Plug'n Play Firewall Security Vulnerabilities

NewStart CGSL MAIN 6.06 : kernel Multiple Vulnerabilities (NS-SA-2023-0083)

The remote NewStart CGSL host, running version MAIN 6.06, has kernel packages installed that are affected by multiple vulnerabilities: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655) When setting font with...

K000138050 : Apache Tomcat vulnerability CVE-2023-41081

Security Advisory Description Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied....

Carbanak Banking Malware Resurfaces with New Ransomware Tactics

The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took...

This Year in Spring - 2023

Welcome to another installment of This Week in Spring! It's December 26th, 2023, and we're staring down the new year! And you know what that means, right? It's time for our annual roundup, looking at all the latest and greatest in the wild and wonderful world of Springdom. This is This Year in...

All In One WP Security < 5.2.5 - Protection Bypass of Renamed Login Page via URL Encoding

Description The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to protection bypass on the login page in all versions up to and including 5.2.4. This makes it possible for unauthenticated attackers to visit the login page in cases where it has been renamed by....

Metahub - An Automated Contextual Security Findings Enrichment And Impact Evaluation Tool For Vulnerability Management

MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management. You can use it with AWS Security Hub or any ASFF-compatible security scanner. Stop relying on useless severities and switch to impact scoring definitions based on YOUR context......

A week in security (December 18 &#8211; December 24)

Last week on Malwarebytes Labs: Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed How does ThreatDown Vulnerability Assessment and Patch Management work? How Outlook notification sounds can lead to zero-click exploits Update Chrome now! Emergency update patches...

CVE-2023-41165

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer...

Fedora: Security Advisory for libssh (FEDORA-2023-0733306be9)

The remote host is missing an update for...

Securely Build AI/ML Applications in the Cloud with Rapid7 InsightCloudSec

It’s been little over a year since ChatGPT was released, and oh how much has changed. Advancements in Artificial Intelligence and Machine Learning have marked a transformative era, influencing virtually every facet of our lives. These innovative technologies have reshaped the landscape of natural.....

Malicious code in tata-play-web (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (867763daffba0b82c690fe9281aba9d22b6e1610b024ef7ee0fbf233160d8a36) The OpenSSF Package Analysis project identified 'tata-play-web' @ 2.0.0 (npm) as malicious. It is considered malicious because: The package...

[SECURITY] Fedora 39 Update: libssh-0.10.6-1.fc39

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

The 2023 Wordfence Holiday Bug Extravaganza Reaches An Exciting Conclusion!

After an incredibly successful few weeks, the Wordfence Holiday Bug Extravaganza came to a close yesterday. We’d like to sincerely thank everyone who spent time researching, finding, and submitting vulnerabilities. Your efforts have helped to make the WordPress community and the web safer. Many...

Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Denial of Service via use of golang.org/x/net, x/crypto, and x/text (CVE-2022-30633, CVE-2022-27664, CVE-2022-28131, CVE-2022-41721, CVE-2021-43565, CVE-2022-27191)

Summary Golang's x/net, x/crypto and x/text are used by IBM Storage Fusion HCI for networking, cryptography and internationalization. Vulnerabilities in these libraries include Inconsistent Interpretation of HTTP Requests, Uncontrolled Recursion, and Missing Release of Resource that could lead to.....

Shifting from reCAPTCHA to hCaptcha

We are adding another CAPTCHA vendor and helping our customers migrate from Google's reCAPTCHA to hCaptcha. Why We Are Making This Change We continuously evaluate our security measures to ensure they align with the evolving landscape of threats. After carefully evaluating several different...

Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication

Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. "Representing a restructured and enhanced iteration of its predecessor, this evolved Chameleon variant excels in...

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 11, 2023 to December 17, 2023)

Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 16 vulnerabilities disclosed in 16 WordPress Plugins and no WordPress themes that have been added to the Wordfence...

Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices

John Hanley of IBM Security shares 4 key findings from the highly acclaimed annual Cost of a Data Breach Report 2023 What is the IBM Cost of a Data Breach Report? The IBM Cost of a Data Breach Report is an annual report that provides organizations with quantifiable information about the financial.....

CVE-2023-41166

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access...

CVE-2023-41166

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access...

Design/Logic Flaw

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access...

