PayTR Ödeme Ve Elektronik Para Kuruluşu A.Ş. Security Vulnerabilities

AXIS OS Secure Boot Bypass Vulnerability (Oct 2023)

AXIS OS is prone to a secure boot bypass vulnerability on several...

.US Harbors Prolific Malicious Link Shortening Service

The top-level domain for the United States -- .US -- is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified .US domains as...

EulerOS 2.0 SP8 : glibc (EulerOS-SA-2022-1565)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname...

Oracle Linux 8 : glibc (ELSA-2022-9234)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9234 advisory. glibc: Off-by-one buffer overflow/underflow in getcwd() (CVE-2021-3999) The deprecated compatibility function svcunix_create in the sunrpc module of...

Axis Devices Detection (HTTP)

HTTP based detection of Axis...

Threat Roundup for October 27 to November 3

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 27 and Nov. 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,.....

FDA medical IoT cyber device compliance. FD&C 524b

TL;DR FD&C 524b is new FDA legislation for medical cyber device compliance Introduced on March 30th 2023 it is now a firm requirement as of October 1st 2023 It demands provision of complex evidence that manufacturers take security seriously Medical cyber device market There are over 10,000...

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture

Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities using it. Especially Linux vulnerabilities as part of my new Linux Patch Wednesday project. And, of course, analyzed Microsoft Patch...

CVE-2023-21414

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched...

What Gen Z really cares about when it comes to privacy

It would be easy to think that Gen Z doesn’t care about privacy. They worry less about ad tracking, do little to stem the flow of their private information online, and, as Malwarebytes recently uncovered, monitor one another’s lives far more than other generations. But it isn’t that Gen Z,...

Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox”

Online video games often make use of in-game virtual currency and give players the ability to purchase, trade or sell items. While these features are often selling points for players and potential revenue streams for the companies that make them, they also inevitably draw bad actors and scams. One....

You’d be surprised to know what devices are still using Windows CE

Windows CE -- an operating system that, despite being out for 27 years, never had an official explanation for why it was called "CE" -- finally reached its official end-of-life period this week. This was Microsoft's first operating system for embedded and pocket devices, making an appearance on...

Octo Tempest cybercriminal group is “a growing concern”—Microsoft

Octo Tempest is believed to be a group of native English speaking cybercriminals that uses social engineering campaigns to compromise organizations all over the world. Initially the group made a name for itself by SIM swapping. SIM swapping, also known as SIM jacking, is the act of illegally...

Building an AppSec Program with Qualys WAS – Configuring a Web Application or API: Crawl Settings

Qualys Web Application Scanning (WAS) stands out as the industry's leading Dynamic Application Security Testing (DAST) solution. Delving deeper into these settings is crucial for effectively harnessing its potential to uncover vulnerabilities. Scan coverage is greatly influenced by the crawl...

How helpful are estimates about how much cyber attacks cost?

Coming from the newspaper and media industry, I'm no stranger to wanting to write catchy headlines. I'm certainly at fault for throwing together a story about so-and-sos house sold for X million dollars. But recently I've been wondering if those "big numbers" for cybersecurity are helpful at all,.....

K000133630 : Intel processor vulnerability CVE-2022-26343

Security Advisory Description Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2022-26343) Impact This vulnerability may allow a privileged user to potentially enable...

openSUSE: Security Advisory for netdata (openSUSE-SU-2021:0647-1)

The remote host is missing an update for...

Proxmox Virtual Environment (VE, PVE) Detection Consolidation

Consolidation of Proxmox Virtual Environment (VE, PVE)...

openSUSE: Security Advisory for libreoffice (openSUSE-SU-2020:1222-1)

The remote host is missing an update for...

What is Cracktivator software?

Cisco Talos coined the term "Cracktivator software" to reference counterfeit or modified software for pirated versions of Windows applications. One of our teammates, James Nutland, led the research to look into cracked versions of the Microsoft Windows operating system and other Microsoft...

openSUSE: Security Advisory for libreoffice (openSUSE-SU-2020:1261-1)

The remote host is missing an update for...

glibc security update

[2.34-60.0.3.7] - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode (#2234716). - CVE-2203-4806: potential use-after-free in getaddrinfo. - CVE-2023-4813: potential use-after-free in gaih_inet. Reviewed by: Jose E. Marchesi [2.34-60.0.3] - CVE-2023-4911: tunables: Terminate...

