Bala Krishna, Sergey Yakovlev Security Vulnerabilities

Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison

An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career of "cashing out" access to hacked bank accounts worldwide. Maksim...

Internet Backbone Giant Lumen Shuns .RU

Lumen Technologies, an American company that operates one of the largest Internet backbones and carries a significant percentage of the world's Internet traffic, said today it will stop routing traffic for organizations based in Russia. Lumen's decision comes just days after a similar exit by...

IOC Scraper - A Fast And Reliable Service That Enables You To Extract IOCs And Intelligence From Different Data Sources

IOC Scraper utilises IOCPARSER service to fetch IOCs from different vendor Blogs, PDFs, and CSV files. Parsing IOCs is time-consuming process, using current script one can automatically extract and aggregate IOCs easily. Features Defanged IOCs : Supports extracting and defanging IOCs. Whitelist...

WordPress Sermon Browser plugin <= 0.45.22 - Arbitrary File Upload via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary File Upload via Cross-Site Request Forgery (CSRF) vulnerability discovered by Krishna Harsha Kondaveeti in WordPress Sermon Browser plugin (versions &lt;= 0.45.22). Solution Deactivate and delete. This plugin has been closed as of February 4, 2022 and is not available for download. This.....

Sermon Browser <= 0.45.22 - Arbitrary File Upload via CSRF

The plugin does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP...

Sermon Browser <= 0.45.22 - Arbitrary File Upload via CSRF

The plugin does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones. PoC Or, as admin, upload a PHP file via the Sermon &gt; Files feature of the plugin. The file will ...

Security fix for the ALT Linux 8 package clamav version 0.103.5-alt1

0.103.5-alt1 built Feb. 1, 2022 Sergey Y. Afonin in task #293908 Jan. 18, 2022 Sergey Y. Afonin - 0.103.5...

Who Wrote the ALPHV/BlackCat Ransomware Strain?

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. "BlackCat"), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we'll explore some of the clues left behind....

Security fix for the ALT Linux 9 package clamav version 0.103.5-alt1

0.103.5-alt1 built Jan. 25, 2022 Sergey Y. Afonin in task #293907 Jan. 18, 2022 Sergey Y. Afonin - 0.103.5...

Security fix for the ALT Linux 10 package clamav version 0.103.5-alt1

0.103.5-alt1 built Jan. 21, 2022 Sergey Y. Afonin in task #293675 Jan. 18, 2022 Sergey Y. Afonin - 0.103.5...

North Korean Hackers Start New Year with Attacks on Russian Foreign Ministry

A North Korean cyberespionage group named Konni has been linked to a series of targeted attacks aimed at the Russian Federation's Ministry of Foreign Affairs (MID) with New Year lures to compromise Windows systems with malware. "This activity cluster demonstrates the patient and persistent nature.....

Unbreakable Enterprise kernel security update

[5.4.17-2136.302.6.1] - rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug:33667276] [5.4.17-2136.302.6] - Revert fs: align IOCB_ flags with RWF_ flags (Prasad Singamsetty) [Orabug: 33627551] [5.4.17-2136.302.5] - Revert drm: Initialize struct drm_crtc_state.no_vblank...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.302.6.1] - rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug: 33667276] [5.4.17-2136.302.6] - Revert fs: align IOCB_ flags with RWF_ flags (Prasad Singamsetty) [Orabug: 33627551] [5.4.17-2136.302.5] - Revert drm: Initialize struct...

Kaspersky Managed Detection and Response: interesting cases

Kaspersky Managed Detection and Response (MDR) provides advanced protection against the growing number of threats that bypass automatic security barriers. Its capabilities are backed by a high-professional team of security analysts operating all over the world. Each suspicious security event is...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.301.1.2.el7] - Revert 'net/rds: Allocate pages on HCA NUMA nodeid' (Gerd Rausch) [Orabug: 33561324] - Revert 'net/rds: Allocate rds_ib_{incoming,frag}slab on HCA NUMA nodeid' (Gerd Rausch) [Orabug: 33561324] - Revert 'net/rds: Use the same vector for send & receive' (Gerd Rausch) ...

