A privilege escalation from Chrome extensions (2023)

https://0x44.xyz/blog/cve-2023-4369/

#HackerNews #privilegeEscalation #ChromeExtensions #CVE2023 #cybersecurity #hackernews

🚨 Cybersecurity alert! Protect your system from the Black Lotus vulnerability (CVE-2023-24932) targeting Secure Boot. Here's what admins need to know to safeguard their devices. 🛡️ Don’t wait until it’s too late. Learn how to act now #CyberSecurity #InfoSec #CVE2023

https://pupuweb.com/how-to-protect-your-system-from-black-lotus-vulnerability-cve-2023-24932/

Foxit PDF Reader Users Targeted by Malicious PDF Exploit

Date: May 15, 2024
CVE: CVE-2023-36033
Vulnerability Type: Remote Code Execution (RCE)
CWE: [[CWE-20]], [[CWE-78]], [[CWE-94]]
Sources: GBHackers, Checkpoint Research

Issue Summary

Researchers have identified a critical vulnerability in Foxit PDF Reader that allows attackers to execute malicious code on users' systems by exploiting a design flaw in the application's security warnings. The flaw makes it easy for attackers to trick users into approving malicious actions, leading to unauthorized access and data theft.

Technical Key Findings

The vulnerability stems from Foxit Reader's handling of security warnings, which default to an "OK" option. This flaw enables attackers to craft malicious PDFs that, when opened, prompt the user to approve actions unknowingly. Once approved, these actions can download and execute malicious code from a remote server, bypassing standard security detections.

Vulnerable Products

• Foxit Reader

Impact Assessment

Exploitation of this vulnerability can lead to severe consequences, including unauthorized access to sensitive data, remote control of the affected device, and the ability to deploy various malware such as VenomRAT, Agent-Tesla, and others. This can result in data breaches, espionage, and further propagation of malware.

Patches or Workarounds

Foxit has acknowledged the issue and that it would be resolved in version 2024 3.

Tags

#FoxitPDF #CVE2023-36033 #RemoteCodeExecution #Malware #CyberSecurity #APT #VulnerabilityPatch #DataBreach

Addressing the Ivanti Pulse Secure Vulnerability: A Call to Action Against Emerging Cyber Threats

https://zurl.co/IQTd
#Cybersecurity #InfoSec #IvantiPulseSecure #CVE2023 #CVE2024 #MiraiBotnet #NetworkSecurity #CyberAttack #DataProtection #SOClogix

"🚨 Critical OpenShift Update 🚨 - Securing Kubernetes Deployments"

Red Hat has released a critical update for OpenShift Container Platform 4.12.51, addressing multiple security vulnerabilities and enhancing stability. This update patches several security issues, including a notable path traversal and RCE vulnerability in go-git (CVE-2023-49569) and a DoS risk in go-git clients (CVE-2023-49568). Users are urged to apply this critical update to maintain system security and integrity.

Tags: #OpenShift #RedHat #CyberSecurity #Kubernetes #PatchTuesday #CVE2023

Read more about the update: RHSA-2024:1052

MITRE CVE-2023-49569 | MITRE CVE-2023-49568

"🚨 Juniper Secure Analytics Patch Alert 🚨 - CVE-2023-37920 Leads the Charge with a CVSS 9.8 Rating!"

Juniper Networks has issued a critical update for Juniper Secure Analytics (JSA), patching multiple vulnerabilities, with CVE-2023-37920 standing out with a CVSS score of 9.8. These flaws span various components and could lead to severe consequences including unauthorized access and denial of service. Users are urged to update to 7.5.0 UP7 IF05 to mitigate these risks. 🛡️💻🔐

Tags: #CyberSecurity #JuniperNetworks #VulnerabilityManagement #PatchTuesday #InfoSec #NetworkSecurity #CVE2023

For more details, visit the Juniper Support Portal.

"🚨 Alert: CVE-2023-2283 - F5 Networks Vulnerability 🛡️"

A medium vulnerability found in libssh, CVE-2023-2283, impacts F5 Networks, posing a medium severity threat (CVSS 4.8). It affects BIG-IP products and allows unauthorized SSH sessions due to a flaw in libssh. This vulnerability highlights the importance of rigorous memory management and authentication checks in network security protocols. Immediate patching is advised to prevent potential breaches.

