Engineer's Toolset Security Vulnerabilities

What's Wrong with Manufacturing?

In last year's edition of the Security Navigator we noted that the Manufacturing Industry appeared to be totally over-represented in our dataset of Cyber Extortion victims. Neither the number of businesses nor their average revenue particularly stood out to explain this. Manufacturing was also the....

CVE-2023-27590

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the name, type, or groups fields have longer values than expected. Users...

CVE-2023-27590

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the name, type, or groups fields have longer values than expected. Users...

CVE-2023-27590

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the name, type, or groups fields have longer values than expected. Users...

Stack overflow

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the name, type, or groups fields have longer values than expected. Users...

CVE-2023-27590 Rizin has stack-based buffer overflow when parsing GDB registers profile files

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the name, type, or groups fields have longer values than expected. Users...

Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency

Cisco Talos has identified a new threat actor, which we are naming "YoroTrooper," that has been running several successful espionage campaigns since at least June 2022. YoroTrooper's main targets are government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other...

Denial Of Service (DoS)

binutils is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the illegal memory access flaw in the library, which allows an attacker to cause an application crash by parsing a malicious ELF...

China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop malware and establish long-term persistence. "The malware has functionality to steal user credentials, provide shell access, and persist through firmware...

ol8addon security update

delve [1.9.1-1.0.1] - Bump version of delve from 1.8.3 to 1.9.1 [1.8.3-1.0.1] - Bump version of delve from 1.7.2 to 1.8.3 [1.7.2-1.0.1] - Bump version of delve from 1.6.0 to 1.7.2, enable aarch64 [1.6.0-1.0.1] - Bump upstream version of delve from 1.5.0 to 1.6.0 [1.5.0-2.0.1] - Cherry pick...

Oracle Linux 8 : ol8addon (ELSA-2023-18908)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-18908 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded...

(RHSA-2023:1042) Moderate: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates)

The Custom Metrics Autoscaler Operator for Red Hat OpenShift is an optional operator, based on the Kubernetes Event Driven Autoscaler (KEDA), that allows workloads to be scaled using additional metrics sources other than pod metrics. This release builds upon updated compiler, runtime library, and.....

APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia

The threat actor known as Blind Eagle has been linked to a new campaign targeting various key industries in Colombia. The activity, which was detected by the BlackBerry Research and Intelligence Team on February 20, 2023, is also said to encompass Ecuador, Chile, and Spain, suggesting a slow...

New Attack Group Clasiopa Targets Materials Research Organization in Asia with Custom Malware

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary A new attack group called Clasiopa has been observed targeting materials research organizations in Asia using a distinct toolset that includes a custom malware called Backdoor.Atharvan. It is unclear where....

Armenian Entities Hit by New Version of OxtaRAT Spying Tool

Entities in Armenia have come under a cyber attack using an updated version of a backdoor called OxtaRAT that allows remote access and desktop surveillance. "The tool capabilities include searching for and exfiltrating files from the infected machine, recording the video from the web camera and...

OffensivePipeline - Allows You To Download And Build C# Tools, Applying Certain Modifications In Order To Improve Their Evasion For Red Team Exercises

OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises. A common use of OffensivePipeline is to download a tool from a Git repository, randomise certain values in the project, build it, obfuscate the...

Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries

The prolific SideWinder group has been attributed as the nation-state actor behind attempted attacks against 61 entities in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021. Targets included government, military, law enforcement, banks, and other organizations,...

Evasion Techniques Uncovered: An Analysis of APT Methods

By Christiaan Beek, with special thanks to Matt Green DLL search order hijacking is a technique used by attackers to elevate privileges on the compromised system, evade restrictions, and/or establish persistence on the system. The Windows operating system uses a common method to look for required.....

NewsPenguin Threat Actor Emerges with Malicious Campaign Targeting Pakistani Entities

A previously unknown threat actor dubbed NewsPenguin has been linked to a phishing campaign targeting Pakistani entities by leveraging the upcoming international maritime expo as a lure. "The attacker sent out targeted phishing emails with a weaponized document attached that purports to be an...

CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued an alert warning of cyber attacks against state authorities in the country that deploy a legitimate remote access software named Remcos. The mass phishing campaign has been attributed to a threat actor it tracks as UAC-0050, with....

Rocky Linux 9 : go-toolset and golang (RLSA-2022:5799)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5799 advisory. Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function...

Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations

The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to...

New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities

The State Cyber Protection Centre (SCPC) of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium,...

Analyzing and remediating a malware infested T95 TV box from Amazon

A couple of weeks ago, security news outlets made their rounds reporting on an Android TV box available on Amazon that came pre-installed with malware. The findings came from a Canadian developer, Daniel Milisic, who posted on his GitHub. What Daniel found was an Android T95 TV box infected with...

Gootkit Malware Continues to Evolve with New Components and Obfuscations

The threat actors associated with the Gootkit malware have made "notable changes" to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2023:0446)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0446 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2023-0446)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0446 advisory. Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp...

go-toolset:ol8 security and bug fix update

golang [1.18.9-1] - Update to Go 1.18.9 - Add big-endian.patch - Increase GO_TEST_TIMEOUT_SCALE due to a Brew issue - Add do-not-reuse-far-trampolines.patch - Resolves: rhbz#2149313 [1.18.7-2] - Fix version mismatch from previous rebase - Related: rhbz#2136719 [1.18.7-1] - Update to Go 1.18.7 -...

go-toolset:rhel8 security and bug fix update

An update is available for delve, golang, go-toolset. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and.....

Moderate: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) golang: net/http/httputil: ReverseProxy should not forward unparseable query...

(RHSA-2023:0446) Moderate: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) golang: net/http/httputil: ReverseProxy should not forward unparseable query...

(RHSA-2023:0445) Moderate: go-toolset-1.18 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) golang: net/http/httputil: ReverseProxy should not forward unparseable query...

CentOS 8 : go-toolset:rhel8 (CESA-2023:0446)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:0446 advisory. In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during...

AlmaLinux 9 : go-toolset and golang (ALSA-2023:0328)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0328 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of...

Moderate: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) golang: net/http/httputil: ReverseProxy should not forward unparseable query...

RHEL 7 : go-toolset-1.18 (RHSA-2023:0445)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0445 advisory. golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) golang: net/http/httputil: ReverseProxy should not...

RHEL 8 : go-toolset:rhel8 (RHSA-2023:0446)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0446 advisory. In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang...

Moderate: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) golang: net/http/httputil: ReverseProxy should not forward unparseable query...

Oracle Linux 9 : go-toolset / and / golang (ELSA-2023-0328)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0328 advisory. Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by...

go-toolset and golang security and bug fix update

golang [1.18.9-1] - Rebase to Go 1.18.9 - Enable big endian support for fips mode - Fix ppc64le linker issue - Resolves: rhbz#2144547 - Resolves: rhbz#2149311 go-toolset [1.18.9-1] - Rebase to Go 1.18.9 - Enable big endian support for fips mode - Fix ppc64le linker issue - Resolves: rhbz#2144547 -....

go-toolset and golang security and bug fix update

An update is available for golang, go-toolset. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and...

Moderate: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) golang:...

(RHSA-2023:0328) Moderate: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) golang:...

gcc-toolset-12-gcc bug fix update

An update is available for gcc-toolset-12-gcc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GCC Toolset 12 is a compiler toolset that provides recent...

Moderate: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) golang:...

RHEL 9 : go-toolset and golang (RHSA-2023:0328)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0328 advisory. In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang...

Moderate: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) golang:...

Following the LNK metadata trail

Adversaries' shift toward Shell Link (LNK) files, likely sparked by Microsoft's decision to block macros, provides the opportunity to capitalize on information that can be provided by LNK metadata. Cisco Talos analyzed metadata in LNK files and correlated it with threat actors tactics techniques...

gcc-toolset-12-gcc bug fix update

An update is available for gcc-toolset-12-gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GCC Toolset 12 is a compiler toolset that provides recent...

Driving CISA Compliance with Qualys

How CyberSecurity Asset Management with External Attack Surface Management Improves Compliance for the Protection of National Infrastructure Since 2018, the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. government has focused on reducing risk and building resilience to cyber.....