Expanded Coverage and AWS Compliance Pack Updates in InsightCloudSec Coming Out of AWS Re:Invent 2023

It seems like it was just yesterday that we were in Las Vegas for AWS Re:Invent, but it’s already been almost two weeks since the conference wrapped up. As is always the case, AWS unveiled a host of new services throughout the week, including advancements around serverless, artificial intelligence....

4 Best War Games You Should Play

By Owais Sultan Online gaming is a luxury, especially if you are interested in strategic war games. So, here are the… This is a post from HackRead.com Read the original post: 4 Best War Games You Should...

CVE-2023-41166

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access...

FBI issues advisory over Play ransomware

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) have released a joint Cybersecurity Advisory (CSA) about Play ransomware. According to the FBI, Play made around 300.....

FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool

The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that more than 500 affected victims can use to regain access to files locked by the malware. Court documents show that the U.S. Federal Bureau of...

Play Ransomware A Global Threat Impacting Businesses

Summary: The Play ransomware group, active since June 2022, employs a double-extortion model, impacting businesses globally. Utilizing legitimate tools for malicious activities, the group has affected approximately 300 entities. Threat Level - Red | Attack Report For a detailed threat advisory,...

Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update D)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R, Q, and L Series Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a...

Are We Ready to Give Up on Security Awareness Training?

Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is safe to say that employee security awareness training is one of the expenditure items, too. However, its effectiveness is an open question with people still engaging in...

Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide

The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. "Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data....

Mitsubishi MELSEC-F Information Disclosure, Information Tampering and Authentication Bypass (CVE-2023-4562)

Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending...

K000137969 : OpenSSL vulnerability CVE-2023-3817

Security Advisory Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or...

K000137965 : Apache Tomcat vulnerability CVE-2023-45648

Security Advisory Description Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid...

K000137966 : Apache Tomcat vulnerability CVE-2023-42794

Security Advisory Description Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows....

We Asked ChatGPT for 2024 Cybersecurity Predictions but You Should Make These Resolutions Instead

By Caitlin Condon, Senior Manager, Vulnerability Research at Rapid7, and Christiaan Beek, Senior Director, Threat Analytics at Rapid7 It’s that time of year again — time for the annual tradition of cybersecurity predictions. Here at Rapid7 we’ve seen a whole lot of threats and exploited...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2023-26049 DESCRIPTION: **Eclipse Jetty could allow a remote authenticated...

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-41900 DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to bypass security...

#StopRansomware: Play Ransomware

Actions to take today to mitigate cyber threats from Play ransomware: Prioritize remediating known exploited vulnerabilities. Enable multifactor authentication (MFA) for all services to the extent possible, particularly for webmail, VPN, and accounts that access critical systems. Regularly patch...

K000137926 : Apache Tomcat vulnerability CVE-2023-46589

Security Advisory Description Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded...

K000137940 : Multiple Oracle MySQL vulnerabilities

Security Advisory Description CVE-2023-22015 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network...

Mitsubishi MELSEC-Q Series C Controller Module Denial of Service and Malicious Code Execution (CVE-2021-29998)

Denial of Service and Malicious Code Execution Vulnerability exists in DHCP client function of VxWorks version 6.4, a real-time OS distributed by Wind River. A remote attacker may cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted...

Chrome starts the countdown to the end of tracking cookies

Google has announced that it will start rolling its Chrome web browser's new Tracking Protection feature from January of 2024. Tracking Protection is part of Google’s Privacy Sandbox initiative to phase out third-party cookies. The Tracking Protection feature aims to disable third-party cookies...

Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server

Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix Core Server (“Perforce Server”), a source code management platform largely used in the videogame industry and by multiple...

Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server

Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix Core Server (“Helix Core Server”), a source code management platform largely used in the videogame industry and by multiple...

Security Bulletin: IBM Storage Protect Server is vulnerable to various attacks due to Eclipse Jetty (CVE-2023-40167, CVE-2023-41900, CVE-2023-36479, CVE-2023-36478)

Summary Eclipse Jetty is used by the IBM Storage Protect Server and may be vulnerable to these attacks. Vulnerability Details ** CVEID: CVE-2023-40167 DESCRIPTION: **Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially...

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2023-4527 DESCRIPTION: **glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the getaddrinfo function....

New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks

A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen...

New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now

Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. The issues relate to two reflected cross-site scripting (XSS) bugs and one...

K000137931 : Apache Struts vulnerability CVE-2023-50164

Security Advisory Description An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts...

Wordfence CLI 2.1.0 Adds Email Capability and Unattended Configuration

Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall,...