Threat Roundup for November 27 to December 4

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 27 and Dec. 4. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

The chronicles of Emotet

More than six years have passed since the banking Trojan Emotet was first detected. During this time it has repeatedly mutated, changed direction, acquired partners, picked up modules, and generally been the cause of high-profile incidents and multimillion-dollar losses. The malware is still in...

CVE-2020-29565

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

Design/Logic Flaw

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

CVE-2020-29565

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

CVE-2020-26239

Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS. If the victim visited a specific website, the More Links addon of the Scratch Addons extension used incorrect regular expression which caused the HTML-escape...

CVE-2020-26239 Cross-Site Scripting in Scratch browser addons

Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS. If the victim visited a specific website, the More Links addon of the Scratch Addons extension used incorrect regular expression which caused the HTML-escape...

GaussDB Kernel: Configuring the Automatic Account Unlocking Time

Configure the automatic account unlocking time for locked abnormal accounts. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Updates to XenVIF Windows I/O driver - For Citrix Hypervisor and XenServer

Who Should Read This Article? This information is for customers using Citrix Hypervisor or XenServer who are entitled to receive automatic Windows I/O driver updates on their Windows VMs. Latest version The following versions of XenVIF are the latest that are available through Windows Automatic...

Updates to XenVBD Windows I/O driver - For Citrix Hypervisor and XenServer

Who Should Read This Article? This information is for customers using Citrix Hypervisor or XenServer who are entitled to receive automatic Windows I/O driver updates on their Windows VMs. Latest version The following versions of XenVBD are the latest that are available through Windows Automatic...

Updates to XenBus Windows I/O driver - For Citrix Hypervisor and XenServer

Who Should Read This Article? This information is for customers using Citrix Hypervisor or XenServer who are entitled to receive automatic Windows I/O driver updates on their Windows VMs. Latest versions The following versions of XenBus are the latest that are available through Windows Automatic...

CVE-2020-12510

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for...

Default configuration

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for...

Trend Micro Security 2020 (Consumer) is vulnerable to arbitrary file deletion

Overview Trend Micro Security 2020 Consumer provided by Trend Micro Incorporated contains an arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges. Trend Micro Incorporated...

Cisco 7937G - DoS/Privilege Escalation Exploit

Exploit Title: Cisco 7937G 1-4-5-7 - DoS/Privilege Escalation Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: =SIP-1-4-5-7 Tested On: SIP-1-4-5-5, SIP-1-4-5-7 !/usr/bin/python import sys import getopt import requests import paramiko import socket import os def mainargv:...

FinalRecon v1.1.0 - The Last Web Recon Tool You'll Need

FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the target in a short amount of time while maintaining the accuracy of results. Instead of executing several tools one after another it can provide similar results keeping...

Patch Tuesday - November 2020

Jumping right back to a triple digit volume of vulnerabilities resolved, Microsoft covers 112 CVEs this November affecting products ranging from our standard Windows Operating Systems and Microsoft Office products to some new entries such as Azure Sphere. Microsoft CVE-2020-17087: Windows Kernel...

openGauss: Configuring the Automatic Account Unlocking Time

Configure the automatic account unlocking time for locked abnormal accounts. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Exploit for CVE-2020-1472

PoC exploit for CVE-2020-1472, a Windows Kerberos authentication...

Receiver Updater stops working with "Problem Checking for updates" error

To resolve this issue, download the Receiver auto-update fix located in the latest downloads page. Windows -https://www.citrix.com/downloads/citrix-receiver/windows/receiver-for-windows-latest.html Mac -https://www.citrix.com/downloads/citrix-receiver/mac/receiver-for-mac-latest.html Applicable...