Read Time:5 Second
The Police Service of Northern Ireland has been fined £750K following a serious data breach last year
Monthly Archives: May 2024
ZDI-24-499: (Pwn2Own) TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability
Read Time:18 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a PPTP VPN with LDAP authentication. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-5227.
ZDI-24-500: (Pwn2Own) TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:18 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-5228.
ZDI-24-501: (Pwn2Own) TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:18 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-5242.
ZDI-24-502: (Pwn2Own) TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability
Read Time:18 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-5243.
ZDI-24-503: (Pwn2Own) TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability
Read Time:18 Second
This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2024-5244.
Genesis Market Malware Attack
Read Time:1 Minute, 23 Second
What is the attack?The FortiGuard Lab’s EDR team recently identified malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was dismantled by law enforcement in early 2023. The investigation traced some initial compromises to tools used for circumventing software licensing and counterfeit GPG MSI installers embedded with PowerShell scripts. Following the initial infection, the malware deploys a victim-specific DLL into the machine’s memory. This malware targets Edge, Chrome, Brave, and Opera browsers by installing a “Save to Google Drive” extension, which it uses to steal login credentials and sensitive personal data.What is Genesis Market?Genesis Market is a black market that deals in stolen login credentials, browser cookies, and online fingerprints. Its operation involves infecting victims, extracting data from their browsers, and maintaining persistence on the victim’s machine to steal new data. Although law enforcement agencies dismantled it in the first half of 2023, recent traces of infections suggest a possible attempt to revive its operations. What is the recommended Mitigation?Maintain general awareness and training about the risk of phishing and social engineering attacks. Ensure that all systems and software are kept up-to-date with the latest patches. Organizations can raise the security awareness of their employees that are being targeted by phishing, drive-by download and other forms of cyberattacks using Security Awareness Training.What FortiGuard Coverage is available?FortiEDR in full prevention mode prevents these attacks from propagating onto the machine pre-infection and can prevent exfiltration of data. FortiGuard AV service detects and blocks all the known malware and Web Filtering service has blocked all the known IoCs related to the campaign.
Smashing Security podcast #373: iPhone undeleted photos, and stealing Scarlett Johansson’s voice
Read Time:20 Second
iPhone photos come back from the dead! Scarlett Johansson sounds upset about GPT-4o, and there’s a cockup involving celebrity fakes.
All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Anna Brading of Malwarebytes.
Plus! Don’t miss our featured interview with Sandy Bird of Sonrai Security.
python3.6-3.6.15-30.fc40
Read Time:8 Second
FEDORA-2024-a702b78744
Packages in this update:
python3.6-3.6.15-30.fc40
Update description:
Security fix for CVE-2024-0450 and CVE-2023-6597
USN-6783-1: VLC vulnerabilities
Read Time:10 Second
It was discovered that VLC incorrectly handled certain media files.
A remote attacker could possibly use this issue to cause VLC to crash,
resulting in a denial of service, or potential arbitrary code execution.