Bala Krishna, Sergey Yakovlev Security Vulnerabilities

Cracked software beats gold: new macOS backdoor stealing cryptowallets

A month ago, we discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. We recently caught sight of a new,....

Ubuntu: Security Advisory (USN-1000-1)

The remote host is missing an update for...

Unbreakable Enterprise kernel security update

[5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer...

Unbreakable Enterprise kernel security update

[4.14.35-2047.533.3] - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185208] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143229] - sched/rt:...

Dark web threats and dark market predictions for 2024

An overview of last year's predictions Increase in personal data leaks; corporate email at risk A data leakage is a broad term encompassing various types of information that become publicly available, or published for sale on the dark web or other shadow web sites. Leaked information may...

"Activator" Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets

Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information and cryptocurrency wallet data. Kaspersky, which identified the artifacts in the wild, said they are designed to target machines running macOS...

Node.js 16.x < 16.20.1 / 18.x < 18.16.1 / 20.x < 20.3.1 Multiple Vulnerabilities (Tuesday June 20 2023 Security Releases).

The version of Node.js installed on the remote host is prior to 16.20.1, 18.16.1, 20.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Tuesday June 20 2023 Security Releases advisory. The use of proto in process.mainModule.proto.require() can bypass the policy...

New macOS Trojan-Proxy piggybacking on cracked software

Illegally distributed software historically has served as a way to sneak malware onto victims' devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a "free lunch". They are an excellent target for cybercriminals who realize that an...

BlueNoroff: new Trojan attacking macOS users

We recently discovered a new variety of malicious loader that targets macOS, presumably linked to the BlueNoroff APT gang and its ongoing campaign known as RustBucket. The threat actor is known to attack financial organizations, particularly companies, whose activity is in any way related to...

Cross site request forgery (csrf)

Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin &lt;= 2.5...

Unbreakable Enterprise kernel security update

[4.14.35-2047.532.3] - Revert 'mmc: core: Capture correct oemid-bits for eMMC cards' (Dominique Martinet) - media: dvb-usb-v2: af9035: fix missing unlock (Hans Verkuil) - perf/core: Fix potential NULL deref (Peter Zijlstra) [4.14.35-2047.532.2] - x86: change default to...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.326.6.el7] - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (Junxiao Bi) [Orabug: 35914789] - md: bypass block throttle for superblock update (Junxiao Bi) [Orabug: 35914789] [5.4.17-2136.326.5.el7] - Revert 'tracing: Increase trace array ref count on enable and filter...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.326.6.el8] - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (Junxiao Bi) [Orabug: 35914789] - md: bypass block throttle for superblock update (Junxiao Bi) [Orabug: 35914789] [5.4.17-2136.326.5.el8] - Revert 'tracing: Increase trace array ref count on enable and filter...

Unbreakable Enterprise kernel security update

[5.4.17-2136.326.6] - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (Junxiao Bi) [Orabug: 35914789] - md: bypass block throttle for superblock update (Junxiao Bi) [Orabug: 35914789] [5.4.17-2136.326.5] - Revert 'tracing: Increase trace array ref count on enable and filter files'...

CVE-2023-46618

Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin &lt;= 2.5...

CVE-2023-46618

Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin &lt;= 2.5...

CVE-2023-46618 WordPress Category SEO Meta Tags Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin &lt;= 2.5...

Cross site scripting

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin &lt;= 2.5...

Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software

Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. "Attackers can use this type of malware to gain money by building a proxy server network or to perform criminal acts on behalf of the victim: to...

Unbreakable Enterprise kernel security update

[5.15.0-201.135.6] - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller (Johnathan Mantey) - netfilter: nf_tables: split async and sync catchall in two functions (Pablo Neira Ayuso) - netfilter: nf_tables: remove catchall element in GC sync path (Pablo Neira Ayuso) - scsi:...

CVE-2023-46091

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin &lt;= 2.5...

CVE-2023-46091

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin &lt;= 2.5...

CVE-2023-46091 WordPress Category SEO Meta Tags Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin &lt;= 2.5...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.325.5.el7] - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext (Krister Johansen) [Orabug: 35905508] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 (D Scott Phillips) [Orabug: 35905508] - perf/arm-cmn: Fix invalid pointer...

Modern Asian APT groups’ tactics, techniques and procedures (TTPs)

Almost every quarter, someone publishes major research focusing on campaigns or incidents that involve Asian APT groups. These campaigns and incidents target various organizations from a multitude of industries. Likewise, the geographic location of victims is not limited to just one region. This...

StripedFly: Perennially flying under the radar

Introduction It's just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. It comes equipped with a built-in TOR network tunnel for communication with command servers,....

Digital security sessions at Microsoft Ignite to prepare you for the era of AI

Thousands of security professionals will join us for Microsoft Ignite 2023 from November 14 to 17, 2023, where we will share how to embrace the AI era confidently, with protection for people, data, devices, and apps that extends across clouds and platforms. With more than 45 security sessions,...

Digital security sessions at Microsoft Ignite to prepare you for the era of AI

Thousands of security professionals will join us for Microsoft Ignite 2023 from November 14 to 17, 2023, where we will share how to embrace the AI era confidently, with protection for people, data, devices, and apps that extends across clouds and platforms. With more than 45 security sessions,...

StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices

An advanced strain of malware masquerading as a cryptocurrency miner has managed to fly the radar for over five years, infecting no less than one million devices around the world in the process. That's according to findings from Kaspersky, which has codenamed the threat StripedFly, describing it...

