Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining . CVE-2023-34981

Summary There is a vulnerability in Apache Tomcat that could allow a remote attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34981 DESCRIPTION:...

Security Bulletin: Vulnerability in Apache Kafka affects IBM Process Mining . CVE-2023-25194

Summary There is a vulnerability in Apache Kafka that could allow a remote authenticated attacker to execute arbitrary code or cause a denial of service . The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Detai...

Security Bulletin: Vulnerability in Python affects IBM Process Mining . Multiple CVEs

Summary There is a vulnerability in Python that could allow a local authenticated attacker to obtain sensitive information, The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-48565...

Security Bulletin: Vulnerability in Google Guava affects IBM Process Mining . CVE-2023-2976

Summary There is a vulnerability in Google Guava that could allow a local authenticated attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-2976...

Security Bulletin: Vulnerability in snappy-java affects IBM Process Mining . CVE-2023-34453

Summary There is a vulnerability in snappy-java that could allow a remote attacker to execute a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION:...

Security Bulletin: Vulnerability in python-requests affects IBM Process Mining . CVE-2023-32681

Summary There is a vulnerability in python-requests that could allow a remote attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION...

Unexpected behavior when settings rewards for existing pools or past/ongoing periods

Lines of code Vulnerability details Summary There are different missing considerations in the liquidity mining process that may lead to unexpected behavior due to failed assumptions. Impact The liquidity mining feature is mainly implemented by tracking liquidity at a global level the aggregation ...

The Liquidity mining callpath sidecar owner can pull native tokens from the Dex

Lines of code Vulnerability details Impact The owner of liquidity mining sidecar can pull the native coins that are stored in the CrocSwapDex to reward the users. Proof of Concept The setConcRewards and setAmbRewards functions doesn't check if the quoted amount of rewards are actually sent by the...

Unvalidated ticks in claimConcentratedRewards allow unauthorized users to claim undeserved rewards. Validate ticks.

Lines of code Vulnerability details Impact There is no check that the ticks passed into claimConcentratedRewards actually match the position's ticks. A user could pass in arbitrary ticks to try to claim rewards for liquidity they don't own. Proof of Concept The claimConcentratedRewards function...

Lack of access control in claimConcentratedRewards and claimAmbientRewards functions allows unauthorized fund drainage. Implement access restrictions.

Lines of code Vulnerability details Impact Any caller can call claimConcentratedRewards or claimAmbientRewards and drain funds. The contract should restrict calling these functions to authorized roles. Proof of Concept The lack of access control on claimConcentratedRewards and claimAmbientRewards...

Rounding error leading to no reward being sent

Lines of code Vulnerability details Impact Rounding errors could occur if the provided amount is too small, Proof of Concept rewardsToSend += inRangeLiquidityOfPosition concRewardPerWeekpoolIdxweek / overallInRangeLiquidity; uint256 rewardsForWeek = timeWeightedWeeklyPositionAmbLiquidity poolIdx...

New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services

A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services AWS offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container security firm...

Cybercriminals Target Graphic Designers with Cryptojacking Malware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Cybercriminals are taking advantage of a legitimate Windows tool known as Advanced Installer to compromise the computers of graphic designers with cryptocurrency mining malware. These scripts are designe...

Microsoft Teams used to deliver DarkGate Loader malware

Researchers have found a new method by which cybercriminals are spreading the DarkGate Loader malware. Until now, DarkGate was typically distributed via phishing emails. The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. But...

Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks

A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate software installers,...

A secondhand account of the worst possible timing for a scammer to strike

Welcome to this weeks edition of the Threat Source newsletter. Up until last week, I had never considered the timing of a scam to be important. Im so used to just swiping away emails or text messages at random times during the day that Id never considered what would happen if an adversary happene...

Cybercriminals target graphic designers with GPU miners

Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware on infected machines. This activity has been ongoing since at least November 2021. The attacker uses Advanced Installer to package other legitimate...

Risk Fact #4: Malware in your Cloud means Exploitation is underway

Qualys Blog Series – 2023 TotalCloud Security Insights by the Threat Research Unit The 2023 TotalCloud Security Insights report from the Qualys Threat Research Unit TRU provides research insights, best practices, and detailed recommendations organized by five separate Risk Facts. The insights wil...

Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead

Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security's p0 Labs team identified and tracked an attacker developing and deploying eight 8 incremental iterations of their credential harvesting malwa...

Malicious Campaigns Exploit Weak Kubernetes Clusters for Crypto Mining

Exposed Kubernetes K8s clusters are being exploited by malicious actors to deploy cryptocurrency miners and other backdoors. Cloud security firm Aqua, in a report shared with The Hacker News, said a majority of the clusters belonged to small to medium-sized organizations, with a smaller subset ti...