Threat Roundup for June 5 to June 12

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 5 and June 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

Code injection

An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service infinite loop, aka MMSA-2020-0020...

PT-2020-14008 · Mattermost · Mattermost Server

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 5.23.0 Description: An issue allows attackers to cause a denial of service, specifically an infinite loop, by exploiting automatic direct message replies. Recommendations: For versions prior to 5.23.0, upda...

MDX managed apps cannot open links properly so that apps which are not managed launch automatically

Problem description: MDX app policies are configured but the app that is not managed does not launch automatically as expected. Example use case: iOS has the Booking.com app installed from the Public App Store. The device also has Secure Web and Secure Mail installed. The Secure apps are managed ...

Microsoft Defender Antimalware Platform Multiple EoP Vulnerabilities (Jun 2020)

This host is missing an important security update according to Microsoft Security Updates released for Microsoft Defender Antimalware Platform dated 9th June 2020 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

Security Feature Bypass Vulnerability for Word (June 2020)

The Microsoft Word Products is missing a security update, and Therefore is affected by a security feature bypass vulnerability. An attacker who exploited this vulnerability could cause a system to load remote images which could disclose the IP address of the targeted system to the attacker. C...

stb:stbi_read_fuzzer: Heap-buffer-overflow in load_jpeg_image

Detailed Report: https://oss-fuzz.com/testcase?key=5726154781884416 Project: stb Fuzzing Engine: afl Fuzz Target: stbireadfuzzer Job Type: aflasanstb Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x62b000006e0f Crash State: loadjpegimage stbijpegload stbiloadmain...

Aggressive in-app advertising in Android

Recently, we've been noticing ever more dubious advertising libraries in popular apps on Google Play. The monetization methods used in such SDKs can pose a threat to users, yet they pull in more revenue for developers than whitelisted ad modules due to the greater number of views. In this post we...

[SECURITY] Fedora 30 Update: clamav-0.102.3-1.fc30

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

[SECURITY] Fedora 31 Update: clamav-0.102.3-1.fc31

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

[SECURITY] Fedora 32 Update: clamav-0.102.3-1.fc32

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

CVE-2020-7808

In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update moduleweb.js allows an attacker to modify arguments which causes downloading a random DLL and injection on it...

Design/Logic Flaw

In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update moduleweb.js allows an attacker to modify arguments which causes downloading a random DLL and injection on it...

CVE-2020-7808

RAONWIZ K Upload, versions 2018.0.2.51 and prior, is affected. The flaw lies in the update module (web.js) where automatic update processing occurs without an integrity check, allowing an attacker to modify arguments and cause the downloader to fetch a random DLL, followed by injection. Impact st...

PT-2020-19805 · Raonwiz · Raonwiz K Upload

Name of the Vulnerable Software and Affected Versions: RAONWIZ K Upload versions 2018.0.2.51 and prior Description: The issue allows an attacker to modify arguments in the update module, specifically in the web.js file, due to the lack of an integrity check during automatic update processing. Thi...

Exploit for Reachable Assertion in Isc Bind

CVE-2020-8617 PoC for CVE-2020-8617 For educational purposes...

When Bandwidth Doesn’t Last

Introduction Imperva’s Cloud WAF networking team went through a major transition from an operation team to a development team during the SDN era. We saw new products emerging for our network infrastructure - moving from manual operation to automatic. But, while the change of mindset from being an...

DoS Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2

Overview A DoS vulnerability was found in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasu...

Unspecified Vulnerabilities in eQ-3 Homematic CCU2 and CCU3

The eQ-3 Homematic CCU3 and eQ-3 HomeMatic CCU2 are both central control units for a smart home system from eQ-3 Germany. A security vulnerability exists in eQ-3 Homematic CCU2 version 2.51.6 and earlier and CCU3 version 3.51.6 and earlier, which stems from turning on the default automatic login...

Directory Traversal

rocketmq-broker is vulnerable to directory traversal. The automatic topic creation which is enabled by default, allows a folder name containing ../ characters to be created. This results in the writing of arbitrary directory in the parent directories, potentially overwriting existing folders...