A vulnerability was discovered in libssh, where the authentication check of the connecting client can be bypassed in the pki_verify_data_signature function due to memory allocation issues. This issue may occur if there is insufficient memory or if memory usage is limited. The problem is caused by the return value rc, which is initialized to SSH_ERROR and later overwritten to store the return value of the function call pki_key_check_hash_compatible. The value of the variable is not altered between this point and the cryptographic verification. Therefore, any error occurring between these calls triggers goto error, resulting in a return of SSH_OK. This mistake makes it easier for unauthorized users to gain access.

Stay vigilant and secure your systems! 🚀🔐

Tags: #CyberSecurity #Vulnerability #CVE2023 #F5Networks #PatchNow #NetworkSecurity #SSH #Libssh

For an in-depth analysis, refer to the detailed bulletin here.

"Critical RCE Flaw Uncovered in SolarWinds Access Rights Manager 🚨 #CVE2023-40057"

A newly discovered deserialization vulnerability in SolarWinds Access Rights Manager (versions up to 2023.2.2) poses a severe risk, enabling remote code execution. Classified as very critical with a CVSS score of 8.9, this flaw (CVE-2023-40057) could allow authenticated users to execute arbitrary code remotely. Despite its high impact on confidentiality, integrity, and availability, no exploit is currently available. The vulnerability underscores the importance of validating deserialized data to prevent unauthorized access. No mitigation measures have been identified yet, emphasizing the need for heightened vigilance and potential product alternatives.

Stay informed: CVE-2023-40057 Details

Tags: #CyberSecurity #Vulnerability #SolarWinds #RemoteCodeExecution #RCE #Deserialization #CVE2023-40057 #InfoSec 🛡️💡🔒

"🚨 CVE-2023-28807 - Domain Fronting Evasion in ZIA 🚨"

An evasion technique identified as CVE-2023-28807, allows attackers to bypass Zscaler Internet Access (ZIA)'s domain fronting detection by exploiting a mismatch between Connect Host and Server Name Indication (SNI) in Client Hello messages. The vulnerability exploits how ZIA handles the SNI field during the TLS handshake process. The SNI is intended to indicate which host the client wants to connect to within a shared hosting environment, allowing the server to present the correct certificate for that host. However, due to this vulnerability, an attacker can manipulate the SNI in such a way that the security mechanisms fail to correctly identify and filter malicious traffic, enabling the attacker to hide malicious activities within what appears to be legitimate traffic.
This vulnerability, discovered and addressed by Zscaler. Users are urged to upgrade to version 6.2r.290 to mitigate this risk. 🛡️💻🔐

Source: Zscaler & VulDB

Tags: #Cybersecurity #CVE2023 #DomainFronting #Zscaler #NetworkSecurity #EvasionTechniques #MITREATTACK MITRE - T1587.003 🌍🔒🔍

"🔐 #GitLabSecurityAlert - Multiple Critical Vulnerabilities Patched in GitLab 🚨"

📰 GitLab has released critical updates (16.7.2, 16.6.4, 16.5.6) addressing several security vulnerabilities, including a critical account takeover flaw and a Slack/Mattermost integration exploit. Users are urged to update immediately.

1️⃣ The most severe, CVE-2023-7028, allowed password reset emails to be sent to unverified addresses (CVSS 10.0).
2️⃣ CVE-2023-5356 permitted unauthorized execution of slash commands in Slack/Mattermost integrations (CVSS 9.6).
3️⃣ CVE-2023-4812 involved bypassing CODEOWNERS approval in merge requests (CVSS 7.6).
4️⃣ CVE-2023-6955, a medium severity issue, related to improper access control in GitLab Remote Development (CVSS 6.6).
5️⃣ The least critical, CVE-2023-2030, allowed alteration of metadata in signed commits (CVSS 3.5).

Kudos to the security researchers (@asterion04, @yvvdwf, @ali_shehab, @lotsofloops on HackerOne) and GitLab's @j.seto for identifying these issues. Stay secure, folks!

Source: GitLab Release Notes
Author: Greg Myers

Tags: #Cybersecurity #Vulnerability #GitLab #CVE2023 #PatchUpdate #InfoSec #HackerOne #DevSecOps 🛡️💻🔧

"🚨 iPhone Triangulation: A New Era in Hardware-Level Cyber Espionage 🚨"

Kaspersky's recent findings reveal a concerning truth in the world of cyber warfare. They've named it "Operation Triangulation.". This spyware campaign, active since 2019, hijacks iPhones using four zero-day vulnerabilities, including CVE-2023-41990, CVE-2023-32434, CVE-2023-32435, and CVE-2023-38606. The technical report on "Operation Triangulation: The Last Hardware Mystery" reveals a sophisticated cyberattack targeting iPhones. This attack utilized a zero-click iMessage exploit involving four zero-days, capable of affecting iOS versions up to 16.2.

