It was discovered that PAM did not correctly restrict login from an IP
address that is not resolvable via DNS. An attacker could possibly use this
issue to bypass authentication.

Read More

FEDORA-EPEL-2023-2b409ccc37

Packages in this update:

imlib2-1.4.9-8.el7

Update description:

This update rebases imlib2 from version 1.4.5 to 1.4.9. This is a compatible update with the same library soname. It resolves multiple high severity CVEs.

CVE-2011-5326
CVE-2014-9762
CVE-2014-9763
CVE-2014-9764
CVE-2014-9771
CVE-2016-3993
CVE-2016-3994
CVE-2016-4024

Read More

Multiple vulnerabilities have been discovered in VMware vRealize Log Insight, the most severe of which could allow for remote code execution. VMware vRealize Log Insight enables real-time logging for all components that build up the management capabilities of the SDDC. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Earlier the FBI announced that HIDDEN COBRA (also known as APT38/LAZARUS) is behind the latest cyberheist of 100M against cryptocurrency blockchain provider Horizon Bridge, which is a U.S. based startup owned by Harmony. The assets stolen by Lazarus were cryptocurrency coins – Ethereum, Binance Coin, Tether, USD Coin, and DAI.HIDDEN COBRA is a state sponsored organization headed by the North Korean government.What are the Technical Details of this Attack?HIDDEN COBRA used a combination of targeted attacks, specifically spearphishing campaigns designed to compel a user into unknowingly installing malware. Dubbed TraderTraitor, HIDDEN COBRA used fake recruitment efforts in the cryptocurrency space; using offers and templates designed to entice those working in positions in targeted companies within. They used the AppleJeus malware which was disguised as legitimate cryptocurrency applications. Targets included individuals and companies within the cryptocurrency exchange and financial service sectors.Who is HIDDEN COBRA/LAZARUS/APT38?HIDDEN COBRA has been linked to multiple high-profile, financially-motivated attacks in various parts of the world – some of which have caused massive infrastructure disruptions. Notable attacks include the 2014 attack on a major entertainment company and a 2016 Bangladeshi financial institution heist that almost netted nearly $1 Billion (USD) for the attackers. Had it not been for a misspelling in an instruction that caused a bank to flag and block thirty transactions, HIDDEN COBRA would have pulled off a heist unlike any other. Although HIDDEN COBRA failed in their attempt, they were still able to net around 81 million dollars in total.What Protections are Available?Fortinet customers running the latest (AV) definitions are protected by the following signatures:OSX/NukeSped.JRiskware/AlticGORiskware/DAFOMRiskware/CryptAISRiskware/TokenAISOSX/NukeSped.AA!trW64/Agent.IN!trW32/OSX_Nukesped.J!tr.bdrOSX/NukeSped.J!trAll network IOC’s are blocked by the WebFiltering Client.

Read More

FortiGuard Labs is aware of a report that Proof-of-Concept code for a critical Zoho ManageEngine RCE vulnerability is actively exploited was released to the public. Patched in October and November, 2022, the vulnerability affects multiple on-premise ManageEngine products and allows attackers to perform remote code execution with SYSTEM level privileges.Why is this Significant?Although a patch is available for the Zoho ManageEngine RCE vulnerability (CVE-2022-47966), proof -of-concept code is now available to the public and exploit attempts for CVE-2022-47966 are expected to pick up because of it. Patch should be applied as soon as possible.What is CVE-2022-47966?The vulnerability affects multiple on-premise ManageEngine products due to use of Apache Santuario. Successful exploitation of the vulnerability allows attackers to perform remote code execution with SYSTEM level privileges. The vulnerability exists only when Security Assertion Markup Language (SAML) Single Sing On (SSO) is enabled or was enabled depending on the Zoho ManageEngine products.Has the Vendor Released an Advisory for CVE-2022-47966?Yes, the advisory is available. See the Appendix for a link to “Security advisory for remote code execution vulnerability in multiple ManageEngine products”.Which ManageEngine Products are Vulnerable to CVE-2022-47966?Affected ManageEngine products are available in the advisory.Has the Vendor Released a Patch for CVE-2022-47966?Yes, a patch was released in October 27th, 28th, and November 11th in 2022 depending on the ManageEngine products.What is the Status of Protection?FortiGuard Labs released the following IPS signature in version xxx for CVE-2022-47966:Zoho.ManageEngine.xmlsec.SAML.SSO.Remote.Code.Execution (default action is set to “pass”)

Read More

USN-5823-1 fixed a vulnerability in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to MySQL 5.7.41.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html
https://www.oracle.com/security-alerts/cpujan2023.html

Read More

FEDORA-2023-322314ad50

Packages in this update:

caddy-2.5.2-3.fc37

Update description:

Rebuild for CVE-2022-41717 in golang.

Read More