Read Time:4 Second
SmokeLoader malware identified targeting Taiwanese firms via phishing, exploiting Microsoft Office vulnerabilities
Monthly Archives: December 2024
USN-7132-1: PostgreSQL vulnerabilities
Read Time:37 Second
It was discovered that PostgreSQL incorrectly tracked tables with row
security. A remote attacker could possibly use this issue to perform
forbidden reads and modifications. (CVE-2024-10976)
Jacob Champion discovered that PostgreSQL clients used untrusted server
error messages. An attacker that is able to intercept network
communications could possibly use this issue to inject error messages that
could be interpreted as valid query results. (CVE-2024-10977)
Tom Lane discovered that PostgreSQL incorrectly handled certain privilege
assignments. A remote attacker could possibly use this issue to view or
change different rows from those intended. (CVE-2024-10978)
Coby Abrams discovered that PostgreSQL incorrectly handled environment
variables. A remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2024-10979)
Details about the iOS Inactivity Reboot Feature
Read Time:15 Second
I recently wrote about the new iOS feature that forces an iPhone to reboot after it’s been inactive for a longish period of time.
Here are the technical details, discovered through reverse engineering. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-Fi.
Russia Arrests Prominent Ransomware Operator
Read Time:5 Second
Mikhail Matveev, aka WazaWaka, had worked with several ransomware groups, including Babuk, Conti, Darkside, Hive and LockBit
Bologna FC Hit By 200GB Data Theft and Ransom Demand
Read Time:6 Second
Bologna FC has revealed a ransomware attack, with data on players, fans and employees thought to have been stolen
Global Police Arrest 5500 in $400m Cyber-Fraud Crackdown
Read Time:7 Second
Interpol’s Operation Haechi V has led to the arrest of over 5500 individuals and seizure of $400m obtained via online fraud
USN-6846-2: Ansible regression
Read Time:39 Second
USN-6846-1 fixed vulnerabilities in ansible. The update introduced a
regression in ansible. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Ansible incorrectly handled certain inputs when
using tower_callback parameter. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker
could possibly use this issue to obtain sensitive information. This issue
only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2022-3697)
It was discovered that Ansible incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to perform a
Template Injection. (CVE-2023-5764)
ZDI-24-1631: Hewlett Packard Enterprise AutoPass License Server Authentication Bypass Vulnerability
Read Time:13 Second
This vulnerability allows remote attackers to bypass authentication on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2024-51767.
ZDI-24-1632: Hewlett Packard Enterprise AutoPass License Server hsqldb Remote Code Execution Vulnerability
Read Time:16 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise AutoPass License Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.0. The following CVEs are assigned: CVE-2024-51768.
ZDI-24-1633: Hewlett Packard Enterprise AutoPass License Server SQL Injection Information Disclosure Vulnerability
Read Time:14 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-51769.