerability Database".
custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20859 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4234 ‼
📖 Read
via "National Vulnerability Database".
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20800 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20862 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27549 ‼
📖 Read
via "National Vulnerability Database".
HCL Launch may store certain data for recurring activities in a plain text format.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20812 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".