Qualcomm just squashed three zero-day bugs in its Adreno GPU drivers that were being exploited in targeted attacks. What do you think this means for the security of your everyday devices?
https://thedefendopsdiaries.com/qualcomms-swift-response-to-adreno-gpu-zero-day-vulnerabilities/
Na dann wolln wir mal...
Auf dass das Tröten mit euch noch besser funzt!
#SecurityPatch
Ivanti's latest patch locks down a vulnerability that let hackers sneak in like uninvited guests. Are your systems still at risk? Discover how these zero-day fixes could be your digital lifesaver.
https://thedefendopsdiaries.com/ivantis-security-patch-addressing-critical-vulnerabilities-in-epmm/
Fortinet just pulled off a rapid counterattack against a dangerous zero-day exploit in their FortiVoice systems. How did they turn a potential crisis into a showcase of quick, effective cybersecurity? Read on to find out.
https://thedefendopsdiaries.com/fortinets-swift-response-to-zero-day-exploits-in-fortivoice-systems/
Still running older macOS Ventura/Sonoma or iPadOS 17? Apple's got you covered with fresh security updates (May 12). Patches vulnerabilities, no known active exploits. Grab 'em via System Settings. #AppleUpdates #SecurityPatch #Tech
Researchers warn a Next.js flaw, present for years, could've allowed hackers to bypass middleware-based authentication. Vercel patched it on March 18. #Nextjs #Cybersecurity #Vercel #TechNews #DataBreach #Authentication #SecurityPatch #Hacking
Apple has released iOS 18.3.2 & iPadOS 18.3.2 to fix a zero-day vulnerability (CVE-2025-24201) in WebKit, which was exploited in targeted iPhone attacks. Update your devices now! 📱💻 More info: https://cyberinsider.com/apple-patches-zero-day-flaw-used-in-targeted-iphone-attacks/ #Apple #iOS #SecurityPatch #ZeroDay #oldnewz
The Joomla! Project announces the release of Joomla 5.2.2. This is a security and bug fix release for the 5.x series of Joomla.
Read about all the updates and bug fixes here:
https://www.joomla.org/announcements/release-news/5918-joomla-5-2-2-security-bugfix-release.html
#Joomla #CMS #SecurityPatch #OpenSource
Windows 10 was first released to the public on July 29th, 2015, when it had addressed the raging complaints about the mishaps of Windows 8 and 8.1. It simplified the user experience and made your workflow easier than before. Since then, updates to this version of Windows had been made to bring new features, to conduct performance improvements, and to make the operating system easier to use. Back then, Microsoft had promised in a conference that Windows 10 was going to be the last Windows version ever, and that there would be no Windows 11 or later.
When we’ve witnessed Windows 11 being released on October 5th, 2021, we realized that Windows 10 wasn’t the last version of Windows. Since then, the last update to Windows 10, 22H2, was released on October 18th, 2022, more than a year after the initial version of Windows 11 was out.
Today, we are reminding users that the end of support date for Windows 10 will be on October 14th, 2025. This means that you’ll no longer get the following:
If you’re still running Windows 10 and your computer meets the minimum requirements for Windows 11, upgrade it now to keep getting security updates! Attempting to install Windows 11 on unsupported computers won’t work as Microsoft is trying to block workarounds, and even if it’s successful, you won’t get any updates.
In addition to that, future applications may not support Windows 10 anymore. Hence, you won’t get any updates for them, too.
Stay safe!
https://officialaptivi.wordpress.com/2024/09/13/windows-10-nears-end-of-support/
#2015 #BugFixes #cybersecurity #EndOfLife #EOL #microsoft #news #OutOfSupport #Patches #security #SecurityPatch #SecurityUpdate #SecurityUpdates #update #Updates #Windows #Windows10 #Windows11
RADIUS protocol vulnerable to new Blast-RADIUS attack
https://stackdiary.com/radius-protocol-vulnerable-to-new-blast-radius-attack/
#BlastRADIUS #Cybersecurity #NetworkSecurity #RADIUS #Vulnerability #MD5 #UDP #Hack #ManInTheMiddle #Encryption #Authentication #Authorization #SecurityThreat #DataBreach #CyberAttack #NetworkProtection #SecureNetworks #TLS #SecurityPatch #NetworkAdmin #TechNews #ITSecurity #DigitalDefense #Infosec #SecureProtocol #CryptoStandards #SecurityUpdate #TechSecurity #NetworkSafety #CyberDefense #DataSecurity
Citrix patches critical NetScaler Console vulnerability
(improper auth: 9.4/10 on CVSS)
https://stackdiary.com/citrix-patches-critical-netscaler-console-vulnerability/
#Citrix #NetScaler #Security #Patch #Update #Vulnerability #Critical #Console #Fix #Cybersecurity #Protection #Software #Network #Tech #IT #SecurityUpdate #BugFix #Safety #Defense #Infrastructure #TechNews #SecurityPatch #CyberDefense #TechUpdate #SecurityAlert #Threat #Secure #Risk #ITSecurity #TechSafety #SystemUpdate #CVE
#AfterSpace Update auf Mastodon 4.2.10 erfolgreich durchgeführt.
