Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites
https://thehackernews.com/2022/02/critical-flaw-uncovered-in-wordpress.html
https://thehackernews.com/2022/02/critical-flaw-uncovered-in-wordpress.html
VMSA-2022-0006
CVSSv3 Range: 6.6
Issue Date: 2022-02-23
VMware Workspace ONE Boxer update addresses a stored cross-site scripting (XSS) vulnerability (CVE-2022-22944)
Impacted Products
VMware Workspace ONE Boxer
https://www.vmware.com/security/advisories/VMSA-2022-0006.html
CVSSv3 Range: 6.6
Issue Date: 2022-02-23
VMware Workspace ONE Boxer update addresses a stored cross-site scripting (XSS) vulnerability (CVE-2022-22944)
Impacted Products
VMware Workspace ONE Boxer
https://www.vmware.com/security/advisories/VMSA-2022-0006.html
VMware
VMSA-2022-0006
VMware Workspace ONE Boxer update addresses a stored cross-site scripting (XSS) vulnerability (CVE-2022-22944)
Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability
Advisory ID: cisco-sa-nxos-bfd-dos-wGQXrzxn
First Published: 2022 February 23 16:00 GMT
Workarounds: No workarounds available
CVSS Score: Base 8.6
CVE-2022-20623
Summary
A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn
Advisory ID: cisco-sa-nxos-bfd-dos-wGQXrzxn
First Published: 2022 February 23 16:00 GMT
Workarounds: No workarounds available
CVSS Score: Base 8.6
CVE-2022-20623
Summary
A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn
Cisco
Cisco Security Advisory: Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability
A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device.…
Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability
Advisory ID: cisco-sa-cfsoip-dos-tpykyDr
First Published: 2022 February 23 16:00 GMT
Cisco Bug IDs: CSCvy95696 CSCvy95840
CVSS Score: 8.6
Vulnerable Products
This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco NX-OS Software and have the CFSoIP feature enabled:
Nexus 3000 Series Switches (CSCvy95696)
Nexus 9000 Series Switches in standalone NX-OS mode (CSCvy95696)
UCS 6400 Series Fabric Interconnects (CSCvy95840)
Note: For Nexus 3000 and Nexus 9000 Series Switches, CFSoIP is not enabled by default. For UCS 6400 Series Fabric Interconnects, CFSoIP is enabled by default.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr
Advisory ID: cisco-sa-cfsoip-dos-tpykyDr
First Published: 2022 February 23 16:00 GMT
Cisco Bug IDs: CSCvy95696 CSCvy95840
CVSS Score: 8.6
Vulnerable Products
This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco NX-OS Software and have the CFSoIP feature enabled:
Nexus 3000 Series Switches (CSCvy95696)
Nexus 9000 Series Switches in standalone NX-OS mode (CSCvy95696)
UCS 6400 Series Fabric Interconnects (CSCvy95840)
Note: For Nexus 3000 and Nexus 9000 Series Switches, CFSoIP is not enabled by default. For UCS 6400 Series Fabric Interconnects, CFSoIP is enabled by default.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr
Cisco NX-OS Software NX-API Command Injection Vulnerability
Advisory ID: cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2
First Published: 2022 February 23 16:00 GMT
Cisco Bug IDs: CSCvz80191 CSCvz81047
CVSS Score: Base 8.8
Summary
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges.
Note: The NX-API feature is disabled by default.
Vulnerable Products
This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco NX-OS Software and have the NX-API feature enabled:
Nexus 3000 Series Switches (CSCvz80191)
Nexus 5500 Platform Switches (CSCvz81047)
Nexus 5600 Platform Switches (CSCvz81047)
Nexus 6000 Series Switches (CSCvz81047)
Nexus 9000 Series Switches in standalone NX-OS mode (CSCvz80191)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2
Advisory ID: cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2
First Published: 2022 February 23 16:00 GMT
Cisco Bug IDs: CSCvz80191 CSCvz81047
CVSS Score: Base 8.8
Summary
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges.
Note: The NX-API feature is disabled by default.
