SICK FX0-GENT00000, SICK FX0-GENT00030, SICK FX0-GMOD00000, SICK FX0-GMOD00010, SICK FX0-GPNT00000, SICK FX0-GPNT00030, SICK UE410-EN1, SICK UE410-EN3, SICK UE410-EN3S04, SICK UE410-EN4 Security Vulnerabilities

CVE-2022-36123

The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. Bugs ...

CVE-2022-27580

A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges...

CVE-2022-27579

A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the...

CVE-2022-27580

A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges...

CVE-2022-27579

A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the...

CVE-2021-32504

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the...

CVE-2021-32504

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the...

CVE-2022-35414

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use.....

CVE-2022-35414

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use.....

Path traversal

** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the...

CVE-2022-35414

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use.....

CVE-2022-35414

** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the...

How security leaders can help their teams avoid burnout

_The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Voice of the Community blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Maria...

How security leaders can help their teams avoid burnout

_The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Voice of the Community blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Maria...

Malicious code in free-fortnite-skins-genrator-en4 (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (664c07b1a7fedffc1a5198ed78abc28a06c20dad03c2d7a187339d6f71f7185f) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in free-fortnite-skins-genrator-en1 (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (1ffd844a8765d19c950c37fa5b33387a65397cdd8e03fbb78aadd1dceb9d1222) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in free-fortnite-skins-genrator-en3 (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (888571db69832232265f6b2ae74c341235e839746fe4c6bd9f7cc42a577dec42) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Being Prepared for Adversarial Attacks

There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, Chief Security Strategist & VP Global Threat...

Privilege Escalation

ipmatcher is vulnerable to privilege escalation. The vulnerability exists due to lack of input validations of octal & hexadecimal input data which allows an attacker to gain access and perform unauthorized...

IpMatcher 1.0.4.1 Server-Side Request Forgery Vulnerability

IpMatcher versions 1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2 incorrectly validates octal and hexadecimal input data which can lead to indeterminate server-side request forgery, local file inclusion, remote file inclusion, and denial of service...

IpMatcher 1.0.4.1 Server-Side Request Forgery

...

CVE-2021-29923

A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

CVE-2021-32500

...

FBI warns food and agriculture to brace for seasonal ransomware attacks

The Federal Bureau of Investigation (FBI) recently released a Private Industry Notification warning agriculture cooperatives (also known as "farmers' co-ops") of the looming danger of well-timed ransomware attacks. The agency warns that during the critical planting and harvesting seasons, attacks.....

Why software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09

Less than one year ago, the worst ransomware attack in history struck dozens of organizations. Threat actors had exploited a serious flaw in the remote monitoring and management tool Kaseya VSA that, when discussed on the Lock and Code podcast, was revealed to be "not advanced at all." This was...

Rethinking Cyber-Defense Strategies in the Public-Cloud Age

The pandemic has fast-tracked migration to the public cloud, including Amazon Web Services, Google Compute Platform and Microsoft Azure. But the journey hasn’t exactly been smooth as silk: The great migration has brought a raft of complex security challenges, which have led to headline-grabbing...

CVE-2022-28345

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to....

CVE-2022-28345

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to....

Crlf injection

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to....

CVE-2022-28345

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to....

CVE-2022-27578

An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its...

CVE-2022-27577

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise...

CVE-2022-27577

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise...

CVE-2022-27578

An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its...

Design/Logic Flaw

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise...

Privilege escalation

An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its...

CVE-2022-27577

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise...

CVE-2022-27578

An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its...

CVE-2021-32503

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the...

CVE-2021-32503

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the...

URI spoofing flaw could phish WhatsApp, Signal, Instagram, and iMessage users

Update: We were informed by Sick Codes that, although Signal already has a fix for this URI flaw here, it hasn't been pushed out to market yet. We'll further update this post once there is new development. There's a flaw in the way many of the world's most popular messaging and email...

Conti Leaks: Examining the Panama Papers of Ransomware | Trellix

Conti Leaks: Examining the Panama Papers of Ransomware By John Fokker, Jambul Tologonov · March 31, 2022 Introduction It isn’t often the whole world gets an inside look of the business operations of a top tier cybercriminal group. Very early on in the Russian-Ukrainian Crisis the predominantly...

Conti Leaks: Examining the Panama Papers of Ransomware | Trellix

Conti Leaks: Examining the Panama Papers of Ransomware By John Fokker, Jambul Tologonov · March 31, 2022 Introduction It isn’t often the whole world gets an inside look of the business operations of a top tier cybercriminal group. Very early on in the Russian-Ukrainian Crisis the predominantly...

RTLO Injection URI Spoofing

...

CVE-2021-32505

...

CVE-2021-32502

...

CVE-2021-32501

...

Server-Side Request Forgery (SSRF)

Description The fix for my previous report (CVE-2022-0767) is still incomplete and could be bypassed via IPV4/IPV4 embedding : ssrf-ipv4_ipv6.etclab.top will resolve to 0:0:0:0:0:ffff:127.0.0.1 # Proof of Concept ``` POST /admin/book/1 HTTP/1.1 Host: 127.0.0.1:8083 User-Agent: Mozilla/5.0...

Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware

The Ukrainian Government has been targeted by HermeticWiper, a new ransomware-like data wiper. Its aim is not simply to encrypt the victim’s data, but rather to render a system essentially unusable. In this blog, our Research Team details our analysis of how this aggressive new malware works. The.....

Server-Side Request Forgery (SSRF)

Description The SSRF Protection is incomplete and can be bypassed via an HTTP redirect, the python-requests library will follow redirections by default (can be disabled byallow_redirects=False). An attacker can set up their HTTP server to respond with a 302 redirect to redirect the request to...