Weather Effect – Christmas Santa Snow Falling Security Vulnerabilities

Untrusted search path under some conditions on Windows allows arbitrary code execution

Summary This issue exists because of an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on Windows, a malicious git.exe or bash.exe may be....

Exploit for CVE-2024-22369

CVE-2024-22369 Credits This POC is based on the...

K000138177 : OpenSSL vulnerability CVE-2023-5363

Security Advisory Description Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in...

Microsoft ASP.NET Core project templates vulnerable to denial of service

Microsoft Security Advisory CVE-2024-21319: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in the ASP.NET Core project templates. This advisory also provides guidance on what developers can do to...

Microsoft ASP.NET Core project templates vulnerable to denial of service

Microsoft Security Advisory CVE-2024-21319: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in the ASP.NET Core project templates. This advisory also provides guidance on what developers can do to...

Why Public Links Expose Your SaaS Attack Surface

Collaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their software applications that allows users to do more. Links to files, repositories, and boards can be shared with anyone, anywhere. This encourages teamwork.....

Listening in at Latimer House. RF emissions and more

Loose lips sink ships, loose tweets sink fleets. Intelligence, espionage, technological advancements and other learnings from our annual company conference at the historic and underappreciated Latimer House. “Loose lips [might] sink ships” was a phrase used in UK propaganda posters in WWII. It...

GLSA-202401-10 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-10 (Mozilla Firefox: Multiple Vulnerabilities) When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This...

Frenemies to friends: Developers and security tools

You heard the vendor pitches. You evaluated the options. You got the budget approved. Now, you need your company's developers to actually use the tool. Socializing a new security tool can feel intimidating or overwhelming. It may feel like you are battling competing priorities and culture...

Mastercard Cybersecurity

Safeguarding Trade: Discovering the World of Mastercard Digital Guardrails In our tech-driven era, it is vitro important that financial dealings are shielded competently. A colossal number of exchanges are happening each day, proving the ever growing necessity of sturdy digital protective...

How to Protect Your Privacy Online

Decoding the Complexities of Digital Personhood and Its Private Aspects: Elemental Groundwork As we stride through this tech-propelled age, concerns related to internet-bound privacy have risen as pressing hurdles for all cyber inhabitants around the planet. Considering the ever-broadening...

Addressing the Rising Threat of API Leaks

In the realm of cybersecurity, the metaphor of "Leaky Buckets" has become an increasingly prevalent concern, particularly in the context of API security. This term encapsulates the hidden vulnerabilities and exposures in API infrastructures that many organizations struggle to identify and address.....

Investment fraud a serious money maker for criminals

Europols’s spotlight report ‘Online fraud schemes: a web of deceit’, looks into online fraud schemes—a major crime threat in the EU and beyond—and one of the report's primary themes is investment fraud. But first I want to share some more remarkable conclusions from the report: Charity scams that.....

Security Bulletin: Vulnerabilities in Apache Ant affect IBM Operations Analytics - Log Analysis (CVE-2020-11023, CVE-2020-23064, CVE-2020-11022)

Summary There are multple cross site scripting vulnerabilities in Apache Ant that effect IBM Operations Analytics - Log Analysis. These have been addressed. Vulnerability Details ** CVEID: CVE-2020-11023 DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of.....

The Anatomy of HTML Attachment Phishing

The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...

Velociraptor 0.7.1 Release

Written by Dr. Michael Cohen Sigma Support, ETW Multiplexing, Local Encrypted Storage and New VQL Capabilities Highlight the Last Release of 2023 Rapid7 is excited to announce that version 0.7.1 of Velociraptor is live and available for download. There are several new features and capabilities...

The top 4 ransomware gang failures of 2023

Ransomware gangs care about one thing: Stealing money. Over time, their craven, cybercriminal efforts have toppled businesses, destabilized hospitals, and ruined lives. Worst of all, they show no sign of slowing down, and their extortion attempts—which no longer focus on ransomware delivery...

Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks

Microsoft on Thursday said it's once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. "The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access...

Microsoft Windows PowerShell Code Execution / Event Log Bypass Vulnerabilities

Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing a....

[SECURITY] [DSA 5591-1] libssh security update

Debian Security Advisory DSA-5591-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 28, 2023 https://www.debian.org/security/faq Package : libssh CVE ID : CVE-2023-6004 CVE-2023-6918...

