News

• Aloria, Who Made Us All Laugh For Years With Infosec Reactions, Passes Away At 41
• ChatGPT Bug Leaked Users' Conversation Histories
• B-List Celebs Including Lindsay Lohan Fined After Crypto Shill Probe
• Threat Actor Attempted Email Compromise Attack For $36 Million
• CISA, NSA Push Identity And Access Management Framework
• Bogus ChatGPT Extension Steals Facebook Cookies
• Report: Wartime Hacking Is Spilling Into The Financial Sector
• Now Patched Outlook Zero Day Gains PoC And Growing Concerns
• Xi, Putin, Declare Intent To Rule The World Of AI, Infosec
• Unknown Actors Deploy Malware To Steal Data In Occupied Regions Of Ukraine
• Hackers Drain Bitcoin ATMs Of $1.5 Million By Exploiting 0-Day Bug
• German Political Parties Accused Of Microtargeting Voters On Facebook
• Ferrari In A Spin As Crims Steal A Car-Load Of Customer Data
• What Is The Microsoft Print Spooler Vulnerability?
• Nation-State Threat Actors Exploited Zero Days The Most In 2022
• Ex-Meta Security Staffer Accuses Greece Of Spying On Her Phone
• Fighting VPN Criminalization Should Be Big Tech's Top Priority
• Go-Based HinataBot Latest Botnet To Focus On DDoS Attacks
• Chinese Warships Seem To Be Messing With Passenger Planes
• Inside The DEA Tool Hackers Allegedly Used To Extort Targets
• The FBI Warns SIM Swapping Attacks Are Rising. What's That?
• US Authorities Arrest Alleged BreachForums Owner And FBI Hacker Pompompurin
• Federal Agency Leaves Flaw Unpatched For 4 Years And Gets Hacked
• 18 Zero-Day Flaws Impact Samsung Android Handsets, Wearables And Telematics
• Health Leaders Push Feds For Cybersecurity Requirements

• Know Your Needs: Get Packing for Your Cybersecurity Roadmap Mon, 20 Mar 2023 08:20:00 -0400
  Every roadmap needs a starting point. With a cybersecurity roadmap, the best place to start is for you to know your needs.

Looking Glass Cyber

Malware Patrol

• InfoSec Articles (02/28/2023 – 03/15/2023)
• InfoSec Articles (02/14/2023 – 02/28/2023)

SecList

• Developing an incident response playbook
  Incident response playbooks help optimize the SOC processes, and are a major step forward to SOC maturity, but can be challenging for a company to develop. In this article, I want to share some insights on how to create the (almost) perfect playbook.

securingtomorrow.mcafee.com

Quick Heal

• Expiro: Old Virus Poses a New Challenge
• Your Office Document is at Risk – XLL, A New Attack Vector
• Cryptojacking on the Rise
• UAC Bypass Using CMSTP
• Uncovering LockBit Black’s Attack Chain and Anti-Forensic Activity
• AsyncRAT Analysis with ChatGPT
• Quick Heal Supports Windows 10 Version 22H2
• Protect yourself from Vishing Attack!!
• Proactive Measures to Safeguard against the Ransomware Menace
• Your Data and Devices are safe with Quick Heal

Threat Post

• Student Loan Breach Exposes 2.5M Records
• Watering Hole Attacks Push ScanBox Keylogger
• Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
• Ransomware Attacks are on the Rise
• Cybercriminals Are Selling Access to Chinese Surveillance Cameras
• Twitter Whistleblower Complaint: The TL;DR Version
• Firewall Bug Under Active Attack Triggers CISA Warning
• Fake Reservation Links Prey on Weary Travelers
• iPhone Users Urged to Update to Patch 2 Zero-Days
• Google Patches Chrome’s Fifth Zero-Day of the Year

Naked Security

• S3 Ep127: When you chop someone out of a photo, but there they are anyway…
• Windows 11 also vulnerable to “aCropalypse” image data leakage
• Google Pixel phones had a serious data leakage bug – here’s what to do!
• Bitcoin ATM customers hacked by video upload that was actually an app
• Dangerous Android phone 0-day bugs revealed – patch or work around them now!
• S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
• Microsoft fixes two 0-days on Patch Tuesday – update now!
• Firefox 111 patches 11 holes, but not 1 zero-day among them…
• Linux gets double-quick double-update to fix kernel Oops!
• SHEIN shopping app goes rogue, grabs price and URL data from your clipboard

