Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
Monthly Archives: March 2022
ZDI-22-509: Siemens Simcenter Femap BDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-510: Apple macOS ColorSync ICC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS ColorSync. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVE-2020-36519
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)
SentinelOne to buy Attivo Networks for $617M, bringing ID-based security to XDR platform
In a move designed to bolster its XDR (extended detection and response) platform, Singularity, to defend against the latest cybersecurity threats, endpoint security vendor SentinelOne plans to acquire IAM (identity and access management) provider Attivo Networks for $616.5 million.
Singularity is an AI-based system that allows for automated response to many types of endpoint-based threats — those that target user devices like laptops and smartphones, rather than a company’s servers directly. Attivo’s focus is on identity-based security, tracking users across different accounts, devices and systems to maintain a clear picture of who’s accessing computing assets at any given time.
thunderbird-91.7.0-1.fc34
FEDORA-2022-f202d1a045
Packages in this update:
thunderbird-91.7.0-1.fc34
Update description:
Update to 91.7.0
thunderbird-91.7.0-1.fc35
FEDORA-2022-01f0553b59
Packages in this update:
thunderbird-91.7.0-1.fc35
Update description:
Update to 91.7.0
Additional Wiper Malware Deployed in Ukraine #CaddyWiper
FortiGuard Labs is aware of new wiper malware observed in the wild attacking Ukrainian interests. The wiper was found by security researchers today at ESET. The wiper is dubbed CaddyWiper. Preliminary analysis reveals that the wiper malware erases user data and partition information from attached drives. According to the tweet, CaddyWiper does not share any code with HermeticWiper or IsaacWiper or any known malware families.This is a breaking news event. More information will be added when relevant updates are available.For further reference about Ukrainian wiper attacks please reference our Threat Signal from January and February. Also, please refer to our recent blog that encompasses the recent escalation in Ukraine, along with salient advice about patch management and why it is important, especially in today’s political climate.Is this the Work of Nobelium/APT29?At this time, there is not enough information to correlate this to Nobelium/APT29 or nation state activity. Was this Sample Signed?No. Unlike the HermeticWiper sample related to Ukrainian attacks, this sample is unsigned.Why is Malware Signed?Malware is often signed by threat actors as a pretense to evade AV or any other security software. Signed malware allows threat actors to evade and effectively bypass detection, guaranteeing a higher success rate. What is the Status of Coverage?FortiGuard Labs has AV coverage in place for publicly available samples as:W32/CaddyWiper.NCX!tr
USN-5328-2: OpenSSL vulnerability
USN-5328-1 fixed a vulnerability in OpenSSL. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Tavis Ormandy discovered that OpenSSL incorrectly parsed certain
certificates. A remote attacker could possibly use this issue to cause
OpenSSH to stop responding, resulting in a denial of service.
USN-5330-1: LibreOffice vulnerability
It was discovered that LibreOffice incorrectly handled digital signatures.
An attacker could possibly use this issue to create a specially crafted
document that would display a validly signed indicator, contrary to
expectations.