Read Time:2 Second
Good survey paper.
Daily Archives: December 13, 2024
USN-7157-2: PHP regression
Read Time:55 Second
USN-7157-1 fixed vulnerabilities in PHP. The patch for
CVE-2024-8932 caused a regression in php7.4. This
update fixes the problem.
Original advisory details:
It was discovered that PHP incorrectly handled certain inputs when
processed with convert.quoted-printable decode filters.
An attacker could possibly use this issue to expose sensitive
information or cause a crash. (CVE-2024-11233)
It was discovered that PHP incorrectly handled certain HTTP requests.
An attacker could possibly use this issue to performing arbitrary
HTTP requests originating from the server, thus potentially
gaining access to resources not normally available to the external
user. (CVE-2024-11234)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2024-11236, CVE-2024-8932)
It was discovered that PHP incorrectly handled certain MySQL requests.
An attacker could possibly use this issue to cause the client to
disclose the content of its heap containing data from other SQL requests
and possible other data belonging to different users of the same server.
(CVE-2024-8929)
USN-7157-1: PHP vulnerabilities
Read Time:47 Second
It was discovered that PHP incorrectly handled certain inputs when
processed with convert.quoted-printable decode filters.
An attacker could possibly use this issue to expose sensitive
information or cause a crash. (CVE-2024-11233)
It was discovered that PHP incorrectly handled certain HTTP requests.
An attacker could possibly use this issue to performing arbitrary
HTTP requests originating from the server, thus potentially
gaining access to resources not normally available to the external
user. (CVE-2024-11234)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2024-11236, CVE-2024-8932)
It was discovered that PHP incorrectly handled certain MySQL requests.
An attacker could possibly use this issue to cause the client to
disclose the content of its heap containing data from other SQL requests
and possible other data belonging to different users of the same server.
(CVE-2024-8929)
Ultralytics Supply-Chain Attack
Read Time:1 Minute, 27 Second
Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary:
On December 4, a malicious version 8.3.41 of the popular AI library ultralytics —which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the project’s build environment was achieved by exploiting a known and previously reported GitHub Actions script injection.
Lots more details at that link. Also here.
Seth Michael Larson has a good summary of what should be done next:
From this story, we can see a few places where PyPI can help developers towards a secure configuration without infringing on existing use-cases.
API tokens are allowed to go unused alongside Trusted Publishers. It’s valid for a project to use a mix of API tokens and Trusted Publishers because Trusted Publishers aren’t universally supported by all platforms. However, API tokens that are being unused over a period of time despite releases continuing to be published via Trusted Publishing is a strong indicator that the API token is no longer needed and can be revoked.
GitHub Environments are optional, but recommended, when using a GitHub Trusted Publisher. However, PyPI doesn’t fail or warn users that are using a GitHub Environment that the corresponding Trusted Publisher isn’t configured to require the GitHub Environment. This fact didn’t end up mattering for this specific attack, but during the investigation it was noticed as something easy for project maintainers to miss.
There’s also a more general “What can you do as a publisher to the Python Package Index” list at the end of the blog post.
mingw-directxmath-3.20-1.fc41 mingw-gstreamer1-1.24.10-1.fc41 mingw-gstreamer1-plugins-bad-free-1.24.10-1.fc41 mingw-gstreamer1-plugins-base-1.24.10-1.fc41 mingw-gstreamer1-plugins-good-1.24.10-1.fc41
Read Time:18 Second
FEDORA-2024-0a5722a980
Packages in this update:
mingw-directxmath-3.20-1.fc41
mingw-gstreamer1-1.24.10-1.fc41
mingw-gstreamer1-plugins-bad-free-1.24.10-1.fc41
mingw-gstreamer1-plugins-base-1.24.10-1.fc41
mingw-gstreamer1-plugins-good-1.24.10-1.fc41
Update description:
Update to gstreamer-1.24.10, fixes multiple CVEs.
mingw-directxmath-3.20-1.fc40 mingw-gstreamer1-1.24.10-1.fc40 mingw-gstreamer1-plugins-bad-free-1.24.10-1.fc40 mingw-gstreamer1-plugins-base-1.24.10-1.fc40 mingw-gstreamer1-plugins-good-1.24.10-1.fc40 mingw-orc-0.4.40-1.fc40
Read Time:20 Second
FEDORA-2024-2284729772
Packages in this update:
mingw-directxmath-3.20-1.fc40
mingw-gstreamer1-1.24.10-1.fc40
mingw-gstreamer1-plugins-bad-free-1.24.10-1.fc40
mingw-gstreamer1-plugins-base-1.24.10-1.fc40
mingw-gstreamer1-plugins-good-1.24.10-1.fc40
mingw-orc-0.4.40-1.fc40
Update description:
Update to 1.24.10, fixes multiple CVEs.
US Offers $5M for Info on North Korean IT Worker Fraud
Read Time:8 Second
The US Government is offering a $5 million reward for information leading to the disruption of financial mechanisms supporting North Korea following a six-year conspiracy
2024 Sees Sharp Increase in Microsoft Tool Exploits
Read Time:6 Second
Sophos found observed a significant rise in Microsoft LOLbins abused by attackers in H1 2024 compared to 2023
Akira and RansomHub Surge as Ransomware Claims Reach All-Time High
Read Time:7 Second
Claims on ransomware groups’ data leak sites reached an all-time high in November, with 632 reported victims, according to Corvus Insurance
Researchers Discover Malware Used by Nation-Sates to Attack Industrial Systems
Read Time:8 Second
IOCONTROL, a custom-built IoT/OT malware, was used by Iran-affiliated groups to attack Israel- and US-based OT/IoT devices, according to Claroty