MAX PRESENCE,TP3106,TP3206 Security Vulnerabilities

Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1...

Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1...

Google Suspends Chinese Shopping App Pinduoduo Over Malware Concerns

By Waqas Pinduoduo has confirmed the incident, but denied the presence of malware in its app. This is a post from HackRead.com Read the original post: Google Suspends Chinese Shopping App Pinduoduo Over Malware...

From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022

As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a...

Actors, Threats and Vulnerabilities 13 March to 19 March 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Over the past week, Hive Pro detected the presence of five active threat actors. The first of these is Dark Pink APT, a notorious group with a history of engaging in...

Discourse < 3.0.2 Multiple Vulnerabilities

Discourse is prone to multiple...

Sending L2 ---> L1 message without paying gas for published data due to uint256 overflow

Lines of code Vulnerability details Impact Due to this bug, a user can send arbitrarily long messages (greater than a certain length) from L2 to L1 without paying for the gas that is required for publishing data on L1. Proof of Concept Below is a PoC contract called "Test" that illustrates the...

KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks

In the last year, geopolitical tension has led to an uptick of reported cybercrime events fueled by hacktivist groups. The US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn organizations about these attacks and teamed with the FBI on a distributed...

KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks

In the last year, geopolitical tension has led to an uptick of reported cybercrime events fueled by hacktivist groups. The US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn organizations about these attacks and teamed with the FBI on a distributed...

CVE-2023-23622 Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or...

IBM Maximo Application Suite Licensing Issue Vulnerability

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines (IBM). an authorization issue vulnerability exists in IBM Maximo Application Suite versions 8.8.0 and 8.9.0,...

Discourse 3.1.x < 3.1.0.beta3 Multiple Vulnerabilities

Discourse is prone to multiple...

CVE-2023-23935 Presence of restricted personal Discourse messages may be leaked if tagged with a tag

Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and prior on the beta and tests-passed branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal...

YoroTrooper Stealing Credentials and Information from Government and Energy Organizations

A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of a cyber espionage campaign that has been active since at least June 2022. "Information stolen from successful compromises include credentials...

Microsoft Excel 2013 Service Pack 1 Multiple Vulnerabilities (KB5002348)

This host is missing an important security update according to Microsoft...

Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency

Cisco Talos has identified a new threat actor, which we are naming "YoroTrooper," that has been running several successful espionage campaigns since at least June 2022. YoroTrooper's main targets are government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other...

Vim Denial of Service Vulnerability (CNVD-2023-72256)

Vim is a cross-platform text editor. A denial of service vulnerability exists in Vim versions prior to 9.0.1392, which stems from the presence of a NULL pointer dereference in the utfc_ptr2len function, which can be exploited to cause a denial of service via crafted...

Malware targeting SonicWall devices could survive firmware updates

Researchers at Mandiant have identified a malware campaign targeting SonicWall SMA 100 Series appliances, thought to be of Chinese origin. The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. The malware was able to steal....

Prometei botnet improves modules and exhibits new capabilities in recent updates

Prometei botnet continued its activity since Cisco Talos first reported about it in 2020. Since November 2022, we have observed Prometei improving the infrastructure components and capabilities. More specifically, the botnet operators updated certain submodules of the execution chain to automate...

New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic

The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with the successful exploitation of susceptible Oracle WebLogic servers to...

The state of stalkerware in 2022

The state of stalkerware in 2022 (PDF) Main findings of 2022 The State of Stalkerware is an annual report by Kaspersky which contributes to a better understanding of how many people in the world are affected by digital stalking. Stalkerware is a commercially available software that can be...

DeepStreamer: Illegal movie streaming platforms hide lucrative ad fraud operation

This investigation was a joint effort between Malwarebytes Threat Intelligence's Jerome Segura, DeepSee's Rocky Moss and Antonio Torres. Key findings Over a dozen unique domains were found selling ad inventory through Google Ad Manager, even though the pages were embedded invisibly under the...

Debian: Security Advisory (DLA-3354-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-749-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-329-1)

The remote host is missing an update for the...

CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissions

...

CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined Exploit

CoreDial sipXcom sipXopenfire versions 21.04 and below suffer from XMPP message system command argument injection and insecure service file permissions that when chained together gives...

Protecting Android clipboard content from unintended exposure

Considering mobile users often use the clipboard to copy and paste sensitive information, like passwords or payment information, clipboard contents can be an attractive target for cyberattacks. Leveraging clipboards can enable attackers to collect target information and exfiltrate useful data....

Protecting Android clipboard content from unintended exposure

Considering mobile users often use the clipboard to copy and paste sensitive information, like passwords or payment information, clipboard contents can be an attractive target for cyberattacks. Leveraging clipboards can enable attackers to collect target information and exfiltrate useful data....

[SECURITY] [DLA 3354-1] kopanocore security update

Debian LTS Advisory DLA-3354-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 06, 2023 https://wiki.debian.org/LTS Package : kopanocore Version : 8.7.0-3+deb10u1 CVE ID ...

