CVE-2021-22783

Read Time:9 Second

A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. Affected Product: Ritto Wiser Door (All versions)

Read More

High-impact DDoS attacks target zero-day exploit in Mitel systems

Read Time:41 Second

Security researchers, network operators and security vendors have detected a new reflection/amplification distributed denial-of-service (DDoS) vulnerability actively being exploited to launch multiple high-impact DDoS attacks. TP240PhoneHome (CVE-2022-26143) has a record-breaking potential amplification ratio of 4,294,967,296:1 and can be targeted to abuse collaboration systems produced by Mitel with the potential to cause significant collateral impact to businesses.

Attacks have been observed on broadband access ISPs, financial institutions, logistics companies, gaming companies, and organizations in other vertical markets. Mitel has released patched software that disables the abusable test facility whilst attacks can be mitigated using standard DDoS-defense techniques. The findings come from a collaborative research and mitigation task force effort with contributors including NETSCOUT, Akamai, Cloudflare and Mitel.

To read this article in full, please click here

Read More

Microsoft Patch Tuesday, March 2022 Edition

Read Time:3 Minute, 6 Second

Microsoft on Tuesday released software updates to plug at least 70 security holes in its Windows operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users, and relatively few “critical” fixes. And yet we know from experience that attackers are already trying to work out how to turn these patches into a roadmap for exploiting the flaws they fix. Here’s a look at the security weaknesses Microsoft says are most likely to be targeted first.

Greg Wiseman, product manager at Rapid7, notes that three vulnerabilities fixed this month have been previously disclosed, potentially giving attackers a head start in working out how to exploit them. Those include remote code execution bugs CVE-2022-24512, affecting .NET and Visual Studio, and CVE-2022-21990, affecting Remote Desktop Client. CVE-2022-24459 is a vulnerability in the Windows Fax and Scan service. All three publicly disclosed vulnerabilities are rated “Important” by Microsoft.

Just three of the fixes this month earned Microsoft’s most-dire “Critical” rating, which Redmond assigns to bugs that can be exploited to remotely compromise a Windows PC with little to no help from users. Two of those critical flaws involve Windows video codecs. Perhaps the most concerning critical bug quashed this month is CVE-2022-23277, a  remote code execution flaw affecting Microsoft Exchange Server.

“Thankfully, this is a post-authentication vulnerability, meaning attackers need credentials to exploit it,” Wiseman said. “Although passwords can be obtained via phishing and other means, this one shouldn’t be as rampantly exploited as the deluge of Exchange vulnerabilities we saw throughout 2021. Exchange administrators should still patch as soon as reasonably possible.”

CVE-2022-24508 is a remote code execution bug affecting Windows SMBv3, the technology that handles file sharing in Windows environments.

“This has potential for widespread exploitation, assuming an attacker can put together a suitable exploit,” Wiseman said. “Luckily, like this month’s Exchange vulnerabilities, this, too, requires authentication.”

Kevin Breen, director of cyber threat research at Immersive Labs, called attention to a trio of bugs fixed this month in the Windows Remote Desktop Protocol (RDP), which is a favorite target of ransomware groups.

CVE-2022-23285, CVE-2022-21990 and CVE-2022-24503 are a potential concern especially as this infection vector is commonly used by ransomware actors,” Breen said. “While exploitation is not trivial, requiring an attacker to set up bespoke infrastructure, it still presents enough of a risk to be a priority.”

March’s Patch Tuesday also brings an unusual update (CVE-2022-21967) that might just be the first security patch involving Microsoft’s Xbox device.

“This appears to be the first security patch impacting Xbox specifically,” said Dustin Childs from Trend Micro’s Zero Day Initiative. “There was an advisory for an inadvertently disclosed Xbox Live certificate back in 2015, but this seems to be the first security-specific update for the device itself.”

Also on Tuesday, Adobe released updates addressing six vulnerabilities in Adobe Photoshop, Illustrator and After Effects.

For a complete rundown of all patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users.

As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these patches, please drop a note about it here in the comments.

Read More

Loki RAT (Relapse) / SQL Injection

Read Time:21 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5ba_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Loki RAT (Relapse)
Vulnerability: SQL Injection
Description: The LokiRAT WebUI panel for LokiRAT_Relapse.exe runs on PHP
and MySQL and is used to control infected hosts through a central server.
The backend server side code “admin.php”…

Read More

Loki RAT (Relapse) / Directory Traversal – Arbitrary File Delete

Read Time:20 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5ba.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Loki RAT (Relapse)
Vulnerability: Directory Traversal – Arbitrary File Delete
Description: The LokiRAT WebUI panel for “LokiRAT_Relapse.exe” runs on PHP
and MySQL and is used control infected hosts through a central server.
The admin…

Read More

Backdoor.Win32.DirectConnection.103 (1.0 RAT-Tool) / Weak Hardcoded Password

Read Time:19 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/6a6ce3e7f24bf000d9a011a8f1905da8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DirectConnection.103 (1.0 RAT-Tool)
Vulnerability: Weak Hardcoded Password
Description: The malware listens on random incrementing high TCP ports
49701,49702 etc. When updating the backdoor the output files password…

Read More

Backdoor.Win32.RemoteNC.beta4 / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/2862de561d91eedb265df4ae9b0fc872.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.RemoteNC.beta4
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 49941. Third-party attackers
who can reach an infected host can execute any OS commands hijacking taking
over the…

Read More