Vulnerable Products
This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco NX-OS Software and have the NX-API feature enabled:
Nexus 3000 Series Switches (CSCvz80191)
Nexus 5500 Platform Switches (CSCvz81047)
Nexus 5600 Platform Switches (CSCvz81047)
Nexus 6000 Series Switches (CSCvz81047)
Nexus 9000 Series Switches in standalone NX-OS mode (CSCvz80191)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2
Cisco
Cisco Security Advisory: Cisco NX-OS Software NX-API Command Injection Vulnerability
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges.
The vulnerability is due to insufficient input validation of user supplied data that is sent to…
The vulnerability is due to insufficient input validation of user supplied data that is sent to…
GPU giant Nvidia is investigating a potential cyberattack.
US chipmaker giant Nvidia confirmed today it's currently investigating an "incident" that reportedly took down some of its systems for two days.
https://www.bleepingcomputer.com/news/security/gpu-giant-nvidia-is-investigating-a-potential-cyberattack/
US chipmaker giant Nvidia confirmed today it's currently investigating an "incident" that reportedly took down some of its systems for two days.
https://www.bleepingcomputer.com/news/security/gpu-giant-nvidia-is-investigating-a-potential-cyberattack/
BleepingComputer
GPU giant Nvidia is investigating a potential cyberattack
US chipmaker giant Nvidia confirmed today it's currently investigating an "incident" that reportedly took down some of its systems for two days.
Múltiples vulnerabilidades en productos de GitLab
Fecha de publicación: 28/02/2022
Importancia: 5 - Crítica
Recursos afectados:
GitLab CE/EE, todas las versiones;
GitLab Omnibus, versiones anteriores a 14.8.
Descripción:
GitLab ha publicado 7 vulnerabilidades: 1 de severidad crítica, 5 de severidad media y 1 de severidad baja, por las que un atacante podría acceder al token de registro, añadir usuarios a grupos a través de una API, acceder a variables de entorno, listar usuarios no autenticados, ejecutar comandos arbitrarios, filtrar credenciales o causar una denegación de servicio.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-gitlab
Fecha de publicación: 28/02/2022
Importancia: 5 - Crítica
Recursos afectados:
GitLab CE/EE, todas las versiones;
GitLab Omnibus, versiones anteriores a 14.8.
Descripción:
GitLab ha publicado 7 vulnerabilidades: 1 de severidad crítica, 5 de severidad media y 1 de severidad baja, por las que un atacante podría acceder al token de registro, añadir usuarios a grupos a través de una API, acceder a variables de entorno, listar usuarios no autenticados, ejecutar comandos arbitrarios, filtrar credenciales o causar una denegación de servicio.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-gitlab
INCIBE-CERT
Múltiples vulnerabilidades en productos de GitLab
GitLab ha publicado 7 vulnerabilidades: 1 de severidad crítica, 5 de severidad media y 1 de severidad baja, por las que un atacante podría acceder al token de registro, añadir usuarios a grupos a
Múltiples vulnerabilidades en Lansweeper
Fecha de publicación: 01/03/2022
Importancia: 5 - Crítica
Recursos afectados:
Lansweeper 9.1.20. 2.
Descripción:
Marcin "Icewall" Noga, investigador de Cisco Talos, ha reportado 4 vulnerabilidades en la solución de gestión de activos informáticos Lansweeper, 3 de severidad crítica y 1 medio, cuya explotación podría permitir a un atacante realizar inyecciones SQL e inyección arbitraria de código Javascript.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-lansweeper
Fecha de publicación: 01/03/2022
Importancia: 5 - Crítica
Recursos afectados:
Lansweeper 9.1.20. 2.