Wordfence Reviews and Where to Find Them

Just a quick note. If you're looking for objective Wordfence reviews, you can find them on the official WordPress plugin repository in the Wordfence reviews section which is linked to from the Wordfence entry in the official WordPress repository. The Wordfence plugin is available in the repository....

glibc security update

[2.28-225.0.4.6] - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. - CVE-2203-4806: potential use-after-free in getaddrinfo. - CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435). - CVE-2023-4813: work around RHEL-8 limitation in test (RHEL-2435). Reviewed by: Jose...

Know Your Malware Part Two – Hacky Obfuscation Techniques

In the first post in this series, we covered common PHP encoding techniques and how they’re used by malware to hide from security analysts and scanners. In today’s post, we’re going to dive a little bit deeper into other obfuscation techniques that make use of other features available in PHP....

Top insights and best practices from the new Microsoft Data Security Index report

A whopping 74 percent of organizations recently surveyed experienced at least one data security incident with their business data exposed in the previous year. That’s just one of our interesting insights from Microsoft’s new Data Security Index: Trends, insights, and strategies to secure data...

Ubuntu 20.04 LTS : LibreOffice vulnerabilities (USN-5153-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5153-1 advisory. LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document...

Top insights and best practices from the new Microsoft Data Security Index report

A whopping 74 percent of organizations recently surveyed experienced at least one data security incident with their business data exposed in the previous year. That’s just one of our interesting insights from Microsoft’s new Data Security Index: Trends, insights, and strategies to secure data...

Cybersecurity spotlight on bug bounty researcher @Ammar Askar

The GitHub bug bounty team is excited to close out Cybersecurity Awareness Month with another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program, @Ammar Askar! As home to over 100 million developers and 372 million repositories, GitHub maintains.....

glibc security update

[2.34-60.0.3.7] - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode (#2234716). - CVE-2203-4806: potential use-after-free in getaddrinfo. - CVE-2023-4813: potential use-after-free in gaih_inet. Reviewed by: Jose E....

Ubuntu 18.04 LTS / 20.04 LTS : LibreOffice vulnerability (USN-6023-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6023-1 advisory. Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code...

Announcing Vulnerability Scanning in Wordfence CLI 2.0.1 “Voodoo Child”

Note: If you're a WordPress user, we recommend the Wordfence Security Plugin which provides a robust and complete set of security controls for WordPress websites. If you host WordPress servers and need high performance malware and vulnerability scanning on the command line, read on! Our mission at....

Ragnar Locker ransomware group taken down

Even though it had a long run for a ransomware group, it seems the bell might be tolling for Ragnar Locker. On October 19, 2023, the group’s leak site was seized by an international group of law enforcement agencies. The take down action was carried out between 16 and 20 October. During the...

Why logging is one of the most overlooked aspects of incident response, and how Cisco Talos IR can help

_By Rami Altalhi and David Roman. _ Logs are fundamental to strengthening an organization's digital defenses. Many logs within an organization contain records related to computer security. These computer security logs are generated by many sources, including security software, workstations,...

glibc security update

[2.28-225.0.4] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E....

StripedFly: Perennially flying under the radar

Introduction It's just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. It comes equipped with a built-in TOR network tunnel for communication with command servers,....

The outstanding stealth of Operation Triangulation

Introduction In our previous blogpost on Triangulation, we discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. We mentioned, among other things, that it is able to execute additional modules. We also mentioned that this...

Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....

Exploit for Path Traversal in Apache Http Server

Simple CVE-2021-41773 checker...

Ubuntu 18.04 LTS / 20.04 LTS : LibreOffice vulnerability (USN-5330-1)

The remote Ubuntu 18.04 LTS / 21.10 host has packages installed that are affected by a vulnerability as referenced in the USN-5330-1 advisory. LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document...

Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....

glibc security update

[2.34-60.0.3] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E....

glibc security update

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries (libc), POSIX thread...

Updated MATA attacks industrial companies in Eastern Europe

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. As we were collecting and analyzing the relevant telemetry data, we realized the campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and....

APT trends report Q3 2023

For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have...

Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian. The actor also appears to have a defensive interest in...

(RHSA-2023:5453) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

(RHSA-2023:5455) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

(RHSA-2023:5476) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....

glibc security update

[2.34-60.0.3] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E....