π BDS Linux LKM Rootkit π
π Read
via "Packet Storm Security".
The BDS LKM rootkit is a simple and stable Linux loadable kernel module rootkit for Linux kernel versions 5.x and 6.x on x86_64 that hide files, hide processes, hides a bind shell and reverse shell port, provides privilege escalation, provides rootkit persistence, and cleans up logs and bash history during installation.π Read
via "Packet Storm Security".
Packetstormsecurity
BDS Linux LKM Rootkit β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ Intel Innovation 2023: Attestation and Fully Homomorphic Encryption Coming to Intel Cloud Services π¦Ώ
π Read
via "Tech Republic".
The attestation service is designed to allow data in confidential computing environments to interact with AI safely, as well as provide policy enforcements and audits.π Read
via "Tech Republic".
TechRepublic
Intel Innovation 2023: Attestation and Fully Homomorphic Encryption Coming to Intel Cloud Services
The attestation service lets data in confidential computing environments interact with AI safely and provides policy enforcements and audits.
π΄ BBTok Banking Trojan Impersonates 40+ Banks to Hijack Victim Accounts π΄
π Read
via "Dark Reading".
Attackers use convincing fake website interfaces and sophisticated geo-fencing to target users exclusively in Mexico and Brazil with a new variant of the malware.π Read
via "Dark Reading".
Dark Reading
BBTok Banking Trojan Impersonates 40+ Banks to Hijack Victim Accounts
Attackers use convincing fake website interfaces and sophisticated geo-fencing to target users exclusively in Mexico and Brazil with a new variant of the malware.
π΄ Hikvision Intercoms Allow Snooping on Neighbors π΄
π Read
via "Dark Reading".
The intercoms are used in thousands of apartments and offices across the world, and they can be used to spy on targets through the other devices they connect to.π Read
via "Dark Reading".
Dark Reading
Hikvision Intercoms Allow Snooping on Neighbors
The intercoms are used in thousands of apartments and offices across the world, and they can be used to spy on targets through the other devices they connect to.
π΄ Mastering Defense-In-Depth and Data Security in the Cloud Era π΄
π Read
via "Dark Reading".
Though widely used in many organizations, the concept still requires adaptation when aimed at protecting against new types of attacks.π Read
via "Dark Reading".
Dark Reading
Mastering Defense-in-Depth and Data Security in the Cloud Era
Though widely used in many organizations, the concept still requires adaptation when aimed at protecting against new types of attacks.
βΌ CVE-2023-34577 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42805 βΌ
π Read
via "National Vulnerability Database".
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42806 βΌ
π Read
via "National Vulnerability Database".
Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\mathsf{cid}$` allows an attacker (which must be a participant of this head) to use a snapshot from an old head instance with the same participants to close the head or contest the state with it. This can lead to an incorrect distribution of value (= value extraction attack; hard, but possible) or prevent the head to finalize because the value available is not consistent with the closed utxo state (= denial of service; easy). A patch is planned for version 0.13.0. As a workaround, rotate keys between heads so not to re-use keys and not result in the same multi-signature participants.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42458 βΌ
π Read
via "National Vulnerability Database".
Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. As a workaround, make sure the "Add Documents, Images, and Files" permission is only assigned to trusted roles. By default, only the Manager has this permission.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-42807 βΌ
π Read
via "National Vulnerability Database".
Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42456 βΌ
π Read
via "National Vulnerability Database".
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user).An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system.An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames.The issue is patched in version 0.2.1 of sudo-rs. Sudo-rs now uses the uid for the user instead of their username for determining the filename. Note that an upgrade to this version will result in existing session files being ignored and users will be forced to re-authenticate. It also fully eliminates any possibility of path traversal, given that uids are always integer values.The `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access. As a workaround, make sure that one's system does not contain any users with a specially crafted username. While this is the case and while untrusted users do not have the ability to create arbitrary users on the system, one should not be able to exploit this issue.π Read
via "National Vulnerability Database".
π΄ MGM Restores Casino Operations 10 Days After Cyberattack π΄
π Read
via "Dark Reading".
The lost revenue due to downtime for gaming and hotel bookings is difficult to ballpark.π Read
via "Dark Reading".
Dark Reading
MGM Restores Casino Operations 10 Days After Cyberattack
The lost revenue due to downtime for gaming and hotel bookings is difficult to ballpark.
π΄ OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats
Tampa, FL β September 21, 2023 β OPSWAT, a leader in critical infrastructure protection (CIP) cybersecurity solutions, sponsored the SANS 2023 ICS/OT Cybersecurity Survey, which unveils a distinct reality: despite notable improvements in defense strategiesβ¦
π΄ T-Mobile Racks Up Third Consumer Data Exposure of 2023 π΄
π Read
via "Dark Reading".
The mobile company states that the issue was due to a glitch that occurred in an update.π Read
via "Dark Reading".
Dark Reading
T-Mobile Racks Up Third Consumer Data Exposure of 2023
The mobile company states that the issue was due to a glitch that occurred in an update.
βΌ CVE-2023-41992 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42279 βΌ
π Read
via "National Vulnerability Database".
Dreamer CMS 4.1.3 is vulnerable to SQL Injection.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-41991 βΌ
π Read
via "National Vulnerability Database".
A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42810 βΌ
π Read
via "National Vulnerability Database".
systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only).π Read
via "National Vulnerability Database".
βΌ CVE-2023-42280 βΌ
π Read
via "National Vulnerability Database".
mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41993 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved checks. This issue is fixed in Safari 16.6.1, macOS Ventura 13.6, OS 17.0.1 and iPadOS 17.0.1, iOS 16.7 and iPadOS 16.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.π Read
via "National Vulnerability Database".
π΄ 'Gold Melody' Access Broker Plays on Unpatched Servers' Strings π΄
π Read
via "Dark Reading".
A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics.π Read
via "Dark Reading".
Dark Reading
'Gold Melody' Access Broker Plays on Unpatched Servers' Strings
A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics.