Category Archives: Advisories

Threat Actors leveraging the recent CrowdStrike update outage

Read Time:1 Minute, 10 Second

DescriptionFortiGuard Labs is aware of the campaigns used by threat actors to spread malware, using phishing and scams to take advantage of the recent widespread global IT outage affecting Microsoft Windows hosts. This outage is due to an issue with a recent CrowdStrike update that can cause a bug check or Blue Screen of Death (BSOD) on the affected Windows machines which may get stuck in a restarting state.  Why is it significant?The outage has caused many businesses’ operations to a halt worldwide across a variety of industries, including hospitals, banks, stock exchanges, and other institutions, as some Microsoft-based computers ceased to work. The threat actors have taken advantage of such events to spread malware, use phishing, and attempt other scams. What is the suggested mitigation?FortiGuards Labs recommends users to go through the vendor’s guidance to resolve the issue as soon as possible. Falcon Content Update Remediation and Guidance Hub – CrowdStrikeDo not fall victim to any phishing/scam attacks that the threat actors may take advantage of. Follow the security best practices and only use trusted sources. What is the FortiGuard Protection?All the known Indicators of Compromise (IoCs), including the File hashes, IP addresses, Domains, and URLs used by threat actors in the related campaigns are blocked by the FortiGuard Web Filtering Service.To detect and block known malware related to the associated campaigns, the FortiGuard AV signatures are available.

Read More

CyberDanube Security Research 20240722-0 | Multiple Vulnerabilities in Perten/PerkinElmer ProcessPlus

Read Time:16 Second

Posted by Thomas Weber via Fulldisclosure on Jul 22

CyberDanube Security Research 20240722-0
——————————————————————————-
title| Multiple Vulnerabilities
product| Perten Instruments Process Plus Software
vulnerable version| <=1.11.6507.0
fixed version| 2.0.0
CVE number| CVE-2024-6911, CVE-2024-6912, CVE-2024-6913
impact| High
homepage| https://perkinelmer.com

Read More

USN-6905-1: Rack vulnerabilities

Read Time:24 Second

It was discovered that Rack incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause
Rack to consume resources, leading to a denial of service.
(CVE-2023-27539)

It was discovered that Rack incorrectly handled Multipart MIME parsing.
A remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-27530)

Read More

A Vulnerability in Cisco Secure Email Gateway Could Allow for Remote Code Execution

Read Time:28 Second

A vulnerability has been discovered in Cisco Secure Email Gateway that could allow for remote code execution. Cisco Secure Email Gateway is an email security product that uses signature analysis and machine learning to identify and block malicious emails before they reach recipients inboxes. Successful exploitation could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.

Read More

exim-4.98-2.el8

Read Time:10 Second

FEDORA-EPEL-2024-0f1d365d9d

Packages in this update:

exim-4.98-2.el8

Update description:

This is an update enabling SRS support.

This is new version of exim fixing CVE-2024-39929.

Read More