The many lives of BlackCat ransomware

The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service RaaS gig economy. It’s noteworthy due to its unconventional programming language Rust, multiple target devices and possible entry points, and affiliation with prolific...

Weekly Digest 30 May – 5 June 2022

Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 412 24 1 45 3 13 For a detailed threat digest, download the pdf file here Summary The first week of June 2022 witnessed the discovery of 412 vulnerabilities out of which 2...

The vulnerability of Google Chrome’s Tab Groups component allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Google Chrome’s Tab Groups component is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

U.S. Agencies Warn About Chinese Hackers Targeting Telecoms and Network Service Providers

U.S. cybersecurity and intelligence agencies have warned about China-based state-sponsored cyber actors leveraging network vulnerabilities to exploit public and private sector organizations since at least 2020. The widespread intrusion campaigns aim to exploit publicly identified security flaws i...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5467-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5467-1 advisory. It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A...

Chromium: CVE-2022-1863 Use after free in Tab Groups

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA12548 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in...

Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 102.0.5005.61 version, fixing many bugs and 32 CVE. Some of them are listed below: CVE-2022-1853: Use after free in Indexed DB. CVE-2022-1854: Use after free in ANGLE. CVE-2022-1855: Use after free in Messaging. CVE-2022-1856: Use after...

Open Automation Software OAS Platform访问控制错误漏洞

Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from Open Automation Software, Inc. An access control error vulnerability exists in Open Automation Software OAS Platform version V16.00.0112, which stems from an external configuration control issue with the OAS...

USN-4781-1 slurm-llnl vulnerabilities

It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM. CVE-2016-10030 It was discovered that Slurm mishandled SPAN...

Open Automation Software OAS Platform 访问控制错误漏洞

Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from Open Automation Software, Inc. An access control error vulnerability exists in Open Automation Software OAS Platform version V16.00.0112, which stems from an external configuration control issue with the OAS...

Xen Orchestra Mishandles Authorization

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

Improper authorization of users and groups with the same base name in Jenkins GitLab Authentication Plugin

GitLab Authentication Plugin 1.5 and earlier does not differentiate between user names and hierarchical group names when performing authorization. This allows an attacker with permissions to create groups in GitLab to gain the privileges granted to another user or group. GitLab Authentication...

Magento Stored Cross-site Scripting vulnerability in the admin panel

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups...

GHSA-9F4P-3JGF-98F5 Magento Stored Cross-site Scripting vulnerability in the admin panel

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups...

Conti Ransomware Operation Shut Down After Splitting into Smaller Groups

Even as the operators of Conti threatened to overthrow the Costa Rican government, the notorious cybercrime gang officially took down its attack infrastructure in favor of migrating their malicious cyber activities to other ancillary operations, including Karakurt and BlackByte. "From the...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc USA. Google Chrome suffers from a resource management error vulnerability that stems from a reuse-after-release issue in tab groups. A remote attacker could trick a victim into visiting a specially crafted web page to exploit the vulnerability and...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 32 security fixes, including: 1324864 Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12 1320024 High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park SeHwa on 2022-04-27 1228661 High...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2022-023 (ALASKERNEL-5.4-2022-023)

The version of kernel installed on the remote host is prior to 5.4.181-99.354. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-023 advisory. AMD recommends using a software mitigation for this issue, which the kernel is enabling by default. The Lin...

Cybercrime Getting More Sophisticated: How to Protect Your Business?

Can it happen to us? Are we ready to combat a cyberattack? All over the world, security officers have been fielding these questions from CEOs and the Board of Directors in the wake of large, high-profile cyberattacks. Yes, is the honest answer when attackers have continuously expanded their...