Apple Security Advisory 2023-09-21-7
Apple Security Advisory 2023-09-21-7 - macOS Monterey 12.7 addresses a privilege escalation vulnerability.
Apple Security Advisory 2023-09-21-6
Apple Security Advisory 2023-09-21-6 - macOS Ventura 13.6 addresses bypass vulnerabilities.
Apple Security Advisory 2023-09-21-5
Apple Security Advisory 2023-09-21-5 - watchOS 9.6.3 addresses bypass vulnerabilities.
Apple Security Advisory 2023-09-21-4
Apple Security Advisory 2023-09-21-4 - watchOS 10.0.1 addresses bypass vulnerabilities.
Kubernetes Security Issues (CVE-2023-3676, CVE-2023-3893, CVE-2023-3893)
Publication Date: 2023/08/23 10:00 AM PDT
AWS is aware of three security issues (CVE-2023-3676, CVE-2023-3893, CVE-2023-3893) in Kubernetes that affect Amazon EKS customers with Windows EC2 nodes in their clusters. These issues do not affect any Kubernetes control plane or the service itself, nor do these issues permit...
CVE-2022-40982 – Gather Data Sampling – Downfall
Publication Date: 2023/08/08 1:00 PM PDT
AWS is aware of CVE-2022-40982, also known as “Gather Data Sampling” (GDS) or “Downfall”. AWS customers’ data and instances are not affected by this issue, and no customer action is required. AWS has designed and implemented its infrastructure with protections against this...
CVE-2023-20569 – RAS Poisoning – Inception
Publication Date: 2023/08/08 11:30AM PDT
AWS is aware of CVE-2023-20569, also known as “RAS Poisoning” or “Inception”. AWS customers’ data and instances are not affected by this issue, and no customer action is required. AWS has designed and implemented its infrastructure with protections against this class of issues....
VU#347067: Multiple BGP implementations are vulnerable to improperly formatted BGP updates
Overview
Multiple BGP implementations have been identified as vulnerable to specially crafted Path Attributes of a BGP UPDATE. Instead of ignoring invalid updates they reset the...
VU#304455: Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router
Overview
An authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by Tenda. This vulnerability allows a remote, unauthenticated user to access...
VU#757109: Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account
Overview
Groupnotes Inc. Videostream Mac client installs a LaunchDaemon that runs with root privileges. The daemon is vulnerable to a race condition that allows for arbitrary...
Cisco IOS XR Software Compression ACL Bypass Vulnerability
A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device.
This vulnerability is due to incorrect destination address range encoding in the compression...
Cisco IOS XR Software Image Verification Vulnerability
A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system.
This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation...
Cisco IOS XR Software Access Control List Bypass Vulnerability
A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting...
Citrix Hypervisor Security Bulletin for CVE-2023-20569, CVE-2023-34319 and CVE-2022-40982
CTX569353 UpdatedCitrix Hypervisor Security Bulletin for CVE-2023-20569, CVE-2023-34319 and CVE-2022-40982Applicable Products : Citrix HypervisorXenServer
Citrix Hypervisor Security Update for CVE-2023-20593
CTX566835 UpdatedCitrix Hypervisor Security Update for CVE-2023-20593Applicable Products : Citrix HypervisorXenServer
Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467
CTX561482 NewCitrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467Applicable Products : Citrix ADCCitrix Gateway
Drupal core – Critical – Cache poisoning – SA-CORE-2023-006
Project: Drupal coreDate: 2023-September-20Security risk: Critical 16∕25 AC:Complex/A:None/CI:All/II:Some/E:Theoretical/TD:DefaultVulnerability: Cache poisoningAffected versions: >=8.7.0 =10.0 = 10.1 <10.1.4Description: In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.
This vulnerability only affects sites with the JSON:API module...
Drupal core – Moderately critical – Access bypass – SA-CORE-2023-005
Project: Drupal coreDate: 2023-April-19Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to.
Some sites may require configuration changes following this security release. Review the release notes for...
Drupal core – Moderately critical – Access bypass – SA-CORE-2023-004
Project: Drupal coreDate: 2023-March-15Security risk: Moderately critical 14∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Access bypassAffected versions: <7.95 || >=8.0.0 <9.4.12 || >=9.5.0 <9.5.5 || >=10.0.0 <10.0.5Description: Drupal core provides a page that outputs the markup from phpinfo() to assist with diagnosing PHP configuration.
If an attacker was able to achieve an XSS exploit against a privileged user, they may be...
K23421535 : Expat vulnerabilities CVE-2022-22822, CVE-2022-22823, and CVE-2022-22824
Security Advisory Description CVE-2022-22822 addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVE-2022-22823 build_model in xmlparse.c in Expat (aka libexpat) ...
K000136957 : Apache struts vulnerability CVE-2023-41835
Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the ...
K000136924 : Node.JS vulnerabilities CVE-2018-7158, CVE-2018-7164, and CVE-2018-7166
Security Advisory Description CVE-2018-7158 The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was ...
K000136903 : OpenSSL Diffie-Hellman vulnerability CVE-2023-3446
Security Advisory Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_ ...