Unbreakable Enterprise kernel security update

[5.4.17-2136.301.1.2] - Revert 'net/rds: Allocate pages on HCA NUMA nodeid' (Gerd Rausch) [Orabug: 33561324] - Revert 'net/rds: Allocate rds_ib_{incoming,frag}slab on HCA NUMA nodeid' (Gerd Rausch) [Orabug: 33561324] - Revert 'net/rds: Use the same vector for send & receive' (Gerd Rausch) ...

ceph vulnerabilities

Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access to resources. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-27781) It was discovered that Ceph...

Ceph vulnerabilities

Releases Ubuntu 21.04 Ubuntu 18.04 ESM Packages ceph - distributed storage and file system Details Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access to...

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.508.3.el7] - fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 33396682] {CVE-2021-28950} - block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi) [Orabug: 33392821] - net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) ...

Unbreakable Enterprise kernel security update

[4.14.35-2047.508.3] - fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 33396682] {CVE-2021-28950} - block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi) [Orabug: 33392821] - net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) [Orabug:...

Metasploit Wrap-Up

Telemetry is for gathering data, not executing commands as root, right?... This week's highlight is a new exploit module by our own wvu for VMware vCenter Server CVE-2021-22005, a file upload vuln that arises from a flaw in vCenter’s analytics/telemetry service, which is enabled by default....

VMware vCenter Server Analytics (CEIP) Service File Upload

...

VMware vCenter Server Analytics (CEIP) Service File Upload Exploit

This Metasploit module exploits a file upload in VMware vCenter Server's analytics/telemetry (CEIP) service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by...

VMware vCenter Server Analytics (CEIP) Service File Upload

This module exploits a file upload in VMware vCenter Server's analytics/telemetry (CEIP) service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by...

Monstra CMS code issue vulnerability

Monstra CMS is a lightweight PHP-based content management system (CMS) from the Ukrainian personal developer Sergey Romanenko.A code issue vulnerability exists in Monstra CMS v3.0.4, which could be exploited by attackers to execute arbitrary web scripts or...

Apple's New iCloud Private Relay Service Leaks Users' Real IP Addresses

A new as-yet unpatched weakness in Apple's iCloud Private Relay feature could be circumvented to leak users' true IP addresses from iOS devices running the latest version of the operating system. Introduced as a beta with iOS 15, which was officially released this week, iCloud Private Relay aims...

VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server

VMware on Tuesday published a new bulletin warning of as many as 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that a remote attacker could exploit to take control of an affected system. The most urgent among them is an arbitrary file upload vulnerability in the Analytics...

VMware vCenter Server Appliance Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

VMware vCenter Server Appliance External Control of File Path Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of jsonrpc messages. A crafted request can...

VMware vCenter Server Appliance External Control of File Path Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of jsonrpc messages. A crafted request can...

VMware vCenter Server Appliance Update Manager Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Update Manager. The issue results from the lack of proper validation.....

VMware vCenter Server Appliance Service Lifecycle Manager Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within....

VMware vCenter Server Appliance Missing Authentication Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of jsonrpc messages. The issue results from the lack....

VMware vCenter Server Appliance External Control of File Path Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

VMware vCenter Server updates address multiple security vulnerabilities

Impacted Products VMware vCenter Server (vCenter Server) VMware Cloud Foundation (Cloud Foundation) 2. Introduction Multiple vulnerabilities in VMware vCenter Server were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware...

Unbreakable Enterprise kernel security update

[4.14.35-2047.507.7.4] - KVM: x86: Check kvm_rebooting in kvm_spurious_fault() (Sean Christopherson) [Orabug: 33362693] [4.14.35-2047.507.7.3] - arm64: Reserve elfcorehdr before scanning reserved memory from device tree (Dave Kleikamp) [Orabug: 33354710] [4.14.35-2047.507.7.2] - net: geneve:...

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.507.7.4.el7] - KVM: x86: Check kvm_rebooting in kvm_spurious_fault() (Sean Christopherson) [Orabug: 33362693] [4.14.35-2047.507.7.3] - arm64: Reserve elfcorehdr before scanning reserved memory from device tree (Dave Kleikamp) [Orabug: 33354710] [4.14.35-2047.507.7.2] - net: geneve:...