AI and Lossy Bottlenecks

Artificial intelligence is poised to upend much of society, removing human limitations inherent in many systems. One such limitation is information and logistical bottlenecks in decision-making. Traditionally, people have been forced to reduce complex choices to a small handful of options that...

Microsoft Windows PowerShell Code Execution / Event Log Bypass

...

Improper Authorization

gitlab:sid is a vulnerable of improper authorization. The vulnerability due to effect of GitLab CE/EE and it does not performs an authorization check when an actor attempts to access. It leads to improper authorization by allow an attacker to leak the owner's Sentry instance...

Denial Of Service

gitlab:sid is vulnerable of Denial Of Service. The vulnerability is due to by adding a large string in timeout input in gitlab-ci.yml file. It allow an attacker to effect all versions in GitLab CE/EE and leads to regular expression denial of...

[SECURITY] [DLA 3694-1] openssh security update

Debian LTS Advisory DLA-3694-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón December 25, 2023 https://wiki.debian.org/LTS Package : openssh Version : 1:7.9p1-10+deb10u4 CVE ID ...

Metahub - An Automated Contextual Security Findings Enrichment And Impact Evaluation Tool For Vulnerability Management

MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management. You can use it with AWS Security Hub or any ASFF-compatible security scanner. Stop relying on useless severities and switch to impact scoring definitions based on YOUR context......

Debian: Security Advisory (DSA-5586-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5588-1)

The remote host is missing an update for the...

[SECURITY] [DSA 5588-1] putty security update

Debian Security Advisory DSA-5588-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 24, 2023 https://www.debian.org/security/faq Package : putty CVE ID : CVE-2021-36367 CVE-2023-48795...

Exploit for Improper Ownership Management in Linux Linux Kernel

A flaw was found in the Linux kernel, where unauthorized access...

Nautobot missing object-level permissions enforcement when running Job Buttons

Impact When submitting a Job to run via a Job Button, only the model-level extras.run_job permission is checked (i.e., does the user have permission to run Jobs in general?). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view...

Nautobot missing object-level permissions enforcement when running Job Buttons

Impact When submitting a Job to run via a Job Button, only the model-level extras.run_job permission is checked (i.e., does the user have permission to run Jobs in general?). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view...

[SECURITY] [DSA 5586-1] openssh security update

Debian Security Advisory DSA-5586-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 22, 2023 https://www.debian.org/security/faq Package : openssh CVE ID : CVE-2021-41617 CVE-2023-28531...

OpenSSH < 9.6 Multiple Vulnerabilities

The version of OpenSSH installed on the remote host is prior to 9.6. It is, therefore, affected by multiple vulnerabilities as referenced in the release-9.6 advisory. ssh(1), sshd(8): implement protocol extensions to thwart the so-called Terrapin attack discovered by Fabian Bumer, Marcus...

kernel security update

[5.14.0-362.13.1.el9_3.OL9] - x86/retpoline: Document some thunk handling aspects (Borislav Petkov) {CVE-2023-20569} - objtool: Fix return thunk patching in retpolines (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Remove unnecessary semicolon (Yang Li) {CVE-2023-20569} - x86/calldepth: Rename...

Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware

By Mike Gentile, Asheer Malhotra and Vitor Ventura. Editor's note: This blog post is a public version of a talk presented at LabsCon 2023 on Sept. 22, 2023. You can watch a recording of the talk here. Some of the intelligence presented at LabsCon was later confirmed by an Amnesty International...

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world. The activity cluster, which employs JavaScript web injections, is estimated to have led to....

Dangerous use of deadline parameter

Lines of code https://github.com/code-423n4/2023-12-particle/blob/a3af40839b24aa13f5764d4f84933dbfa8bc8134/contracts/libraries/LiquidityPosition.sol#L197 https://github.com/code-423n4/2023-12-particle/blob/a3af40839b24aa13f5764d4f84933dbfa8bc8134/contracts/libraries/LiquidityPosition.sol#L260...

GCHQ Christmas Codebreaking Challenge

Looks like fun. Details...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...

Prefix Truncation Attacks in SSH Specification (Terrapin Attack)

The remote SSH server is supporting an specific encryption algorithm or MAC. Parts of their SSH specification are vulnerable to a novel prefix truncation attack (a.k.a. Terrapin...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...

BlackCat Ransomware Raises Ante After FBI Disruption

The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released a decryption tool that hundreds of victim.....

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified...

Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at....