New STEPPY#KAVACH Attack Campaign Likely Targeting Indian Government: Technical Insights and Detection Using Securonix.
The Securonix Threat Research team has recently identified a new malicious attack campaign related to a malicious threat actor (MTA) tracked by Securonix as STEPPY#KAVACH targeting victims likely associated with the Indian government.
https://www.securonix.com/blog/new-steppykavach-attack-campaign/
The Securonix Threat Research team has recently identified a new malicious attack campaign related to a malicious threat actor (MTA) tracked by Securonix as STEPPY#KAVACH targeting victims likely associated with the Indian government.
https://www.securonix.com/blog/new-steppykavach-attack-campaign/
Securonix
New STEPPY#KAVACH Attack Campaign Likely Targeting Indian Government: Technical Insights and Detection Using Securonix
Microsoft research uncovers new Zerobot capabilities.
Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow. Recent trends have shown that operators are redeploying malware for a variety of distributions and objectives, modifying existing botnets to scale operations and add as many devices as possible to their infrastructure.
https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/
Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow. Recent trends have shown that operators are redeploying malware for a variety of distributions and objectives, modifying existing botnets to scale operations and add as many devices as possible to their infrastructure.
https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/
Microsoft News
Microsoft research uncovers new Zerobot capabilities
The Microsoft Defender for IoT research team details information on the recent distribution of a Go-based botnet, known as Zerobot, that spreads primarily through IoT and web-application vulnerabilities.
Patch now: Serious Linux kernel security hole uncovered.
The Zero Day Initiative originally rated this Linux 5.15 in-kernel SMB server, ksmbd, bug a perfectly awful 10.
https://www.zdnet.com/article/patch-now-serious-linux-kernel-security-hole-uncovered/
https://www.zerodayinitiative.com/advisories/ZDI-22-1690/
The Zero Day Initiative originally rated this Linux 5.15 in-kernel SMB server, ksmbd, bug a perfectly awful 10.
https://www.zdnet.com/article/patch-now-serious-linux-kernel-security-hole-uncovered/
https://www.zerodayinitiative.com/advisories/ZDI-22-1690/
ZDNET
Patch now: Serious Linux kernel security hole uncovered
The Zero Day Initiative originally rated this Linux 5.15 in-kernel SMB server, ksmbd, bug a perfectly awful 10.
LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all.
Popular password management company LastPass has been under the pump this year, following a network intrusion back in August 2022.
https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/
Popular password management company LastPass has been under the pump this year, following a network intrusion back in August 2022.
https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/
Naked Security
LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all…
The crooks now know who you are, where you live, which computers are yours, where you go online… and they got those password vaults, too.
Múltiples vulnerabilidades en productos Netgear
Fecha de publicación: 29/12/2022
Identificador: INCIBE-2022-1071
Importancia: 5 - Crítica
Recursos afectados:
CAX30, versiones de firmware anteriores a 1.4.11.2.
Descripción:
Netgear ha publicado múltiples avisos de seguridad, entre los que destaca uno de severidad crítica que afecta al producto CAX30.
Solución:
Actualizar el firmware de CAX30 a la versión 1.4.11.2.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-23
Fecha de publicación: 29/12/2022
Identificador: INCIBE-2022-1071
Importancia: 5 - Crítica
Recursos afectados:
CAX30, versiones de firmware anteriores a 1.4.11.2.
Descripción:
Netgear ha publicado múltiples avisos de seguridad, entre los que destaca uno de severidad crítica que afecta al producto CAX30.
Solución:
Actualizar el firmware de CAX30 a la versión 1.4.11.2.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-23
INCIBE-CERT
Múltiples vulnerabilidades en productos Netgear
Netgear ha publicado múltiples avisos de seguridad, entre los que destaca uno de severidad crítica que afecta al producto CAX30.
Boletín de seguridad de Android de enero de 2023
Fecha de publicación: 04/01/2023
Identificador: INCIBE-2023-0001
Importancia: 5 - Crítica
Descripción:
El boletín de Android relativo a enero de 2023 soluciona múltiples vulnerabilidades de severidad crítica y alta, que afectan al sistema operativo Android, así como a múltiples componentes, y que podrían permitir a un atacante realizar una escalada de privilegios, ejecución remota de código (RCE) o provocar una denegación de servicio (DoS).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-android-enero-2023
Fecha de publicación: 04/01/2023
Identificador: INCIBE-2023-0001
Importancia: 5 - Crítica
Descripción:
El boletín de Android relativo a enero de 2023 soluciona múltiples vulnerabilidades de severidad crítica y alta, que afectan al sistema operativo Android, así como a múltiples componentes, y que podrían permitir a un atacante realizar una escalada de privilegios, ejecución remota de código (RCE) o provocar una denegación de servicio (DoS).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-android-enero-2023
www.incibe.es
Boletin Seguridad Android Enero 2023 | INCIBE-CERT | INCIBE
El boletín de Android relativo a enero de 2023 soluciona múltiples vulnerabilidades de severidad críti
Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.
If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022).
$ pip3 uninstall -y torch torchvision torchaudio torchtriton
$ pip3 cache purge
PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary. This is what is known as a supply chain attack and directly affects dependencies for packages that are hosted on public package indices.
https://pytorch.org/blog/compromised-nightly-dependency/#how-to-check-if-your-python-environment-is-affected
If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022).
$ pip3 uninstall -y torch torchvision torchaudio torchtriton
$ pip3 cache purge
PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary. This is what is known as a supply chain attack and directly affects dependencies for packages that are hosted on public package indices.
https://pytorch.org/blog/compromised-nightly-dependency/#how-to-check-if-your-python-environment-is-affected
FortiADC - command injection in web interface.
IR Number: FG-IR-22-061
Date: Jan 3, 2023
Severity: High
CVSSv3 Score: 8.6
Impact: Execute unauthorized code or commands
Summary
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.
Affected Products
FortiADC version 7.0.0 through 7.0.2
FortiADC version 6.2.0 through 6.2.3
FortiADC version 6.1.0 through 6.1.6
FortiADC version 6.0.0 through 6.0.4
FortiADC version 5.4.0 through 5.4.5
https://www.fortiguard.com/psirt/FG-IR-22-061
IR Number: FG-IR-22-061
Date: Jan 3, 2023
Severity: High
CVSSv3 Score: 8.6
Impact: Execute unauthorized code or commands
Summary
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.
Affected Products
FortiADC version 7.0.0 through 7.0.2
FortiADC version 6.2.0 through 6.2.3
FortiADC version 6.1.0 through 6.1.6
FortiADC version 6.0.0 through 6.0.4
FortiADC version 5.4.0 through 5.4.5
https://www.fortiguard.com/psirt/FG-IR-22-061
FortiGuard Labs
PSIRT | FortiGuard Labs
None
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
Adobe Acrobat and Reader APSB23-01
Adobe InDesign APSB23-07
Adobe InCopy APSB23-08
Adobe Dimension APSB23-10
https://www.cisa.gov/uscert/ncas/current-activity/2023/01/10/adobe-releases-security-updates-multiple-products
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
Adobe Acrobat and Reader APSB23-01
Adobe InDesign APSB23-07
Adobe InCopy APSB23-08
Adobe Dimension APSB23-10
https://www.cisa.gov/uscert/ncas/current-activity/2023/01/10/adobe-releases-security-updates-multiple-products
www.cisa.gov
Adobe Releases Security Updates for Multiple Products | CISA
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe…
Microsoft Releases January 2023 Security Updates
https://msrc.microsoft.com/update-guide/releaseNote/2023-Jan
https://msrc.microsoft.com/update-guide/releaseNote/2023-Jan
Actualización de seguridad de SAP de enero de 2023
Fecha de publicación: 11/01/2023
Identificador: INCIBE-2023-0007
Importancia: 5 - Crítica
Descripción:
SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual.