Security fix for the ALT Linux 9 package libssh version 0.9.6-alt1

0.9.6-alt1 built Sept. 17, 2021 Sergey V Turchin in task #284394 Sept. 2, 2021 Sergey V Turchin - new version - security (fixes:...

Unbreakable Enterprise kernel-container security update

[5.4.17-2102.205.7.2.el7] - btrfs: fix race between marking inode needs to be logged and log syncing (Filipe Manana) [Orabug: 33349276] [5.4.17-2102.205.7.1] - RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn) [Orabug: 33306518] [5.4.17-2102.205.7] - rds: ib: Set SEND_SIGNALED on the last WR...

Security fix for the ALT Linux 8 package cyrus-imapd version 2.5.17-alt0.M80P.2

2.5.17-alt0.M80P.2 built Sept. 13, 2021 Sergey Y. Afonin in task #284610 Sept. 5, 2021 Sergey Y. Afonin - updated to latest cyrus-imapd-2.5 branch (6c804c1337cb; fixes:...

Security fix for the ALT Linux 9 package cyrus-imapd version 3.2.8-alt1

3.2.8-alt1 built Sept. 9, 2021 Sergey Y. Afonin in task #284606 Sept. 5, 2021 Sergey Y. Afonin - 3.2.8 (fixes:...

Unbreakable Enterprise kernel security update

[4.1.12-124.54.6] - xen-netback: do not kfree_skb() when irq is disabled (Dongli Zhang) [Orabug: 33282046] [4.1.12-124.54.5] - l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall() (Guillaume Nault) [Orabug: 33113975] {CVE-2020-0429} - l2tp: ensure sessions are freed after...

Experts: WH Cybersecurity Summit Should Be Followed by Regulation, Enforcement

Cataclysmic breaches and a woeful shortage of a trained cybersecurity workforce prompted the Biden Administration to haul a collection of the biggest names in business into a White House cybersecurity summit this week, to talk about what they plan to do about it. The outcome of the talks falls...

Unbreakable Enterprise kernel security update

[4.14.35-2047.506.8] - A/A Bonding: dev_hold/put() the delayed GARP work handler's netdev in rdmaip (Sharath Srinivasan) [Orabug: 33187189] - rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33187192] - rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug:...

Unbreakable Enterprise kernel security update

[5.4.17-2102.204.4.2] - rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33150447] [5.4.17-2102.204.4.1] - rds/ib: update mr incarnation after forming inv wr (Manjunath Patil) [Orabug: 33177348] - rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug: 33150427] ...

Unbreakable Enterprise kernel-container security update

[5.4.17-2102.204.4.2] - rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33150447] - rds/ib: update mr incarnation after forming inv wr (Manjunath Patil) [Orabug: 33177348] - rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug: 33150427] - arm64: mm: kdump:...

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.506.8.el7] - A/A Bonding: dev_hold/put() the delayed GARP work handler's netdev in rdmaip (Sharath Srinivasan) [Orabug: 33187189] - rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33187192] - rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug:...

Security fix for the ALT Linux 9 package libssh version 0.9.5-alt1

0.9.5-alt1 built July 30, 2021 Nikolai Kostrigin in task #277424 May 12, 2021 Sergey V Turchin - new version - security (fixes:...

Unbreakable Enterprise kernel security update

[5.4.17-2102.203.5] - rds/ib: move rds_ib_clear_irq_miss() to .h file (Manjunath Patil) [Orabug: 33044344] [5.4.17-2102.203.4] - rds/ib: recover rds connection from interrupt loss scenario (Manjunath Patil) [Orabug: 32974199] - Revert Allow mce to reset instead of panic on UE (William Roche) ...

Unbreakable Enterprise kernel-container security update

[5.4.17-2102.203.5] - rds/ib: move rds_ib_clear_irq_miss() to .h file (Manjunath Patil) [Orabug: 33044344] [5.4.17-2102.203.4] - rds/ib: recover rds connection from interrupt loss scenario (Manjunath Patil) [Orabug: 32974199] - Revert 'Allow mce to reset instead of panic on UE' (William...