The exploit chain began with a malicious iMessage attachment exploiting the CVE-2023-41990 vulnerability in an undocumented TrueType font instruction. This led to privilege escalation through a complex JavaScript exploit, leveraging the JavaScriptCore debugging feature and an integer overflow vulnerability (CVE-2023-32434) for broader access.

A key aspect of this attack was bypassing hardware-based security in recent iPhone models using a hardware feature of Apple-designed SoCs, mitigated as CVE-2023-38606. The exploit's sophistication and ability to circumvent advanced hardware-based protections leave us with the big question; Since this feature is not used by the firmware, how did the attackers know how to take advantage of it?

#CyberSecurity #InfoSec #iPhoneTriangulation #ZeroDay #CVE2023 #AppleSecurity #HardwareExploits #Kaspersky #BleepingComputer 📱🔒💻

Sources:

• BleepingComputer: Article by Bill Toulas
• Securelist: Analysis by Boris Larin & Team

"⚠️ Alert: Google Chrome Zero-Day CVE-2023-7024 Exploited in the Wild! 🌐💥"

Google's latest patch addresses a critical zero-day vulnerability in Chrome, CVE-2023-7024. Identified as a heap-based buffer overflow in WebRTC, it's exploited in the wild. Chrome versions before 120.0.6099.129 are vulnerable. 🚨

Details: CVE-2023-7024, discovered by Google TAG, affects several browsers using WebRTC. It's the eighth zero-day patched by Google this year, underscoring the evolving cybersecurity landscape.

Mitigation: Users should urgently update to Chrome 120.0.6099.129/130 (for Windows) or 120.0.6099.129 (for Mac/Linux) to protect against this and other security fixes included in recent Chrome updates. 🛡️

Source: Qualys ThreatPROTECT by Diksha Ojha; Chrome Releases Blog

Tags: #Cybersecurity #GoogleChrome #ZeroDay #CVE2023 #WebRTC #UpdateNow #CyberAttack #InfoSecExchange

"⚠️ Critical Apache Struts Vulnerability Alert! CVE-2023-50164 🚨"

Hackers are exploiting a critical vulnerability in Apache Struts (CVE-2023-50164), a popular Java EE web app framework used widely in various industries. This flaw allows unauthorized remote code execution, posing a severe threat to organizations using Struts versions 2.0.0 through 2.5.32 and 6.0.0 through 6.3.0.1. Attackers can manipulate file upload parameters for path traversal, leading to malicious file uploads and potentially gaining control over the server. An immediate upgrade to Struts 2.5.33 or 6.3.0.2 is vital to mitigate this risk.

Source: BleepingComputer, [trganda.github.io](https://trganda.github.io/notes/security/vulnerabilities/apache-struts/Apache-Struts-Remote-Code-Execution-Vulnerability-(-S2-066-CVE-2023-50164), Qualys ThreatPROTECT

Author Credits: Bill Toulas (BleepingComputer), Diksha Ojha (Qualys ThreatPROTECT)

Tags: #CyberSecurity #ApacheStruts #Vulnerability #CVE2023-50164 #RemoteCodeExecution #InfoSec

🚨 Une faille critique nommée Citrix Bleed (CVE-2023-4966) affecte les systèmes Citrix NetScaler, permettant le détournement de sessions authentifiées et la contournement de l'authentification à facteurs multiples. Plusieurs grandes entreprises, dont Boeing et Allen & Overy, ont été ciblées par des cyberattaques exploitant cette vulnérabilité, avec des suspicions de cyberespionnage et des actions criminelles par des groupes comme LockBit 3.0. 🛡️ Il est urgent de vérifier et sécuriser les systèmes Citrix pour se prémunir contre ces menaces qui restent actives. #CyberSécurité #CitrixBleed #CVE2023-4966
https://www.lemagit.fr/actualites/366559556/Citrix-Bleed-la-liste-des-victimes-de-lexploitation-de-la-vulnerabilite-sallonge

"🚨 NGINX Ingress Vulnerabilities Exposed! 🚨"