Security Affairs

• A million at risk from user data leak at Korean beauty platform PowderRoom
• Experts published PoC exploit code for Veeam Backup & Replication bug
• Cisco fixed multiple severe vulnerabilities in its IOS and IOS XE software
• Nexus, an emerging Android banking Trojan targets 450 financial apps
• Dole discloses data breach after February ransomware attack
• Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked
• Lionsgate streaming platform with 37m subscribers leaks user data
• Rogue ChatGPT extension FakeGPT hijacked Facebook accounts
• Experts released PoC exploits for severe flaws in Netgear Orbi routers
• ENISA: Ransomware became a prominent threat against the transport sector in 2022

Security Awareness Tips of the week

Exploits

• Monitorr 1.7.6m / 1.7.7d Remote Code Execution
• WordPress Watu Quiz 3.3.9 / GN Publisher 1.5.5 / Japanized For WooComerce 2.5.4 XSS
• Zyxel Unauthenticated LAN Remote Code Execution
• MyBB Export User 2.0 Cross Site Scripting
• Python CGI Documentation Cross Site Scripting
• MyBB External Redirect Warning 1.3 Cross Site Scripting
• MyBB Active Threads 1.3.0 Cross Site Scripting
• 101+ News Portal 1.0 SQL Injection
• Shannon Baseband NrSmPcoCodec Intra-Object Overflow
• Music Gallery Site 1.0 Cross Site Scripting
• Medicine Tracker System 1.0 Cross Site Scripting
• Yoga Class Registration System 1.0 Cross Site Scripting
• Online Pizza Ordering System 1.0 SQL Injection
• Human Resources Management System 1.0 SQL Injection
• Yoga Class Registration 1.0 SQL Injection
• Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure
• Open Web Analytics 1.7.3 Remote Code Execution
• Shannon Baseband NrmmMsgCodec Intra-Object Overflow
• Riello UPS Restricted Shell Bypass
• Shannon Baseband NrmmMsgCodec Access Category Definitions Heap Buffer Overflow
• Shannon Baseband NrmmMsgCodec Extended Emergency Number List Heap Buffer Overflow
• Shannon Baseband NrmmMsgCodec Emergency Number List Heap Buffer Overflow
• Microsoft Outlook CVE-2023-23397 Proof Of Concept
• Bitbucket Environment Variable Remote Command Injection
• Microsoft SQL Server 2014 / 2016 / 2017 / 2019 / 2022 Audit Logging Failure

• [webapps] Bitbucket v7.0.0 - RCE
• [webapps] wkhtmltopdf 0.12.6 - Server Side Request Forgery
• [webapps] WorkOrder CMS 0.1.0 - SQL Injection
• [webapps] MAN-EAM-0003 V3.2.4 - XXE
• [webapps] Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities
• [webapps] Linksys AX3200 V1.1.00 - Command Injection
• [dos] SoX 14.4.2 - Denial Of Service
• [webapps] VIAVIWEB Wallpaper Admin 1.0 - Multiple Vulnerabilities
• [webapps] pfBlockerNG 2.1.4_26 - Remote Code Execution (RCE)
• [remote] SmartRG Router SR510n 2.6.13 - Remote Code Execution
• [webapps] CVAT 2.0 - Server Side Request Forgery
• [local] IOTransfer V4 - Unquoted Service Path
• [remote] AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
• [remote] MSNSwitch Firmware MNT.2408 - Remote Code Execution
• [webapps] Open Web Analytics 1.7.3 - Remote Code Execution
• [webapps] Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated)
• [webapps] Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi
• [webapps] Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)
• [webapps] Aero CMS v0.0.1 - SQLi
• [webapps] Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS)
• [webapps] Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)
• [remote] Teleport v10.1.1 - Remote Code Execution (RCE)
• [webapps] Feehi CMS 2.1.1 - Remote Code Execution (Authenticated)
• [webapps] TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)
• [remote] WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)
• [remote] Wifi HD Wireless Disk Drive 11 - Local File Inclusion
• [local] Blink1Control2 2.2.7 - Weak Password Encryption
• [webapps] Bookwyrm v0.4.3 - Authentication Bypass
• [webapps] Buffalo TeraStation Network Attached Storage (NAS) 1.66 - Authentication Bypass
• [remote] Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)
• [remote] Mobile Mouse 3.6.0.4 - Remote Code Execution (RCE)
• [webapps] Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)
• [webapps] WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)
• [webapps] WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting (XSS)
• [webapps] Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass
• [remote] PAN-OS 10.0 - Remote Code Execution (RCE) (Authenticated)
• [webapps] ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting (XSS)
• [webapps] ThingsBoard 3.3.1 'name' - Stored Cross-Site Scripting (XSS)
• [webapps] Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS)
• [webapps] Prestashop blockwishlist module 2.1.0 - SQLi
• [remote] uftpd 2.10 - Directory Traversal (Authenticated)
• [remote] Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)
• [webapps] Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
• [webapps] NanoCMS v0.4 - Remote Code Execution (RCE) (Authenticated)
• [remote] Omnia MPX 1.5.0+r1 - Path Traversal
• [webapps] mPDF 7.0 - Local File Inclusion

