Spam & Virus Firewall 600 Security Vulnerabilities

April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution

In one of the largest Patch Tuesdays in years, Microsoft disclosed 150 vulnerabilities across its software and product portfolio this week, including more than 60 that could lead to remote code execution. Though April's monthly security update from Microsoft is the largest since at least the start....

10-Year-Old 'RUBYCARP' Romanian Hacker Group Surfaces with Botnet

A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks. The group, believed to be active for at least 10 years, employs the botnet for financial gain,....

$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin

🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 25th, 2024, during our second Bug Bounty...

Starry Addax targets human rights defenders in North Africa with new malware

Cisco Talos is disclosing a new threat actor we deemed "Starry Addax" targeting mostly human rights activists associated with the Sahrawi Arab Democratic Republic (SADR) cause with a novel mobile malware. Starry Addax conducts phishing attacks tricking their targets into installing malicious...

35-year long identity theft leads to imprisonment for victim

Sometimes the consequences of a stolen identity exceed anything you could have imagined. Matthew David Keirans, a 58-year-old former hospital employee has pleaded guilty to assuming another man’s identity since 1988. He was convicted of one count of making a false statement to a National Credit...

KB5035432 - Description of the security update for SQL Server 2022 GDR: April 9, 2024

KB5035432 - Description of the security update for SQL Server 2022 GDR: April 9, 2024 Summary How to obtain and install the update More information File information Information about protection and security Summary This security update resolves a vulnerability. To learn more about the...

KB5036343 - Description of the security update for SQL Server 2022 CU12: April 9, 2024

KB5036343 - Description of the security update for SQL Server 2022 CU12: April 9, 2024 Summary How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information Information about protection and security Summary This...

KB5036335 - Description of the security update for SQL Server 2019 CU25: April 9, 2024

KB5036335 - Description of the security update for SQL Server 2019 CU25: April 9, 2024 Summary How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information Information about protection and security Summary This...

KB5035434 - Description of the security update for SQL Server 2019 GDR: April 9, 2024

KB5035434 - Description of the security update for SQL Server 2019 GDR: April 9, 2024 Summary How to obtain and install the update More information File information Information about protection and security Summary This security update contains a fix and resolves vulnerabilities. To learn more...

Arista NG Firewall ReportEntry SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportEntry class. The issue results from the lack of proper validation of a...

K000139227 : amphp/http vulnerability CVE-2024-2653

Security Advisory Description amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash. (CVE-2024-2653) Impact There is no impact; F5 products are not affected by this...

K000139228 : Envoy vulnerability CVE-2024-27919

Security Advisory Description Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This.....

K000139236 : Apache Traffic Server HTTP/2 CONTINUATION DoS attack vulnerability CVE-2024-31309

Security Advisory Description HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. (CVE-2024-31309) Impact There is no impact; F5 products are not affected by this...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6726-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part...

K000139218 : CVE-2024-22243 Spring Framework vulnerability

Security Advisory Description Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or...

K000139229 : Tempesta vulnerability CVE-2024-2758

Security Advisory Description Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately. (CVE-2024-2758) Impact There is no impact; F5 products are not affected by this...

K000139214 : Apache httpd vulnerability CVE-2024-27316

Security Advisory Description HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. (CVE-2024-27316) Impact There is no impact; F5 products...

CVE-2024-31220

Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface...

CVE-2024-31220

Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface...

$657 Bounty Awarded for Arbitrary File Upload Patched in WEmanage App Worker WordPress Plugin

On February 1st, 2024, during our Bug Bounty Extravaganza, we received a submission for an Arbitrary File Upload vulnerability in Management App for WooCommerce, a WordPress plugin with 1,000+ active installations. This vulnerability makes it possible for authenticated users such as subscribers...

CVE-2024-31220 Sunshine vulnerable to remote unauthenticated arbitrary file read

Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface...

Security Advisory 0094

Security Advisory 0094 PDF Date: April 5, 2024 Revision | Date | Changes ---|---|--- 1.0 | April 3, 2024 | Initial release 1.1 | April 5, 2024 | Update required configuration for exploitation and mitigation Description Arista Networks is providing this security update in response to the...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...

CoralRaider targets victims’ data and social media accounts

Cisco Talos discovered a new threat actor we're calling "CoralRaider" that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries. This group focuses on stealing victims'...

All In One WP Security < 5.2.7 - Cross-Site Request Forgery to IP Blocking

Description The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.6. This is due to missing or incorrect nonce validation on the render_404_detection() function. This makes it possible for...

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called "The Manipulaters," a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming....

Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks

Google on Tuesday said it's piloting a new feature in Chrome called Device Bound Session Credentials (DBSC) to help protect users against session cookie theft by malware. The prototype – currently tested against "some" Google Account users running Chrome Beta – is built with an aim to make it an...

Attack Surface Management vs. Vulnerability Management

Attack surface management (ASM) and vulnerability management (VM) are often confused, and while they overlap, they're not the same. The main difference between attack surface management and vulnerability management is in their scope: vulnerability management checks a list of known assets, while...

Security Advisory 0095

Security Advisory 0095 PDF Date: April 3, 2024 Revision | Date | Changes ---|---|--- 1.0 | April 3, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-3094 CVSSv3.1 Base Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Description Arista Networks is providing this...

Declassified NSA Newsletters

Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA's KRYPTOS Society Newsletter, "Tales of the Krypt," from 1994 to 2003. There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 review of Applied Cryptography by...

$5,500 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in LayerSlider WordPress Plugin

On March 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated SQL Injection vulnerability in LayerSlider, a WordPress plugin with more than 1,000,000 estimated active installations. This vulnerability can be leveraged to extract sensitive data from....

Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.26 addresses multiple vulnerabilites Vulnerability Details ** CVEID: CVE-2024-21733 DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the leaking of unrelated request bodies in default error page. By...

Adversaries are leveraging remote access tools now more than ever — here’s how to stop them

Remote system management/desktop access tools such as AnyDesk and TeamViewer have grown in popularity since 2020. While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns. There is no easy way to effectively...

K000139152 : Linux kernel vulnerability CVE-2023-2006

Security Advisory Description A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute...

Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WP-Members Membership Plugin – $500 Bounty Awarded

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 21st, 2024, during our second Bug Bounty Extravaganza,.....

Detecting Windows-based Malware Through Better Visibility

Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These continued threats aren't just an inconvenience that hurt businesses and end users - they damage the economy, endanger lives, destroy businesses and put national...

Amazon Linux 2 : squid (ALAS-2024-2509)

The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2509 advisory. An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext....

K000139140 : util-linux vulnerability CVE-2024-28085

Security Advisory Description wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not...

K000139141 : liblzma vulnerability CVE-2024-3094

Security Advisory Description Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to....

CVE-2024-30468

Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through...

CVE-2024-30468

Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through...

CVE-2024-30468 WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through...

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots...

K000139092 : DNS vulnerability CVE-2023-50387

Security Advisory Description Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a...

Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6707-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6707-4 advisory. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 18, 2024 to March 24, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 94 vulnerabilities disclosed in 81 WordPress.....

K000139084 : DNS vulnerability CVE-2023-50868

Security Advisory Description The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3"...

Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities

Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product (CVE-2023-42017). This vulnerability has been addressed. IBM Planning...

Security Bulletin: IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities.

Summary IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-21733 DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the leaking of unrelated request bodies in default error page. By sending a...

Security Bulletin: IBM DevOps Build 7.0.0.1 addresses multiple vulnerabilities.

Summary IBM DevOps Build 7.0.0.1 addresses multiple vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-21733 DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the leaking of unrelated request bodies in default error page. By sending a...