Engineer's Toolset Security Vulnerabilities

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security...

Important: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487]...

go-toolset and golang security and bug fix update

An update is available for go-toolset, golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and...

go-toolset:rhel8 security update

An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset....

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487] (CVE-2023-39325) HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable...

Rocky Linux 9 : go-toolset and golang (RLSA-2023:5738)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5738 advisory. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of...

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2023:5721)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5721 advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the...

Oracle Linux 9 : go-toolset / and / golang (ELSA-2023-5738)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5738 advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the...

go-toolset:ol8 security update

delve golang [1.19.13-1] - Rebase to Go 1.19.13 [CVE-2023-39325] [CVE-2023-44487] go-toolset [1.19.13-1] - Rebase to Go 1.19.13 [CVE-2023-39325] ...

go-toolset and golang security and bug fix update

golang [1.19.13-1] - Update to go 1.19.13 [CVE-2023-44487] [CVE-2023-39325] [CVE-2023-29409] go-toolset [1.19.13-1] - Update to Go version...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2023-5721)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5721 advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the...

ILSpy - .NET Decompiler With Support For PDB Generation, ReadyToRun, Metadata (and More) - Cross-Platform!

ILSpy is the open-source .NET assembly browser and decompiler. Decompiler Frontends Aside from the WPF UI ILSpy (downloadable via Releases, see also plugins), the following other frontends are available: Visual Studio 2022 ships with decompilation support for F12 enabled by default (using our...

APT trends report Q3 2023

For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2023:5721)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:5721 advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total...

AlmaLinux 9 : go-toolset and golang (ALSA-2023:5738)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5738 advisory. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of...

(RHSA-2023:5738) Important: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487]...

(RHSA-2023:5721) Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487] (CVE-2023-39325) HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable...

(RHSA-2023:5719) Important: go-toolset-1.19 and go-toolset-1.19-golang security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487] (CVE-2023-39325) HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable...

Important: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487]...

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487] (CVE-2023-39325) HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to...

RHEL 7 : go-toolset-1.19 and go-toolset-1.19-golang (RHSA-2023:5719)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5719 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang:...

CentOS 8 : go-toolset:rhel8 (CESA-2023:5721)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:5721 advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the...

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487] (CVE-2023-39325) HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to...

Important: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487]...

RHEL 8 : go-toolset:rhel8 (RHSA-2023:5721)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5721 advisory. golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) golang: crypto/tls: slow verification of certificate chains...

RHEL 9 : go-toolset and golang (RHSA-2023:5738)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5738 advisory. golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) golang: crypto/tls: slow verification of certificate chains...

ToddyCat: Keep calm and check logs

ToddyCat is an advanced APT actor that we described in a previous publication last year. The group started its activities in December 2020 and has been responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Our first publication was focused on their main tools,.....

S4UTomato - Escalate Service Account To LocalSystem Via Kerberos

Escalate Service Account To LocalSystem via Kerberos. Traditional Potatoes Friends familiar with the "Potato" series of privilege escalation should know that it can elevate service account privileges to local system privileges. The early exploitation techniques of "Potato" are almost identical:...

Dissect - Digital Forensics, Incident Response Framework And Toolset That Allows You To Quickly Access And Analyse Forensic Artefacts From Various Disk And File Formats

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group). This project is a meta package, it will install all other Dissect modules with the.....

Unlock Broader Detections and Forensics with Velociraptor in Rapid7 XDR

Nearly 70% of companies that are breached are likely to get breached again within twelve months (CPO). Effective remediation and addressing attacks at the root is key to staying ahead of threats and recurring breaches on the endpoint. Strong Digital Forensics and Incident Response (DFIR) ready to.....

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-toolset and amicontained

Summary Multiple issues were identified in Red Hat UBI packages go-toolset and amicontained that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details ** CVEID: CVE-2020-29652 DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by.....

China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies

Cybersecurity agencies from Japan and the U.S. have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two countries. The attacks have been tied to a...

China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as Budworm using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the...

Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware

The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity. "CapraRAT is a highly invasive tool that gives the attacker...

gcc security update

gcc [el8] [8.5.0-18.0.5] - CVE-2023-4039 GCC mitigation. Orabug 35751743. Includes removal of aarch64-preserve-args.patch. - CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751810. Add two patches originally from GCC upstream releases/gcc-11 branch. with major adjustment. ...

Oracle Linux 8 / 9 : gcc (ELSA-2023-12788)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12788 advisory. Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors...

Charming Kitten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E.

The Iranian threat actor known as Charming Kitten has been linked to a new wave of attacks targeting different entities in Brazil, Israel, and the U.A.E. using a previously undocumented backdoor named Sponsor. Slovak cybersecurity firm is tracking the cluster under the name Ballistic Bobcat....

Amazon Linux 2 : rust (ALAS-2023-2223)

The version of rust installed on the remote host is prior to 1.68.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2223 advisory. Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior...

Oracle Linux 8 : go-toolset:rhel8 (ELSA-2019-1519)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-1519 advisory. An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2019-3433)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3433 advisory. net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is...

W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts

A previously undocumented "phishing empire" has been linked to cyber attacks aimed at compromising Microsoft 365 business email accounts over the past six years. "The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors...

Docker Registry vulnerabilities

Releases Ubuntu 23.04 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages docker-registry - Docker toolset to pack, ship, store, and deliver content Details It was discovered that Docker Registry incorrectly handled certain crafted input, which allowed remote...

Threat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld Ransomware

Threat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain called FreeWorld. Cybersecurity firm Securonix, which has dubbed the campaign DB#JAMMER, said it stands out for the way the toolset and infrastructure is employed. "Some of...

Important: rust

Issue Overview: Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files...

IT threat evolution in Q2 2023

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics Targeted attacks Gopuram backdoor deployed through 3CX supply-chain attack Earlier this year, a Trojanized version of the 3CXDesktopApp, a popular VoIP program,...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator

Summary Multiple issues were identified in Red Hat UBI packages systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. IBM has addressed the vulnerabilities. Vulnerability Details ** CVEID:...

Oracle Linux 8 : rust-toolset:ol8 (ELSA-2023-4635)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4635 advisory. Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not...

rust-toolset:ol8 security update

[1.66.1-2] - rust-cargo: cargo does not respect the umask when extracting dependencies...

Spacecolon Toolset Fuels Surge in Scarab Ransomware Attacks

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CosmicBeetle, an active cyber threat group, has been utilizing a malicious toolset called Spacecolon in an ongoing campaign. This toolset is used to distribute variants of the Scarab ransomware by...

rust security update

[1.66.1-2] - rust-cargo: cargo does not respect the umask when extracting dependencies...