Category Archives: Advisories

New Ransomware “Black Basta” in the Wild

Read Time:1 Minute, 50 Second

FortiGuard Labs is aware of a new ransomware variant called “Black Basta” discovered in the wild. The ransomware employs a double-extortion tactic in which it encrypts files and exfiltrates confidential information from the victim, then demands a ransom for decrypting the affected files and threatens to publicize the exfiltrated data if a ransom is not paid.Black Basta ransomware is reported to have victimized several organizations in multiple countries.Why is this Significant?This is significant because Black Basta is a new ransomware that is reported to have victimized several organizations in multiple countries.What is Black Basta ransomware?Black Basta is a new ransomware that demands ransom from the victim for decrypting victim’s files it encrypted and not to release the stolen data to the public.Black Basta ransomware deletes shadow copies from the compromised machine, which prevents the victim from being able to recover any files that have been encrypted. The ransomware also replaces the desktop wallpaper with an image with a black background that has the following ransom message:Your network is encrypted by the Black Basta group.Instructions in the filereadme.txt.The ransomware then will then restart the compromised machine in safe mode with the Windows Fax service running. After the reboot, the service launches the ransomware in order to start encrypting files. Files that are encrypted by Black Basta ransomware have “.basta” file extension and also have the ransomware’s own file icon. Readme.txt, also dropped by the ransomware, contains a ransom note to instruct the victim to use a specific TOR address to contact the attacker.What does the Windows Fax service have to do with this? Is it Vulnerable?The Windows Fax Service is not vulnerable. The Windows Fax service is attacked to maintain persistence and in this variant of Black Basta, it is hijacking an existing service name (in this case Windows Fax), deleting it, and spawning a new service with the same name.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against known samples of Black Basta ransomware: W32/Filecoder.OKW!tr W32/Kryptik.HPHI!trW32/Filecoder.OKT!trW32/Filecoder.OKW!tr.ransomW32/Filecoder.OKT!tr.ransomW32/Malicious_Behavior.VEX

Read More

seamonkey-2.53.12-1.el7

Read Time:32 Second

FEDORA-EPEL-2022-b270c3600b

Packages in this update:

seamonkey-2.53.12-1.el7

Update description:

Update to 2.53.12

For compatibility with modern sites the default version of Firefox for the User-Agent string has now been set to 78.0 . The value can be changed in Preferences–>Advanced–>HTTP Networking .

Note that besides the ordinary builds for the current Fedora and EPEL branches, there is an additional distro-independed build available at https://buc.fedorapeople.org/seamonkey . So if you have friends who use other Linux distro, but that distro does not provide SeaMonkey yet, you can recommend it for them.

Read More

seamonkey-2.53.12-1.el8

Read Time:32 Second

FEDORA-EPEL-2022-246502ed7f

Packages in this update:

seamonkey-2.53.12-1.el8

Update description:

Update to 2.53.12

For compatibility with modern sites the default version of Firefox for the User-Agent string has now been set to 78.0 . The value can be changed in Preferences–>Advanced–>HTTP Networking .

Note that besides the ordinary builds for the current Fedora and EPEL branches, there is an additional distro-independed build available at https://buc.fedorapeople.org/seamonkey . So if you have friends who use other Linux distro, but that distro does not provide SeaMonkey yet, you can recommend it for them.

Read More

seamonkey-2.53.12-1.fc34

Read Time:32 Second

FEDORA-2022-abbb9d5575

Packages in this update:

seamonkey-2.53.12-1.fc34

Update description:

Update to 2.53.12

For compatibility with modern sites the default version of Firefox for the User-Agent string has now been set to 78.0 . The value can be changed in Preferences–>Advanced–>HTTP Networking .

Note that besides the ordinary builds for the current Fedora and EPEL branches, there is an additional distro-independed build available at https://buc.fedorapeople.org/seamonkey . So if you have friends who use other Linux distro, but that distro does not provide SeaMonkey yet, you can recommend it for them.

Read More

seamonkey-2.53.12-1.fc35

Read Time:32 Second

FEDORA-2022-7c0f2c2d67

Packages in this update:

seamonkey-2.53.12-1.fc35

Update description:

Update to 2.53.12

For compatibility with modern sites the default version of Firefox for the User-Agent string has now been set to 78.0 . The value can be changed in Preferences–>Advanced–>HTTP Networking .

Note that besides the ordinary builds for the current Fedora and EPEL branches, there is an additional distro-independed build available at https://buc.fedorapeople.org/seamonkey . So if you have friends who use other Linux distro, but that distro does not provide SeaMonkey yet, you can recommend it for them.

Read More

seamonkey-2.53.12-1.fc36

Read Time:32 Second

FEDORA-2022-bbee226200

Packages in this update:

seamonkey-2.53.12-1.fc36

Update description:

Update to 2.53.12

For compatibility with modern sites the default version of Firefox for the User-Agent string has now been set to 78.0 . The value can be changed in Preferences–>Advanced–>HTTP Networking .

Note that besides the ordinary builds for the current Fedora and EPEL branches, there is an additional distro-independed build available at https://buc.fedorapeople.org/seamonkey . So if you have friends who use other Linux distro, but that distro does not provide SeaMonkey yet, you can recommend it for them.

Read More

CVE-2021-22680

Read Time:13 Second

NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

Read More

USN-5390-2: Linux kernel (Raspberry Pi) vulnerabilities

Read Time:36 Second

David Bouman discovered that the netfilter subsystem in the Linux kernel
did not properly validate passed user register indices. A local attacker
could use this to cause a denial of service or possibly execute arbitrary
code. (CVE-2022-1015)

David Bouman discovered that the netfilter subsystem in the Linux kernel
did not initialize memory in some situations. A local attacker could use
this to expose sensitive information (kernel memory). (CVE-2022-1016)

It was discovered that the ST21NFCA NFC driver in the Linux kernel did not
properly validate the size of certain data in EVT_TRANSACTION events. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-26490)

Read More

CVE-2021-29854

Read Time:23 Second

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680.

Read More