Category Archives: Advisories

Advisories

firefox-111.0-1.fc37

Read Time:6 Second

FEDORA-2023-24b2b22eca

Packages in this update:

firefox-111.0-1.fc37

Update description:

Update to latest upstream (111.0)

Read More

Advisories

redis-7.0.10-1.fc37

Read Time:34 Second

FEDORA-2023-86068d1187

Packages in this update:

redis-7.0.10-1.fc37

Update description:

Redis 7.0.10 Released Mon Mar 20 16:00:00 IST 2023

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2023-28425) Specially crafted MSETNX command can lead to assertion and denial-of-service

Bug Fixes

Large blocks of replica client output buffer may lead to psync loops and unnecessary memory usage (#11666)
Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875)
Trim excessive memory usage in stream nodes when exceeding stream-node-max-bytes (#11885)
Fix module RM_Call commands failing with OOM when maxmemory is changed to zero (#11319)

Read More

Advisories

redis-7.0.10-1.fc38

Read Time:34 Second

FEDORA-2023-e3e1f9dd4d

Packages in this update:

redis-7.0.10-1.fc38

Update description:

Redis 7.0.10 Released Mon Mar 20 16:00:00 IST 2023

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2023-28425) Specially crafted MSETNX command can lead to assertion and denial-of-service

Bug Fixes

Large blocks of replica client output buffer may lead to psync loops and unnecessary memory usage (#11666)
Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875)
Trim excessive memory usage in stream nodes when exceeding stream-node-max-bytes (#11885)
Fix module RM_Call commands failing with OOM when maxmemory is changed to zero (#11319)

Read More

Advisories

CVE-2012-10009

Read Time:24 Second

A vulnerability was found in 404like Plugin up to 1.0.2. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 2c4b589d27554910ab1fd104ddbec9331b540f7f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223404.

Read More

Advisories

AndroxGh0st Malware Actively Used in the Wild

Read Time:57 Second

FortiGuard Labs is aware that AndroxGh0st malware is actively used in the field to primarily target .env files that contain confidential information such as credentials for various high profile applications such as – AWS, O365, SendGrid, and Twilio from the Laravel web application framework.Why is this Significant?This is significant as AndroxGh0st malware is actively used in the field to target Laravel .env files that contain sensitive information such as credentials for AWS, O365, SendGrid, and Twilio. FortiGuard Labs observes in the wild attempts by the AndroxGh0st malware more than 40,000 Fortinet devices a day.What is AndroxGh0st Malware?AndroxGh0st is a Python malware designed to search for and extract .env files from the Laravel Laravel application.AndroxGh0st supports numerous functions to abuse SMTP such as scanning and exploiting exposed credentials and APIs, and web shell deployment.What is the Status of Protection?FortiGuard Labs has the following AV signatures in place for known AndroxGh0st malware samples:Python/AndroxGhost.A!trPython/AndroxGhost.HACK!trPHP/AndroxGhost.AZZA!trW32/AndroxGhost.HACK!trW32/AndroxGhost.BEAE!trMSIL/AndroxGhost.HACK!trFortiGuard Labs has the following IPS signature in place for AndroxGh0st:AndroxGh0st.Malware

Read More

Advisories

#StopRansomware: LockBit 3.0 (AA23-075A)

Read Time:1 Minute, 53 Second

On March 16th, 2023, CISA, FBI and MS-ISAC released a joint advisory on LockBit 3.0 ransomware as part of #StopRansomware effort. LockBit 3.0, also known as LockBit Black, operates a Ransomware-as-a-Service (RaaS) service and employs a double-extortion tactic to get victims to pay ransom.Why is this Significant?This is significant because organizations hit by ransomware are likely to suffer from and not limited to – operational downtime, damaged reputation, heavy cost of time and manpower due recovery effort, and exposure of stolen data. AA23-075A is the latest #StopRansomware joint advisory released by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing & Analysis Center (MS-ISAC), which provides observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against LockBit 3.0 ransomware.What is LockBit 3.0?LockBit 3.0 is a ransomware variant that is a successor to LockBit and LockBit 2.0 ransomware which was released in mid-2022. The ransomware operates as Ransomware-as-a-Service (RaaS) and employs a double-extortion tactic that demands victims pay ransom to recover affected files and not have stolen information leaked to the public.As a ransomware, LockBit 3.0 encrypts files on compromised machines. Prior to the file encryption routine, attackers exfiltrate information using custom and dual-use tools such as Stealbit and rclone, and publicly available file sharing services. The ransomware also drops a ransom note labeled [Ransomware ID].README.txt. Furthermore, LockBit 3.0 deletes shadow copies to prevent file recovery and replaces desktop wallpaper with its own. The ransomware stops its operation if a compromised machine’s language setting is set to predefined languages such as Russian, Armenian, Belarusian, Georgian and Ukrainian. Example of LockBit 3.0 ransomware’s ransom noteWhat is the Status of Protection?FortiGuard Labs has the following AV signatures in place for LockBit 3.0 samples known to us:W32/Lockbit.K!tr.ransomW32/Filecoder_Lockbit.H!trW32/BlackMatter.D!trW32/BlackMatter.E!tr.ransomW32/BlackMatter.K!tr.ransomW32/BlackMatter.O!tr.ransomW32/Filecoder_BlackMatter.D!trW32/Filecoder_BlackMatter.D!tr.ransomW32/Filecoder_BlackMatter.E!trW32/Filecoder_BlackMatter.E!tr.ransomW32/AZG!tr.ransomNSIS/Injector.AOW!trW32/PossibleThreat

Read More