Read Time:5 Second
A malicious actor with local admin privileges could exploit the vulnerability to escape from the VM
Daily Archives: April 26, 2023
USN-6044-1: Linux kernel vulnerabilities
Read Time:30 Second
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
situations. A local attacker could possibly use this to gain elevated
privileges. Please note that with the fix for this CVE, kernel support for
the TCINDEX classifier has been removed. (CVE-2023-1829)
It was discovered that a race condition existed in the io_uring subsystem
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1872)
#RSAC: Google Cloud Introduces Generative AI to Security Tools as LLMs Reach Critical Mass
Read Time:6 Second
Google adds its security large language model to a number of its solutions at the RSA Conference 2023
Alloy Taurus Hackers Update PingPull Malware to Target Linux Systems
Read Time:5 Second
According to Unit 42, the variant uses the same AES key as the original Windows PE malware
CVE-2022-25275
Read Time:45 Second
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the “private” file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config[‘image.settings’][‘allow_insecure_derivatives’] or (Drupal 7) $conf[‘image_allow_insecure_derivatives’] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.
CVE-2022-25274
Read Time:19 Second
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal’s revision system.
CVE-2022-25273
Read Time:15 Second
Drupal core’s form API has a vulnerability where certain contributed or custom modules’ forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
Akamai’s new cloud firewall capabilities aim to protect network edge
Read Time:39 Second
Content delivery network (CDN) and cloud security services provider Akamai Technologies has added a network cloud firewall capability to its cloud-based DDoS platform, Akamai Prolexic.
The new feature is designed to allow Akamai’s customers to define and manage their own firewall rules and access control lists (ACLs) —lists of permissions for resources in a computer system or network —to streamline security for their network edges.
“Eliminating bad traffic is possible because Prolexic sits between our customers’ networks and the internet, and shields applications and systems regardless of where they are deployed: on-premises, in a data center, a public cloud, hybrid cloud, or a colocation facility,” said Sven Dummer, the company’s product marketing director, in a blog post.
USN-6043-1: Linux kernel vulnerabilities
Read Time:27 Second
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
situations. A local attacker could possibly use this to gain elevated
privileges. Please note that with the fix for this CVE, kernel support for
the TCINDEX classifier has been removed. (CVE-2023-1829)
It was discovered that the OverlayFS implementation in the Linux kernel did
not properly handle copy up operation in some conditions. A local attacker
could possibly use this to gain elevated privileges. (CVE-2023-0386)
Iranian hacking group targets Israel with improved phishing attacks
Read Time:18 Second
Iranian state-sponsored threat actor, Educated Manticore, has been observed deploying an updated version of Windows backdoor PowerLess to target Israel for phishing attacks, according to a new report by Check Point.
Researchers have also linked Educated Maticore hackers to APT Phosphorus, which operates in the Middle East and North America.