MAX PRESENCE,TP3106,TP3206 Security Vulnerabilities

Threat actors leverage document publishing sites for ongoing credential and session token theft

Cisco Talos Incident Response (Talos IR) has observed the ongoing use of legitimate digital document publishing (DDP) sites for phishing, credential theft and session token theft during recent incident response and threat intelligence engagements. Hosting phishing lures on DDP sites increases the.....

The State of Stalkerware in 2023–2024

The State of Stalkerware in 2023 (PDF) The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. Stalkerware is commercially available software that can be discreetly installed on...

Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws

Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution. Of the 61 vulnerabilities, two are rated Critical,.....

Intel 2024.1 IPU - BIOS March 2024 Security Updates

Intel has informed HP of potential security vulnerabilities identified in some Intel® Processors and/or BIOS Firmware for some Intel® Processors which may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing firmware updates to mitigate this potential...

Intel 2024.1 IPU - Chipset Software March 2024 Security Update

Intel has informed HP of potential security vulnerabilities in the Intel® Converged Security Management Engine (CSME) installer and Intel® Local Manageability Service software which may allow escalation of privilege or information disclosure. Intel is releasing updates to mitigate these potential.....

Patch Tuesday, March 2024 Edition

Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple's new macOS Sonoma addresses at least 68 security weaknesses, and its latest update for iOS...

Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets

Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic phrases used for recovering private keys of a cryptocurrency wallet. The software supply chain attack campaign has been codenamed BIPClip by ReversingLabs.....

HP PC BIOS Pre-boot DMA Protection Security Update

A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate...

Going viral shouldn’t lead to bomb threats, with Leigh Honeywell: Lock and Code S05E06

This week on the Lock and Code podcast… A disappointing meal at a restaurant. An ugly breakup between two partners. A popular TV show that kills off a beloved, main character. In a perfect world, these are irritations and moments of vulnerability. But online today, these same events can sometimes.....

Exploit for Use After Free in Linux Linux Kernel

Demonstration that Claude 3 Opus does not understand...

Meta Details WhatsApp and Messenger Interoperability to Comply with EU's DMA Regulations

Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union. "This allows users of third-party providers who choose to enable interoperability...

BIT-tensorflow-2021-29523

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.AddManySparseToTensorsMap. This is because the...

BIT-tensorflow-2021-29534

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.SparseConcat. This is because the...

BIT-tensorflow-2021-29584

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...

BIT-prestashop-2023-30838

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the ValidateCore::isCleanHTML() method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup @keyframes methods. This XSS,...

BIT-envoy-2021-32777

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HTTP spec. However,.....

BIT-envoy-2021-32779

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with....

BIT-envoy-2021-32780

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to...

BIT-envoy-2021-32781

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the...

BIT-envoy-2021-39162

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted upstream servers. 0.15.1 contains an upgraded envoy binary.....

BIT-envoy-2022-29226

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current...

New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial Entities

A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane as part of a cyber attack that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that's believed to have...

Malicious meeting invite fix targets Mac users

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. During the attacks the criminals will send a link supposedly to add a meeting to the target’s calendar. In reality the link runs a script to install Mac malware on the target’s machine....

Exploit for CVE-2024-1512

CVE-2024-1512 Proof of Concept Vulnerability Overview...

Fortinet FortiOS Trust Management Issues Vulnerability (CNVD-2024-13096)

Fortinet FortiOS is a set of U.S. Fita (Fortinet) dedicated to FortiGate network security platform on the security operating system. A trust management issue vulnerability exists in Fortinet FortiOS that stems from the presence of incorrect certificate validation, which can be exploited by an...

Stopping a targeted attack on a Managed Service Provider (MSP) with ThreatDown MDR

In late January 2024, the ThreatDown Managed Detection and Response (MDR) team found and stopped a three-month long malware campaign against a Managed Service Provider (MSP) based in Europe. In line with our observations of attackers increasingly relying on legitimate software in their attacks,...

Exploit for OS Command Injection in Cacti

Command injection vulnerability in Cacti (CVE-2023-39362) -...

TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users

Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos, which discovered the activity, described the authors as skilled and that the "threat actor has previously used...