Ubuntu 14.04 LTS / 16.04 LTS : Django vulnerability (USN-3089-1)

Sergey Bobrov discovered that Django incorrectly parsed cookies when being used with Google Analytics. A remote attacker could possibly use this issue to set arbitrary cookies leading to a CSRF protection bypass. Note that Tenable Network Security has extracted the preceding description block...

Unbreakable Enterprise kernel security update

[5.4.17-2136.324.5.3] - Revert 'jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint' (Sherry Yang) [Orabug: 35896102] [5.4.17-2136.324.5.2] - fix breakage in do_rmdir() (Al Viro) [Orabug: 35885837] [5.4.17-2136.324.5.1] - x86: KVM: SVM: always update the x2avic msr...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.324.5.3.el7] - Revert 'jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint' (Sherry Yang) [Orabug: 35896102] [5.4.17-2136.324.5.2.el7] - fix breakage in do_rmdir() (Al Viro) [Orabug: 35885837] [5.4.17-2136.324.5.1.el7] - x86: KVM: SVM: always update the...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.324.5.3.el8] - Revert 'jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint' (Sherry Yang) [Orabug: 35896102] [5.4.17-2136.324.5.2.el8] - fix breakage in do_rmdir() (Al Viro) [Orabug: 35885837] [5.4.17-2136.324.5.1.el8] - x86: KVM: SVM: always update the...

Unbreakable Enterprise kernel security update

[5.15.0-106.131.4] - jbd2: check 'jh-&gt;b_transaction' before removing it from checkpoint (Zhihao Cheng) - jbd2: fix checkpoint cleanup performance regression (Zhang Yi) - scsi: qla2xxx: Fix TMF leak through (Quinn Tran) - scsi: qla2xxx: Fix command flush during TMF (Quinn Tran) - scsi: qla2xxx:.....

zstd vulnerable to buffer overrun

A vulnerability was found in zstd v1.4.10, where an attacker can supply an empty string as an argument to the command line tool to cause buffer...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.323.8.el7] - vhost-scsi: Fix alignment handling with windows (Mike Christie) [Orabug: 35769318] - Revert 'vhost/scsi: support non zerocopy iovecs' (Rajan Shanmugavelu) [Orabug: 35769318] [5.4.17-2136.323.7.el7] - x86: change default to spec_store_bypass_disable=prctl...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.323.8.el8] - vhost-scsi: Fix alignment handling with windows (Mike Christie) [Orabug: 35769318] - Revert 'vhost/scsi: support non zerocopy iovecs' (Rajan Shanmugavelu) [Orabug: 35769318] [5.4.17-2136.323.7.el8] - x86: change default to spec_store_bypass_disable=prctl...

Unbreakable Enterprise kernel security update

[5.4.17-2136.323.8] - vhost-scsi: Fix alignment handling with windows (Mike Christie) [Orabug: 35769318] - Revert 'vhost/scsi: support non zerocopy iovecs' (Rajan Shanmugavelu) [Orabug: 35769318] [5.4.17-2136.323.7] - x86: change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl...

U.K. and U.S. Sanction 11 Russia-based TrickBot Cybercrime Gang Members

The U.K. and U.S. governments on Thursday sanctioned 11 individuals who are alleged to be part of the notorious Russia-based TrickBot cybercrime gang. "Russia has long been a safe haven for cybercriminals, including the TrickBot group," the U.S. Treasury Department said, adding it has "ties to...

Eramba 3.19.1 Remote Command Execution Exploit

...

Eramba 3.19.1 Remote Command Execution

...

freetype - security update

Sergey Gorbaty reported issues related to the FreeType font engine. FreeType improperly handled certain malformed font files, allowing remote attackers to cause a Denial of Service when specially crafted font files were used. For Debian 6 Squeeze, these issues have been fixed in freetype version...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.321.4.el8] - tick/common: Align tick period during sched_timer setup (Thomas Gleixner) [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit() loop if cp_index &gt; 0 (Gerd Rausch) [Orabug: 35510149] [5.4.17-2136.321.3.el8] - selinux: don't use make's grouped targets feature yet...

Unbreakable Enterprise kernel security update

[5.4.17-2136.321.4] - tick/common: Align tick period during sched_timer setup (Thomas Gleixner) [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit() loop if cp_index &gt; 0 (Gerd Rausch) [Orabug: 35510149] [5.4.17-2136.321.3] - selinux: don't use make's grouped targets feature yet (Paul...

python-django - security update

Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious web sites to bypass the Cross-Site Request Forgery (CSRF) protections built into Django. For the stable distribution (jessie),....

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.321.4.el7] - tick/common: Align tick period during sched_timer setup (Thomas Gleixner) [Orabug: 35520079] - net/rds: Fix endless rds_send_xmit() loop if cp_index &gt; 0 (Gerd Rausch) [Orabug: 35510149] [5.4.17-2136.321.3.el7] - selinux: don't use make's grouped targets feature yet...

Ubuntu: Security Advisory (USN-369-1)

The remote host is missing an update for...

Why Malware Crypting Services Deserve More Scrutiny

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or "crypt" your malware so that it appears benign to antivirus and security products. In fact, the process of "crypting" malware is sufficiently...

BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11

A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing Secure Boot defenses, making it a potent threat in the cyber landscape. "This bootkit can run even on fully up-to-date Windows 11 systems with UEFI...

Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency

Introduction Stealing cryptocurrencies is nothing new. For example, the Mt. Gox exchange was robbed of many bitcoins back in the beginning of 2010s. Attackers such as those behind the Coinvault ransomware were after your Bitcoin wallets, too. Since then, stealing cryptocurrencies has continued to.....