ApexSMS – 23,246,481 breached accounts
In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password. The incident leaked over 80M records with 23M unique email addresses alongside names, phone numbers and carriers, geographic...
dBforums – 363,468 breached accounts
In July 2016, a data breach of the now defunct database forum "dBforums" appeared for sale alongside several others hacked from the parent company, Penton. The breach of the vBulletin based forum contained 363k unique email addresses alongside usernames, IP addresses, dates of birth and salted MD5 password hashes.
MalindoAir – 4,328,232 breached accounts
In early 2019, the Malaysian airline Malindo Air suffered a data breach that exposed tens of millions of customer records. Containing 4.3M unique email addresses, the breach also exposed extensive personal information including names, dates of birth, genders, physical addresses, phone numbers and passport details. The data was later...
Baker Hughes Bently Nevada 3500
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Baker Hughes - Bently Nevada
Equipment: Bently Nevada 3500 System
Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Cleartext Transmission of Sensitive Information, Authentication Bypass by Capture-replay
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to steal sensitive...
Advantech EKI-1524-CE series
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 5.4
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
Vendor: Advantech
Equipment: EKI-1524-CE, EKI-1522-CE, EKI-1521-CE
Vulnerabilities: Cross-Site Scripting
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the session.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Advantech serial device servers are affected:
EKI-1524-CE...
Hitachi Energy Asset Suite 9
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 6.9
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Hitachi Energy
Equipment: Asset Suite 9
Vulnerability: Improper Authentication
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an authenticated user to enter an arbitrary password to execute equipment tag out actions.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Hitachi Energy reports these vulnerabilities affect the...
Suprema BioStar 2
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 6.5
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation
Vendor: Suprema Inc.
Equipment: BioStar 2
Vulnerability: SQL Injection
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to perform a SQL injection to execute arbitrary commands.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Suprema BioStar...
Journey Down Under: How Rocco Became Australia’s Premier Hacker
Fun facts about Rocco:
Microsoft MVR: Rocco is a 2023 Microsoft Most Valuable Researcher.
Fitness fanatic: Inspired by old-school body building and countless hours of chopping and carrying wood in the mountains during his youth, Rocco remains a fitness enthusiast, setting himself challenges and pushing his limits.
Old-school cinema enthusiast: Rocco’s favorite...
Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token
Summary Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. This URL included an overly-permissive...
Results of Major Technical Investigations for Storm-0558 Key Acquisition
On July 11, 2023, Microsoft published a blog post which details how the China-Based threat actor, Storm-0558, used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA and Outlook.com. Upon identifying that the threat actor had acquired the consumer key, Microsoft performed a comprehensive technical...
SVD-2023-0801: Reflected Cross-site Scripting (XSS) on “/app/search/table” web endpoint
In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.
SVD-2023-0804: Remote Code Execution via Serialized Session Payload
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.
[R1] Nessus Version 10.5.5 Fixes Multiple Vulnerabilities
Nessus Version 10.5.5 Fixes Multiple Vulnerabilities
Arnie Cabral
Thu, 09/21/2023 - 10:55
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application. - CVE-2023-3251
An arbitrary file write vulnerability exists...
[R1] Tenable Core on Oracle Linux 8 General Advisory
Tenable Core on Oracle Linux 8 General Advisory
Arnie Cabral
Wed, 09/06/2023 - 06:19
Tenable Core is currently built on CentOS 7, which will be reaching end of life (EoL) on June 30, 2024. As a result of the...
[R1] Nessus Version 10.6.0 Fixes Multiple Vulnerabilities
Nessus Version 10.6.0 Fixes Multiple Vulnerabilities
Arnie Cabral
Tue, 08/29/2023 - 04:44
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application. - CVE-2023-3251
An arbitrary file write vulnerability exists...
Embrace the Security Mindset: Design Decisions for a Fortified Next-Generation Multi-Cloud Infrastructure Platform
The ever-changing threat landscape necessitates a paradigm shift in the way we approach cybersecurity. Embracing change is no longer an option; it’s a necessity to properly mount a defense against today’s cyber threats. Effective security requires a mindset shift that involves a collective effort across the organization with everyone having a role to play – not just select teams or individuals. The Security Mindset is about making security ubiquitous...
VMware Carbon Black Emerges as a Leader in Frost & Sullivan’s 2023 XDR Report
Today’s volatile threat landscape has made every organization focused on staying a step ahead of attackers. According to Frost & Sullivan’s new Extended Detection and Response (XDR) 2023 report, VMware Carbon Black is more than helping enterprises keep ahead: we’re pushing the industry forward. In the latest Frost Radar Report, VMware Carbon Black emerges as a leading XDR vendor, situated prominently in both of Frost & Sullivan’s Radar categories...
WordPress 6.2.2 Security Release
WordPress 6.2.2 is now available!
The 6.2.2 minor release addresses 1 bug and 1 security issue. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.9 have also been updated.
WordPress 6.2.2 is a rapid response release to address a regression...
WordPress 6.2.1 Maintenance & Security Release
WordPress 6.2.1 is now available!
This minor release features 20 bug fixes in Core and 10 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.
This release also features several security fixes. Because this is a...