Read Time:2 Second
Suspected website administrator arrested in Croatia
Yearly Archives: 2023
chromium-111.0.5563.64-1.el9
Read Time:29 Second
FEDORA-EPEL-2023-a283f53190
Packages in this update:
chromium-111.0.5563.64-1.el9
Update description:
update to 111.0.5563.64. Fixes the following security issues:
CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0932 CVE-2023-0933 CVE-2023-0941 CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217 CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 CVE-2023-1223 CVE-2023-1224 CVE-2023-1225 CVE-2023-1226 CVE-2023-1227
chromium-111.0.5563.64-1.fc36
Read Time:29 Second
FEDORA-2023-015e4d696d
Packages in this update:
chromium-111.0.5563.64-1.fc36
Update description:
update to 111.0.5563.64. Fixes the following security issues:
CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0932 CVE-2023-0933 CVE-2023-0941 CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217 CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 CVE-2023-1223 CVE-2023-1224 CVE-2023-1225 CVE-2023-1226 CVE-2023-1227
chromium-111.0.5563.64-1.el8
Read Time:29 Second
FEDORA-EPEL-2023-1dc713f355
Packages in this update:
chromium-111.0.5563.64-1.el8
Update description:
update to 111.0.5563.64. Fixes the following security issues:
CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0932 CVE-2023-0933 CVE-2023-0941 CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217 CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 CVE-2023-1223 CVE-2023-1224 CVE-2023-1225 CVE-2023-1226 CVE-2023-1227
CVE-2017-20182
Read Time:26 Second
A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 329eb1dd1580ca1f9d4f95bc69939833226515c9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222611.
CVE-2014-125093
Read Time:24 Second
A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 3312b9cd79e5710d1e282fc9216a4e5ab31b3d94. It is recommended to upgrade the affected component. VDB-222610 is the identifier assigned to this vulnerability.
Another Malware with Persistence
Read Time:1 Minute, 6 Second
Here’s a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates.
On Thursday, security firm Mandiant published a report that said threat actors with a suspected nexus to China were engaged in a campaign to maintain long-term persistence by running malware on unpatched SonicWall SMA appliances. The campaign was notable for the ability of the malware to remain on the devices even after its firmware received new firmware.
“The attackers put significant effort into the stability and persistence of their tooling,” Mandiant researchers Daniel Lee, Stephen Eckels, and Ben Read wrote. “This allows their access to the network to persist through firmware updates and maintain a foothold on the network through the SonicWall Device.”
To achieve this persistence, the malware checks for available firmware upgrades every 10 seconds. When an update becomes available, the malware copies the archived file for backup, unzips it, mounts it, and then copies the entire package of malicious files to it. The malware also adds a backdoor root user to the mounted file. Then, the malware rezips the file so it’s ready for installation.
“The technique is not especially sophisticated, but it does show considerable effort on the part of the attacker to understand the appliance update cycle, then develop and test a method for persistence,” the researchers wrote.
CVE-2013-10020
Read Time:24 Second
A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2. This affects an unknown part of the file a-forms.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 3e693197bd69b7173cc16d8d2e0a7d501a2a0b06. It is recommended to upgrade the affected component. The identifier VDB-222609 was assigned to this vulnerability.
CISA Adds CVE-2022-28810, CVE-2022-33891 and CVE-2022-35914 to the Known Exploited Vulnerabilities Catalog
Read Time:2 Minute, 10 Second
FortiGuard Labs is aware that the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability), CVE-2022-33891 (Apache Spark Command Injection Vulnerability) and CVE-2022-35914 (Teclib GLPI Remote Code Execution Vulnerability) to their Known Exploited Vulnerabilities catalog on March 7, 2023. The catalog lists vulnerabilities that are being actively exploited in the wild.Why is this Significant?This is significant because CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability), CVE-2022-33891 (Apache Spark Command Injection Vulnerability) and CVE-2022-35914 (Teclib GLPI Remote Code Execution Vulnerability) are on the CISA’s Known Exploited Vulnerabilities Catalog which are being actively exploited in the wild. As such, patches should be applied to the vulnerabilities as soon as possible.What is CVE-2022-28810?CVE-2022-28810 is a Remote Code Execution (RCE) vulnerability in Zoho ManageEngine ADSelfService Plus. A remote attacker may be able to exploit this to execute arbitrary remote code within the context of the application, via a malicious HTTP request.The vulnerability is rated “high” by Zoho and affects builds 6121 and below.What is CVE-2022-33891?CVE-2022-33891 is a Command Injection Vulnerability in Apache Software Foundation Spark. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation of this vulnerability can result in the execution of arbitrary commands in the security context of the user running the vulnerable server.The vulnerability is rated “important” by Apache and affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.What is CVE-2022-35914?CVE-2022-35914 a code injection vulnerability in GLPI-Project GLPI. The vulnerability is due to improper validation of user configuration data sent to the endpoint htmLawedTest.php. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary code execution in the security context of the web server process.Have the Vendors Released a Patch for CVE-2022-28810, CVE-2022-33891 and CVE-2022-35914?Yes. Patches for CVE-2022-28810, CVE-2022-33891 and CVE-2022-35914 are available.What is the Status of Protection?FortiGuard Labs has the following IPS protection in place for CVE-2022-28810, CVE-2022-33891 and CVE-2022-35914:Zoho.ManageEngine.ADSelfService.Plus.Custom.Script.Execution (CVE-2022-28810)Apache.Spark.getUnixGroups.Command.Injection (CVE-2022-33891)GLPI-Project.GLPI.htmLawedTest.php.Code.Injection (CVE-2022-35914)
Stolen credentials increasingly empower the cybercrime underground
Read Time:42 Second
The cybercrime underground has long functioned as an open market where sellers of products and services are paired with buyers and contractors. One of the most valuable commodities on this market are stolen credentials since they can provide attackers with access into networks, databases, and other assets owned by organizations. It’s no surprise to see cybercriminals focused on this valuable commodity.
“Last year, 4,518 data breaches were reported,” researchers from Flashpoint said in a new report. “Threat actors exposed or stole 22.62 billion credentials and personal records, ranging from account and financial information to emails and Social Security numbers.” Over 60% of these credentials and other details were stolen from organizations in the information sector, and these organizations generally host data for clients from many other industries.