Bitte weiter tooten <3 :mastodon: #MastoAdmin #critical #SecurityUpdate #SecurityPatch
7-Zip quietly fixes a buffer overflow vulnerability
https://stackdiary.com/7-zip-quietly-fixes-a-buffer-overflow-vulnerability/
#CyberSecurity #InfoSec #DataBreach #Vulnerability #SoftwareUpdate #7Zip #TechNews #SecurityPatch #BufferOverflow #DataProtection #SecurityAlert #HackerNews #Malware #SecureSoftware #Privacy #CyberAttack #TechAlert #BugFix #SecurityBreach #DataSecurity #CyberSafety #InfosecNews #TechUpdates #SecurityFirst #Exploit #SecureTech #OnlineSecurity #SecureUpdate #SecurityMatters #TechSafety
GitLab Critical Security Patch Release: 17.1.1
Date: June 26, 2024
CVE: CVE-2024-5655
Vulnerability Type: Improper Authorization
CWE: [[CWE-284]], [[CWE-79]], [[CWE-352]]
Sources: GitLab Patch Release
Synopsis
GitLab released a critical security patch (versions 17.1.1, 17.0.3, and 16.11.5) to address several vulnerabilities, including a critical issue that allows attackers to run pipelines as any user.
Issue Summary
The latest GitLab patch addresses critical and high-severity vulnerabilities that could allow attackers to exploit the system, such as running pipelines as any user and injecting stored XSS in commit notes. These vulnerabilities affect versions from 15.8 to 17.1.0.
CVE-2024-5655 - CRITICAL
An issue was discovered in GitLab CEEE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances.
CVE-2024-6323 - High
Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.
CVE-2024-4901 - High
An issue was discovered in GitLab CEEE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit notes.
CVE-2024-1816 - Medium
An issue was discovered in GitLab CEEE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted OpenAPI file.
CVE-2024-2191 - Medium
An issue was discovered in GitLab CEEE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members only.
CVE-2024-3959 - Medium
An issue was discovered in GitLab CEEE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user.
CVE-2024-4557 - Medium
Multiple Denial of Service DoS conditions has been discovered in GitLab CEEE affecting all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 which allowed an attacker to cause resource exhaustion via banzai pipeline.
CVE-2024-5430 - Medium
An issue was discovered in GitLab CEEE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL.
CVE-2024-4011 - Low
An issue was discovered in GitLab CEEE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows nonproject member to promote key results to objectives.
Technical Key Findings
Vulnerable Products
Impact Assessment
Exploiting these vulnerabilities can lead to unauthorized code execution, sensitive data exposure, and potential takeover of GitLab instances.
Tags
#GitLab #CVE-2024-5655 #CWE-284 #CWE-79 #CWE-352 #SecurityPatch #Vulnerability #DevOps #CI/CD
PoC released for Critical Privilege Escalation Vulnerability in Linux Kernel
Date: June 5, 2024
CVE: CVE-2023-3390
Vulnerability Type: Use-After-Free
CWE: [[CWE-416]]
Sources: SSD-disclosure NVD, Debian Security Tracker, Snyk
Synopsis
A PoC Exploit has been released for Linux Kernel use-after-free vulnerability, identified as CVE-2023-3390, has been discovered in the Linux kernel's netfilter subsystem. This flaw, present in the nf_tables_api.c file, can allow a local attacker with the ability to execute low-privileged code on the target system to escalate privileges due to mishandled error handling. The vulnerability has been patched.
Issue Summary
CVE-2023-3390 is a critical vulnerability found in the Linux kernel's netfilter subsystem. The issue arises from a use-after-free error in the NFT_MSG_NEWRULE handling, potentially allowing attackers to exploit a dangling pointer within the same transaction. This flaw enables local attackers to gain elevated privileges on affected systems.
