DEV-0569 finds new ways to deliver Royal ransomware, various payloads

Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of...

Debian: Security Advisory (DLA-3187-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache SOAP 访问控制错误漏洞

Apache SOAP is used as a client-side library by the Apache Foundation to invoke SOAP services available elsewhere, and as a server-side tool to implement SOAP-accessible services. an authentication error vulnerability exists in Apache SOAP, which stems from the fact that RPCRouterServlet can be...

Eaglesoft 信任管理问题漏洞

Eaglesoft is a software application. A security vulnerability exists in Eaglesoft version 21 that stems from the presence of two methods of cracking the Get Key file...

Cannot complete your request on Gateway URL after adding new domain to trusted domains

After adding a trusted domain to Storefront. when you go to "Manage Authentication Methods", click on the settings, click on "Configure trusted Domains" and add new domains, when users try to go to the gateway URL, you may get either "Login Expired" or "Cannot Complete your Request|" error messag...

Why Is Snapshot Scanning Not Enough?

As new scanning technologies are released, their supposed superiority is touted over the others. The problem is, however, that there is no best scanning technology, all of them have strengths and limitations. If recent claims from several vendors are believed, a “best” scanning method called...

How to configure Email OTP without email ID registration

This article covers two kind of Email OTP authentication methods, which deployed in Citrix ADC Nfactor AAA virtual server. How to configure standard withemail ID registration email OTP How to configure simple without email ID registrationemail OTP...

Ermir - An Evil Java RMI Registry

Ermir is an Evil/Rogue RMI Registry, it exploits unsecure deserialization on any Java code calling standard RMI methods on it list/lookup/bind/rebind/unbind. Requirements Ruby v3 or newer. Installation Install Ermir from rubygems.org: $ gem install ermir or clone the repo and build the gem: $ git...

Security update for cacti, cacti-spine (moderate)

openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2022:10170-1 Rating: moderate References: 1203952 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux...

Weak randomness

Lines of code Vulnerability details Vulnerability details Description In the function crossChainMessage of HolographOperator contract there is the following logic implemented for the calculation of the random value: / @dev use job hash, job nonce, block number, and block timestamp for generating ...

CVE-2022-39314

Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the code or password-reset auth method with the...

Code injection

Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the code or password-reset auth method with the...

Security update for v4l2loopback (moderate)

openSUSE Security Update: Security update for v4l2loopback Announcement ID: openSUSE-SU-2022:10159-1 Rating: moderate References: 1202156 Cross-References: CVE-2022-2652 CVSS scores: CVE-2022-2652 NVD : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2022-2652 SUSE: 6...

CVE-2022-43411

Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2022-41853

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default. Mitigation By default, the static methods of any class that is on the classpath are available for u...

DEBIAN-CVE-2021-36369

An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2...

UBUNTU-CVE-2021-36369

An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2...

CVE-2021-36369

An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2...

Perth Dropbear 授权问题漏洞

Perth Dropbear is a lightweight SSH server/client software from the University of Perth, Australia that is primarily used in embedded devices. A security vulnerability exists in Perth Dropbear version 2020.81 and earlier, which stems from a non-RFC compatibility check of the authentication method...

New Report Uncovers Emotet's Delivery and Evasion Techniques Used in Recent Attacks

Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control C2 infrastructure to escape detection, according to new research from VMware. Emotet is the work of a threat actor tracked as Mummy Spider aka TA542, emerging in June 2014 as ...