Weather Effect – Christmas Santa Snow Falling Security Vulnerabilities

CVE-2023-3894

Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service...

CVE-2023-3894

Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service...

Input validation

Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service...

CVE-2023-3894 DOS in jackson-dataformats-text

Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service...

Ensuring Compliance with DORA: How Qualys Solutions Can Help

Introduction The Digital Operational Resilience Act (DORA) is a new regulation implemented by the European Union to ensure the stability and security of the financial sector. Coming into effect in 2022, DORA mandates enhanced cybersecurity and operational resilience standards for financial...

Code leaks are causing an influx of new ransomware actors

Ransomware gangs are consistently rebranding or merging with other groups, as highlighted in our 2022 Year in Review, or these actors work for multiple ransomware-as-a-service (RaaS) outfits at a time, and new groups are always emerging. This trend is already continuing this year. Since 2021,...

The treasury address can be updated by the contract owner to point to a malicious address after deployment

Lines of code ttps://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/GeVault.sol#L58 https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/GeVault.sol#L108-L109 Vulnerability details Impact Any fees...

Wear OS Security Bulletin—August 2023

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2023-08-05 or later from the August 2023 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...

AI is the Solution, Not the Problem

AI is the Solution, Not the Problem By Trellix · August 07, 2023 This story was also written by Oded Margalit. AI (Artificial Intelligence) / ML (Machine Learning) has recently been painted as the master evil. In this blog I would like to suggest a different view, where we can use it to make a...

AI is the Solution, Not the Problem

AI is the Solution, Not the Problem By Trellix · August 07, 2023 This story was also written by Oded Margalit. AI (Artificial Intelligence) / ML (Machine Learning) has recently been painted as the master evil. In this blog I would like to suggest a different view, where we can use it to make a...

The treasury address can be updated by the contract owner to point to a malicious address after deployment

Lines of code https://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/GeVault.sol#L108-L109 Vulnerability details Impact Any fees or funds sent to the treasury could potentially be stolen or manipulated Proof of Concept The treasury address can be...

The USDOMarketModule contract's lend function allows for dangerous call delegation

Lines of code Vulnerability details Impact The USDOMarketModule contract is a module that is used by the BaseUSDO contract to facilitate functionality for market actions. The module functionality is invoked through the invocation of a delegatecall within the BaseUSDO contract's _executeModule...

RTokenAsset price estimation accounts for margin of error twice

Lines of code https://github.com/reserve-protocol/protocol/blob/9ee60f142f9f5c1fe8bc50eef915cf33124a534f/contracts/plugins/assets/RTokenAsset.sol#L100-L115 Vulnerability details RTokenAsset estimates the price by multiplying the BU (basket unit) price estimation by the estimation of baskets held...

There is no decrease for the share allowance from _addCollateral when share passed zero

Lines of code Vulnerability details Impact When calling _addCollateral, and if the share passed as zero, it is calculated based on the passed amount. However, this happens after allowanceBorrow was already called in addCollateral. So, deduction never occur for the share. Eventually, the borrow...

The USDOOptionsModule contract's exercise function allows for dangerous call delegation

Lines of code Vulnerability details Impact The USDOOptionsModule contract is a module that is used by the BaseUSDO contract to facilitate functionality for oTap actions. The module functionality is invoked through the invocation of a delegatecall within the BaseUSDO contract's _executeModule...

The USDOLeverageModule contract's leverageUp function allows for dangerous call delegation

Lines of code Vulnerability details Impact The USDOLeverageModule contract is a module that is used by the BaseUSDO contract to facilitate functionality for leverage actions. The module functionality is invoked through the invocation of a delegatecall within the BaseUSDO contract's _executeModule.....

KRBUACBypass - UAC Bypass By Abusing Kerberos Tickets

This POC is inspired by James Forshaw (@tiraniddo) shared at BlackHat USA 2022 titled “_Taking _Kerberos To The Next Level ” topic, he shared a Demo of abusing Kerberos tickets to achieve UAC bypass. By adding a KERB-AD-RESTRICTION-ENTRY to the service ticket, but filling in a fake MachineID, we...

The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter

Since the discovery of the widespread VPNFilter malware in 2018, Cisco Talos researchers have been researching vulnerabilities in small and home office (SOHO) and industrial routers. During that research, Talos has worked with vendors to report and mitigate these vulnerabilities, totaling 141...

New SEC Rules around Cybersecurity Incident Disclosures

The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules: Public companies must "disclose any cybersecurity incident they determine to be material" within four days, with potential delays if there is a national...

Moxa NPort Information Disclosure (CVE-2020-12117)

Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect. This.....

Jettison parser crash by stackoverflow

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack....

Jettison parser crash by stackoverflow

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack....

function _queueProposal not checking if the required time is passed to allow proposal to set to the queue list

Lines of code https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Governance/TemporalGovernor.sol#L295-L342 Vulnerability details Impact in the _queueProposal function there is no check for if the requested time is passed to allow queue the...

New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data

A new Android malware strain called CherryBlos has been observed making use of optical character recognition (OCR) techniques to gather sensitive data stored in pictures. CherryBlos, per Trend Micro, is distributed via bogus posts on social media platforms and comes with capabilities to steal...

Closing vulnerabilities in Decidim, a Ruby-based citizen participation platform

This blog post describes two security vulnerabilities in Decidim, a digital platform for citizen participation. Both vulnerabilities were addressed by the Decidim team with corresponding update releases for the supported versions in May 2023. This blog post is not directly related to election...

setThreshold can bypass cool down period in setGSCAllowance

Lines of code https://github.com/code-423n4/2023-07-arcade/blob/main/contracts/ArcadeTreasury.sol#L308 Vulnerability details Impact setThreshold can bypass the cool down period in setGSCAllowance and decrease the gscAllowance[token]. Proof of Concept In setGSCAllowance, we add a cool-down period...