Debian DLA-3354-1 : kopanocore - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3354 advisory. HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array...

GitHub Security Lab audited DataHub: Here&#8217;s what they found

At GitHub, we really care about open source security and love to help maintainers to secure their code. That is indeed the mission of the GitHub Security Lab. As users of open source software (OSS), we also love to contribute back to the community by helping improve the security posture of the OSS....

Exploit for CVE-2022-23093

CVE-2022-23093 FreeBSD Stack-Based Overflow Informations...

Dell PowerScale OneFS Resource Management Error Vulnerability

Dell PowerScale OneFS is an operating system from Dell (USA) Inc. Dell PowerScale OneFS is vulnerable to a resource management error that stems from the presence of uncontrolled resource consumption, which could be exploited by an attacker to compromise built-in hardware management functions and...

Dell PowerScale OneFS Licensing Issue Vulnerability (CNVD-2023-14503)

Dell PowerScale OneFS is an operating system from Dell (USA) Inc. Dell PowerScale OneFS version 9.4.0.x is vulnerable to an authorization issue that stems from the presence of incorrect default privileges, which could be exploited to overwrite arbitrary files and cause a denial of...

Ubuntu 20.04 LTS / 22.04 LTS : PostgreSQL vulnerability (USN-5906-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5906-1 advisory. PostgreSQL Project reports: A modified, unauthenticated server can send an unterminated string during the establishment of...

The Microsoft Intune Suite fuels cyber safety and IT efficiency

Today marks a significant shift in endpoint management and security. We're launching the Microsoft Intune Suite, which unifies mission-critical advanced endpoint management and security solutions into one simple bundle. The new Intune Suite can simplify our customers’ endpoint management...

The Microsoft Intune Suite fuels cyber safety and IT efficiency

Today marks a significant shift in endpoint management and security. We're launching the Microsoft Intune Suite, which unifies mission-critical advanced endpoint management and security solutions into one simple bundle. The new Intune Suite can simplify our customers’ endpoint management...

Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware

Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. Jamf Threat Labs, which made the discovery, said the XMRig coin miner was executed by means of an unauthorized modification in Final Cut Pro, a video editing software...

Gcore Thwarts Massive 650 Gbps DDoS Attack on Free Plan Client

At the beginning of January, Gcore faced an incident involving several L3/L4 DDoS attacks with a peak volume of 650 Gbps. Attackers exploited over 2000 servers belonging to one of the top three cloud providers worldwide and targeted a client who was using a free CDN plan. However, due to Gcore's...

Stored XSS in Sitename

Description There is a presence of stored xss in username, which directly gets rendered whenever the page is opened. # Proof of Concept ``` 1: use the below command to clone the repo in your machine git clone https://github.com/answerdev/answer.git 2: Navigate inside the repo cd answer 3: Use...

Authorization vs. Intent: Why You Should Always Verify Both

The Wordfence Threat Intelligence team has observed a recent increase in the number of partial vulnerability patches that don’t properly address separate underlying issues. More specifically, we have been seeing an increase in Missing Authorization vulnerabilities that are fixed using tools...

Mozilla Critical Services: Email user account in indexacao waybackurl

Indexing a large number of user emails on the Internet Archive. When leaked data, like user email addresses, are found in online search engine cache's like archive.org, Mozilla rewards bounty hunters who report it in two cases: - The volume of leaked data is large enough to warrant us contacting...

Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem 840 and 900

Summary There are vulnerabilities in the Linux kernel to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible (CVE-2017-18017 and CVE-2017-17449). An exploit of CVE-2017-18017 could allow a remote attacker to cause a denial of service condition. An exploit of CVE-2017-17449 could...

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities (CVE-2016-3092, CVE-2016-5385, CVE-5386, CVE-2016-5387, and CVE-2016-5388) could allow a remote attacker to wage a denial of service...

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to expose sensitive information, execute arbitrary code, perform cross-site scripting, and/or cause a...

OffensivePipeline - Allows You To Download And Build C# Tools, Applying Certain Modifications In Order To Improve Their Evasion For Red Team Exercises

OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises. A common use of OffensivePipeline is to download a tool from a Git repository, randomise certain values in the project, build it, obfuscate the...

Apache ShenYu License Issue Vulnerability (CNVD-2023-23553)

Apache ShenYu, an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation, is vulnerable to authorization issues in versions prior to Apache ShenYu 2.5.1. The vulnerability stems from the presence of improper privilege management, which could be exploited.....

Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0206)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0206 advisory. In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the search_listener' parameter in a search allows for a...

IoC detection experiments with ChatGPT

ChatGPT is a groundbreaking chatbot powered by the neural network-based language model text-davinci-003 and trained on a large dataset of text from the Internet. It is capable of generating human-like text in a wide range of styles and formats. ChatGPT can be fine-tuned for specific tasks, such as....