βοΈ U.S. Hacks QakBot, Quietly Removes Botnet Infections βοΈ
π Read
via "Krebs on Security".
The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet's online infrastructure, and quietly removing the Qakbot malware from tens of thousands of infected Microsoft Windows computer systems.π Read
via "Krebs on Security".
Krebs on Security
U.S. Hacks QakBot, Quietly Removes Botnet Infections
The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control overβ¦
π¦Ώ DEF CON Generative AI Hacking Challenge Explored Cutting Edge of Security Vulnerabilities π¦Ώ
π Read
via "Tech Republic".
Data from the human vs. machine challenge could provide a framework for government and enterprise policies around generative AI.π Read
via "Tech Republic".
TechRepublic
DEF CON Generative AI Hacking Challenge Explored Cutting Edge of Security Vulnerabilities
Data from the human vs. machine challenge could provide a framework for government and enterprise policies around generative AI.
βΌ CVE-2023-34039 βΌ
π Read
via "National Vulnerability Database".
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation.Γ A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39522 βΌ
π Read
via "National Vulnerability Database".
goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a system with the recovery flow described above is susceptible to having their username/email revealed as existing. An attacker can easily enumerate and check users' existence using the recovery flow, as a clear message is shown when a user doesn't exist. Depending on configuration this can either be done by username, email, or both. This issue has been addressed in versions 2023.5.6 and 2023.6.2. Users are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20890 βΌ
π Read
via "National Vulnerability Database".
Aria Operations for Networks contains an arbitrary file write vulnerability.Γ An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3251 βΌ
π Read
via "National Vulnerability Database".
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3252 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.π Read
via "National Vulnerability Database".
π΄ Sprawling Qakbot Malware Takedown Spans 700,000 Infected Machines π΄
π Read
via "Dark Reading".
"Operation Duck Hunt" is not likely to eliminate the initial access botnet forever, but the proactive removal of the malware from victim machines by law enforcement is one of the largest and most significant efforts of its kind.π Read
via "Dark Reading".
Dark Reading
Sprawling Qakbot Malware Takedown Spans 700,000 Infected Machines
"Operation Duck Hunt" is not likely to eliminate the initial access botnet forever, but the proactive removal of the malware from victim machines by law enforcement is one of the largest and most significant efforts of its kind.
π΄ MOVEit Was a SQL Injection Accident Waiting to Happen π΄
π Read
via "Dark Reading".
SQL injection and its ilk will stop being "a thing" only after organizations focus on security by construction.π Read
via "Dark Reading".
Dark Reading
MOVEit Breach Shows Us SQL Injections Are Still Our Achilles' Heel
SQL injection and its ilk will stop being "a thing" only after organizations focus on security by construction.
π΄ Unpatched Citrix NetScaler Devices Targeted by Ransomware Group FIN8 π΄
π Read
via "Dark Reading".
Citrix issued a patch for the critical remote code execution bug in July for its NetScaler devices.π Read
via "Dark Reading".
Dark Reading
Unpatched Citrix NetScaler Devices Targeted by Ransomware Group FIN8
Citrix issued a patch for the critical remote code execution bug in July for its NetScaler devices.
π΄ PurFoods Mom's Meals Reports Data Breach Exposing Social Security Numbers of Over 1.2 Million Consumers π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
PurFoods Mom's Meals Reports Data Breach Exposing Social Security Numbers of Over 1.2 Million Consumers
MARLTON, N.J., Aug. 28, 2023 /PRNewswire/ -- Approximately 1,237,681 consumers are being notified that their Social Security numbers and other confidential information were compromised after hackers targeted the company's IT network in a recent cyberattack.β¦
βΌ CVE-2023-4572 βΌ
π Read
via "National Vulnerability Database".
Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2023-39267 βΌ
π Read
via "National Vulnerability Database".
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39678 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4346 βΌ
π Read
via "National Vulnerability Database".
KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the device, but this password can often not be reset without entering the current password. If the device is configured to interface with a network, an attacker with access to that network could interface with the KNX installation, purge all devices without additional security options enabled, and set a BCU key, locking the device. Even if a device is not connected to a network, an attacker with physical access to the device could also exploit this vulnerability in the same way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39268 βΌ
π Read
via "National Vulnerability Database".
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3253 βΌ
π Read
via "National Vulnerability Database".
An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39266 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39663 βΌ
π Read
via "National Vulnerability Database".
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3262 βΌ
π Read
via "National Vulnerability Database".
TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.π Read
via "National Vulnerability Database".