It's possible to block some user from voting for (or against) some proposal

Lines of code https://github.com/code-423n4/2023-07-arcade/blob/f8ac4e7c4fdea559b73d9dd5606f618d4e6c73cd/contracts/external/council/CoreVoting.sol#L234...

Every company has its own version of ChatGPT now

Welcome to this week's edition of the Threat Source newsletter. When I first started poking at ChatGPT a few months ago, I quickly learned that it wasn't quite ready to take my job (yet) and wasn't staying up to date on wrestling. Since ChatGPT went viral, several other companies have released...

CVE-2023-38491

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content.....

CVE-2023-38491

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content.....

CVE-2023-38491

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content.....

Hardcoded credentials

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content.....

CVE-2023-38491 Kirby vulnerable to Cross-site scripting (XSS) from MIME type auto-detection of uploaded files

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content.....

Who Protects PII – Consumers or Companies?

Introduction Did you know that as a consumer, 25% of the apps you engage with are collecting your Personally Identifiable Information (PII)? Do you know why they are collecting it or where they are storing it? Also, do you realize as a company, General Data Protection Regulation (GDPR) fines can...

Making all attributes on a content-type public without noticing it

Summary Anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. Details When dealing with content-types inside a Strapi instance, we can extend those using the appropriate container: javascript...

Making all attributes on a content-type public without noticing it

Summary Anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. Details When dealing with content-types inside a Strapi instance, we can extend those using the appropriate container: javascript...

New Microsoft identity and data security capabilities to accelerate CMMC compliance for the Defense Industrial Base

As Department of Defense (DoD) Chief Information Officer Hon. John Sherman said recently, Cybersecurity Maturity Model Certification (CMMC) is necessary to ensure that the United States raises the bar for protecting sensitive information.1 The DoD is leading by example towards this goal by...

x86/AMD: Zenbleed

ISSUE DESCRIPTION Researchers at Google have discovered Zenbleed, a hardware bug causing corruption of the vector registers. When a VZEROUPPER instruction is discarded as part of a bad transient execution path, its effect on internal tracking are not unwound correctly. This manifests as the wrong.....

China’s Breach of Microsoft Cloud Email May Expose Deeper Problems

Plus: Microsoft expands access to premium security features, AI child sexual abuse material is on the rise, and Netflix’s password crackdown has its intended...

Estée Lauder targeted by Cl0p and BlackCat ransomware groups

Estee Lauder is currently at the heart of a compromise storm, revealing a major security issue via a Security Exchange Commission (SEC) filing on Tuesday. Although no detailed explanation of what has taken place is given, there is confirmation that an attack allowed access to some systems and...

Local Governments Targeted for Ransomware – How to Prevent Falling Victim

Regardless of the country, local government is essential in most citizens' lives. It provides many day-to-day services and handles various issues. Therefore, their effects can be far-reaching and deeply felt when security failures occur. In early 2023, Oakland, California, fell victim to a...

InterchainTokenService.expressReceiveTokenWithData does not apply Check-Effect-Interaction mode

Lines of code Vulnerability details Impact InterchainTokenService.expressReceiveTokenWithData does not apply the Check-Effect-Interaction pattern. In some edge cases, the caller can lose funds. Proof of Concept The life cycle of sending token across chains contains 3 phases: //P1: launch on source....

The federal government’s cybersecurity policies are falling into place just in time to be stalled again

Welcome to this week's edition of the Threat Source newsletter. Last week, the Biden administration released its formal roadmap for its national cybersecurity initiative meant to encourage greater investment in cybersecurity and strengthen the U.S.'s critical infrastructure security (and more)....

Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats

Microsoft on Wednesday announced that it's expanding cloud logging capabilities to help organizations investigate cybersecurity incidents and gain more visibility after facing criticism in the wake of a recent espionage attack campaign aimed at its email infrastructure. The tech giant said it's...

Accidental VirusTotal upload is a valuable reminder to double check what you share

A document accidentally uploaded to Google's VirusTotal service has resulted in the potential exposure of defence and intelligence agency names and email addresses. The service, used to scan files for signs of potential malicious activity, is used by security professionals and folks just...

grav Server-side Template Injection (SSTI) mitigation bypass

Summary The fix for SSTI using |map, |filter and |reduce twigs implemented in the commit 71bbed1 introduces bypass of the denylist due to incorrect return value from isDangerousFunction(), which allows to execute the payload prepending double backslash (\) Details The isDangerousFunction() check...

grav Server-side Template Injection (SSTI) mitigation bypass

Summary The fix for SSTI using |map, |filter and |reduce twigs implemented in the commit 71bbed1 introduces bypass of the denylist due to incorrect return value from isDangerousFunction(), which allows to execute the payload prepending double backslash (\) Details The isDangerousFunction() check...

Exploit for Deserialization of Untrusted Data in Apache Log4J

The Log4j vulnerability, also known as "Log4Shell" or...

​​Expanding cloud logging to give customers deeper security visibility

In response to the increasing frequency and evolution of nation-state cyberthreats, Microsoft is taking additional steps to protect our customers and increase the secure-by-default baseline of our cloud platforms. These steps are the result of close coordination with commercial and government...

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability (CVSS: 9.8 CRITICAL). The publication generated a lot of activity among white, grey and black hat researchers, as well as lots of publications and tweets about the vulnerability and.....