Descripción:
Marcin "Icewall" Noga, investigador de Cisco Talos, ha reportado 4 vulnerabilidades en la solución de gestión de activos informáticos Lansweeper, 3 de severidad crítica y 1 medio, cuya explotación podría permitir a un atacante realizar inyecciones SQL e inyección arbitraria de código Javascript.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-lansweeper
INCIBE-CERT
Múltiples vulnerabilidades en Lansweeper
Marcin "Icewall" Noga, investigador de Cisco Talos, ha reportado 4 vulnerabilidades en la solución de gestión de activos informáticos Lansweeper, 3 de severidad crítica y 1 medio, cuya explotación
VMSA-2022-0007
CVSSv3 Range: 5.6
Issue Date: 2022-03-01
CVE(s): CVE-2022-22943
Synopsis:
VMware Tools for Windows update addresses an uncontrolled search path vulnerability (CVE-2022-22943)
Impacted Products
VMware Tools for Windows
https://www.vmware.com/security/advisories/VMSA-2022-0007.html
CVSSv3 Range: 5.6
Issue Date: 2022-03-01
CVE(s): CVE-2022-22943
Synopsis:
VMware Tools for Windows update addresses an uncontrolled search path vulnerability (CVE-2022-22943)
Impacted Products
VMware Tools for Windows
https://www.vmware.com/security/advisories/VMSA-2022-0007.html
Omisión de autenticación administrativa en FortiMail de Fortinet
Fecha de publicación: 02/03/2022
Importancia: 5 - Crítica
Recursos afectados:
FortiMail, versiones:
7.0.0 y anteriores;
6.4.5 y anteriores;
6.2.7 y anteriores;
6.0.11 y anteriores;
5.4.12 y anteriores.
Descripción:
Giuseppe Cocomazzi, del equipo de seguridad de productos de Fortinet, ha reportado una vulnerabilidad de severidad crítica de omisión de autenticación en FortiMail.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-administrativa-fortimail-fortinet
Fecha de publicación: 02/03/2022
Importancia: 5 - Crítica
Recursos afectados:
FortiMail, versiones:
7.0.0 y anteriores;
6.4.5 y anteriores;
6.2.7 y anteriores;
6.0.11 y anteriores;
5.4.12 y anteriores.
Descripción:
Giuseppe Cocomazzi, del equipo de seguridad de productos de Fortinet, ha reportado una vulnerabilidad de severidad crítica de omisión de autenticación en FortiMail.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-administrativa-fortimail-fortinet
INCIBE-CERT
Omisión de autenticación administrativa en FortiMail de Fortinet
Giuseppe Cocomazzi, del equipo de seguridad de productos de Fortinet, ha reportado una vulnerabilidad de severidad crítica de omisión de autenticación en FortiMail.
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Advisory ID: cisco-sa-expressway-filewrite-87Q5YRk
First Published: 2022 March 2 16:00 GMT
Version 1.0: Final
Cisco Bug IDs:
CSCvz85393 CSCwa25107
CVE-2022-20754
CVE-2022-20755
CWE-23
CWE-78
CVSS Score: Base 9.0
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk
Advisory ID: cisco-sa-expressway-filewrite-87Q5YRk
First Published: 2022 March 2 16:00 GMT
Version 1.0: Final
Cisco Bug IDs:
CSCvz85393 CSCwa25107
CVE-2022-20754
CVE-2022-20755
CWE-23
CWE-78
CVSS Score: Base 9.0
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk
Cisco
Cisco Security Advisory: Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write…
Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability
Advisory ID:cisco-sa-uccsmi-prvesc-BQHGe4cm
First Published: 2022 March 2 16:00 GMT
Cisco Bug IDs:
CSCvz40263
CVE-2022-20762
CWE-284
CVSS Score: Base 7.8
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm
Advisory ID:cisco-sa-uccsmi-prvesc-BQHGe4cm
First Published: 2022 March 2 16:00 GMT
Cisco Bug IDs:
CSCvz40263
CVE-2022-20762
CWE-284
CVSS Score: Base 7.8
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm
Cisco
Cisco Security Advisory: Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability
A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device.
This vulnerability…
This vulnerability…
Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability
Advisory ID: cisco-sa-ise-dos-JLh9TxBp
First Published: 2022 March 2 16:00 GMT
Cisco Bug IDs:
CSCvz77905
CVE-2022-20756
CWE-399
CVSS Score: Base 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-JLh9TxBp
Advisory ID: cisco-sa-ise-dos-JLh9TxBp
First Published: 2022 March 2 16:00 GMT
Cisco Bug IDs:
CSCvz77905
CVE-2022-20756
CWE-399
CVSS Score: Base 8.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-JLh9TxBp
Cisco
Cisco Security Advisory: Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability
A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets.
