New ransomware trends in 2022

Ahead of the Anti-Ransomware Day, we summarized the tendencies that characterize ransomware landscape in 2022. This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop...

PT-2022-3916 · Unknown · Pinniped Supervisor

Name of the Vulnerable Software and Affected Versions: Pinniped Supervisor affected versions not specified Description: An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. The issue allows an attack where a malicious us...

kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses

A use-after-free read flaw was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen and connect in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information...

kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses

A use-after-free read flaw was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen and connect in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information...

kernel: cgroup: Use open-time creds and namespace for migration perm checks

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1...

Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums

Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat aka DarkCrystal RAT that's offered on sale for "dirt cheap" prices, making it accessible to professional cybercriminal groups and novice actors alike. "Unlike the well-funded, massive Russian...

Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

Summary Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote...

NewStart CGSL MAIN 6.02 : openssh Vulnerability (NS-SA-2022-0070)

The remote NewStart CGSL host, running version MAIN 6.02, has openssh packages installed that are affected by a vulnerability: - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialize...

NewStart CGSL MAIN 4.05 : openssh-latest Vulnerability (NS-SA-2022-0001)

The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by a vulnerability: - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not...

EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2022-1607)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A double free bug in packetsetring in net/packet/afpacket.c can be exploited by a local user through crafted syscalls to escalate...

DRUPAL-CONTRIB-2022-038

The module adds a "Clone" tab to a node. When clicked, a new node is created and fields from the previous node are populated into the new fields. This module supports paragraphs, groups, and other referenced entities. The module has a vulnerability which allows attackers to bypass the protection ...

Quick Node Clone - Moderately critical - Access bypass - SA-CONTRIB-2022-038

The module adds a "Clone" tab to a node. When clicked, a new node is created and fields from the previous node are populated into the new fields. This module supports paragraphs, groups, and other referenced entities. The module has a vulnerability which allows attackers to bypass the protection ...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2022-011 (ALASKERNEL-5.10-2022-011)

The version of kernel installed on the remote host is prior to 5.10.102-99.473. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-011 advisory. AMD recommends using a software mitigation for this issue, which the kernel is enabling by default. The...

Russia continues digital onslaught against Ukrainian systems

According to Microsoft, at least six Kremlin-backed hacking groups have been attacking Ukraine in the digital space in an onslaught that began before the invasion in late February. The company counted more than 237 cyberattack operations against Ukrainian systems and critical infrastructure. Thes...

IBM InfoSphere Information Server Elevation of Privilege Vulnerability (CNVD-2022-38557)

IBM InfoSphere Information Server is a data integration software platform. Its primary service is to help us be able to understand, clean, monitor, transform and deliver data. an elevation of privilege vulnerability exists in IBM InfoSphere Information Server, which could be exploited by an...

CVE-2022-22441

IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426...

CVE-2022-29585

In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list rather than only being shown for the institution that the viewer is a member of...

Cyberattacks Rage in Ukraine, Support Military Operations

Cyberattacks against Ukraine have been used strategically to support ground campaigns, with five state-sponsored advanced persistent threat APT groups behind attacks that began in February. According to research published by Microsoft on Wednesday, the APTs involved in the campaigns are...

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is a data integration software platform. Its primary service is to help us be able to understand, clean, monitor, transform and deliver data. an elevation of privilege vulnerability exists in IBM InfoSphere Information Server, which could be exploited by an...

Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Rezilion expected that due to the “massive amount of media coverage” the bug unsurprisingly received, the majority of applications...