Technical Key Findings
The root cause of CVE-2023-3390, a critical privilege escalation vulnerability in the Linux kernel, lies in the improper management of integer values within the nft_parse_register_store function of the Netfilter subsystem. Specifically, this vulnerability is due to an integer overflow issue within the nft_validate_register_store function, which fails to correctly handle certain large values for register indices.
The CVE-2023-3390 vulnerability arises from an integer overflow in the validation logic of the Netfilter subsystem, which fails to properly handle large register values, allowing an attacker to perform out-of-bounds writes to kernel memory. This leads to potential privilege escalation, compromising the affected system. It is crucial to apply patches that correct this validation flaw to mitigate the risk.
For details, see the detailed root cause analysis at SSD Secure Disclosure
Vulnerable Products
The vulnerability affects Debian 11 (Linux Kernel 5.10)
Impact Assessment
Exploiting this vulnerability allows a local attacker to gain root access, which can lead to severe consequences such as system compromise, data breaches, and service disruptions.
Patches or Workaround
Patches for CVE-2023-3390 have been released. Administrators are advised to update their Linux kernel to versions that include the commit 1240eb93f0616b21c675416516ff3d74798fdc97. an updated kernel in July 2023: https://tracker.debian.org/news/1449040/accepted-linux-510179-3-source-into-oldstable-security
Tags
#CVE-2023-3390 #LinuxKernel #PrivilegeEscalation #UseAfterFree #Netfilter #SecurityPatch #Debian #AlmaLinux #Ubuntu2404
Check Point Vulnerability Report: CVE-2024-24919
Date: May 29, 2024
CVE: CVE-2024-24919
Vulnerability Type: Exposure of Sensitive Information to an Unauthorized Actor
CWE: [[CWE-22]], [[CWE-425]]
Sources: Check Point, [Tenable](CVE-2024-24919 | Tenable®) Tenable Blog
Synopsis
A critical vulnerability (CVE-2024-24919) has been identified in Check Point's CloudGuard Network Security appliance, allowing unauthorized actors to access sensitive information.
Issue Summary
The vulnerability, categorized as an 'Exposure of Sensitive Information to an Unauthorized Actor,' affects Check Point's CloudGuard Network Security appliances. Attackers can exploit this vulnerability to read sensitive information from gateways connected to the Internet and enabled with Remote Access VPN or Mobile Access. The flaw is actively exploited in the wild, making it a high-priority issue for administrators.
Technical Key Findings
The vulnerability arises from a path traversal issue in the appliance's handling of certain HTTP requests. Attackers can manipulate the request paths to access files on the device, bypassing standard access controls. The exploit involves sending crafted HTTP requests to the vulnerable endpoint, allowing unauthorized file reads.
Vulnerable Products
Impact Assessment
Exploiting this vulnerability can lead to unauthorized access to sensitive information, such as configuration files and password hashes. This could potentially escalate to full system compromise if critical files are accessed and misused.
Patches or Workaround
Check Point has released a hotfix to address this vulnerability. Administrators are urged to apply the patch immediately. The company also recommends placing the vulnerable gateway behind another security gateway with IPS and SSL inspection enabled as a temporary mitigation.
Tags
#CheckPoint #CVE-2024-24919 #InformationDisclosure #PathTraversal #NetworkSecurity #CloudGuard #SecurityPatch #VulnerabilityManagement #threatintelligence
VMware Patches Severe Security Flaws in Workstation and Fusion Products
Date: May 2024
CVE: CVE-2024-22267, CVE-2024-22268, CVE-2024-22269, CVE-2024-22270
Vulnerability Type: Use-After-Free, Heap Buffer Overflow, Information Disclosure
CWE: [[CWE-416]], [[CWE-122]], [[CWE-200]]
Sources: The Hacker News, Broadcom advisory
Issue Summary
Multiple severe security vulnerabilities have been identified in VMware Workstation and Fusion products. These vulnerabilities could potentially allow threat actors to execute arbitrary code, access sensitive information, and trigger denial-of-service (DoS) conditions. The affected versions include Workstation 17.x and Fusion 13.x.
