News

• Researchers Tell Owners To Assume Compromise Of Unpatched Zyxel Firewalls
• War Crimes Evidence Erased By Social Media Firms
• New Vulnerability Gives MacOS Users A Migraine
• Amazon To Pay $30.8M For Alexa And Ring Privacy Violations
• Russia Says U.S. Accessed Thousands Of Apple Phones In Spy Plot
• Organizations Warned Of Backdoor In Hundreds Of Gigabyte Motherboards
• XFS Bug In Linux Kernel 6.3.3 Coincides With SGI Code Comebank
• Cyberwar Manufacturers Plot To Stay On Right Side Of US
• Critical Barracuda 0-Day Was Used To Backdoor Networks For 8 Months
• Software Liability And Hard Truths Of Manufacturer Responsibility
• Hacker Wins $105k For Reporting Flaws In Sonos One Speakers
• Artificial Intelligence Could Lead To Extinction, Experts Warn
• ABB Confirms Data Stolen In Black Basta Ransomware Attack
• CERN Spots Strange Higgs Boson Decay Breaking The Rules
• Senator Wyden Seems Surprised By US Govt Spyware Stance
• AI Opinion: I Do Not Think Ethical Surveillance Can Exist
• OneMain Pays $4.5M After Ignored Security Flaws Caused Data Breaches
• Is Cybersecurity An Unsolvable Problem?
• Google Cloud Patches Vulnerability In CloudSQL Service
• CosmicEnergy Malware Poses Plausible Threat To Electric Grids
• BlackByte Ransomware Crew Claims City Of Augusta, Georgia
• Dutch Watchdog Looking Into Alleged Tesla Data Breach
• Reflections On Ten Years Past The Snowden Revelations
• Legion Malware Expands Scope To Target AWS CloudWatch Monitoring Tool
• UN Official And Others In Armenia Hacked By NSO Group Spyware

• CIS Controls Ambassador Spotlight: Alan Watkins Wed, 31 May 2023 11:14:00 -0400
  Alan Watkins has done a lot to support cyber defense as an ambassador and volunteer in the CIS Controls Community. Hear his story.

Looking Glass Cyber

Malware Patrol

• InfoSec Articles (05/23/23 – 05/30/23)
• InfoSec Articles (05/09/23 – 05/23/23)

SecList

• Operation Triangulation: iOS devices targeted with previously unknown malware
  While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise.

securingtomorrow.mcafee.com

Quick Heal

• Antivirus Security and the Role of Artificial Intelligence (AI)
• The Threat Landscape: Emerging Viruses and Malware to Watch Out For in 2023
• What is Anti-Virus Software? And Do I really need it ?
• BEWARE: Fake Applications are Disguised as Legitimate Ones
• Deep Dive into Royal Ransomware
• THE PERILS OF RANSOMWARE : How to Save yourself from the next attack
• Expiro: Old Virus Poses a New Challenge
• Your Office Document is at Risk – XLL, A New Attack Vector
• Cryptojacking on the Rise
• UAC Bypass Using CMSTP

Threat Post

• Student Loan Breach Exposes 2.5M Records
• Watering Hole Attacks Push ScanBox Keylogger
• Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
• Ransomware Attacks are on the Rise
• Cybercriminals Are Selling Access to Chinese Surveillance Cameras
• Twitter Whistleblower Complaint: The TL;DR Version
• Firewall Bug Under Active Attack Triggers CISA Warning
• Fake Reservation Links Prey on Weary Travelers
• iPhone Users Urged to Update to Patch 2 Zero-Days
• Google Patches Chrome’s Fifth Zero-Day of the Year

Naked Security

• S3 Ep137: 16th century crypto skullduggery
• Serious Security: That KeePass “master password crack”, and what we can learn from it
• Serious Security: Verification is vital – examining an OAUTH login bug
• S3 Ep136: Navigating a manic malware maelstrom
• Ransomware tales: The MitM attack that really had a Man in the Middle
• PyPI open-source code repository deals with manic malware maelstrom
• Phone scamming kingpin gets 13 years for running “iSpoof” service
• Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!
• S3 Ep135: Sysadmin by day, extortionist by night
• US offers $10m bounty for Russian ransomware suspect outed in indictment

