/ Crypto Wallet Address Replacement Attack
https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack
https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack
Phylum Research | Software Supply Chain Security
Phylum Discovers Revived Crypto Wallet Address Replacement Attack
Phylum discovers over 451 unique malicious packages targeting popular PyPI packages like Selenium.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
/ Windows Graphics Component Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823
/ VMware ESXi 8.0b Release Notes
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-esxi-80b-release-notes/index.html
https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-esxi-80b-release-notes/index.html
/ Android launches yet another way to spy on users with “Privacy Sandbox” beta
https://arstechnica.com/gadgets/2023/02/googles-privacy-sandbox-advertising-system-arrives-on-android-in-beta/
https://arstechnica.com/gadgets/2023/02/googles-privacy-sandbox-advertising-system-arrives-on-android-in-beta/
Ars Technica
Android launches yet another way to spy on users with “Privacy Sandbox” beta
Rather than match iOS's tracking limits, Google built an additional tracking system.
/ Citrix Releases Security Updates for Workspace Apps, Virtual Apps and Desktops
Emergency note from CISA:
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/citrix-releases-security-updates-workspace-apps-virtual-apps-and
Emergency note from CISA:
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/citrix-releases-security-updates-workspace-apps-virtual-apps-and
/ Remote code execution flaw patched in Apache Kafka
https://portswigger.net/daily-swig/remote-code-execution-flaw-patched-in-apache-kafka
https://portswigger.net/daily-swig/remote-code-execution-flaw-patched-in-apache-kafka
The Daily Swig | Cybersecurity news and views
Remote code execution flaw patched in Apache Kafka
Possible RCE and denial-of-service issue discovered in Kafka Connect
/ ClamAV fixed a possible remote code execution vulnerability
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
blog.clamav.net
ClamAV 0.103.8, 0.105.2 and 1.0.1 patch versions published
Today, we are releasing the following critical patch versions for ClamAV: 0.103.8 0.105.2 1.0.1 ClamAV 0.104 has reached end-of-life accord...
/ Hijack Explorer Context Menu for Persistence & Fun
Learn how I hijacked the explorer context menu to execute my beacon at each right click on a file/folder:
— https://ristbs.github.io/2023/02/15/hijack-explorer-context-menu-for-persistence-and-fun.html
Learn how I hijacked the explorer context menu to execute my beacon at each right click on a file/folder:
— https://ristbs.github.io/2023/02/15/hijack-explorer-context-menu-for-persistence-and-fun.html
ristbs’s blog
Hijack Explorer Context Menu for Persistence & Fun
Learn how I hijacked the explorer context menu to execute my beacon at each right click on a file/folder.
/ Atlassian Data Leak 🤦
Atlassian has confirmed that a breach at a "third-party vendor" caused a recent leak of company data and that their network and customer information..:
https://www.bleepingcomputer.com/news/security/atlassian-says-recent-data-leak-stems-from-third-party-vendor-hack/
Atlassian has confirmed that a breach at a "third-party vendor" caused a recent leak of company data and that their network and customer information..:
https://www.bleepingcomputer.com/news/security/atlassian-says-recent-data-leak-stems-from-third-party-vendor-hack/
BleepingComputer
Atlassian data leak caused by stolen employee credentials
Atlassian has confirmed that a breach at a third-party vendor caused a recent leak of company data and that their network and customer information is secure.
/ Malware Abuses Microsoft IIS Feature to Establish Backdoor
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis
Security
Frebniis: New Malware Abuses Microsoft IIS Feature to Establish Backdoor
Malware injects malicious code into Failed Request Event Buffering module in order to monitor HTTP requests from attacker.
/ Account Takeover Vulnerability in a Popular Package, Affecting 1000+ Organizations
illustria’s research team finds a popular npm package with nearly 4 million weekly downloads, vulnerable to account takeover attack..:
https://blog.illustria.io/illustria-discovers-account-takeover-vulnerability-in-a-popular-package-affecting-1000-8aaaf61ebfc4?gi=10ee34fdeff8
illustria’s research team finds a popular npm package with nearly 4 million weekly downloads, vulnerable to account takeover attack..:
https://blog.illustria.io/illustria-discovers-account-takeover-vulnerability-in-a-popular-package-affecting-1000-8aaaf61ebfc4?gi=10ee34fdeff8
Medium
illustria Discovers Account Takeover Vulnerability in a Popular Package, Affecting 1000+ Organizations
illustria’s research team finds a popular npm package with nearly 4 million weekly downloads, vulnerable to account takeover attack.
/ Dirty bug in HAProxy's headers processing, and that, when properly exploited, this bug allows to build an HTTP content smuggling attack
HAProxy Security Update (CVE-2023-25725)
https://www.mail-archive.com/haproxy@formilux.org/msg43229.html
HAProxy Security Update (CVE-2023-25725)
https://www.mail-archive.com/haproxy@formilux.org/msg43229.html
/ GoDaddy > GoHacked
Official statement on recent website redirect issues:
https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx
Official statement on recent website redirect issues:
https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx
aboutus.godaddy.net
Statement on recent website redirect issues
In early December 2022, we started receiving a small number of customer complaints about their websites being intermittently redirected. Upon receiving these complaints, we investigated and found that the intermittent redirects were happening on seemingly…
/ Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS
https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html
https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html
Trellix
Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS
The Trellix Advanced Research Center vulnerability team has discovered a large new class of bugs that allow bypassing code signing to execute arbitrary code in the context of several platform applications, leading to escalation of privileges and sandbox escape…
/ QR code generator My QR Code leaks users’ login data and addresses
https://www.hackread.com/qr-code-generator-my-qr-code-data-leak/
https://www.hackread.com/qr-code-generator-my-qr-code-data-leak/
Hackread
QR code generator My QR Code leaks users’ login data and addresses
MyQRcode, a popular Sofia, Bulgaria-based QR code generator website, is leaking the personal data of its users. Read more for details!
/ VMware Carbon Black App Control updates address an injection vulnerability (CVE-2023-20858)
Hight
https://www.vmware.com/security/advisories/VMSA-2023-0004.html
Hight
https://www.vmware.com/security/advisories/VMSA-2023-0004.html
/ VMware ESXi 7.0 Update 3k Release Notes
Critical patch
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues
Critical patch
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues
/ CISA Adds Three Known Exploited Vulnerabilities to Catalog
..These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise..:
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/21/cisa-adds-three-known-exploited-vulnerabilities-catalog
..These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise..:
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/21/cisa-adds-three-known-exploited-vulnerabilities-catalog
/ Analysis of the WinorDLL64 payload
WinorDLL64 payload serves as a backdoor that most notably acquires extensive system information, provides means for file manipulation, such as exfiltrating, overwriting, and removing files, and executes additional commands..:
https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
WinorDLL64 payload serves as a backdoor that most notably acquires extensive system information, provides means for file manipulation, such as exfiltrating, overwriting, and removing files, and executes additional commands..:
https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
WeLiveSecurity
WinorDLL64: A backdoor from the vast Lazarus arsenal?
ESET researchers uncover the WinorDLL64 backdoor, one of the payloads of the Wslink downloader and probably part of Lazarus' arsenal.