Displaying items by tag: Vulnerabilities
Another Bug Found in Android, This One Actively Exploited
in the wild. The patch for this bug is one of 37 that are part of the monthly security release which covers multiple components in the popular mobile OS. This comes at a time when mobile banking malware is on the rise and there are also concerns around threat groups targeting phones to compromise them for use in MFA request responses.
Cloud Services Suffer the Same Issue as On Prem Services, they just Hide it Better
It Cloud services are exceptionally popular as a cost effective and simple method to maintain common operational needs. Everything from email to fully fledged infrastructures can be maintained in the “cloud”. All of these can be accomplished at lower overall cost than trying to maintain the same systems on prem. By shifting the general operation, maintenance and even security to the cloud service provider organizations get to reduce their total ownership cost including reducing the number of skilled employees they need to keep on staff. This reduction in the total cost of ownership and maintenance is a huge item when you are trying to ensure profitability.
More Flaws Found in NPM Allowing Attackers to Attach Malicious Packages to Known Good Devs.
A new flaw has been identified in the Node.js package manager, NPM. The flaw is being described as a logical flaw, but in reading over the data it seems more like a permissions flaw. The good news is that as of April 26, the flaw has been addressed by NPM, the bad is that it was in play until then. According to the researchers that discovered it, the flaw related to the way you can attach other accounts to an uploaded package.
Amazon’s Awkward Moment as Log4J Fix has an Escalation and Escape Bug
It seems that Amazon’s hotfix for Log4Shell in their AWS environment might have been a bit rushed. According to a review of the hot there are a total of four CVEs specifically related to the hotfix and how it functions. CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, and CVE-2022-0071 have a CVSS score of 8.8 and allow for privilege escalation and container escape. It is not often that a fix for one bad bug contains a potentially worse one, but here we are.
Google Releases 2nd Patch Now Advisory of 2022 as New Actively Exploited Zero-Day Shows Up.
Google pushed out a n Out-of-band patch for Chrome due to a high-severity on Friday (March 25th, 2022). The patch was pushed out quickly as the vulnerability, tracked as CVE-2022-1096 is being actively exploited in the wild. CVE-2022-1096 is a type confusion vulnerability that exists in the JavaScript Engine used by Chrome and was reported to Google by an Anonymous researcher last week.
MFA Flaw used by State Threat Actors to Move Around your Network
Multi-Factor Authentication is often seen as an answer to account compromise, or at least a partial answer to this issue. The problem is that MFA is that while it can help with account compromise, it is certainly not the end all of account protection and, like any other software control, it is potentially vulnerable to coding mistakes and other flaws that attackers can leverage. According to a recent FBI report state-backed attackers have found a way to abuse certain default configurations to register their own devices.
New Report Shows WordPress Sites leave 30% of Critical Vulnerabilities Unpatched.
16 New Vulnerabilities Found in HP UEFI Firmware Implementations by Binarly
The Security Group Binarly has disclosed 16 high-severity vulnerabilities in different implementations of UEFI firmware in HP Enterprise devices. The list of affected devices includes Laptops, Desktops, POS (point-of-sale) and edge computing nodes. The vulnerabilities range in severity from 7.5 to 8.8 putting them square in the high-severity range. The discovery also may affect additional manufacturers via a reference code match that has led to AMD’s firmware driver (AgesaSmmSaveMemoryConfig). This AMD reference code means that some vulnerabilities may exist across the entire computing ecosystem.
Another Linux Kernel Bug Found that can allow an Unauthenticated user Root Privileges
Linux, often thought of as a more secure alternative to Microsoft, has not had an easy year. We have seen vulnerabilities that affect the iSCSI subsystem, the Extended Berkeley Packet Filter, the Polkit pkexec component bug and now two Kernel bugs. The latest one, dubbed “dirty pipe” It is a method that could allow a “local” user to overwrite read-only files including SUID flies.
Supply Chain Vulnerabilities Found in 150 Devices Spanning Multiple Industries Dubbed Access 7
Supply chain attacks are always a concern when it comes to device manufacture and distribution. If an attacker can compromise a part of the supply or management chain, they can affect a large part of the market with relatively minimal effort. The SolarWinds supply chain attack is a perfect example of this type of attack that successfully compromised multiple businesses with only one real “attack”. Now security researchers have disclosed a new group of vulnerabilities in PTC’s Axeda software that allow them to attack the devices after distribution.