Security Affairs

• BlackCat claims the hack of the Casepoint legal technology platform used by US agencies
• Widespread exploitation by botnet operators of Zyxel firewall flaw
• Experts warn of backdoor-like behavior within Gigabyte systems
• Threat actors are exploiting Barracuda Email Security Gateway bug since October 2022
• Swiss real estate agency Neho fails to put a password on its systems
• Microsoft found a new bug that allows bypassing SIP root restrictions in macOS
• PyPI enforces 2FA authentication to prevent maintainers’ account takeover
• A database containing 478,000 RaidForums members leaked online
• Beware of the new phishing technique “file archiver in the browser” that exploits zip domains
• BrutePrint Attack allows to unlock smartphones with brute-forcing fingerprint

Security Awareness Tips of the week

Exploits

• STARFACE 7.3.0.10 Broken Authentication
• Flexense HTTP Server 10.6.24 Buffer Overflow / Denial Of Service
• Faculty Evaluation System 1.0 Shell Upload
• Menorah Restaurant 1.0.0 Insecure Settings
• Acelle Email Marketing 3.0.15 Arbitrary File Upload
• Online Security Guards Hiring System 1.0 Cross Site Scripting
• Rukovoditel 3.3.1 CSV Injection
• Bumsys Business Management System 1.0.3-beta Shell Upload
• Qualcomm Adreno/KGSL Data Leakage
• Qualcomm Adreno/KGSL Unchecked Cast / Type Confusion
• WordPress ReviewX 1.6.13 Privilege Escalation
• Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation
• Microsoft GamingServicesNet 12.77.3001.0 Unquoted Service Path
• Apple Zeed ALL YOUR STYLE CMS 2.0 SQL Injection
• Vaskar Courier 3.2.0 Insecure Settings
• Wekan 6.74 Cross Site Scripting
• Serenity / StartSharp Software File Upload / XSS / User Enumeration / Reusable Tokens
• Pydio Cells 4.1.2 Server-Side Request Forgery
• Pydio Cells 4.1.2 Cross Site Scripting
• Pydio Cells 4.1.2 Privilege Escalation
• Papaya Medical Viewer 1.0 Cross Site Scripting
• PrinterLogic Build 1.0.757 XSS / SQL Injection / Authentication Bypass
• Argon Dashboard 2 SQL Injection
• Thai Auto Web 1.2 Missing Authentication
• Code-Bakers 1.0 Missing Authentication

• [webapps] MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)
• [webapps] Pydio Cells 4.1.2 - Server-Side Request Forgery
• [webapps] Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download
• [webapps] Pydio Cells 4.1.2 - Unauthorised Role Assignments
• [webapps] Faculty Evaluation System 1.0 - Unauthenticated File Upload
• [webapps] Online Security Guards Hiring System 1.0 - Reflected XSS
• [remote] Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)
• [webapps] unilogies/bumsys v1.0.3 beta - Unrestricted File Upload
• [webapps] SCRMS 2023-05-27 1.0 - Multiple SQL Injection
• [webapps] Rukovoditel 3.3.1 - CSV injection
• [webapps] Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)
• [webapps] SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)
• [remote] Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)
• [webapps] Ulicms 2023.1 - create admin user via mass assignment
• [webapps] Zenphoto 1.6 - Multiple stored XSS
• [webapps] WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)
• [local] Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation
• [webapps] Service Provider Management System v1.0 - SQL Injection
• [webapps] Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute
• [webapps] FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)
• [local] MobileTrans 4.0.11 - Weak Service Privilege Escalation
• [webapps] CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)
• [webapps] ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)
• [webapps] Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)
• [webapps] GetSimple CMS v3.3.16 - Remote Code Execution (RCE)
• [webapps] Quicklancer v1.0 - SQL Injection
• [webapps] Stackposts Social Marketing Tool v1.0 - SQL Injection
• [webapps] Smart School v1.0 - SQL Injection
• [webapps] LeadPro CRM v1.0 - SQL Injection
• [local] Yank Note v3.52.1 (Electron) - Arbitrary Code Execution
• [local] Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution
• [webapps] Affiliate Me Version 5.0.1 - SQL Injection
• [webapps] eScan Management Console 14.0.1400.2281 - Cross Site Scripting
• [webapps] eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)
• [webapps] Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)
• [webapps] SitemagicCMS 4.4.3 - Remote Code Execution (RCE)
• [webapps] Prestashop 8.0.4 - CSV injection
• [webapps] Best POS Management System v1.0 - Unauthenticated Remote Code Execution
• [local] Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking
• [remote] Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)
• [remote] Screen SFT DAB 600/C - Authentication Bypass Reset Board Config
• [remote] Screen SFT DAB 600/C - Authentication Bypass Admin Password Change
• [remote] Screen SFT DAB 600/C - Authentication Bypass Erase Account
• [remote] Screen SFT DAB 600/C - Authentication Bypass Password Change
• [remote] Screen SFT DAB 600/C - Authentication Bypass Account Creation
• [webapps] PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)

