Tony Zeoli, Tony Hayes Security Vulnerabilities

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.516.1.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460938] {CVE-2022-2588} [4.14.35-2047.516.1] - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug:...

EFB ePIL. Pinching passenger PII from pilots

TL;DR The Passenger Information List (PIL) is often now available on EFBs and crew devices. It stores information such as passenger names, seat numbers, and customer services information. Digital versions of the PIL enable crew to offer more bespoke customer service Information on a PIL is...

Stop using phishing as a measure of your cyber awareness culture

If I had a penny for every time someone said to me “let’s measure our security culture by phishing our staff” I’d probably be able to fill my car up. It’s a really easy thing to do, you carry out some online training and typically they come with phishing simulations as a free or low cost add on....

tony-dieagentur.de Cross Site Scripting vulnerability OBB-2717697

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.308.7.el7 uek-rpm: Update OL7/8 Secureboot certificate and shim versions (Sherry Yang) [Orabug: 34248329] [5.4.17-2136.308.6] mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL (Mike Rapoport) x86/cpu:...

Unbreakable Enterprise kernel security update

[5.4.17-2136.308.7] - uek-rpm: Update OL7/8 Secureboot certificate and shim versions (Sherry Yang) [Orabug: 34248329] [5.4.17-2136.308.6] - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) - arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL (Mike Rapoport) -...

Azure Spring Apps Enterprise is now generally available

Hi, Spring fans! This is a guest post by Julia Liuson, President, Developer Division, Microsoft Azure Spring Cloud is now Azure Spring Apps We launched Azure Spring Cloud with VMware in 2019 to solve common challenges developers, IT operators, and DevOps teams face when running Spring Boot...

You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius

Lately, I’ve started wondering if the biggest risk concerning cyberattacks is that we’re becoming desensitized to them. After all, businesses experience a ransomware attack every 11 seconds—the majority of which the public never hears about. Faced with this reality, it may seem like your efforts...

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.513.2.el7] - Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy Palaniappan) [Orabug: 34124234] [4.14.35-2047.513.1.el7] - mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050050] - esp: Fix possible buffer overflow...

Unbreakable Enterprise kernel security update

[4.14.35-2047.513.2] - Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy Palaniappan) [Orabug: 34124234] [4.14.35-2047.513.1] - mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050050] - esp: Fix possible buffer overflow in ESP...

Protecting Your Healthcare Organization During Uncertain Times

Explore three ways healthcare organizations can boost cybersecurity, critical infrastructure, and ransomware protection to prepare for potential...

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.512.6.el7] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] - uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774] [4.14.35-2047.512.5] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo...

Unbreakable Enterprise kernel security update

[4.14.35-2047.512.6] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] - uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774] [4.14.35-2047.512.5] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo...

Johnson Controls Metasys SCT Pro

EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys Vulnerability: Server-side Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to...

Johnson Controls Metasys

EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Metasys Vulnerability: Server-side Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to inject...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.305.5.3] - bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33973548] - ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33973543] - Revert 'btrfs: inode: refactor the parameters of insert_reserved_file_extent()' (Srikanth C S) [Orabug:...

Unbreakable Enterprise kernel security update

[5.4.17-2136.305.5.3] - bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33973548] - ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33973543] - Revert 'btrfs: inode: refactor the parameters of insert_reserved_file_extent()' (Srikanth C S) [Orabug:...

OpSec. Hunting wireless access points

Continuing my series on OSINT techniques you can use for reviewing your own corporate OpSec, one of the most common services available in a modern corporate office is of course wireless. How do we go about finding wireless access points and what can they tell us? Finding wireless We have spoken...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.304.4.1] - Revert rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info (Rohit Nair) [Orabug: 33832625] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33832582] {CVE-2022-0492} [5.4.17-2136.304.4] - scsi: libiscsi: Fix iscsi_task...

Unbreakable Enterprise kernel security update

[5.4.17-2136.304.4.1] - Revert rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info (Rohit Nair) [Orabug: 33832625] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33832582] {CVE-2022-0492} [5.4.17-2136.304.4] - scsi: libiscsi: Fix iscsi_task...

Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers

An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response (IR) teams today,....

Popup Builder < 4.0.7 - Admin+ SQL Injection

The plugin does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection PoC...

Popup Builder < 4.0.7 - Admin+ SQL Injection

The plugin does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL...

Will 2022 Be the Year of the Software Bill of Materials?

Here, have a can of soup. Nah, we don’t know what’s in it. Could be 30 percent insect parts, could be seasoned with rat hair, who can say? The ingredients keep changing anyway. Just pour it into your network and pray. That, unfortunately, is the current state of cybersecurity: a teeth-grinding...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.302.7.2] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33699625] {CVE-2021-4155} [5.4.17-2136.302.7.1] - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33691332] {CVE-2021-0920}...

Unbreakable Enterprise kernel security update

[5.4.17-2136.302.7.2] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33699625] {CVE-2021-4155} [5.4.17-2136.302.7.1] - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33691332] {CVE-2021-0920}...

Unbreakable Enterprise kernel security update

[5.4.17-2136.302.6.1] - rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug:33667276] [5.4.17-2136.302.6] - Revert fs: align IOCB_ flags with RWF_ flags (Prasad Singamsetty) [Orabug: 33627551] [5.4.17-2136.302.5] - Revert drm: Initialize struct drm_crtc_state.no_vblank...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.302.6.1] - rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug: 33667276] [5.4.17-2136.302.6] - Revert fs: align IOCB_ flags with RWF_ flags (Prasad Singamsetty) [Orabug: 33627551] [5.4.17-2136.302.5] - Revert drm: Initialize struct...

