Read Time:4 Second
ReversingLabs uncovered three additional malevolent packages believed to be part of the campaign
Monthly Archives: September 2023
New Attack Technique “MalDoc in PDF” Alarms Experts
Read Time:5 Second
JPCERT/CC said it can elude detection by embedding a malicious Word file within a PDF document
Medical Data Breach: Ayush Jharkhand Hacked
Read Time:4 Second
According to CloudSEK, the leaked database contains over 320,000 patient records
libssh2-1.10.0-1.el8
Read Time:23 Second
FEDORA-EPEL-2023-1d852648ca
Packages in this update:
libssh2-1.10.0-1.el8
Update description:
Security fix for CVE-2020-22218 (use-of-uninitialized-value in _libssh2_transport_read).
This is an update to version 1.10.0 of libssh2, which includes a fix for the above-mentioned CVE. The package is the same as the one in EPEL-9. It includes a number of bug-fixes and enhancements as detailed in the package changelog.
USN-6336-1: Docker Registry vulnerabilities
Read Time:18 Second
It was discovered that Docker Registry incorrectly handled certain crafted
input, which allowed remote attackers to cause a denial of service. This
issue only affected Ubuntu 16.04 LTS. (CVE-2017-11468)
It was discovered that Docker Registry incorrectly handled certain crafted
input. An attacker could possibly use this issue to cause a denial of
service. (CVE-2017-11468)
USN-6335-1: BusyBox vulnerabilities
Read Time:34 Second
It was discovered that BusyBox incorrectly handled certain malformed gzip
archives. If a user or automated system were tricked into processing a
specially crafted gzip archive, a remote attacker could use this issue to
cause BusyBox to crash, resulting in a denial of service, or execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS.
(CVE-2021-28831)
It was discovered that BusyBox did not properly validate user input when
performing certain arithmetic operations. If a user or automated system
were tricked into processing a specially crafted file, an attacker could
possibly use this issue to cause BusyBox to crash, resulting in a denial
of service, or execute arbitrary code. (CVE-2022-48174)
Sensitive Data about UK Military Sites Potentially Leaked by LockBit
Read Time:6 Second
Zaun, the UK’s only manufacturer of fencing systems, saw its IT systems being compromised in early August
USN-6334-1: atftp vulnerabilities
Read Time:30 Second
Peter Wang discovered that atftp did not properly manage certain inputs. A
remote attacker could send a specially crafted tftp request to the server
to cause a crash. (CVE-2020-6097)
Andreas B. Mundt discovered that atftp did not properly manage certain
inputs. A remote attacker could send a specially crafted tftp request to
the server to cause a crash. (CVE-2021-41054)
Johannes Krupp discovered that atftp did not properly manage certain
inputs. A remote attacker could send a specially crafted tftp request to
the server and make the server to disclose /etc/group data.
(CVE-2021-46671)