Three new vulnerabilities have been identified in the NGINX ingress controller for Kubernetes. These vulnerabilities, tagged as CVE-2023-5043, CVE-2023-5044, and CVE-2022-4886, could potentially allow attackers to steal secret credentials from the cluster. 🕵️‍♂️🔓

• CVE-2023-5043 & CVE-2023-5044: These vulnerabilities can be exploited by attackers who can control the Ingress object's configuration. By using the annotation fields “configuration-snippet” or “permanent-redirect”, attackers can inject arbitrary code into the ingress controller process, gaining access to the service account token of the ingress controller. This token has a ClusterRole, enabling reading of all Kubernetes secrets in the cluster. 😱

• CVE-2022-4886: This vulnerability lies in the way the “path” field is used in the Ingress routing definitions. A flaw in the validation of the inner path can lead to exposure of the service account token, which is used for authentication against the API server. 🚫

Mitigation steps include updating NGINX to version 1.19 and enabling the “--enable-annotation-validation” command line configuration. 🛡️

These vulnerabilities underscore the importance of securing ingress controllers, given their high privilege scope and potential exposure to external traffic.

Source: ARMO Blog by Ben Hirschberg, CTO & Co-founder.

Tags: #NGINX #Kubernetes #Vulnerability #CyberSecurity #IngressController #CVE2023 #CVE2022 🌐🔐🔍

"🚨 #CitrixBleed Exploit Unleashed! Hackers Hijack NetScaler Accounts 🚨"

A new proof-of-concept (PoC) exploit for the 'Citrix Bleed' vulnerability (CVE-2023-4966) has emerged, enabling attackers to snatch authentication session cookies from susceptible Citrix NetScaler ADC and NetScaler Gateway appliances. This critical-severity flaw, which Citrix addressed on October 10, was exploited as a zero-day in limited attacks since late August 2023. Assetnote researchers have now shared an in-depth analysis of the exploitation method and even released a PoC exploit on GitHub. The vulnerability stems from an unauthenticated buffer-related issue, which, when exploited, can lead to buffer over-reads. By leveraging this flaw, attackers can retrieve session cookies, granting them unrestricted access to vulnerable devices. Given the public availability of this exploit, there's an anticipated surge in attacks targeting Citrix Netscaler devices. System admins are strongly urged to apply patches immediately.

Source: BleepingComputer

Tags: #Cybersecurity #Citrix #NetScaler #CVE2023 #Exploit #PoC #Assetnote #Vulnerability #InfoSec

Author: Bill Toulas

#CVE2023

"🚨 #CitrixHypervisor Security Alert! 🚨"

Citrix has identified several security issues in Citrix Hypervisor 8.2 CU1 LTSR that could potentially compromise system security. These issues include AMD-based host compromise through a PCI device (CVE-2023-34326), host compromise with specific administrative actions (CVE-2022-1304), host crashes or unresponsiveness (CVE-2023-34324), and crashing of other VMs on AMD-based hosts (CVE-2023-34327). Additionally, a security problem affecting certain AMD CPUs, which may allow code in a guest VM to access previous integer divides in code running on the same CPU core, has been disclosed as CVE-2023-20588.

Mitigating factors include the dependency on AMD CPUs and the use of specific features. Customers not using AMD CPUs or PCI passthrough features may not be affected by some of these issues.

Citrix has released multiple security updates for Citrix Hypervisor 8.2 CU1 LTSR. Several vulnerabilities have been discovered:

1. CVE-2023-34326: A threat that allows malicious privileged code in a guest VM to compromise an AMD-based host via a passed-through PCI device.
2. CVE-2022-1304: A vulnerability that can compromise the host when a specific administrative action is taken.
3. CVE-2023-34324: A flaw that can cause the host to crash or become unresponsive.
4. CVE-2023-34327: A vulnerability that can cause a different VM running on the AMD-based host to crash.
5. CVE-2023-20588: A security issue affecting certain AMD CPUs, allowing code in a guest VM to determine values from previous integer divides in code running on the same CPU core.

Citrix has provided hotfixes for these vulnerabilities. Affected users are advised to install these updates and follow the provided instructions. For more details, check the official Citrix article here.

Tags: #Cybersecurity #Citrix #Hypervisor #Vulnerability #AMD #CVE2023 #CVE2022 #SecurityUpdates 🛡️🔧

GO COUGS #CVE2023

GO COUGS #CVE2023