This vulnerability is due to improper handling of certain RADIUS…
This vulnerability is due to improper handling of certain RADIUS…
Múltiples vulnerabilidades en librería PJSIP de Teluu
Fecha de publicación: 03/03/2022
Importancia: 4 - Alta
Recursos afectados:
Cualquier proyecto que utilice la librería PJSIP, con versiones anteriores a la 2.12, y pase argumentos controlados por el atacante a cualquiera de las siguientes API:
pjsua_player_create – filename,
pjsua_recorder_create – filename,
pjsua_playlist_create – file_names,
pjsua_call_dump – buffer.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-libreria-pjsip-teluu
Fecha de publicación: 03/03/2022
Importancia: 4 - Alta
Recursos afectados:
Cualquier proyecto que utilice la librería PJSIP, con versiones anteriores a la 2.12, y pase argumentos controlados por el atacante a cualquiera de las siguientes API:
pjsua_player_create – filename,
pjsua_recorder_create – filename,
pjsua_playlist_create – file_names,
pjsua_call_dump – buffer.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-libreria-pjsip-teluu
INCIBE-CERT
Múltiples vulnerabilidades en librería PJSIP de Teluu
El equipo de investigación de seguridad de JFrog ha reportado 5 vulnerabilidades, 3 de severidad alta y 2 medias, por las que un atacante podría provocar la ejecución arbitraria de código y una
Ukrainian WordPress sites under massive complex attacks.
Researchers observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country.
https://securityaffairs.co/wordpress/128613/cyber-warfare-2/ukrainian-wordpress-sites-attacks.html
Researchers observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country.
https://securityaffairs.co/wordpress/128613/cyber-warfare-2/ukrainian-wordpress-sites-attacks.html
Security Affairs
Ukrainian WordPress sites under massive complex attacks
Researchers observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country.
Remote code execution vulnerability uncovered in Hashnode blogging platform.
A local file coding error could be exploited to trigger RCE
https://portswigger.net/daily-swig/remote-code-execution-vulnerability-uncovered-in-hashnode-blogging-platform
A local file coding error could be exploited to trigger RCE
https://portswigger.net/daily-swig/remote-code-execution-vulnerability-uncovered-in-hashnode-blogging-platform
The Daily Swig | Cybersecurity news and views
Remote code execution vulnerability uncovered in Hashnode blogging platform
A local file coding error could be exploited to trigger RCE
Firefox 97.0.2 and Firefox ESR 91.6.1 are out with critical security fixes.
https://www.ghacks.net/2022/03/05/firefox-97-0-2-and-firefox-esr-91-6-1-are-out-with-critical-security-fixes/
https://www.ghacks.net/2022/03/05/firefox-97-0-2-and-firefox-esr-91-6-1-are-out-with-critical-security-fixes/
ghacks.net
Firefox 97.0.2 and Firefox ESR 91.6.1 are out with critical security fixes
Mozilla released new versions of its Firefox web browser on March 5, 2022. The new browser versions fix two critical security vulnerabilities in the Firefox web browser.
Hackers leak 190GB of alleged Samsung data, source code.
https://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/
https://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/
BleepingComputer
Hackers leak 190GB of alleged Samsung data, source code
The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company.
Avast released a free decryptor for the HermeticRansom that hit Ukraine.
https://securityaffairs.co/wordpress/128652/breaking-news/free-decryptor-hermeticransom-ukraine.html
https://securityaffairs.co/wordpress/128652/breaking-news/free-decryptor-hermeticransom-ukraine.html
Security Affairs
Avast released a free decryptor for the HermeticRansom that hit Ukraine
Avast released a decryptor for the HermeticRansom ransomware used in recent targeted attacks against Ukrainian entities.
New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
CVE-2022-0492 Public on 7 de febrero de 2022
https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/
CVE-2022-0492 Public on 7 de febrero de 2022
https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/
Unit 42
New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
CVE-2022-0492 is the third recent kernel vulnerability that allows malicious containers to escape. We offer root cause analysis and mitigations.
Malware now using stolen NVIDIA code signing certificates
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows.
This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.
The extortion group, known as Lapsus$, states that they stole 1TB of data during the attack and began leaking the data online
https://www.bleepingcomputer.com/news/security/malware-now-using-stolen-nvidia-code-signing-certificates/
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows.
This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.
The extortion group, known as Lapsus$, states that they stole 1TB of data during the attack and began leaking the data online
https://www.bleepingcomputer.com/news/security/malware-now-using-stolen-nvidia-code-signing-certificates/