Last 20 Website Defacements - Zone-h

• https://lagos.vr.uff.br/public/site/images/hacked/hackedbydr3v1l.gif
• https://www.reveduc.ufscar.br/public/site/images/hacked/hackedbydr3v1l.gif
• http://cetes.medicina.ufmg.br/revista/public/site/images/hacked/hackedbydr3v1l.gif
• https://journal.iitta.gov.ua/public/site/images/hacked/hackedbydr3v1l.gif
• https://revista.an.gov.br/public/site/images/hacked/hackedbydr3v1l.gif
• https://cienciasagricolas.inifap.gob.mx/public/site/images/hacked/hackedbydr3v1l.gif
• http://revistadepedagogiasocial.uff.br/public/site/images/hacked/hackedbydr3v1l.gif
• https://www.revistaaledbr.ufscar.br/public/site/images/hacked/hackedbydr3v1l.gif
• http://uaj.uac.gov.ua/public/site/images/hacked/hackedbydr3v1l.gif
• https://jgsb.cprm.gov.br/public/site/images/hacked/hackedbydr3v1l.gif
• https://www.cadernosdeterapiaocupacional.ufscar.br/public/site/images/hacked/hackedbydr3v1l.gif
• http://rem.hrlamb.gob.pe/public/site/images/hacked/hackedbydr3v1l.gif
• https://ndcjournal.ndc.gov.bd/ndcj/public/site/images/hacked/hackedbydr3v1l.gif
• https://ejurnal.balitbangda.kukarkab.go.id/public/site/images/hacked/hackedbydr3v1l.gif
• http://ejurnal.malangkab.go.id/public/site/images/hacked/hackedbydr3v1l.gif
• https://cames.ippt.gov.pl/public/site/images/hacked/hackedbydr3v1l.gif
• https://ntc.nigatom.gov.ng/kurd.html
• https://hrm.nigatom.gov.ng/kurd.html
• https://cnes.nigatom.gov.ng/kurd.html
• https://cnert.nigatom.gov.ng/kurd.html

