HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2.”
Category Archives: Advisories
DSA-5237 firefox-esr – security update
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, CSP bypass or session fixation.
bind-9.16.33-1.fc35 bind-dyndb-ldap-11.9-16.fc35
FEDORA-2022-b197d64471
Packages in this update:
bind-9.16.33-1.fc35
bind-dyndb-ldap-11.9-16.fc35
Update description:
Upstream release notes
Joint CyberSecurity Alert (AA22-264A) Iranian Threat Actors Targeting Albania
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) today released a joint Cybersecurity Advisory that highlights recent campaigns targeting the Government of Albania in July and September of this year.Attacks have been attributed to threat actors named “HomeLand Justice” and their modus operandi appears to be disruption (rendering services offline) and destruction (wiping of disk drives and ransomware style encryption). It was observed that the threat actors also maintained persistence for over a year before these attacks were carried out. Other observed attacks were the exfiltration of data such as email, credentials and lateral movement. The attacks have been attributed to the government of Iran.What are the Technical Details of this Attack?Per the Joint Advisory, the threat actors used CVE-2019-0604, which is a vulnerability in Microsoft SharePoint (public facing) to obtain initial access. The threat actor used several webshells to establish and maintain persistence. Persistence and lateral movement were then established after compromise for several months before campaign activity began.Other observations were the usage of Remote Desktop Protocol (RDP), Server Message Block (SMB) and File Transfer Protocol (FTP) to maintain access. Once this was established, the attackers then moved on and compromised the targets Microsoft Exchange servers (further details are unknown) to create a rogue Exchange account to allow for further privilege escalation via the addition of an Organization Management role. Exfiltration and compromise of the Exchange server occurred over 6-8 months where roughly 20GB of data was exfiltrated. The attackers also leveraged VPN access, using compromised accounts, where Advanced port scanner, Mimikatz and LSASS tools were used. To cap off the campaign, the threat actors finally used a file cryptor via the victim’s print server via RDP which would then propagate the file cryptor internally. This targeted specific file extensions, and after encryption, leaving a note behind. Furthering damage and adding insult to injury, hours after encryption took place, the threat actor will kick off another final devastating attack. The wiping of targeted disk drives.Is this Attack Widespread?No. Attacks are targeted and limited in scope.Any Suggested Mitigation?Due to the complexity and sophistication of the attack, FortiGuard Labs recommends that all AV and IPS signatures, (including but not limited to) the update and patching of all known vulnerabilities within an environment are addressed as soon as possible. Also, providing awareness and situational training for personnel to identify potential social engineering attacks via spearphishing, SMShing, and other social engineering attacks that could allow an adversary to establish initial access into a targeted environment is recommended.What is the Status of Coverage?For publically available samples, customers running the latest AV definitions are protected by the following signatures:BAT/BATRUNGOXML.VSNW0CI22!trW32/Filecoder.OLZ!tr.ransomW32/GenCBL.BUN!trW32/PossibleThreatRiskware/Disabler.B
CVE-2021-27774
User input included in error response, which could be used in a phishing attack.
python3.6-3.6.15-5.fc35
FEDORA-2022-a27e239f5a
Packages in this update:
python3.6-3.6.15-5.fc35
Update description:
Fix for CVE-2021-28861
python3.6-3.6.15-11.fc36
FEDORA-2022-a2be4bd5d8
Packages in this update:
python3.6-3.6.15-11.fc36
Update description:
Fix for CVE-2021-28861
python3.6-3.6.15-12.fc37
FEDORA-2022-7fff0f2b0b
Packages in this update:
python3.6-3.6.15-12.fc37
Update description:
Fix for CVE-2021-28861
CVE-2021-39190
The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist.
bind-9.16.33-1.fc36 bind-dyndb-ldap-11.9-20.fc36
FEDORA-2022-8268735e06
Packages in this update:
bind-9.16.33-1.fc36
bind-dyndb-ldap-11.9-20.fc36
Update description:
Upstream release notes