FEDORA-2023-c41e8f24bb

Packages in this update:

tigervnc-1.13.0-1.fc36

Update description:

Tigervnc 1.13.0 update.

CVE-2023-0494 tigervnc: xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation

Read More

FEDORA-2023-4d443bd03f

Packages in this update:

tigervnc-1.13.0-1.fc37

Update description:

Tigervnc 1.13.0 update.

CVE-2023-0494 tigervnc: xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation

Read More

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for privilege escalation. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.

Read More

FortiGuard Labs is aware of reports that ESXi servers around the globe that are vulnerable to the VMware ESXi OpenSLP HeapOverflow vulnerability (CVE-2021-21974) are being exploited through the OpenSLP (port 427) to deliver a new ransomware “ESXiArgs”. The ransomware encrypts files in affected ESXi servers and demand a ransom for file decryption.Why is this Significant?This is significant because a new ransomware “ESXiArgs” is being deployed to ESXi servers that are prone to the VMware ESXi OpenSLP HeapOverflow vulnerability (CVE-2021-21974). The ransomware encrypts files with pre-specified file extensions and demands a ransom from victims for file decryption.A patch for CVE-2021-21974 was released almost two years ago, which lowers the impact and severity of this incident.What is ESXiArgs Ransomware?ESXiArgs is a new ransomware that encrypts files on ESXi servers and According to OSINT, the ransomware targets files with “.vmdk”, “.vmx”, “.vmxf”, “.vmsd”, “.vmsn”, “.vswp”, “.vmss”, “.nvram”, and “.vmem” file extensions. The ransomware reportedly creates a args file containing metadata for each file it encrypted. Data exfiltration has not been reported.ESXiArgs ransomware is said to be related to another ransomware “Nevada”, however we have not been able to verify the claim.What is CVE-2021-21974 (VMware ESXi OpenSLP HeapOverflow vulnerability)?CVE-2021-21974 is a heap overflow vulnerability in OpenSLP and affects VMware ESXi version 7.0, 6.7, and 6.5. The vulnerability is due to an improper boundary check condition in the application. A remote, unauthenticated attacker can exploit this to execute arbitrary code with the privileges of the OpenSLP service, via a crafted request the target server.The vulnerability has a CVSS score of 8.8 and is rated important.Has the Vendor Released a Patch for CVE-2021-21974?Yes, VMWare released a patch for CVE-2021-21974 on February 23rd, 2021.What is the Status of Protection?FortuGuard Labs provides protection for this latest attack with the following AV signatures:ELF/Filecoder.85D3!tr.ransomLinux/Agent.SR!trPython/Agent.937D!trFortiGuard Labs has the following IPS signature in place for CVE-2021-21974 (VMware ESXi OpenSLP HeapOverflow vulnerability):• VMware.ESXi.OpenSLP.Heap.Buffer.Overflow

Read More

FortiGuard Labs is aware of a report that a new malware “HeadCrab” was deployed to over 1,000 Redis servers around the globe for crypto mining attacks. HeadCrab threat actor reportedly targets internet facing Redis servers that do not require authentication.Why is this Significant?This is significant because “HeadCrab” malware was discovered to be installed on over 1,000 compromised Redis severs around the globe. While the main purpose of HeadCrab appears to be for crypto mining operations, an attacker can perform other malicious activities and deploy malware to the affected Redis servers since they are under control of the attacker. As such, vulnerable Redis servers exposed to the internet need to be either taken offline or authentication be enabled.What is HeadCrab malware?HeadCrab is a malware that was deployed to internet facing Redis servers which do not require authentication. Once the HeadCrab threat actor finds and compromises a vulnerable Redis server, the compromised server is synchronized with the attacker’s master Redis server, which serves HeadCrab malware.HeadCrab malware receives commands from the attacker’s master Redis server and performs activities accordingly. While the threat actor reportedly used HeadCrab for mining Monero crypto currency, it could be used for other malicious activities such as exfiltrating information. Also, threat actors can serve other malware and perform malicious activities on compromised Redis servers.What is the Status of Protection?FortiGuard Labs detect known HeadCrab malware samples with the following AV signatures:ELF/Miner.AF76!trELF/Agent.D9F0!trELF/Agent.E2A0!tr

Read More

This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. Authentication is required to exploit this vulnerability.

Read More

This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. Authentication is required to exploit this vulnerability.

Read More

This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. Authentication is required to exploit this vulnerability.

Read More