Advisories

Symantec Packet Stoem Security

• Ubuntu Security Notice USN-6128-1 Thu, 01 Jun 2023 14:52:18 GMT
  Ubuntu Security Notice 6128-1 - It was discovered that CUPS incorrectly handled logging. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Red Hat Security Advisory 2023-3415-01 Thu, 01 Jun 2023 14:48:57 GMT
  Red Hat Security Advisory 2023-3415-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes security and bug fixes.
• Red Hat Security Advisory 2023-3408-01 Thu, 01 Jun 2023 14:43:05 GMT
  Red Hat Security Advisory 2023-3408-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include double free and use-after-free vulnerabilities.
• Ubuntu Security Notice USN-6127-1 Thu, 01 Jun 2023 14:42:46 GMT
  Ubuntu Security Notice 6127-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
• Red Hat Security Advisory 2023-3397-01 Thu, 01 Jun 2023 14:39:17 GMT
  Red Hat Security Advisory 2023-3397-01 - QATzip is a user space library which builds on top of the Intel QuickAssist Technology user space library, to provide extended accelerated compression and decompression services by offloading the actual compression and decompression request to the Intel Chipset Series. Issues addressed include a privilege escalation vulnerability.
• Red Hat Security Advisory 2023-3403-01 Thu, 01 Jun 2023 14:34:20 GMT
  Red Hat Security Advisory 2023-3403-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2023-3387-01 Thu, 01 Jun 2023 14:31:54 GMT
  Red Hat Security Advisory 2023-3387-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Issues addressed include a cross site scripting vulnerability.
• Red Hat Security Advisory 2023-3394-01 Thu, 01 Jun 2023 14:29:57 GMT
  Red Hat Security Advisory 2023-3394-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.
• Red Hat Security Advisory 2023-3388-01 Thu, 01 Jun 2023 14:17:56 GMT
  Red Hat Security Advisory 2023-3388-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and use-after-free vulnerabilities.
• Debian Security Advisory 5417-1 Wed, 31 May 2023 16:31:34 GMT
  Debian Linux Security Advisory 5417-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.
• Ubuntu Security Notice USN-6126-1 Wed, 31 May 2023 16:31:20 GMT
  Ubuntu Security Notice 6126-1 - It was discovered that libvirt incorrectly handled the nwfilter driver. A local attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. It was discovered that libvirt incorrectly handled queries for the SR-IOV PCI device capabilities. A local attacker could possibly use this issue to cause libvirt to consume resources, leading to a denial of service.
• Ubuntu Security Notice USN-6125-1 Wed, 31 May 2023 16:31:07 GMT
  Ubuntu Security Notice 6125-1 - It was discovered that the snap sandbox did not restrict the use of the ioctl system call with a TIOCLINUX request. This could be exploited by a malicious snap to inject commands into the controlling terminal which would then be executed outside of the snap sandbox once the snap had exited. This could allow an attacker to execute arbitrary commands outside of the confined snap sandbox. Note: graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
• Ubuntu Security Notice USN-6117-1 Wed, 31 May 2023 16:30:56 GMT
  Ubuntu Security Notice 6117-1 - It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perform a cross site request forgery attack. It was discovered that Apache Batik incorrectly handled Jar URLs in some situations. A remote attacker could use this issue to access files on the server. It was discovered that Apache Batik allowed running untrusted Java code from an SVG. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6124-1 Wed, 31 May 2023 16:30:21 GMT
  Ubuntu Security Notice 6124-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service.
• Ubuntu Security Notice USN-6123-1 Wed, 31 May 2023 16:30:06 GMT
  Ubuntu Security Notice 6123-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service.
• Ubuntu Security Notice USN-6122-1 Wed, 31 May 2023 16:29:46 GMT
  Ubuntu Security Notice 6122-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service.
• Debian Security Advisory 5416-1 Wed, 31 May 2023 16:29:12 GMT
  Debian Linux Security Advisory 5416-1 - It was discovered that there was a potential buffer overflow and denial of service vulnerability in the gdhcp client implementation of connman, a command-line network manager designed for use on embedded devices.
• Ubuntu Security Notice USN-6121-1 Tue, 30 May 2023 17:08:01 GMT
  Ubuntu Security Notice 6121-1 - It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this cause a denial of service or expose sensitive information. It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
• Ubuntu Security Notice USN-6120-1 Tue, 30 May 2023 17:07:45 GMT
  Ubuntu Security Notice 6120-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.
• Ubuntu Security Notice USN-6119-1 Tue, 30 May 2023 17:07:30 GMT
  Ubuntu Security Notice 6119-1 - Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS cipher decryption on 64-bit ARM platforms. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.
• Ubuntu Security Notice USN-6111-1 Tue, 30 May 2023 17:07:15 GMT
  Ubuntu Security Notice 6111-1 - It was discovered that Flask incorrectly handled certain data responses. An attacker could possibly use this issue to expose sensitive information.
• Widevine Trustlet 5.x / 6.x / 7.x PRDiagParseAndStoreData Buffer Overflow Tue, 30 May 2023 16:49:13 GMT
  Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagParseAndStoreData at 0x5cc8.
• Widevine Trustlet 5.x / 6.x / 7.x PRDiagVerifyProvisioning Buffer Overflow Tue, 30 May 2023 16:47:13 GMT
  Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagVerifyProvisioning at 0x5f90.
• Widevine Trustlet 5.x drm_verify_keys Buffer Overflow Tue, 30 May 2023 16:45:25 GMT
  Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x7370.
• Widevine Trustlet 5.x drm_verify_keys Buffer Overflow Tue, 30 May 2023 16:43:45 GMT
  Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x730c.