Technical Key Findings
The vulnerabilities include a use-after-free issue in the Bluetooth device (CVE-2024-22267), a heap buffer overflow in the shader functionality (CVE-2024-22268), and two information disclosure flaws (CVE-2024-22269 and CVE-2024-22270). Exploiting these vulnerabilities requires local administrative privileges on a virtual machine, potentially allowing attackers to manipulate the VM's VMX process.
|VMware Product|Version|Running On|CVE|CVSSv3|Severity|Fixed Version|Workarounds|Additional Documentation|
|---|---|---|---|---|---|---|---|---|
|Workstation|17.x|Any|CVE-2024-22267|9.3|Critical|17.5.2|KB91760|None|
|Fusion|13.x|OS X|CVE-2024-22267|9.3|Critical|13.5.2|KB91760|None|
| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| -------------- | ------- | ---------- | -------------- | --------------------------------------------------------------------------------------------- | --------- | ------------- | ------------------------------------------------ | ------------------------ |
| Workstation | 17.x | Windows | CVE-2024-22268 | 7.1 | Important | 17.5.2 | KB59146 | None |
| Fusion | 13.x | OS X | CVE-2024-22268 | 7.1 | Important | 13.5.2 | KB59146 | None |
|VMware Product|Version|Running On|CVE|CVSSv3|Severity|Fixed Version|Workarounds|Additional Documentation|
|---|---|---|---|---|---|---|---|---|
|Workstation|17.x|Any|CVE-2024-22269|7.1|Important|17.5.2|KB91760|None|
|Fusion|13.x|OS X|CVE-2024-22269|7.1|Important|13.5.2|KB91760|None|
| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| -------------- | ------- | ---------- | -------------- | --------------------------------------------------------------------------------------------- | --------- | ------------- | ----------- | ------------------------ |
| Workstation | 17.x | Any | CVE-2024-22270 | 7.1 | Important | 17.5.2 | None | None |
| Fusion | 13.x | OS X | CVE-2024-22270 | 7.1 | Important | 13.5.2 | None | None |
Vulnerable Products
Impact Assessment
Exploiting these vulnerabilities could lead to significant security breaches, including arbitrary code execution on the host machine, sensitive data exposure, and system crashes. The critical nature of these flaws underscores the need for immediate remediation to prevent potential attacks.
Patches or Workarounds
VMware has released patches for these vulnerabilities in versions 17.5.2 (Workstation) and 13.5.2 (Fusion). As temporary measures, users are advised to disable Bluetooth support and 3D acceleration features on virtual machines. However, there is no workaround for CVE-2024-22270.
Tags
#VMware #CVE-2024-22267 #CVE-2024-22268 #CVE-2024-22269 #CVE-2024-22270 #UseAfterFree #HeapBufferOverflow #InformationDisclosure #Virtualization #Workstation #Fusion #SecurityPatch
Grafana SQL Injection Vulnerability Analysis
Date: 22nd March 2024
CVE: N.A.
Vulnerability Type: SQL Injection
CWE: [[CWE-89]]
Sources: FDlucifer GitHub , GBhackers
Issue Summary
A SQL injection vulnerability has been identified in Grafana, an open-source platform for monitoring and observability. This vulnerability allows authenticated users to execute arbitrary SQL commands through the Grafana SQL package, affecting all versions of the software. To exploit this sql injection vulnerability, someone must use a valid account (for example Read-Only) login to the Grafana web backend, then send malicious POST request to /api/ds/query “rawSql” entry.
If attackers login to the Grafana web backend, here they have the ability to interact with various APIs provided by Grafana, including the /api/ds/query API endpoint. This is used for making data queries within Grafana. They can use a post request to /api/ds/query api. This request includes the rawSql parameter, which allows direct input of SQL commands. Then they can modify the “rawSql” filed to execute (Malicious) sql strings that can lead to a time-based blind sql injection vulnerability, and then leak data from databases. Time-based blind SQL injection is a subtype of SQL injection where the attacker can determine if a part of the injected SQL statement is true based on how long it takes the application to respond. The SQL statements typically include commands that cause the database to wait for a specified amount of time (SLEEP, WAITFOR DELAY) before responding. This time delay allows the attacker to infer information about the database depending on whether the condition in the SQL query is true or false.
Example:
Running SQL query SELECT * FROM users WHERE username='admin' AND SLEEP(10) would let us know that there is a user present named 'admin' if the answer takes 10 seconds.
