‼ CVE-2023-43634 ‼
📖 Read
via "National Vulnerability Database".
When sealing/unsealing the “vaultâ€� key, a list of PCRs is used, which defines which PCRsare used.In a previous project, CYMOTIVE found that the configuration is not protected by the secureboot, and in response Zededa implemented measurements on the config partition that wasmapped to PCR 13.In that process, PCR 13 was added to the list of PCRs that seal/unseal the key.In commit “56e589749c6ff58ded862d39535d43253b249acfâ€�, the config partitionmeasurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list ofPCRs that seal/unseal the key.This change makes the measurement of PCR 14 effectively redundant as it would not affectthe sealing/unsealing of the key.An attacker could modify the config partition without triggering the measured boot, this couldresult in the attacker gaining full control over the device with full access to the contents of theencrypted “vaultâ€�📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40183 ‼
📖 Read
via "National Vulnerability Database".
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43309 ‼
📖 Read
via "National Vulnerability Database".
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43633 ‼
📖 Read
via "National Vulnerability Database".
On boot, the Pillar eve container checks for the existence and content of“/config/GlobalConfig/global.jsonâ€�.If the file exists, it overrides the existing configuration on the device on boot.This allows an attacker to change the system’s configuration, which also includes somedebug functions.This could be used to unlock the ssh with custom “authorized_keysâ€� via the“debug.enable.sshâ€� key, similar to the “authorized_keysâ€� finding that was noted before.Other usages include unlocking the usb to enable the keyboard via the “debug.enable.usbâ€�key, allowing VNC access via the “app.allow.vncâ€� key, and more.An attacker could easily enable these debug functionalities without triggering the “measuredbootâ€� mechanism implemented by EVE OS, and without marking the device as “UUDâ€�(“Unknown Update Detectedâ€�).This is because the “/configâ€� partition is not protected by “measured bootâ€�, it is mutable and itis not encrypted in any way.An attacker can gain full control over the device without changing the PCR values, thereby nottriggering the “measured bootâ€� mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:• aa3501d6c57206ced222c33aea15a9169d629141• 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43274 ‼
📖 Read
via "National Vulnerability Database".
Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.📖 Read
via "National Vulnerability Database".
🛠 BDS Linux Userland Rootkit 🛠
📖 Read
via "Packet Storm Security".
The BDS Userland rootkit is a Linux userland rootkit. It hides files, directories, processes, the bind shell port, the daemon port, and the reverse shell port. It also cleans up bash history and logs during installation.📖 Read
via "Packet Storm Security".
Packetstormsecurity
BDS Linux Userland Rootkit ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 BDS Linux LKM Rootkit 🛠
📖 Read
via "Packet Storm Security".
The BDS LKM rootkit is a simple and stable Linux loadable kernel module rootkit for Linux kernel versions 5.x and 6.x on x86_64 that hide files, hide processes, hides a bind shell and reverse shell port, provides privilege escalation, provides rootkit persistence, and cleans up logs and bash history during installation.📖 Read
via "Packet Storm Security".
Packetstormsecurity
BDS Linux LKM Rootkit ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🦿 Intel Innovation 2023: Attestation and Fully Homomorphic Encryption Coming to Intel Cloud Services 🦿
📖 Read
via "Tech Republic".
The attestation service is designed to allow data in confidential computing environments to interact with AI safely, as well as provide policy enforcements and audits.📖 Read
via "Tech Republic".
TechRepublic
Intel Innovation 2023: Attestation and Fully Homomorphic Encryption Coming to Intel Cloud Services
The attestation service lets data in confidential computing environments interact with AI safely and provides policy enforcements and audits.
🕴 BBTok Banking Trojan Impersonates 40+ Banks to Hijack Victim Accounts 🕴
📖 Read
via "Dark Reading".
Attackers use convincing fake website interfaces and sophisticated geo-fencing to target users exclusively in Mexico and Brazil with a new variant of the malware.📖 Read
via "Dark Reading".