Solución:
Visitar el portal de soporte de SAP e instalar las actualizaciones o los parches necesarios, según indique el fabricante.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-enero-2023
Fecha de publicación: 11/01/2023
Identificador: INCIBE-2023-0007
Importancia: 5 - Crítica
Descripción:
SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual.
Solución:
Visitar el portal de soporte de SAP e instalar las actualizaciones o los parches necesarios, según indique el fabricante.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-enero-2023
INCIBE-CERT
Actualización de seguridad de SAP de enero de 2023
SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual.
Actively Exploiting Critical "Control Web Panel" RCE Vulnerability
Control Web Panel or CentOS Web Panel - CVE-2022-44877
Base Score: 9.8 CRITICAL
Description
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
https://nvd.nist.gov/vuln/detail/CVE-2022-44877
Current Versions: CWP6: 0.9.8.943 (EOL) / CWP7: 0.9.8.1148
CWP for CentOS 7 is recommended version.
CWP7+ compatible with CentOS Linux 8, CentOS Stream, Alma Linux , Rocky Linux and Oracle Linux
https://control-webpanel.com/changelog#1669855527714-450fb335-6194
Control Web Panel or CentOS Web Panel - CVE-2022-44877
Base Score: 9.8 CRITICAL
Description
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
https://nvd.nist.gov/vuln/detail/CVE-2022-44877
Current Versions: CWP6: 0.9.8.943 (EOL) / CWP7: 0.9.8.1148
CWP for CentOS 7 is recommended version.
CWP7+ compatible with CentOS Linux 8, CentOS Stream, Alma Linux , Rocky Linux and Oracle Linux
https://control-webpanel.com/changelog#1669855527714-450fb335-6194
Múltiples vulnerabilidades en productos de Cisco
Fecha de publicación: 12/01/2023
Identificador: INCIBE-2023-0009
Importancia: 5 - Crítica
Recursos afectados:
Cisco RV Series Small Business Routers:
RV016 Multi-WAN VPN,
RV042 Dual WAN VPN,
RV042G Dual Gigabit WAN VPN,
RV082 Dual WAN VPN.
IP Phone 7800 y 8800 Series.
Cisco Industrial Network Director (IND).
Cisco BroadWorks Application Delivery Platform Device Management Software.
Cisco BroadWorks Xtended Services Platform.
Descripción:
Cisco ha publicado 6 vulnerabilidades, 1 de severidad crítica, 3 alta y 2 medias, que afectan a varios productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-85
Fecha de publicación: 12/01/2023
Identificador: INCIBE-2023-0009
Importancia: 5 - Crítica
Recursos afectados:
Cisco RV Series Small Business Routers:
RV016 Multi-WAN VPN,
RV042 Dual WAN VPN,
RV042G Dual Gigabit WAN VPN,
RV082 Dual WAN VPN.
IP Phone 7800 y 8800 Series.
Cisco Industrial Network Director (IND).
Cisco BroadWorks Application Delivery Platform Device Management Software.
Cisco BroadWorks Xtended Services Platform.
Descripción:
Cisco ha publicado 6 vulnerabilidades, 1 de severidad crítica, 3 alta y 2 medias, que afectan a varios productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-85
INCIBE-CERT
Múltiples vulnerabilidades en productos de Cisco
Cisco ha publicado 6 vulnerabilidades, 1 de severidad crítica, 3 alta y 2 medias, que afectan a varios productos.
Drupal Releases Security Update to Address Vulnerability in Private Taxonomy Terms
Drupal has released a security update to address a vulnerability affecting private vocabulary modules for Drupal 8.x. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms.
CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB-2023-001 and apply the necessary update.
https://www.cisa.gov/uscert/ncas/current-activity/2023/01/12/drupal-releases-security-update-address-vulnerability-private
Drupal has released a security update to address a vulnerability affecting private vocabulary modules for Drupal 8.x. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms.
CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB-2023-001 and apply the necessary update.
https://www.cisa.gov/uscert/ncas/current-activity/2023/01/12/drupal-releases-security-update-address-vulnerability-private
www.cisa.gov
Drupal Releases Security Update to Address Vulnerability in Private Taxonomy Terms | CISA
Drupal has released a security update to address a vulnerability affecting private vocabulary modules for Drupal 8.x. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms.…
Juniper Networks Releases Security Updates for Multiple Products
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Juniper Networks’ security advisories page and apply the necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2023/01/12/juniper-networks-releases-security-updates-multiple-products
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Juniper Networks’ security advisories page and apply the necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2023/01/12/juniper-networks-releases-security-updates-multiple-products
www.cisa.gov
Juniper Networks Releases Security Updates for Multiple Products | CISA
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Juniper…
Actualizaciones críticas en Oracle (enero 2023)
Fecha de publicación: 18/01/2023
Identificador: INCIBE-2023-0019
Importancia: 5 - Crítica
Descripción:
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.
Solución:
Aplicar los parches correspondientes, según los productos afectados. La información para descargar las actualizaciones puede obtenerse del boletín de seguridad publicado por Oracle.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-criticas-oracle-enero-2023
Fecha de publicación: 18/01/2023
Identificador: INCIBE-2023-0019
Importancia: 5 - Crítica
Descripción:
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.
Solución:
Aplicar los parches correspondientes, según los productos afectados. La información para descargar las actualizaciones puede obtenerse del boletín de seguridad publicado por Oracle.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-criticas-oracle-enero-2023
INCIBE-CERT
Actualizaciones críticas en Oracle (enero 2023)
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.
Múltiples vulnerabilidades en GitLab
Fecha de publicación: 18/01/2023
Identificador: INCIBE-2023-0020
Importancia: 5 - Crítica
Recursos afectados:
Versiones anteriores a 15.7.5, 15.6.6 y 15.5.9 de GitLab Community Edition (CE) y Enterprise Edition (EE). Todos los tipos de despliegue (omnibus, source code, helm chart, etc.) están afectados.
Descripción:
GitLab ha informado de dos vulnerabilidades que afectan a GitLab Community Edition (CE) y Enterprise Edition (EE) que permitirían en ambos casos un desbordamiento de enteros, lo que podría provocar una ejecución remota de código.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-gitlab-3
Fecha de publicación: 18/01/2023
Identificador: INCIBE-2023-0020
Importancia: 5 - Crítica
Recursos afectados:
Versiones anteriores a 15.7.5, 15.6.6 y 15.5.9 de GitLab Community Edition (CE) y Enterprise Edition (EE). Todos los tipos de despliegue (omnibus, source code, helm chart, etc.) están afectados.
Descripción:
GitLab ha informado de dos vulnerabilidades que afectan a GitLab Community Edition (CE) y Enterprise Edition (EE) que permitirían en ambos casos un desbordamiento de enteros, lo que podría provocar una ejecución remota de código.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-gitlab-3
Edición arbitraria de ficheros con sudo
Fecha de publicación: 19/01/2023
Identificador: INCIBE-2023-0022
Importancia: 4 - Alta
Recursos afectados:
Versiones de Sudo 1.8.0 a 1.9.12p1, ambas incluidas.
Descripción:
Se ha conocido un fallo en la opción -e de sudo (también conocida como sudoedit), que permite a un usuario malicioso con privilegios de sudoedit editar archivos arbitrarios, pudiendo permitir una escalada de privilegios.
Solución:
Se recomienda actualizar a la versión 1.9.12p2
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/edicion-arbitraria-ficheros-sudo
Fecha de publicación: 19/01/2023
Identificador: INCIBE-2023-0022
Importancia: 4 - Alta
Recursos afectados:
Versiones de Sudo 1.8.0 a 1.9.12p1, ambas incluidas.
