Read Time:8 Second
FEDORA-EPEL-2022-1f9a7c822c
Packages in this update:
suricata-6.0.5-1.el9
Update description:
Various security, performance, accuracy and stability issues have been fixed.
Monthly Archives: April 2022
CVE-2021-26629
Read Time:12 Second
A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..’.
CVE-2021-26628
Read Time:13 Second
Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files.
Data Breach Disrupts UK Army Recruitment
Read Time:3 Second
British Army online recruitment system down since March following data breach
Emotet Tests New TTPs
Read Time:4 Second
Botnet’s operators spotted spring cleaning its delivery tactics, techniques and procedures
Siloed Tech Prompts Security Worries
PureVPN introduces quantum-resistant feature to enhance security, tackle threats
Read Time:25 Second
Virtual private network (VPN) provider PureVPN has introduced a quantum-resistant feature to its OpenVPN protocol to provide users with more security and privacy for the post-quantum world. The firm has partnered with Quantinuum to deploy quantum-resistant encryption keys which, using its Quantum Origin platform, are generated via a verified quantum process, PureVPN said. The news comes as the security sector prepares for threats posed by the post-quantum encryption era.
USN-5389-1: Libcroco vulnerabilities
Read Time:36 Second
It was discovered that Libcroco was incorrectly accessing data structures when
reading bytes from memory, which could cause a heap buffer overflow. An attacker
could possibly use this issue to cause a denial of service. (CVE-2017-7960)
It was discovered that Libcroco was incorrectly handling invalid UTF-8 values
when processing CSS files. An attacker could possibly use this issue to cause
a denial of service. (CVE-2017-8834, CVE-2017-8871)
It was discovered that Libcroco was incorrectly implementing recursion in one
of its parsing functions, which could cause an infinite recursion loop and a
stack overflow due to stack consumption. An attacker could possibly use this
issue to cause a denial of service. (CVE-2020-12825)
USN-5390-1: Linux kernel vulnerabilities
Read Time:36 Second
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not properly validate passed user register indices. A local attacker
could use this to cause a denial of service or possibly execute arbitrary
code. (CVE-2022-1015)
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not initialize memory in some situations. A local attacker could use
this to expose sensitive information (kernel memory). (CVE-2022-1016)
It was discovered that the ST21NFCA NFC driver in the Linux kernel did not
properly validate the size of certain data in EVT_TRANSACTION events. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-26490)
Emotet tests new attack techniques: Sign of things to come?
Read Time:54 Second
Notorious threat group Emotet has been detected testing new and significantly different attack techniques potentially in preparation for larger campaigns or selective and limited attacks, according to research from cybersecurity vendor Proofpoint. The firm stated the activity occurred while the prolific botnet and Trojan threat actor was on a period of hiatus and not conducting its typical high-volume campaigns.
New Emotet attack activity a departure from typical behaviors
Emotet targets Windows platforms to distribute follow-on malware and was considered one of the most prolific cybercriminal threats before its disruption by global law enforcement in January 2021. After a 10-month disappearance from the threat landscape, the group re-emerged in November 2021 and has since targeted thousands of users in multiple geographic regions. In some cases, the volume of malicious messages used in individual campaigns has reached over one million, Proofpoint stated. However, activity detected between April 4 and April 19, 2022, signifies a significant departure from Emotet’s typical attack behaviors, and is attributed to threat actor TA542.