Dark Reading
BBTok Banking Trojan Impersonates 40+ Banks to Hijack Victim Accounts
Attackers use convincing fake website interfaces and sophisticated geo-fencing to target users exclusively in Mexico and Brazil with a new variant of the malware.
🕴 Hikvision Intercoms Allow Snooping on Neighbors 🕴
📖 Read
via "Dark Reading".
The intercoms are used in thousands of apartments and offices across the world, and they can be used to spy on targets through the other devices they connect to.📖 Read
via "Dark Reading".
Dark Reading
Hikvision Intercoms Allow Snooping on Neighbors
The intercoms are used in thousands of apartments and offices across the world, and they can be used to spy on targets through the other devices they connect to.
🕴 Mastering Defense-In-Depth and Data Security in the Cloud Era 🕴
📖 Read
via "Dark Reading".
Though widely used in many organizations, the concept still requires adaptation when aimed at protecting against new types of attacks.📖 Read
via "Dark Reading".
Dark Reading
Mastering Defense-in-Depth and Data Security in the Cloud Era
Though widely used in many organizations, the concept still requires adaptation when aimed at protecting against new types of attacks.
‼ CVE-2023-34577 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42805 ‼
📖 Read
via "National Vulnerability Database".
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42806 ‼
📖 Read
via "National Vulnerability Database".
Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\mathsf{cid}$` allows an attacker (which must be a participant of this head) to use a snapshot from an old head instance with the same participants to close the head or contest the state with it. This can lead to an incorrect distribution of value (= value extraction attack; hard, but possible) or prevent the head to finalize because the value available is not consistent with the closed utxo state (= denial of service; easy). A patch is planned for version 0.13.0. As a workaround, rotate keys between heads so not to re-use keys and not result in the same multi-signature participants.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42458 ‼
📖 Read
via "National Vulnerability Database".
Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. As a workaround, make sure the "Add Documents, Images, and Files" permission is only assigned to trusted roles. By default, only the Manager has this permission.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-42807 ‼
📖 Read
via "National Vulnerability Database".
Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42456 ‼
📖 Read
via "National Vulnerability Database".
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user).An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system.An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames.The issue is patched in version 0.2.1 of sudo-rs. Sudo-rs now uses the uid for the user instead of their username for determining the filename. Note that an upgrade to this version will result in existing session files being ignored and users will be forced to re-authenticate. It also fully eliminates any possibility of path traversal, given that uids are always integer values.The `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access. As a workaround, make sure that one's system does not contain any users with a specially crafted username. While this is the case and while untrusted users do not have the ability to create arbitrary users on the system, one should not be able to exploit this issue.📖 Read
via "National Vulnerability Database".
🕴 MGM Restores Casino Operations 10 Days After Cyberattack 🕴
📖 Read
via "Dark Reading".
The lost revenue due to downtime for gaming and hotel bookings is difficult to ballpark.📖 Read
via "Dark Reading".
Dark Reading
MGM Restores Casino Operations 10 Days After Cyberattack
The lost revenue due to downtime for gaming and hotel bookings is difficult to ballpark.
🕴 OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats
Tampa, FL – September 21, 2023 — OPSWAT, a leader in critical infrastructure protection (CIP) cybersecurity solutions, sponsored the SANS 2023 ICS/OT Cybersecurity Survey, which unveils a distinct reality: despite notable improvements in defense strategies…
🕴 T-Mobile Racks Up Third Consumer Data Exposure of 2023 🕴
📖 Read
via "Dark Reading".
The mobile company states that the issue was due to a glitch that occurred in an update.📖 Read
via "Dark Reading".
Dark Reading
T-Mobile Racks Up Third Consumer Data Exposure of 2023
The mobile company states that the issue was due to a glitch that occurred in an update.
‼ CVE-2023-41992 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.📖 Read
via "National Vulnerability Database".