Are You Guilty of These 8 Network-Security Bad Practices?

They say the first step in addressing a serious issue is admitting you have a problem. And so it is with network security. The ongoing explosion of ransomware events and breaches (many of which the public never hears about) is elevating network security to a top corporate priority. Employees are...

Malicious KMSPico Windows Activator Stealing Users' Cryptocurrency Wallets

Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed "CryptBot," is an information stealer capable of...

Let there be light: Ensuring visibility across the entire API lifecycle

The following article is based on a webinar series on enterprise API security by Imvision, featuring expert speakers from IBM, Deloitte, Maersk, and Imvision discussing the importance of centralizing an organization's visibility of its APIs as a way to accelerate remediation efforts and improve...

Mozilla Firefox Security Advisory (MFSA2012-50) - Linux

This host is missing a security update for Mozilla...

Limiting your exposure to location data resellers

Location data is valuable, just ask Huq Industries, who make a living out of selling your location information, then found that the apps they bought it from hadn’t asked the end users permission to have it! Naughty! The organisations they sell it to use it for better marketing, to get a better...

What is OpenAPI ❓ Concept, Examples and Advantages

What is OpenAPI? If there is anything that is growing anything like leaps and bounds then it’s API development and awareness towards API’s security. Whether it’s web API or mobile API, growth is significant in each domain. While we discuss API development, OpenAPI deserves a mention for sure. This....

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.508.3.el7] - fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 33396682] {CVE-2021-28950} - block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi) [Orabug: 33392821] - net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) ...

Unbreakable Enterprise kernel security update

[4.14.35-2047.508.3] - fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 33396682] {CVE-2021-28950} - block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi) [Orabug: 33392821] - net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) [Orabug:...

Germ-term, but all year. How criminals are hacking schools

In some schools, the autumn term is often called “germ-term” due to the number of bugs the children bring back after the summer holidays. It usually calms down after a few weeks, however, with hacking there is no slow down. Its all year, its relentless. In the last 10 months of this year schools...

Inside Apple: How macOS attacks are evolving

The start of fall 2021 saw the fourth Objective by the Sea (OBTS) security conference, which is the only security conference to focus exclusively on Apple's ecosystem. As such, it draws many of the top minds in the field. This year, those minds, having been starved of a good security conference...

CVE-2021-23442 Prototype Pollution

This affects all versions of package @cookiex/deep. The global proto object can be polluted using the proto...

Unbreakable Enterprise kernel-container security update

[5.4.17-2102.205.7.2.el7] - btrfs: fix race between marking inode needs to be logged and log syncing (Filipe Manana) [Orabug: 33349276] [5.4.17-2102.205.7.1] - RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn) [Orabug: 33306518] [5.4.17-2102.205.7] - rds: ib: Set SEND_SIGNALED on the last WR...

Human Fraud: Detecting Them Before They Detect You

**This is Part II of a two-part blog series taking readers inside the criminal enterprise that is account-takeover fraud. For part I, please click here. ** In my last blog, we focused on the initial phases of the account-takeover (ATO) kill chain – recon, weaponization and delivery – and how...

OpSec. Expanding your search: Hunting domains

In the last few blogs I have introduced OSINT and OpSec, talked about leaky images and using Google Dorks and how to use those techniques specifically to examine your own corporate OpSec. One of the most important aspects is to understand how wide your target expands. Many companies own multiple...

The Underground Economy: Recon, Weaponization & Delivery for Account Takeovers

With account takeover (ATO) attacks on the rise, stopping threat actors in the early phases of the kill chain will help today’s defenders gain an upper hand against direct fraud campaigns. Understanding how and where these attacks are carried out and the underlying support structure enabling ATO...

Last Week’s Security News: Black Hat Pwnie Awards, iPhone Checks Photos, Evil Windows Print Server, Cisco VPN Routers Takeovers

Hello everyone! Last Week's Security News, August 1 - August 8. Black Hat Pwnie Awards Last week was more quiet than normal with Black Hat USA and DEF CON security conferences. I would like to start with the Pwnie Awards, which are held annually at Black Hat. It's like an Oscar or Tony in the...

Accenture Confirms LockBit Ransomware Attack

081321 08:42 UPDATE: Accenture reportedly acknowledged in an internal memo that attackers stole client information and work materials in a July 30 “security incident.” CyberScoop reports that the memo downplays the impact of the ransomware attack. The outlet quoted Accenture’s internal memo:...

Unbreakable Enterprise kernel security update

[4.14.35-2047.506.8] - A/A Bonding: dev_hold/put() the delayed GARP work handler's netdev in rdmaip (Sharath Srinivasan) [Orabug: 33187189] - rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33187192] - rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug:...

Unbreakable Enterprise kernel security update

[5.4.17-2102.204.4.2] - rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33150447] [5.4.17-2102.204.4.1] - rds/ib: update mr incarnation after forming inv wr (Manjunath Patil) [Orabug: 33177348] - rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug: 33150427] ...

Unbreakable Enterprise kernel-container security update

[5.4.17-2102.204.4.2] - rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33150447] - rds/ib: update mr incarnation after forming inv wr (Manjunath Patil) [Orabug: 33177348] - rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug: 33150427] - arm64: mm: kdump:...

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.506.8.el7] - A/A Bonding: dev_hold/put() the delayed GARP work handler's netdev in rdmaip (Sharath Srinivasan) [Orabug: 33187189] - rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33187192] - rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug:...

OpSec Leaky Images

Hackers love your marketing department. Fact! Your marketing department love telling the world what happens in your company, then they attach images to the posts, often of staff at work. They ensure the subject is central and the image tells a story. The problem is often they tell hackers a...