Last 20 Website Defacements - Zone-h

• https://contratistas.homo.gov.co/lol.htm
• https://gsi.homo.gov.co/lol.html
• https://capacitacion.homo.gov.co/lol.htm
• https://riesgos.homo.gov.co/lol.htm
• https://segpcte.homo.gov.co/lol.htm
• https://certificados.homo.gov.co/lol.htm
• https://saia.homo.gov.co/lol.htm
• https://tallerestic.valledelcauca.gov.co/lol.htm
• https://intranet.homo.gov.co/lol.htm
• http://ice-projectone.att.com
• https://wf-projectone.att.com
• https://www.comune.nocera-inferiore.sa.it/hi.html
• https://www.salik.rta.ae/iran.html
• https://dulich.hongphong.gov.vn
• https://chamuchalong.hongphong.gov.vn
• https://cakholangvudai.hongphong.gov.vn
• https://banhgaininhgiang.hongphong.gov.vn
• https://banhdauxanhhaiduong.hongphong.gov.vn
• https://amthuc.hongphong.gov.vn
• http://mot.gov.lb/026.txt

Advisories

Symantec Packet Stoem Security

• Ubuntu Security Notice USN-5966-1 Thu, 23 Mar 2023 14:30:37 GMT
  Ubuntu Security Notice 5966-1 - Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. Maher Azzouzi discovered a privilege escalation vulnerability in the rundump binary within amanda. rundump is a suid binary owned by root that did not perform adequate sanitization of environment variables or commandline options and could possibly be used by a malicious local attacker to escalate privileges.
• Ubuntu Security Notice USN-5942-2 Thu, 23 Mar 2023 14:30:07 GMT
  Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
• Ubuntu Security Notice USN-5967-1 Thu, 23 Mar 2023 14:28:29 GMT
  Ubuntu Security Notice 5967-1 - It was discovered that the set method in object-path could be corrupted as a result of prototype pollution by sending a message to the parent process. An attacker could use this issue to cause object-path to crash.
• Ubuntu Security Notice USN-5968-1 Wed, 22 Mar 2023 15:50:42 GMT
  Ubuntu Security Notice 5968-1 - It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a maliciously crafted remote URL, an attacker could possibly use this issue to execute arbitrary commands on the host.
• Ubuntu Security Notice USN-5904-2 Tue, 21 Mar 2023 17:41:43 GMT
  Ubuntu Security Notice 5904-2 - USN-5904-1 fixed vulnerabilities in SoX. It was discovered that the fix for CVE-2021-33844 was incomplete. This update fixes the problem. Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS.
• Ubuntu Security Notice USN-5965-1 Tue, 21 Mar 2023 17:41:24 GMT
  Ubuntu Security Notice 5965-1 - It was discovered that TigerVNC mishandled TLS certificate exceptions. An attacker could use this vulnerability to impersonate any server after a client had added an exception and obtain sensitive information.
• Ubuntu Security Notice USN-5806-3 Tue, 21 Mar 2023 17:41:16 GMT
  Ubuntu Security Notice 5806-3 - USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 20.04 LTS. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.
• Debian Security Advisory 5376-1 Tue, 21 Mar 2023 17:41:11 GMT
  Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.
• Red Hat Security Advisory 2023-1337-01 Tue, 21 Mar 2023 17:41:05 GMT
  Red Hat Security Advisory 2023-1337-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR.
• Red Hat Security Advisory 2023-1332-01 Tue, 21 Mar 2023 17:40:57 GMT
  Red Hat Security Advisory 2023-1332-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
