This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Category Archives: Advisories
ZDI-22-512: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-511: Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
LokiLocker Ransomware with Built-in Wiper Functionality
FortiGuard Labs is aware of a report that LokiLocker ransomware is equipped with built-in wiper functionality. The ransomware targets the Windows OS and is capable of erasing all non-system files and overwriting the Master Boot Record (MBR) if the victim opts not to pay the ransom, leaving the compromised machine unusable. According to the report, most victims of LokiLocker ransomware are in Eastern Europe and Asia.Why is this Significant?This is significant because LokiLocker ransomware has built-in wiper functionality which can overwrite the MBR and delete all non-system files on the compromised machine if the victim does not pay ransom in a set time frame. Successfully overwriting the MBR will leave the machine unusable.What is LokiLocker Ransomware?LokiLocker is a .NET ransomware that has been active since as early as August 2021. The ransomware encrypts files on the compromised machines and demands ransom from the victim to recover the encrypted files. The ransomware adds a “.Loki” file extension to the files it encrypted. It also leaves a ransom note in a Restore-My-Files.txt file. The malware is protected with NETGuard, an open-source tool for protecting .NET applications, as well as KoiVM, a virtualizing protector for .NET applications.LokiLocker has a built-in configuration file, which contains information such as the attacker’s email address, campaign or affiliate name, Command-and-Control (C2) server address and wiper timeout. Wiper timeout is set to 30 days by default. The value tells the ransomware to wait 30 days before deleting non-system files and overwriting the Master Boot Record (MBR) of the compromised machine. The configuration also has execution options which controls what actions the ransomware should or should not carry out on the compromised machine. The execution options include not wiping the system and the MBR, not encrypting the C Drive and not scanning for and encrypting network shares. The wiping option is set to false by default, however the option can be modified by the attacker.How is LokiLocker Ransomware Distributed?While the current infection vector is unknown, early LokiLocker variants were distributed through Trojanized brute-checker hacking tools. According to the public report, most victims of LokiLocker ransomware are in Eastern Europe and Asia. Fortinet’s telemetry indicates the C2 domain was accessed the most from India, followed by Canada, Chile and Turkey.What is the Status of Coverage?FortiGuard Labs provide the following AV coverage:W32/DelShad.GRG!tr.ransomW32/DelShad.GSE!tr.ransomW32/DelShad.GUJ!tr.ransomW32/Filecoder.AKJ!trW32/Generic.AC.171!trW32/PossibleThreatW32/Ramnit.AMSIL/Filecoder.AKJ!trMSIL/Filecoder.AKJ!tr.ransomMSIL/Filecoder_LokiLocker.D!trMSIL/Filecoder.4AF0!tr.ransomMSIL/Filecoder.64CF!tr.ransomPossibleThreatAll known network IOC’s are blocked by the FortiGuard WebFiltering client.
DSA-5105 bind9 – security update
Two vulnerabilities were found in the BIND DNS server, which could
result in denial of service or cache poisoning.
DSA-5104 chromium – security update
Multiple security issues were discovered in Chromium, which
could result in the execution of arbitrary code, denial of service
or information disclosure.
openvpn-2.5.6-1.el9
FEDORA-EPEL-2022-7a48f758c5
Packages in this update:
openvpn-2.5.6-1.el9
Update description:
This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.
NOTE: Please read the CVE description carefully if you use authentication plug-ins with a server configuration.
openvpn-2.4.12-1.el8
FEDORA-EPEL-2022-883139a5ce
Packages in this update:
openvpn-2.4.12-1.el8
Update description:
This is a security and bugfix release of OpenVPN 2.4 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.
NOTE: Please read the CVE description carefully if you use authentication plug-ins with a server configuration.
WARNING: OpenVPN 2.4 will from now only receive security and critical bug fixes for the next 12 months. Please consider to upgrade to OpenVPN 2.5 via Fedora Copr builds.
openvpn-2.4.12-1.el7
FEDORA-EPEL-2022-3f443e2e1e
Packages in this update:
openvpn-2.4.12-1.el7
Update description:
This is a security and bugfix release of OpenVPN 2.4 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.
NOTE: Please read the CVE description carefully if you use authentication plug-ins with a server configuration.
WARNING: OpenVPN 2.4 will from now only receive security and critical bug fixes for the next 12 months. Please consider to upgrade to OpenVPN 2.5 via Fedora Copr builds.
USN-5333-2: Apache HTTP Server vulnerabilities
USN-5333-1 fixed several vulnerabilities in Apache. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Chamal De Silva discovered that the Apache HTTP Server mod_lua module
incorrectly handled certain crafted request bodies. A remote attacker could
possibly use this issue to cause the server to crash, resulting in a denial
of service. (CVE-2022-22719)
James Kettle discovered that the Apache HTTP Server incorrectly closed
inbound connection when certain errors are encountered. A remote attacker
could possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-22720)
It was discovered that the Apache HTTP Server incorrectly handled large
LimitXMLRequestBody settings on certain platforms. In certain
configurations, a remote attacker could use this issue to cause the server
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-22721)
Ronald Crane discovered that the Apache HTTP Server mod_sed module
incorrectly handled memory. A remote attacker could use this issue to cause
the server to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2022-23943)