Technical Key Findings
The vulnerability originates in the SQL data source processing functions within Grafana's codebase, particularly in the SqlDatasource.ts and datasource.ts files. Attackers exploit this by sending specially crafted SQL queries via POST requests to the /api/ds/query endpoint.
grafana v8.0.4 poc:
POST /api/ds/query HTTP/1.1
Host: 172.16.32.57:3000
User-Agent: qzd_security_test_user_agent
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://172.16.32.57:3000/d/AEo5dM44k/pei-xun-xi-tong?orgId=1
content-type: application/json
x-grafana-org-id: 1
Content-Length: 142
Origin: http://172.16.32.57:3000
DNT: 1
Connection: close
Cookie: grafana_session=ede75844e20b0001a30e2c8522e5f1fc
{"queries":[{"refId":"A","format":"time_series","datasourceId":2,"rawSql":"(SELECT 8424 FROM (SELECT(SLEEP(2)))MKRN)","maxDataPoints":10000}]}
Then login to backend then click “Explore”, then use burp Capture POST /api/ds/query HTTP/1.1 packet, modify the “rawSql” entry to malicious sql strings, then we get a time-based sql injection.
Impact Assessment
Successful exploitation could allow an attacker to manipulate or extract data from databases connected to Grafana, leading to potential data breaches and compromise of monitoring data integrity.
Patches or Workaround
The Grafana security team does not recognize this flaw as a vulnerability but rather as a feature of the backend system. This is disputed by the researcher leading him to publicly disclose the issue.
Tags
#Grafana #CVE-2023-3128 #SQLInjection #DataBreach #SecurityPatch
Buffer Overflow in GNU C Library Affects Older Versions
Date: April 17, 2024
CVE: CVE-2024-2961
Vulnerability Type: Out-of-bounds Write
CWE: [[CWE-787]]
Sources: SecurityVulnerability.io, NVD Mitigation blog
Issue Summary
A critical buffer overflow vulnerability has been identified in the GNU C Library's iconv function when converting charsets to certain Chinese Extended encodings. This flaw occurs when converting strings to the ISO-2022-CN-EXT character set in versions prior to 2.40, potentially leading to application crashes or memory corruption.
Technical Key Findings
The vulnerability stems from improper boundary checks during character set conversion, allowing up to 4 bytes of overflow. This could enable attackers to execute arbitrary code or disrupt program operation by manipulating memory locations adjacent to the buffer.
Vulnerable Products
All versions of GNU C Library older than 2.40 are susceptible. (That's potentially 24 years of a buffer overflow presence in the glibc!)
Impact Assessment
The vulnerability poses a high risk, potentially affecting the confidentiality, integrity, and availability of systems utilizing the affected library versions. There is no evidence of active exploitation yet, but the severity of potential impacts warrants prompt attention.
Patches or Workaround
The GNU C Library has released patches for this vulnerability. Users are advised to update to version 2.40 or later. If you are unable to (or it's not available on your OS yet), you can mitigate this issue by disabling the affected charsets in gconv.
Check if you are vulnerable
// The first line of the linker version info should include the version of glibc (either as GLIBC or GNU libc).
ldd --version
// Check if the vulnerable encodings are enabled in iconv:
iconv -l | grep -E 'CN-?EXT'
If they are, you will see an output like:
ISO-2022-CN-EXT//
ISO2022CNEXT//
Tags
#GNUCLibrary #CVE-2024-2961 #BufferOverflow #SecurityPatch #ISO2022CNEXT #CVE20242961 #iconv #iconvglibc
A significant security issue involving the Lighttpd web server was uncovered, affecting baseboard management controllers (BMCs) used in Intel and Lenovo devices. This vulnerability, a Heap Out-of-bounds read (CWE-125), was discovered in the Lighttpd module used in Intel Server System devices and Lenovo BMC firmware. The vulnerability was first discovered and fixed in August 2018, but due to the lack of a Common Vulnerabilities and Exposures (CVE) identifier and an advisory, it was overlooked by developers, including those of AMI MegaRAC BMC. This oversight resulted in the vulnerability persisting in products made by Intel and Lenovo.
The vulnerability allows an attacker to exfiltrate sensitive data, such as process memory addresses, which can then be used to bypass security mechanisms like Address Space Layout Randomization (ASLR).
The Binarly research team played a crucial role in identifying and documenting this vulnerability, assigning identifiers to the affected Intel and Lenovo BMC firmware and to vulnerable Lighttpd builds in general.
https://www.binarly.io/blog/lighttpd-gains-new-life
#cybersecurity #lighttpd #webserver #vulnerability #bmc #aslr #intel #lenovo #securitypatch #firmware #binarly
