Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms

A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two doze...

rsyslog: Heap-based overflow in TCP syslog server

A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft a malicious message leading to a heap-based buffer overflow. This issue allows the attacker to corrupt or access data stored in memory, leading to a denial of service in the rsyslog or possible remote code...

The SessionManager IIS backdoor

Following on from our earlier Owowa discovery, we continued to hunt for more backdoors potentially set up as malicious modules within IIS, a popular web server edited by Microsoft. And we didnt come back empty-handed… In 2021, we noticed a trend among several threat actors for deploying a backdoo...

pcs security update

0.11.1-10.el90.1 - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz2081333 0.11.1-10 - Fixed snmp client - Fixed translating resource roles in colocation constraint - Resolves: rhbz2048640 0.11.1-9 - Fixed cluster destroy in web ui - Fixed covscan issue in web ui - Resolves:...

The vulnerability of the microprogramming software for the SIMATIC CP 442-1 RNA and SIMATIC CP 443-1 RNA communication modules, related to uncontrolled resource consumption, allows attackers to execute an “ARP storm” attack and cause service failure.

The vulnerability of the microprogramming software for the SIMATIC CP 442-1 RNA and SIMATIC CP 443-1 RNA communication modules is related to an uncontrolled consumption of resources during the processing of ARP requests. Exploiting this vulnerability can allow attackers to execute an “ARP storm”...

co.actioniq:scalavro-core_2.10 (=0.6.3-c3b519ae67902e6e94aab5b6635744250534e0d0), co.actioniq:scalavro_2.10 (=0.6.3-c3b519ae67902e6e94aab5b6635744250534e0d0) +210 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.10 (>=1.2.5 <=1.3.4)

io.spray:spray-json2.10 MAVEN version =1.2.5, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.3 and more Source cves: CVE-2018-18855 Source advisory: OSV:GHSA-WW3V-6XJF-JV28...

Malleability remedied in Salt

Salt Project has fixed a vulnerability in Salt. A malicious person who has a locked user account can still perform actions under privileges of this account. Systems are vulnerable only when PAM authentication is used. Salt Project has released updates to fix the vulnerability fix in Salt 3002.9,...

PYSEC-2022-210

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

Malicious Package

Overview @logistics-frontend/modules is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if th...

SaltStack Salt 安全漏洞

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to 3002.9, prior to 3003.5, and prior to 3004.2, which stems...

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2022-1926)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container...

Malicious code in lwc-modules-foo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46d862b5923de09847e190714fa9981eb4f6d65f46e1c7cddbf6f840663d8534 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4429 Malicious code in lwc-modules-foo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 46d862b5923de09847e190714fa9981eb4f6d65f46e1c7cddbf6f840663d8534 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tochka-modules/t15-ui-kit-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 086e63c619a5b6887d4c00c37636d7366887829646ac38d2125202b4f5269d88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in com.unity.modules.vr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware caa2a5f7f655d792cae0caf690a3c6670f07134ec8fb5d954fdebc12bdbe1d88 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2097 Malicious code in com.unity.modules.xr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da0715f4c443de1ace746c5feac7e8b6ecef5ca8bcf72e7551e2ac3da0ab9a4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2096 Malicious code in com.unity.modules.wind (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c4f75a27c15192fe5a518a9ebc7ecc4000597566c16189416ff0ce42740ddd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in com.unity.modules.vehicles (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 820f2ed0b780d2b72443c67e31b4bea4fc9698583eebe973695607246a3a1a5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in com.unity.modules.video (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9cbc1f29f9ab08321b1916e12ad31e90aabd9c5a724ab115c013a7c8397fc55d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2092 Malicious code in com.unity.modules.unitywebrequestwww (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0dae88788735360f7a8d0c54e10a2b3ed56d207895102fe4a57e75f151db8d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...