Reflected XSS vulnerability in keter

Reflected XSS vulnerability in keter Keter is an app-server/reverse-proxy often used with webapps build on Yesod web-framework. In the logic handling VHost dispatch, Keter was echoing back Host header value, unescaped, as part of an HTML error page. This constitutes a reflected-XSS vulnerability......

TimbreStealer campaign targets Mexican users with financial lures

Cisco Talos has discovered a new campaign operated by a threat actor distributing a previously unknown malware we're calling "TimbreStealer." This threat actor was observed distributing TimbreStealer via a spam campaign using Mexican tax-related themes starting in at least November 2023. The...

Adobe Substance 3D Painter Buffer Overflow Vulnerability (CNVD-2024-12464)

Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee (Adobe). A buffer overflow vulnerability exists in Adobe Substance 3D Painter 9.1.1 and prior versions, which stems from the presence of an out-of-bounds write that could lead to the execution of arbitrary...

Mattermost Resource Management Error Vulnerability (CNVD-2024-09865)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a resource management error vulnerability that stems from an inability to check for the presence of custom emoticons when sending it to a post or to limit the number of custom...

IBM Trusteer Code Issue Vulnerability

IBM Trusteer is a suite of security solutions from International Business Machines (IBM) focused on providing security tools for cybercrime prevention and end-user protection. IBM Trusteer has a code issue vulnerability that stems from the presence of certain undisclosed issues that could allow...

CKEditor cross-site scripting vulnerability (CNVD-2024-09867)

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor4, which stems from the presence of a cross-site scripting vulnerability that can be exploited by an attacker to execute JavaScript code by abusing a misconfigured preview...

CKEditor cross-site scripting vulnerability (CNVD-2024-09868)

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor, which stems from the presence of a cross-site scripting vulnerability that can be exploited by an attacker to bypass the advanced content filtering mechanism to inject incorrectly formatted.....

Graylog Authorization Issues Vulnerability

Graylog is a centralized log management solution from Graylog USA. The product supports capturing, storing and analyzing logs in real time, among other things. Graylog has an authorization issue vulnerability that stems from the presence of a cookie injection vulnerability. A remote attacker could....

Adobe Substance 3D Painter Buffer Overflow Vulnerability (CNVD-2024-12465)

Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee (Adobe). A buffer overflow vulnerability exists in Adobe Substance 3D Painter 9.1.1 and prior versions, which stems from the presence of an out-of-bounds write vulnerability that could lead to the execution.....

Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns

Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin America and Europe. The volume of emails associated with these campaigns has significantly...

Learn How to Build an Incident Response Playbook Against Scattered Spider in Real-Time

In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what stands as one of the most impactful...

November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715)

November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715) UPDATED 2/27/24 IMPORTANT: New dates for the end of non-security updates for Windows 11, version 22H2The new end date is June 24, 2025 for Windows 11, version 22H2 Enterprise, Education, IoT Enterprise, and Enterprise multi-session.....

XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT

With its widespread use among businesses and individual users, ChatGPT is a prime target for attackers looking to access sensitive information. In this blog post, I'll walk you through my discovery of two cross-site scripting (XSS) vulnerabilities in ChatGPT and a few other vulnerabilities. When...

How Businesses Can Safeguard Their Communication Channels Against Hackers

Efficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid friction losses, misunderstandings, delays, and overlaps. Externally, frustration-free customer communication is directly correlated to a positive customer...

RCE to Sliver: IR Tales from the Field

Rapid7 Incident Response consultants Noah Hemker, Tyler Starks, and malware analyst Tom Elkins contributed analysis and insight to this blog. Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source....

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS...

QR Phishing. Fact or Fiction?

October 2023’s Cyber Security Awareness Month led to a flurry of blog posts about a new attack called Quishing (QR Code phishing) and how new AI powered email gateways can potentially block these attacks. What’s the attack? To understand the attack you need understand the challenge that the...

CVE-2022-23093

ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again...

CVE-2022-23093

ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again...

Design/Logic Flaw

ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again...

CVE-2022-23093 Stack overflow in ping(8)

ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again...

CVE-2022-23093 Stack overflow in ping(8)

ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again...