The UK’s National Cyber Security Centre has produced new guidance for smaller firms on PBX attacks
Monthly Archives: February 2024
Attacker Breakout Time Falls to Just One Hour
It now takes threat actors on average just 62 minutes to move laterally from initial access, Crowdstrike claims
SEC Consult SA-20240220-0 :: Multiple Stored Cross-Site Scripting Vulnerabilities in OpenOLAT (Frentix GmbH)
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 20
SEC Consult Vulnerability Lab Security Advisory < 20240220-0 >
=======================================================================
title: Multiple Stored Cross-Site Scripting Vulnerabilities
product: OpenOLAT (Frentix GmbH)
vulnerable version: <= 18.1.4 and <= 18.1.5
fixed version: 18.1.6 / 18.2
CVE number: CVE-2024-25973, CVE-2024-25974
impact: High…
Re: Buffer Overflow in graphviz via via a crafted config6a file
Posted by Matthew Fernandez on Feb 20
The fix for this ended up landing in Graphviz 10.0.1, available at
https://graphviz.org/download/.
Details of this CVE (CVE-2023-46045) are now published, but the CPEs are
incomplete. For those who track such things, the affected range is
[2.36.0, 10.0.1).
CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool
Posted by Jeroen J.A.W. Hermans via Fulldisclosure on Feb 20
CloudAware Security Advisory
CVE-2024-24681: Insecure AES key in Yealink Configuration Encrypt Tool
========================================================================
Summary
========================================================================
A single, vendorwide, hardcoded AES key in the configuration tool used to
encrypt provisioning documents was leaked leading to a compromise of
confidentiality of provisioning documents….
Microsoft Windows Defender / Backdoor:JS/Relvelshe.A / Detection Mitigation Bypass
Posted by hyp3rlinx on Feb 20
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
https://hyp3rlinx.altervista.org/advisories/Windows_Defender_Backdoor_JS.Relvelshe.A_Detection_Mitigation_Bypass.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec
[Vendor]
www.microsoft.com
[Product]
Windows Defender
[Vulnerability Type]
Detection Mitigation Bypass
Backdoor:JS/Relvelshe.A
[CVE Reference]
N/A
[Security Issue]
Back in 2022 I released a…
Microsoft Windows Defender / VBScript Detection Bypass
Posted by hyp3rlinx on Feb 20
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_VBSCRIPT_TROJAN_MITIGATION_BYPASS.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec
[Vendor]
www.microsoft.com
[Product]
Windows Defender
[Vulnerability Type]
Windows Defender VBScript Detection Mitigation Bypass
TrojanWin32Powessere.G
[CVE Reference]
N/A
[Security Issue]…
Microsoft Windows Defender / Trojan.Win32/Powessere.G / Detection Mitigation Bypass Part 3
Posted by hyp3rlinx on Feb 20
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART_3.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec
[Vendor]
www.microsoft.com
[Product]
Windows Defender
[Vulnerability Type]
Windows Defender Detection Mitigation Bypass
TrojanWin32Powessere.G
[CVE Reference]
N/A
[Security Issue]…
ZDI-24-184: Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50232.
ZDI-24-185: Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50233.