This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-439: Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-440: Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
DSA-5092 linux – security update
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
Conti ransomware, which leaked ransomware victims’ data, has its own data leaked
Oh how embarrassing for the criminal gang who extorted millions from businesses by threatening to leak their data, that someone leaked some 160,000 messages between their members as well as their malware source code.
USN-5314-1: Firefox vulnerabilities
A use-after-free was discovered when removing an XSLT parameter in some
circumstances. If a user were tricked into opening a specially crafted
website, an attacker could exploit this to cause a denial of service, or
execute arbitrary code. (CVE-2022-26485)
A use-after-free was discovered in the WebGPU IPC framework. If a user
were tricked into opening a specially crafted website, an attacker could
exploit this to cause a denial of service, or execute arbitrary code.
(CVE-2022-26486)
DSA-5090 firefox-esr – security update
Two security issues have been found in the Mozilla Firefox web browser,
which result in the execution of arbitrary code.
DSA-5091 containerd – security update
Felix Wilhelm discovered that the containerd container runtime was
susceptible to information disclosure via malformed container images.
Friday Squid Blogging: Far Side Cartoon
Nvidia hackers release code-signing certificates that malware can abuse
The hacker group that recently broke into systems belonging to graphics chip maker Nvidia has released two of the company’s old code-signing certificates. Researchers warn the drivers could be used to sign kernel-level malware and load it on systems that have driver signature verification.
The certificates were part of a large cache of files that hackers claim totals 1TB and includes source code and API documentation for GPU drivers. Nvidia confirmed it was the target of an intrusion and that the hackers took “employee passwords and some Nvidia proprietary information,” but did not confirm the size of the data breach.
What happened with the Nvidia data breach?
On February 24 an extortion group calling itself LAPSUS$ claimed publicly that it had administrative access to multiple Nvidia systems for around a week and managed to exfiltrate 1TB of data including hardware schematics, driver source code, firmware, documentation, private tools and SDKs, and “everything about Falcon” — a hardware security technology embedded in Nvidia GPUs that’s meant to prevent those GPUs from being misprogrammed.