Descripción:
Se ha conocido un fallo en la opción -e de sudo (también conocida como sudoedit), que permite a un usuario malicioso con privilegios de sudoedit editar archivos arbitrarios, pudiendo permitir una escalada de privilegios.
Solución:
Se recomienda actualizar a la versión 1.9.12p2
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/edicion-arbitraria-ficheros-sudo
INCIBE-CERT
Edición arbitraria de ficheros con sudo
Se ha conocido un fallo en la opción -e de sudo (también conocida como sudoedit), que permite a un usuario malicioso con privilegios de sudoedit editar archivos arbitrarios, pudiendo permitir una
Vulnerabilidad crítica en Drupal
Fecha de publicación: 19/01/2023
Identificador: INCIBE-2023-0023
Importancia: 5 - Crítica
Recursos afectados:
Versiones comprendidas entre la 8.0.0 (incluida) hasta la 9.4.10 (no incluida).
Versiones comprendidas entre la 9.5.0 (incluida) hasta la 9.5.2 (no incluida).
Versiones comprendidas entre la 10.0.0 (incluida) hasta la 10.0.2 (no incluida).
Descripción:
El equipo de seguridad de Drupal ha publicado una actualización para Drupal 10.0, 9.5 y 9.4 que corrige una vulnerabilidad crítica en el núcleo.
Solución:
Se recomienda actualizar a la última versión:
Para Drupal 10.0, actualiza a Drupal 10.0.2.
Para Drupal 9.5, actualiza a Drupal 9.5.2.
Para Drupal 9.4, actualiza a Drupal 9.4.10.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-critica-drupal
Fecha de publicación: 19/01/2023
Identificador: INCIBE-2023-0023
Importancia: 5 - Crítica
Recursos afectados:
Versiones comprendidas entre la 8.0.0 (incluida) hasta la 9.4.10 (no incluida).
Versiones comprendidas entre la 9.5.0 (incluida) hasta la 9.5.2 (no incluida).
Versiones comprendidas entre la 10.0.0 (incluida) hasta la 10.0.2 (no incluida).
Descripción:
El equipo de seguridad de Drupal ha publicado una actualización para Drupal 10.0, 9.5 y 9.4 que corrige una vulnerabilidad crítica en el núcleo.
Solución:
Se recomienda actualizar a la última versión:
Para Drupal 10.0, actualiza a Drupal 10.0.2.
Para Drupal 9.5, actualiza a Drupal 9.5.2.
Para Drupal 9.4, actualiza a Drupal 9.4.10.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-critica-drupal
www.incibe.es
Vulnerabilidad Critica Drupal | INCIBE-CERT | INCIBE
El equipo de seguridad de Drupal ha publicado una actualización para Drupal 10.0, 9.5 y 9.4 que corrig
Researchers found a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure.
https://securityaffairs.com/141007/hacking/microsoft-azure-emojideploy-rce.html
https://securityaffairs.com/141007/hacking/microsoft-azure-emojideploy-rce.html
Security Affairs
Critical Microsoft Azure RCE flaw impacted multiple services
Researchers found a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure.
EmojiDeploy: Smile! Your Azure web service just got RCE’d ._.
Ermetic's research team discovered a remote code execution vulnerability affecting Azure cloud services and other cloud sovereigns including Function Apps, App Service and Logic Apps.
https://ermetic.com/blog/azure/emojideploy-smile-your-azure-web-service-just-got-rced
Ermetic's research team discovered a remote code execution vulnerability affecting Azure cloud services and other cloud sovereigns including Function Apps, App Service and Logic Apps.
https://ermetic.com/blog/azure/emojideploy-smile-your-azure-web-service-just-got-rced
Tenable®
EmojiDeploy: Smile! Your Azure web service just got RCE’d ._.
The Tenable Cloud Security research team discovered a remote code execution vulnerability affecting Microsoft Azure cloud services such as Function Apps, App Service, Logic Apps and others, as well as other cloud sovereigns.