• Red Hat Security Advisory 2023-1333-01 Tue, 21 Mar 2023 17:36:35 GMT
  Red Hat Security Advisory 2023-1333-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR.
• Red Hat Security Advisory 2023-1335-01 Tue, 21 Mar 2023 17:36:22 GMT
  Red Hat Security Advisory 2023-1335-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
• CentOS Stream 9 Missing Kernel Security Fixes Tue, 21 Mar 2023 17:34:34 GMT
  The kernel tree of CentOS Stream 9 suffers from multiple use-after-free conditions that were already patched in upstream stable trees.
• Red Hat Security Advisory 2023-1336-01 Tue, 21 Mar 2023 17:32:15 GMT
  Red Hat Security Advisory 2023-1336-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR.
• Ubuntu Security Notice USN-5964-1 Tue, 21 Mar 2023 17:30:09 GMT
  Ubuntu Security Notice 5964-1 - Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to the server as provided, contrary to expectations. Harry Sintonen discovered that curl incorrectly handled special tilde characters when used with SFTP paths. A remote attacker could possibly use this issue to circumvent filtering.
• Ubuntu Security Notice USN-5963-1 Tue, 21 Mar 2023 17:29:33 GMT
  Ubuntu Security Notice 5963-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10.
• Ubuntu Security Notice USN-5960-1 Mon, 20 Mar 2023 13:23:14 GMT
  Ubuntu Security Notice 5960-1 - Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters.
• Red Hat Security Advisory 2023-1303-01 Mon, 20 Mar 2023 13:22:19 GMT
  Red Hat Security Advisory 2023-1303-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 7.3.10 replaces Data Grid 7.3.9 and includes security fixes. Issues addressed include code execution and deserialization vulnerabilities.
• Red Hat Security Advisory 2023-1286-01 Mon, 20 Mar 2023 13:12:45 GMT
  Red Hat Security Advisory 2023-1286-01 - Migration Toolkit for Runtimes 1.0.2 Images. Issues addressed include denial of service, privilege escalation, and server-side request forgery vulnerabilities.
• Red Hat Security Advisory 2023-1154-01 Mon, 20 Mar 2023 13:09:53 GMT
  Red Hat Security Advisory 2023-1154-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.54.
• Red Hat Security Advisory 2023-1285-01 Mon, 20 Mar 2023 13:09:33 GMT
  Red Hat Security Advisory 2023-1285-01 - Migration Toolkit for Runtimes 1.0.2 ZIP artifacts. Issues addressed include privilege escalation, server-side request forgery, and traversal vulnerabilities.
• Debian Security Advisory 5356-2 Fri, 17 Mar 2023 14:07:51 GMT
  Debian Linux Security Advisory 5356-2 - One of the security fixes released as DSA 5356 introduced a regression in the processing of specific WAV files. Updated sox packages are available to correct this issue.
• Ubuntu Security Notice USN-5959-1 Fri, 17 Mar 2023 14:05:43 GMT
  Ubuntu Security Notice 5959-1 - It was discovered that Kerberos incorrectly handled memory when processing KDC data, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or have other unspecified impacts.
• Ubuntu Security Notice USN-5962-1 Fri, 17 Mar 2023 14:02:32 GMT
  Ubuntu Security Notice 5962-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
• Debian Security Advisory 5375-1 Fri, 17 Mar 2023 13:56:35 GMT
  Debian Linux Security Advisory 5375-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing.