Malware Devil

Monday, February 8, 2021

Extortionists Publish Data Stolen from Two Healthcare Service Providers

An attacker group published information stolen from two healthcare service providers in a reported attempt to extort them for money. On February 5, NBC News reported that a well-known ransomware group had published tens of thousands of files to a data leaks website on the dark web. Among those files were scanned diagnostic results, letters to health insurers and a folder containing background checks on employees.

The post Extortionists Publish Data Stolen from Two Healthcare Service Providers appeared first on Security Boulevard.

The post Extortionists Publish Data Stolen from Two Healthcare Service Providers appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/extortionists-publish-data-stolen-from-two-healthcare-service-providers/?utm_source=rss&utm_medium=rss&utm_campaign=extortionists-publish-data-stolen-from-two-healthcare-service-providers

Coalition Against Stalkerware | Avast

When it comes to combating domestic abuse, it takes a village. And in the case of people who utilize software to covertly monitor their spouse, partner, or child’s digital device without their knowledge, that village is the Coalition Against Stalkerware, which Avast officially joined earlier this year.

The post Coalition Against Stalkerware | Avast appeared first on Security Boulevard.

The post Coalition Against Stalkerware | Avast appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/coalition-against-stalkerware-avast/?utm_source=rss&utm_medium=rss&utm_campaign=coalition-against-stalkerware-avast

XKCD ‘Tower Of Babel’

via the comic delivery system monikered Randall Munroe resident at XKCD ! — **via** the comic delivery system monikered **Randall Munroe** resident at **XKCD**!

Permalink

The post XKCD ‘Tower Of Babel’ appeared first on Security Boulevard.

The post XKCD ‘Tower Of Babel’ appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/xkcd-tower-of-babel/?utm_source=rss&utm_medium=rss&utm_campaign=xkcd-tower-of-babel

Detailed: Here’s How Iran Spies on Dissidents with the Help of Hackers

Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish natives.

Tracing the extensive espionage operations to two advanced Iranian cyber-groups Domestic Kitten (or APT-C-50) and Infy, cybersecurity firm Check Point revealed new and recent evidence of their ongoing activities that involve the use of a revamped malware toolset as well as tricking unwitting users into downloading malicious software under the guise of popular apps.

“Both groups have conducted long-running cyberattacks and intrusive surveillance campaigns which target both individuals’ mobile devices and personal computers,” Check Point researchers said in a new analysis. “The operators of these campaigns are clearly active, responsive and constantly seeking new attack vectors and techniques to ensure the longevity of their operations.”

Despite overlaps in the victims and the kind of information amassed, the two threat actors are considered to be independently operating from one another. But the “synergistic effect” created by using two different sets of attack vectors to strike the same targets cannot be overlooked, the researchers said.

Domestic Kitten Mimics a Tehran Restaurant App

Domestic Kitten, which has been active since 2016, has been known to target specific groups of individuals with malicious Android apps that collect sensitive information such as SMS messages, call logs, photos, videos, and location data on the device along with their voice recordings.

Spotting four active campaigns, the most recent of which began in November 2020 according to Check Point, the APT-C-50 actor has been found to leverage a wide variety of cover apps, counting VIPRE Mobile Security (a fake mobile security application), Exotic Flowers (a repackaged variant of a game available on Google Play), and Iranian Woman Ninja (a wallpaper app), to distribute a piece of malware called FurBall.

The latest November operation is no different, which takes advantage of a fake app for Mohsen Restaurant located in Tehran to achieve the same objective by luring victims into installing the app by multiple vectors — SMS messages with a link to download the malware, an Iranian blog that hosts the payload, and even shared via Telegram channels.

Prominent targets of the attack included 1,200 individuals located in Iran, the US, Great Britain, Pakistan, Afghanistan, Turkey, and Uzbekistan, the researchers said, with over 600 successful infections reported.

Once installed, FurBall grants itself wide permissions to execute the app every time automatically on device startup and proceeds to collect browser history, hardware information, files on the external SD card, and periodically exfiltrate videos, photos, and call records every 20 seconds.

It also monitors clipboard content, gains access to all notifications received by the device, and comes with capabilities to remotely execute commands issued from a command-and-control (C2) server to record audio, video, and phone calls.

Interestingly, FurBall appears to be based on a commercially available Spyware called KidLogger, implying the actors “either obtained the KidLogger source-code, or reverse-engineered a sample and stripped all extraneous parts, then added more capabilities.”

Infy Returns With New, Previously Unknown, Second-Stage Malware

First discovered in May 2016 by Palo Alto Networks, Infy’s (also called Prince of Persia) renewed activity in April 2020 marks a continuation of the group’s cyber operations that have targeted Iranian dissidents and diplomatic agencies across Europe for over a decade.

While their surveillance efforts took a beating in June 2016 following a takedown operation by Palo Alto Networks to sinkhole the group’s C2 infrastructure, Infy resurfaced in August 2017 with anti-takeover techniques alongside a new Windows info-stealer called Foudre.

The group is also suggested to have ties to the Telecommunication Company of Iran after researchers Claudio Guarnieri and Collin Anderson disclosed evidence in July 2016 that a subset of the C2 domains redirecting to the sinkhole was blocked by DNS tampering and HTTP filtering, thus preventing access to the sinkhole.

Then in 2018, Intezer Labs found a new version of the Foudre malware, called version 8, that also contained an “unknown binary” — now named Tonnerre by Check Point that’s used to expand on the capabilities of the former.

“It seems that following a long downtime, the Iranian cyber attackers were able to regroup, fix previous issues and dramatically reinforce their OPSEC activities as well as the technical proficiency and abilities of their tools,” the researchers said.

As many as three versions of Foudre (20-22) have been uncovered since April 2020, with the new variants downloading Tonnerre 11 as the next-stage payload.

The attack chain commences by sending phishing emails containing lure documents written in Persian, that when closed, runs a malicious macro that drops and executes the Foudre backdoor, which then connects to the C2 server to download the Tonnerre implant.

Besides executing commands from the C2 server, recording sounds, and capturing screenshots, what makes Tonnerre stand out is its use of two sets of C2 servers — one to receive commands and download updates using HTTP and a second server to which the stolen data is exfiltrated via FTP.

At 56MB, Tonnerre’s unusual size is also likely to work in its favor and evade detection as many vendors ignore large files during malware scans, the researchers noted.

However, unlike Domestic Kitten, only a few dozen victims were found to be targeted in this attack, including those from Iraq, Azerbaijan, the U.K., Russia, Romania, Germany, Canada, Turkey, the U.S., Netherlands, and Sweden.

“The operators of these Iranian cyber espionage campaigns seem to be completely unaffected by any counter-activities done by others, even though they were revealed and even stopped in the past — they simply don’t stop,” said Yaniv Balmas, head of cyber research at Check Point.

“These campaign operators simply learn from the past, modify their tactics, and go on to wait for a while for the storm to pass to only go at it again. Furthermore, it’s worthy to note the sheer amount of resources the Iranian regime is willing to spend on exerting their control.”

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

The post Detailed: Here’s How Iran Spies on Dissidents with the Help of Hackers appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/detailed-heres-how-iran-spies-on-dissidents-with-the-help-of-hackers/?utm_source=rss&utm_medium=rss&utm_campaign=detailed-heres-how-iran-spies-on-dissidents-with-the-help-of-hackers

Top 5 Bug Bounty Programs to Watch in 2021

While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the “Application Crowdtesting Services” category.

We have compiled the top 5 most promising bug bounty platforms for those of you who are looking to enhance your existing software testing arsenal with knowledge and expertise from international security researchers:

1. HackerOne

Being a unicorn backed by numerous reputable venture capitalists, HackerOne is probably the most well-known and recognized Bug Bounty brand in the world.

According to their most recent annual report, over 1,700 companies trust the HackerOne platform to augment their in-house application security testing capacities. The report likewise says that their security researchers earned approximately $40 million in bounties in 2019 alone and $82 million cumulatively.

HackerOne is also famous for hosting US government Bug Bounty programs, including the US Department of Defense and US Army vulnerability disclosure programs. Like some other commercial providers of Bug Bounties and Vulnerability Disclosure Programs (VDP), HackerOne now also offers penetration testing services stuffed with vetted security researchers from around the globe. HackerOne has a solid portfolio of security certifications, including ISO 27001 and FedRAMP authorization.

2. BugCrowd

Founded by cybersecurity expert Casey Ellis, BugCrowd is probably the most creative and inventive Bug Bounty platform. BugCrowd actively promotes not just the traditional crowd security testing services but also attack surface management and a broad spectrum of penetration testing services for IoT, API, and even network, staying ahead of their competitors on the rapidly growing crowd labor market.

BugCrowd also aptly advertises numerous Software Development Life Cycle (SDLC) integration capacities, making the DevSecOps workflow faster and easier for their wealthy clients.

BugCrowd is famous for hosting Bug Bounty programs for such industry giants as Amazon, VISA, and eBay, as well as the venerated (ISC)2 cybersecurity education association. Many beginners in the security research are well familiar with BugCrowd thanks to the BugCrowd University, ongoing security webinars, and training BugCrowd smartly organizes both for their customers and researchers.

3. OpenBugBounty

The skyrocketing OpenBugBounty project is the only non-for-profit vulnerability disclosure and Bug Bounty platform on our list. Its Alexa rank says OpenBugBounty is about to surpass most of its commercial competitors successfully.

With over 1,200 active Bug Bounty programs, OpenBugBounty also permits coordinated disclosure of security issues on any website if the issue was detected by non-intrusive means. Bug Bounty program creation is totally free, and the website owners are not required to make monetary payments to the researchers – but are encouraged at least to thank the researchers and provide a public recommendation for their efforts.

OpenBugBounty hosts Bug Bounty programs for such companies as A1 Telekom Austria and Drupal, with over 20,000 security researchers and almost 800,000 security vulnerabilities submitted so far. The platform says its policies and disclosure processes are based on ISO 29147 standard.

OpenBugBounty also cooperates with national CERTs and law enforcement agencies by providing them with a free API to the platform while keeping vulnerability details confidential unless a researcher discloses his or her findings to the public.

4. SynAck

Backed by many renowned VC funds, including Intel Capital and Kleiner Perkins, SynAck was named “CNBC Disruptor” company four times in a row, from 2015 to 2019. SynAck stands atop commercial Bug Bounty platforms, also named in Gartner’s Top 25 Enterprise Software Startups.

Founded by Jay Kaplan and Mark Kuhr, security visionaries and reputable veterans of the US national security agencies, SynAck offers an elite team of thoroughly vetted cybersecurity researchers known as “Red Team” (SRT). According to SynAck, the SRT group is composed of security experts with verified backgrounds and credible industry experience.

SynAck successfully positions itself as the leader in trusted crowd security testing services by performing comprehensive due diligence on their Red Team and recording all their activities for future analysis or review. Finally, SynAck has successfully developed partnerships and technology alliances with the industry leaders, including Microsoft, AWS, and HPE, demonstrating strong potential for further growth.

5. YesWeHack

YesWeHack is the rising star of our rating for 2021. The only European Bug Bounty and vulnerability disclosure company, YesWeHack efficiently attracts EU-based companies whose main concern is strict privacy and data protection. Recently, YesWeHack announced a record 250% growth during 2020 in Asia, demonstrating that European startups are capable of scaling globally.

Similar to BugCrowd, YesWeHack is well prepared to invest in its human capital. Last year, it launched a training program to help Bug Bounty hunters hone their hacking skills with the YesWeHack DOJO platform. It features introductory courses and training challenges focused on specific security vulnerabilities and playgrounds.

With DOJO, security researchers from all over the world can improve their software security testing skills. Finally, YesWeHack persuasively demonstrates its capacity to attract reputable European customers such as the French OVH conglomerate.

Bug Bounties have started their transformation from pure crowd security testing to all-in-one cybersecurity platforms, offering classic penetration testing and a myriad of other services. Today, it is difficult to predict how successful their offering will be against traditional MSSPs and cybersecurity vendors; however, Bug Bounties certainly created a new market niche with powerful potential.

While the open and free OpenBugBounty project brings maturity into the business, as the open-sourced Linux did against Microsoft decades ago, later giving birth to a multi-billion Red Hat business.

This is an indicator that the Bug Bounty market is becoming bigger and more competitive while the newcomers are still joining the game. We may probably expect even more Venture Capital and M&A deals fostering further expansion of the crowd security market.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

The post Top 5 Bug Bounty Programs to Watch in 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/top-5-bug-bounty-programs-to-watch-in-2021/?utm_source=rss&utm_medium=rss&utm_campaign=top-5-bug-bounty-programs-to-watch-in-2021

Last Kind Words

…as recorded in 1930 by Geeshie “phantom genius” Wiley (born Lillie May Wiley) If I die, If I die, in the German war I want you to send my body, send it to my mother, lord If I get killed, If I get killed, please don’t bury my soul I p’fer just leave me out, … Continue reading Last Kind Words →

The post Last Kind Words appeared first on Security Boulevard.

The post Last Kind Words appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/last-kind-words/?utm_source=rss&utm_medium=rss&utm_campaign=last-kind-words

Safer Internet Day: The Future is Digital, Let’s Keep it Safe!

A day when the world comes together with one vision: Making online experiences better and safer for everyone! The internetContinue reading

The post Safer Internet Day: The Future is Digital, Let’s Keep it Safe! appeared first on Kratikal Blog.

The post Safer Internet Day: The Future is Digital, Let’s Keep it Safe! appeared first on Security Boulevard.

The post Safer Internet Day: The Future is Digital, Let’s Keep it Safe! appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/safer-internet-day-the-future-is-digital-lets-keep-it-safe/?utm_source=rss&utm_medium=rss&utm_campaign=safer-internet-day-the-future-is-digital-lets-keep-it-safe

Top 50 Application Security Pros to Follow on Twitter

If you are like many in our online connected world, you get some of your news from Twitter, both personally and professionally. For those that are security professionals, that have been looking to enhance your twitter feed with additional application security news, TechBeacon has a new list of the Top 50 Application Security Pros to Follow on Twitter.

The post Top 50 Application Security Pros to Follow on Twitter appeared first on K2io.

The post Top 50 Application Security Pros to Follow on Twitter appeared first on Security Boulevard.

The post Top 50 Application Security Pros to Follow on Twitter appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/top-50-application-security-pros-to-follow-on-twitter/?utm_source=rss&utm_medium=rss&utm_campaign=top-50-application-security-pros-to-follow-on-twitter

3 Critical Data Security Strategies for 2021

Users create content on a daily basis. Much of this content has no long-term value and is not business-critical; however, a small percentage is key to running operations. Some of it contains sensitive client information. Some of it contains intellectual property. If this data goes missing or falls into the wrong hands due to a..

The post 3 Critical Data Security Strategies for 2021 appeared first on Security Boulevard.

The post 3 Critical Data Security Strategies for 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/3-critical-data-security-strategies-for-2021/?utm_source=rss&utm_medium=rss&utm_campaign=3-critical-data-security-strategies-for-2021

Cybersecurity 2021: Asking the Right Question

“The Hitchhiker’s Guide to the Galaxy,” by Douglas Adams, could actually be a guide to cybersecurity if read in a different context. The crux of the problem in present-day cybersecurity practice is summed up in this exchange from the book: After seven and a half million years of computing, “The answer to the Great Question of..

The post Cybersecurity 2021: Asking the Right Question appeared first on Security Boulevard.

The post Cybersecurity 2021: Asking the Right Question appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/cybersecurity-2021-asking-the-right-question/?utm_source=rss&utm_medium=rss&utm_campaign=cybersecurity-2021-asking-the-right-question

Dangerous Social Media Algorithms, A Moral Imperative for AI Powered Weapons?

In episode 159: Will algorithms be the death of social media and why the US government thinks it has a moral imperative to build AI powered weapons. ** Links mentioned on the show ** US has ‘moral imperative’ to develop AI weapons, says panel https://www.theguardian.com/science/2021/jan/26/us-has-moral-imperative-to-develop-ai-weapons-says-panel Apple CEO sounds warning of algorithms pushing society towards catastrophe […]

The post Dangerous Social Media Algorithms, A Moral Imperative for AI Powered Weapons? appeared first on The Shared Security Show.

The post Dangerous Social Media Algorithms, A Moral Imperative for AI Powered Weapons? appeared first on Security Boulevard.

The post Dangerous Social Media Algorithms, A Moral Imperative for AI Powered Weapons? appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/dangerous-social-media-algorithms-a-moral-imperative-for-ai-powered-weapons/?utm_source=rss&utm_medium=rss&utm_campaign=dangerous-social-media-algorithms-a-moral-imperative-for-ai-powered-weapons

White Hat, Black Hat, and Grey Hat Hackers: What Do They Do, and What Is the Difference Between Them?

Picture this: a young person is in a dark room. The only thing visible is their figure, as it is just barely lit by the blinding LEDs of their computer screen. They type furiously on an ergonomic keyboard as thousands of lines of neon green monospace text fly across the screen. Click-clack-click-clack-click-clack. The moving text […]… Read More

The post White Hat, Black Hat, and Grey Hat Hackers: What Do They Do, and What Is the Difference Between Them? appeared first on The State of Security.

The post White Hat, Black Hat, and Grey Hat Hackers: What Do They Do, and What Is the Difference Between Them? appeared first on Security Boulevard.

The post White Hat, Black Hat, and Grey Hat Hackers: What Do They Do, and What Is the Difference Between Them? appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/white-hat-black-hat-and-grey-hat-hackers-what-do-they-do-and-what-is-the-difference-between-them/?utm_source=rss&utm_medium=rss&utm_campaign=white-hat-black-hat-and-grey-hat-hackers-what-do-they-do-and-what-is-the-difference-between-them

Security Alert: [Updated] Alert Regarding Vulnerability in SonicWall SMA 100 Series (CVE-2021-20016)

JPCERT-AT-2021-0006
JPCERT/CC
2021-02-04(Initial)
2021-02-08(Update)

I. Overview

On February 3, 2021 (Local Time), SonicWall has released information regarding a vulnerability (CVE-2021-20016) in its SMA 100 series.A remote attacker leveraging this vulnerability may gain admin credential access. For more information on the vulnerability, please refer to the information provided by SonicWall.

SonicWall
Confirmed Zero-day vulnerability in the SonicWall SMA100 build version 10.x
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001

On January 22, 2021, the company announced that it had identified a coordinated attack exploiting probable zero-day vulnerabilities, and other information of vulnerability being exploited has been reported.Attackers may exploit the vulnerability and then perform further attacks once getting into victim network, which may lead to further damage.

Users of the products that are affected by this vulnerability are recommended to check the information and take measures such as applying countermeasures or workarounds as soon as possible.

II. Affected Products

Affected products and versions are as follows:

The following SMA 100 series products running on firmware version 10.x
– SMA 200
– SMA 210
– SMA 400
– SMA 410
– SMA 500v

According to SonicWall, firmware versions prior to 10.x are not affected by this vulnerability.

III. Solution

SonicWall has released the version that addresses this vulnerability.Please update to the version by referring to the information provided by SonicWall.

– 10.2.0.5-d-29sv

According to SonicWall, SMA 500v base image for Hyper-V, ESXi, Azure,AWS will be available shortly. Also, vulnerable virtual SMA 100 series 10.x images have been pulled from AWS and Azure marketplaces and updated images will be re-submitted as soon as possible.

Also, due to the potential credential exposure, users are also recommended to apply the following measures as well as updating the version:

– Reset the passwords for any users who may have logged in to the device via the web interface.
– Enable multifactor authentication (MFA) as a safety measure.

IV. Workarounds

Enabling MFA (multi-factor authentication) and resetting passwords as described above are listed as workarounds.

In addition, SonicWall says enabling the built-in Web Application Firewall (WAF) function can also mitigate the vulnerability. According to SonicWall, 60 complimentary days of WAF enablement are added to all registered SMA 100 series devices with 10.x code to enable this mitigation technique.

SonicWall
How to Configure Web Application Firewall (WAF) on the SMA 100 Series?
https://www.sonicwall.com/support/knowledge-base/210202202221923/

V. Investigation for compromise

On January 31, 2021 (local time), Rich Warren, who belongs to the NCC Group which had discovered this vulnerability, released IOC information to help with compromise investigation.

1. Authentication bypass for access to the management interface

Look for the access log for a request to ‘/cgi-bin/management’ that do not have a preliminary successful request to ‘/__api__/v1/logon’ or’/__api__/v1/logon/<id>/authenticate’. If these requests do exist, then it could indicate an authentication bypass to the management interface.

2. Authentication bypass for access to the user interface

Look for the access log for requests to ‘/cgi-bin/sslvpnclient’ or’/cgi-bin/portal’ that do not have a preliminary successful request to’/cgi-bin/userLogin’, ‘/__api__/v1/login’, or’/__api__/v1/logon/<id>/authenticate’. If such requests do exist,then it could indicate a user-level authentication bypass.

Rich Warren@buffaloverflow
https://twitter.com/buffaloverflow/status/1355874671347044354
https://twitter.com/buffaloverflow/status/1355876985726242819

Bleeping Computer
SonicWall fixes actively exploited SMA 100 zero-day vulnerability
https://www.bleepingcomputer.com/news/security/sonicwall-fixes-actively-exploited-sma-100-zero-day-vulnerability/

VI. References

SonicWall
SonicWall Publishes Critical Patch for SMA 100 Series 10.X Zero-Day Vulnerability
https://www.sonicwall.com/blog/2021/01/sonicwall-identifies-coordinated-attack-on-netextender-vpn-client-version-10-and-sma-100-series/

SonicWall
Urgent Patch Available for SMA 100 Series 10.x Firmware Zero-Day Vulnerability [Updated Feb. 3, 2 P.M. CST]
https://www.sonicwall.com/support/product-notification/urgent-security-notice-probable-sma-100-series-vulnerability-updated-jan-25-2021/210122173415410/

SonicWall
SonicWall SMA 100 Series Security Best Practice Guide
https://www.sonicwall.com/techdocs/pdf/SMA-100-Series-Security-Best-Practices-Guide.pdf

If you have any information regarding this alert, please contact JPCERT/CC.

2021-02-04 First edition
2021-02-08 Added “V. Investigation for compromise”

JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/

The post Security Alert: [Updated] Alert Regarding Vulnerability in SonicWall SMA 100 Series (CVE-2021-20016) appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/security-alert-updated-alert-regarding-vulnerability-in-sonicwall-sma-100-series-cve-2021-20016/?utm_source=rss&utm_medium=rss&utm_campaign=security-alert-updated-alert-regarding-vulnerability-in-sonicwall-sma-100-series-cve-2021-20016

ISC Stormcast For Monday, February 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7362, (Mon, Feb 8th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post ISC Stormcast For Monday, February 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7362, (Mon, Feb 8th) appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/isc-stormcast-for-monday-february-8th-2021-https-isc-sans-edu-podcastdetail-htmlid7362-mon-feb-8th/?utm_source=rss&utm_medium=rss&utm_campaign=isc-stormcast-for-monday-february-8th-2021-https-isc-sans-edu-podcastdetail-htmlid7362-mon-feb-8th

ESB-2021.0427 – [Appliance] Baseboard Management Controller: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0427
       HPE Apollo 70 System's Baseboard Management Controller (BMC)
               firmware have multiple local vulnerabilities
                              8 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Baseboard Management Controller
Publisher:         Hewlett-Packard
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
                   Access Confidential Data        -- Existing Account
                   Reduced Security                -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-26577 CVE-2021-26576 CVE-2021-26575
                   CVE-2021-26574 CVE-2021-26573 CVE-2021-26572
                   CVE-2021-26571 CVE-2021-26570 CVE-2021-25172
                   CVE-2021-25171 CVE-2021-25170 CVE-2021-25169
                   CVE-2021-25168 CVE-2021-25142 

Original Bulletin: 
   https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04080en_us

- --------------------------BEGIN INCLUDED TEXT--------------------

SECURITY BULLETIN

Document ID: hpesbhf04080en_us

Version: 1
HPESBHF04080 rev.1 - HPE Apollo 70 System's Baseboard Management Controller (BMC) firmware have multiple local vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2021-02-03

Last Updated: 2021-02-04

Potential Security Impact: Local: Denial of Service (DoS), Directory Traversal, Buffer Overflow

Source: Hewlett Packard Enterprise, HPE Product Security Response Team
VULNERABILITY SUMMARY

Multiple potential security vulnerabilities have been identified in HPE Apollo 70 System BMC Firmware. The vulnerabilities impact the BMC firmware and could be exploited locally to allow denial of service, buffer overflow, and path traversal.
References:

    CVE-2021-25142 - HPE Apollo 70 System BMC firmware Libifc.so WebStartFlash function buffer overflow
    CVE-2021-25168 - HPE Apollo 70 System BMC firmware Libifc.so WebUpdateComponent function buffer overflow
    CVE-2021-25169 - HPE Apollo 70 System BMC firmware Libifc.so WebSetServiceCfg function buffer overflow
    CVE-2021-25170 - HPE Apollo 70 System BMC firmware Libifc.so WebSetRemoteImageInfo function buffer overflow
    CVE-2021-25171 - HPE Apollo 70 System BMC firmware Libifc.so WebSetLicenseCfg function buffer overflow
    CVE-2021-25172 - HPE Apollo 70 System BMC firmware Libifc.so WebSetDefaultLangCfg function, command injection
    CVE-2021-26570 - HPE Apollo 70 System BMC firmware Libifc.so WEBIFC_SetADConfig function buffer overflow
    CVE-2021-26571 - HPE Apollo 70 System BMC firmware Libifc.so WebGetActiveXCFG function buffer overflow
    CVE-2021-26572 - HPE Apollo 70 System BMC firmware Libifc.so WebGetActiveXCFG function buffer overflow
    CVE-2021-26573 - HPE Apollo 70 System BMC firmware Libifc.so WebGenerateSSLCfg function buffer overflow
    CVE-2021-26574 - HPE Apollo 70 System BMC firmware Libifc.so WebDeleteVideoFile Function path traversal vulnerability
    CVE-2021-26575 - HPE Apollo 70 System BMC firmware Libifc.so WebDeleteSOLVideoFile fuction, path traversal
    CVE-2021-26576 - HPE Apollo 70 System BMC firmware Libifc.so uploadSSHKey function, command injection
    CVE-2021-26577 - HPE Apollo 70 System BMC firmware Libfc.so uploadSSHKey function buffer overflow

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HPE Apollo 70 System -Prior to Version 3.0.14.0
BACKGROUND
HPE calculates CVSS using CVSS Version 3.1. If the score is provided from NIST, we will display Version 2.0, 3.0, or 3.1 as provided from NVD.
Reference
        
V3 Vector
        
V3 Base Score
        
V2 Vector
        
V2 Base Score
CVE-2021-25142
        
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
7.8
        
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
        
6.8
CVE-2021-25168
        
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
7.8
        
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
        
6.8
CVE-2021-25169
        
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
7.8
        
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
        
6.8
CVE-2021-25170
        
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
7.8
        
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
        
6.8
CVE-2021-25171
        
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
7.8
        
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
        
6.8
CVE-2021-25172
        
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
7.8
        
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
        
6.8
CVE-2021-26570
        
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
7.8
        
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
        
6.8
CVE-2021-26571
        
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
7.8
        
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
        
6.8
CVE-2021-26572
        
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
7.8
        
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
        
6.8
CVE-2021-26573
        
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
7.8
        
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
        
6.8
CVE-2021-26574
        
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
7.8
        
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
        
6.8
CVE-2021-26575
        
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
7.8
        
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
        
6.8
CVE-2021-26576
        
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
7.8
        
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
        
6.8
CVE-2021-26577
        
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
7.8
        
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
        
6.8
Information on CVSS is documented in HPE Customer Notice: HPSN-2008-002

Hewlett Packard Enterprise acknowledges Ye Li and Zhuo Ma of Tencent Security Xuanwu Lab for reporting this issue to security-alert@hpe.com.
RESOLUTION

HPE has made the following software update and mitigation information to resolve the vulnerability in HPE Apollo 70 System's BMC firmware.

    The new HPE Apollo 70 System BMC firmware Version 3.0.14.0 can be obtained at

    HPE Support Center

HISTORY
Version:1 (rev.1) - 3 February 2021 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product:

    Web Form: https://www.hpe.com/info/report-security-vulnerability

    Email: security-alert@hpe.com

    Hewlett Packard Enterprise Product Security Response Policy: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00100637en_us

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

System management and security procedures must be reviewed frequently to maintain system integrity. HPE is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HPE is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HPE products the important security information contained in this Bulletin. HPE recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HPE does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HPE will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HPE disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Â©Copyright 2021 Hewlett Packard Enterprise Development LP
Hewlett Packard Enterprise Development shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HPE nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise Development and the names of Hewlett Packard Enterprise Development products referenced herein are trademarks of Hewlett Packard Enterprise Development in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYCCp9ONLKJtyKPYoAQiE9A/8D3Do4TVVNGA/sGfSmrlsMG21DFqfO2ng
IetKlowINutaO7roTqTE0dP4ZtWm/F5YqEf3ZD/1cuU0O1Sme0sf9bP7tdmGmLPh
aPa8OUhE3hQF0x/6GjyO79FYdNvA0oHsWEv406XxKy2wxeHj/CwZRwO8Pz7VUUYX
d6KWp+YxMMmXmjjoBYYvVOVulVIo6JQQX3PWhRHHLwaViQH58wjsBIUTxuDrtm5V
CHsLeFdlZVI4fLudJ9tEgMbJcx80Tw/DOfa+MZ/p2q/9OwhSx5ANWrBHmwMnp1rd
i/GGuSEJ2zUh7d/futxVtMVhYKUKq7GnJqUTlWhgEB4n9h4v8cDR21FcxZjJM5rw
3E28nL1Vd1TK4pJ0Vtp7gwkMylII7LJepbFY7ZPzrgCBNkWGwyynJJ0+1pcmImEj
/UMx914YcxF7RuVYaGhq6wZusWzefCDBEtfY4cyJYgVZIoqFhT6KY3LuhA7S1zwC
zC5amuZYSV8G2KZRPZ0wkgSIpXjceqDlBuG4piYNZRkC1x9dkXNQjWpm8+yH5uZI
Od4oY77k873p5HPQpI7fp2Atu6F6mMRfdl23/IZ+hb2S/rDbL03OkIDMHIDtCZHO
PSEJygd4g0ZBQ0XRcBzXoN2omZALqQah2KzepTuadNfwQ1BwiKgdyTSQCJjmTKpx
okiPiVLTwB0=
=UK5p
-----END PGP SIGNATURE-----

The post ESB-2021.0427 – [Appliance] Baseboard Management Controller: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/esb-2021-0427-appliance-baseboard-management-controller-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0427-appliance-baseboard-management-controller-multiple-vulnerabilities

ESB-2021.0426 – [Debian] chromium: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0426
                         chromium security update
                              8 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           chromium
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Unauthorised Access             -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-21147 CVE-2021-21146 CVE-2021-21145
                   CVE-2021-21144 CVE-2021-21143 CVE-2021-21142
                   CVE-2021-21141 CVE-2021-21140 CVE-2021-21139
                   CVE-2021-21138 CVE-2021-21137 CVE-2021-21136
                   CVE-2021-21135 CVE-2021-21134 CVE-2021-21133
                   CVE-2021-21132 CVE-2021-21131 CVE-2021-21130
                   CVE-2021-21129 CVE-2021-21128 CVE-2021-21127
                   CVE-2021-21126 CVE-2021-21125 CVE-2021-21124
                   CVE-2021-21123 CVE-2021-21122 CVE-2021-21121
                   CVE-2021-21120 CVE-2021-21119 CVE-2021-21118
                   CVE-2021-21117 CVE-2020-16044 

Reference:         ASB-2021.0035
                   ESB-2021.0387
                   ESB-2021.0362
                   ESB-2021.0201
                   ESB-2021.0128

Original Bulletin: 
   http://www.debian.org/security/2021/dsa-4846

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4846-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
February 07, 2021                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119
                 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123
                 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127
                 CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131
                 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135
                 CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139
                 CVE-2021-21140 CVE-2021-21141 CVE-2021-21142 CVE-2021-21143
                 CVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2020-16044

    Ned Williamson discovered a use-after-free issue in the WebRTC
    implementation.

CVE-2021-21117

    Rory McNamara discovered a policy enforcement issue in Cryptohome.

CVE-2021-21118

    Tyler Nighswander discovered a data validation issue in the v8 javascript
    library.

CVE-2021-21119

    A use-after-free issue was discovered in media handling.

CVE-2021-21120

    Nan Wang and Guang Gong discovered a use-after-free issue in the WebSQL
    implementation.

CVE-2021-21121

    Leecraso and Guang Gong discovered a use-after-free issue in the Omnibox.

CVE-2021-21122

    Renata Hodovan discovered a use-after-free issue in Blink/WebKit.

CVE-2021-21123

    Maciej Pulikowski discovered a data validation issue.

CVE-2021-21124

    Chaoyang Ding discovered a use-after-free issue in the speech recognizer.

CVE-2021-21125

    Ron Masas discovered a policy enforcement issue.

CVE-2021-21126

    David Erceg discovered a policy enforcement issue in extensions.

CVE-2021-21127

    Jasminder Pal Singh discovered a policy enforcement issue in extensions.

CVE-2021-21128

    Liang Dong discovered a buffer overflow issue in Blink/WebKit.

CVE-2021-21129

    Maciej Pulikowski discovered a policy enforcement issue.

CVE-2021-21130

    Maciej Pulikowski discovered a policy enforcement issue.

CVE-2021-21131

    Maciej Pulikowski discovered a policy enforcement issue.

CVE-2021-21132

    David Erceg discovered an implementation error in the developer tools.

CVE-2021-21133

    wester0x01 discovered a policy enforcement issue.

CVE-2021-21134

    wester0x01 discovered a user interface error.

CVE-2021-21135

    ndevtk discovered an implementation error in the Performance API.

CVE-2021-21136

    Shiv Sahni, Movnavinothan V, and Imdad Mohammed discovered a policy
    enforcement error.

CVE-2021-21137

    bobbybear discovered an implementation error in the developer tools.

CVE-2021-21138

    Weipeng Jiang discovered a use-after-free issue in the developer tools.

CVE-2021-21139

    Jun Kokatsu discovered an implementation error in the iframe sandbox.

CVE-2021-21140

    David Manouchehri discovered uninitialized memory in the USB
    implementation.

CVE-2021-21141

    Maciej Pulikowski discovered a policy enforcement error.

CVE-2021-21142

    Khalil Zhani discovered a use-after-free issue.

CVE-2021-21143

    Allen Parker and Alex Morgan discovered a buffer overflow issue in
    extensions.

CVE-2021-21144

    Leecraso and Guang Gong discovered a buffer overflow issue.

CVE-2021-21145

    A use-after-free issue was discovered.

CVE-2021-21146

    Alison Huffman and Choongwoo Han discovered a use-after-free issue.

CVE-2021-21147

    Roman Starkov discovered an implementation error in the skia library.

For the stable distribution (buster), these problems have been fixed in
version 88.0.4324.146-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAmAgOWAACgkQmD40ZYkU
aygtGyAArkdhz8ru3JqXZGrt7jACotBh/lrS/U5piVuIpwViRCRaKRHtYq2HaSb0
//1heoKDmCreKZ1v1511sGFTlfNaHSgHm1Jlh+U/gnFAM2oSFbNZy2iT+TSJv8AP
7KJIF3Eifh+hDbPTgiRxJOIhWIpu+UpSLD5jYAz+xY0rHWE3QJubALC1vlqC2fRv
zpv9zWpXZAXf4n15RjnKSr2iB7vKHiNCJQF+oLQeZIjGwYQP5lfgeza0QyZon33K
JV7kCXOAy86PHd2q9IYXGT3VheGw9aPq6/fGdSOpIEwLSlawtoA4b2yQoI9OoDPO
rd7BsY0x4jZqU6JtF4a2cTo6Pl3QJM49Chmcr1JMYJvShDvmYNcpt0ll6h53cYBM
VOPKAMEHo8nns2wPwl+P2p4ZWRUUzLfDy9vfBWURS7KsaZ+5mEZfuaK6N1Z/GbNN
R74Q+KmUwA9KX2r8l2dofVmMPmD78NnTKUD/6tZkDqXiJegtZ6cElV6BQhg3jV0t
OzUOeLdOXN92PbLPqMRRMYLUcTsYbNkfZ6lOnVDwzNxyn9A7jaILUYSfD1i5WAo3
ps5ixMUZxy+/WpnMDpfbMCDj4+OUWCOB8J9vHDFekxjzKnP8f9R021YN7UZBusdm
PQoyCj5zAI2OxlhMKGnI7RAo9/wz8m0bWolDoDoe/SCtb7r7TnYIPafh/vpHoQNL
50DQnNXmORUdP/bbUoFlkLuV1DyHGAeldU5fhyM83P9cUUN1e9l9zyYwsAAYRbiJ
mVhCXQfvaCvfUkVqqAXqDXmEwO6qw4EQyQTDJIWv6x8Xa4kpx1mqTCiwbv6kwwx3
qWZTw8SuRqx311C8WlNjOR5qTIKy79dM7uZaN76YwKmiRKO79uN1WOmG2toKc78i
JrEZF5tXs2GWqK5a3Ts7pBzQV1jXA5O09yHYWRWUzP1eil8ewMQKek7h8taJQ6cX
TXQ9/yojbLTa1eWfQJejYI0rCYVilArPKlhB2p5saD0CO2bCqjOU7SiXN8lbUiPw
Y1ykTbptHgmLDdwMtUm93dEKx86/q/AKITaK9vdHXxOdhMg4ITPQRnrXd804iT0h
76GRGhi7dMNNWpTDTWrhOPYwltumEitmDy05C/EpLAny43tWJdBR8/2zLD2/mkiY
Vt7sbQn3OifrTzxwHHfko7JlrINpeanMhUYgViQSmjX07nEiab50f7U8sjvYOdHP
yC17ZAkCMU+Pi4mpD2UdzNvKiNntYidYFHiTISmen1ZdNQGTy33dNFN/raVzvIVw
DrXr+VJbPexpIc4CBmcxHBSaPZbLEBev1halhq/+MjOXzi3Xixs7E0/CPeKp/HdW
IDplympw7i37TbFo9PF/v3v6WOsDhQ==
=ckXH
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYCCo9uNLKJtyKPYoAQgVDhAAn0DPpcK84CTRQ4ruDdcLYOuHUfIBQaom
NmShsVgiH5+b382jzgamZbKdny2fOvlrn9Z9hnQVAJdRkPoXITfjEk/i/fs9D33o
7uRnpiz6qnnNCM8hGd5JgVJddOnMR4+sikF5FxrxDMqvGHFwb9Pz6SIbP6b/pQeZ
EL/00GN700J3V/2CDl4f39LreH7W6iypmXuSSIkCLC2jR2l8Y3+HsRNunRI6qIXK
Nz7QCavy7ilZpQQR3Ln0gqEreqObuJFsgNfE8zooEhMzy6Gnx+9un5LAydM5aEdi
sAgdAp5BIf6JV0AqsnL/R34o9tVgqz2RSjkumyuRnY/EkMDSf/LsBkuAGU9Cr3UO
1mICqeBOQE9A6x8K8FVQ94mFT25TUhYyAnWLLQepatvIYYwttIKBhSHCenJEnZU8
x4a6OmKfj81ptl4r4bwTWls6FtJJnicqXar73mr//I+rbnIwfB/OWA/biwXXoNTC
HJb1cUMEHCacQBB1R4d3jlA0JaF7U78fB1+51VH+0f+x+J6tb5abLU4OHGd2QgO9
0VqB9/K6b9CYZcKlRJ/62ov+QqDwuoB5Gv1KeGFMidgHkd9CjXfu9YHxk4bMdhtf
Cfbg405FK6JRRsGe9uf57D7iU/h0mOCKlDuIc1gHa3RV68E4UCBbtcY4M5o5v4WC
jeUzDn58k44=
=N4XO
-----END PGP SIGNATURE-----

The post ESB-2021.0426 – [Debian] chromium: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/esb-2021-0426-debian-chromium-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0426-debian-chromium-multiple-vulnerabilities

ESB-2021.0425 – [Win][UNIX/Linux][Debian] privoxy: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0425
                          privoxy security update
                              8 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           privoxy
Publisher:         Debian
Operating System:  Debian GNU/Linux
                   UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Access Confidential Data -- Unknown/Unspecified
                   Denial of Service        -- Unknown/Unspecified
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-20217 CVE-2021-20216 CVE-2021-20215
                   CVE-2021-20213 CVE-2021-20212 CVE-2021-20211
                   CVE-2021-20210 CVE-2021-20209 CVE-2020-35502

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2021/02/msg00009.html

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running privoxy check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-2548-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
February 07, 2021                           https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------

Package        : privoxy
Version        : 3.0.26-3+deb9u1
CVE ID         : CVE-2020-35502 CVE-2021-20209 CVE-2021-20210
                 CVE-2021-20211 CVE-2021-20212 CVE-2021-20213
                 CVE-2021-20215 CVE-2021-20216 CVE-2021-20217

Multiple vulnerabilites were discovered in privoxy, a privacy
enhancing HTTP proxy, like memory leaks, dereference of a
NULL-pointer, et al.

For Debian 9 stretch, these problems have been fixed in version
3.0.26-3+deb9u1.

We recommend that you upgrade your privoxy packages.

For the detailed security status of privoxy please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/privoxy

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmAfDj4ACgkQgj6WdgbD
S5ZEAg/+NskIauvdbma/FPI3vF7Sw/ORD5YxbKVsd4CxHHKJzzfUSrmkysVj73II
lQtYr4Zs3O7u/ILtzwwg5vASmhzvU24XH/543igCPApwd0AUrazfrVvfAji2nxfi
Ty9d91GD8K/DhPcx6WI7s5nPs6ihWaHh8RRunDrQY9J6R32/tMqaYCV2S7d7BLSV
KNc0WYYIVYXQ1es2Zs2S8c3Phf1MU+YsY/cLnc1doezxIvlfnuDoxu9pL78ogilw
0meIAz3RXAvepDeawDtgwTf2OeQjlEkcCwvMkyyq8Ww/VHhgaFAWVIRprpWYgJdr
kv/rNaSJ50RczCM0ZHE8RreLQ/LepeRM/T28Pym+QVzVl94mP+l2t3qutIq7kjki
mN/ef5nAGODNJ/b8Zb6refQY3hBsZGb8Kct69MKgBqSaEPNqv/yuSB44mSvLD4MS
+1YwScNG4GEayPWCPCLulB5GEqTAx63bdmFQu61cxh+/KOfP06GhdrRiwGYzN2SH
PzVs5QD2dZgIFpLt24C2TYlmXcX1zYYT/9y9lzPTmx9clGBb7MmrHKF6LkMaShYV
CZBhHGRNItcGA4sGotwrlr+skBTF5D4wG/ADq6BjReXD4rJsKCktoYxmw/tfmm8V
FyN9tHwngYzOGs/m9grgkRh3pLoztJkHuyVlSENo5oMvfNtVD/w=
=A8d7
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYCCa8uNLKJtyKPYoAQgm7w//XFJo23gHEgRgDu7Q5QQ+mIBlSANVz/z1
QpjkRMfPNneaXVRUJroVgKZ10ZuRNUTorQob25schFntPa52mrSHA+UPWH+UUkVE
HZ9+bpCK7nKkX5nQzTpGTjwek/aZahp4biqdPS74I+hd9quJ/JYq2OPvwoOsIWJV
o/rCEUwc1odJjqHUjGnATCkb3lxJCROp2TfZP5+zxf7ng2ZBhOKoGOWH0xRfd1L6
64KFBSeDw3hCe8XhKGbnAdInA6LT8gcpge7sQIfZBtoCCSUANDHbQj990A+pYIuI
L/S3LOFPSQmHcTFD5eT3hkDXtvDmMJK1qffrcfOPjGgPDz5oyv+O7Xu5h/nIZeOW
sOVllhlG1x6BoWAD/pXE5MxXUepq6V2M0mGqmPKQeDXlaNa3TsXZWkrptUCiKksR
D6liJJpX8LOnz3dndJrFiwnVoygFEoG4l4yJLO4YgHxIKev9gEkhy4/3QIc0CquF
SPIi9ff4EhFoh+2diygknqv3xenlirrd4IUtEQbuC8Vnz7FfrF+RNYVFdqZGjfIP
Bbj9IXVsL/NSEyrSATdHvEwhCj+x2FDGDGQSqfhpfrP8J9XGoWnX0NE2aOkemqAw
cZPGCDPivQ+H75fMAuCw/UAcGP3OPshG0kIrRUmgZgc5l7TT8yN0X5zOL3FR+n5a
szuyO24qqCk=
=ShBL
-----END PGP SIGNATURE-----

The post ESB-2021.0425 – [Win][UNIX/Linux][Debian] privoxy: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/esb-2021-0425-winunix-linuxdebian-privoxy-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0425-winunix-linuxdebian-privoxy-multiple-vulnerabilities

ESB-2021.0423 – [Debian] intel-microcode: Access confidential data – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0423
                      intel-microcode security update
                              8 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           intel-microcode
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-8698 CVE-2020-8696 CVE-2020-8695

Reference:         ESB-2020.4341
                   ESB-2020.4327
                   ESB-2020.4209
                   ESB-2020.4153

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-2546-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
February 06, 2021                           https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------

Package        : intel-microcode
Version        : 3.20201118.1~deb9u1
CVE ID         : CVE-2020-8695 CVE-2020-8696 CVE-2020-8698

CVE-2020-8695

    Observable discrepancy in the RAPL interface for some
    Intel(R) Processors may allow a privileged user to
    potentially enable information disclosure via local access.

CVE-2020-8696

    Improper removal of sensitive information before storage
    or transfer in some Intel(R) Processors may allow an
    authenticated user to potentially enable information
    disclosure via local access.

CVE-2020-8698

    Improper isolation of shared resources in some
    Intel(R) Processors may allow an authenticated user to
    potentially enable information disclosure via local access.

For Debian 9 stretch, these problems have been fixed in version
3.20201118.1~deb9u1.

We recommend that you upgrade your intel-microcode packages.

For the detailed security status of intel-microcode please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/intel-microcode

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmAdkrQACgkQgj6WdgbD
S5bgdQ/+NrMqE2VUhD8xB5JeBsQ+2Pzki1KKsppl7GljZ4D4l3dqlmxLHsBwXZkH
Tst304JdIGuQ1Ls9QQSCiBpR74FmwL4LDnfOAiMkNX12b5omUGK/vB5jiw8QPaqg
gWaFfOKMiDSBvbd+WKflnInmXGkQoAT5OMD30OyBhcvuc9NAjwHyqcMqKjmOZwxV
M/uSdEISNuEzfGVWfWpVQCtuJC2+M6mDTPZK+B8rWigHbD3kws722oQOzCvlTAIk
h31tc7BEdBR2R1RT+bntuaP0oKkbmRRdI0urt8RO3xVhSuiuHeX8LUDJbAHpgUuq
dJupmKK0YdNy7K3Lh8GiZ3r2Z1a0Xyst9G42ohTF6eYq+DBUMyJuOfugJB8XSJdc
qtelUTfcdRqDE6V8yl3M4ueXkAEhwsDOLcW+4uE6wBBz+o5S8pMvUrZMOa8IdQRb
HScr7patbE3MHMhIcABV0oz1yuApgC7gcy4apRixauY3jgJLc57EwmVI2ZzkSTJS
3r41v6l+5eualqMbqfPYaqcru4dZ2HvvAsUGX67I4YXYcRsTAhSbYI9xugCIpAAL
qs6FOYGnHxb1wvsuCqUlCgSc6VWVT/b/hsi/HxgoSAJbFV/ryE4Ssac5UlidnAnC
z1jgzEDfRp2slSFaPqknhRZDcGLS/wsB1o5aviq4BLaAd9U11Pk=
=VY8L
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYCCXmeNLKJtyKPYoAQgplA/+NOoNlxBEokHtJZ7DlgSlPOxZaC89w2Xv
sYQ6/xEXJnV6VGu82JPlzy4ye81y0zxFvFewiK3Kz0x6oWWw+SNWkrOKa90xauLA
tZyN4oFQpR4nMrsQMm7dbg3viJhO71ligaOq2HJDRzilmNWLkqAJjinLRefuH/CA
X/rGhNa4iOYTabYXfqWT+UwZ4wHfRUrx8iNQroxl33mnTv7H5j4Oeyky0zimOVGP
EMmQsNgKB+zHOd5lEO9dx4Y7ZvQjcQ16FlIoUGBDHYeKnLio5TJrllDOLSrevGXy
cFWjnqXPNNLTBXiMSAcZPGlZPvqlClM3R5EdSfBdD7myFtwo1Q9UerqAbS/afS/X
VgtJ7CERPDzccxu1YKzrtWs5f3PoolpJ8wan6Mo/KZJMsxkfLDouxlMCLleJ3vWo
FYPlZuM/Pz4IICgTI1Jx62U1/3S4Y9W6hf/ySuZzsiTHtpdQw6zn9h7NOAcjzqQq
ycPxZ9hotb9t7l+nueeB5wBHDYTcUYJI13qaUL61qwR20zvpWEmdaJ3j23LvF/Y/
p6EO9CYiKue9bjYxBdA0WxxhLUFW7qoDdlOEWoPFGjEuGw4N5UASvNcDxpWT1eTx
KvJOzJVMO93B/ApwmzUXAUWQUVaFElG8ePTQAFaZeyYvZJXLdeUEs3rcrR86hHUr
L1jOdKvX/bk=
=e8Am
-----END PGP SIGNATURE-----

The post ESB-2021.0423 – [Debian] intel-microcode: Access confidential data – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/esb-2021-0423-debian-intel-microcode-access-confidential-data-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0423-debian-intel-microcode-access-confidential-data-existing-account

ESB-2021.0422 – [Win] Firefox: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0422
               Mozilla Foundation Security Advisory 2021-06
                              8 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Firefox
                   Firefox ESR
Publisher:         Mozilla
Operating System:  Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Unknown/Unspecified
                   Denial of Service               -- Unknown/Unspecified
Resolution:        Patch/Upgrade

Original Bulletin: 
   https://www.mozilla.org/en-US/security/advisories/mfsa2021-06/

- --------------------------BEGIN INCLUDED TEXT--------------------

Mozilla Foundation Security Advisory 2021-06

Security Vulnerabilities fixed in Firefox 85.0.1 and Firefox ESR 78.7.1

Announced: February  5, 2021
Impact:    critical
Products:  Firefox, Firefox ESR
Fixed in:  Firefox 85.0.1
Firefox ESR 78.7.1

#MOZ-2021-0001: Buffer overflow in depth pitch calculations for compressed
textures

Reporter: Abraruddin Khan and Omair working with Trend Micro Zero Day Initiative
Impact:   critical

Description

In the Angle graphics library, depth pitch computations did not take into
account the block size and simply multiplied the row pitch with the pixel
height. This caused the load functions to use a very high depth pitch, reading
past the end of the user-supplied buffer.
Note: This issue only affected Windows operating systems. Other operating
systems are unaffected.
This issue has been assigned a temporary identifier, pending assignment of a
CVE.

References

  o Bug 1676636

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYCCXieNLKJtyKPYoAQjs+w//Q0w1pwvoY4AbGSJzK6QJI2WxjkltC9L5
FhPS6q7ENXGP+iMamUVcqL/3q3DKeOAofz5PyX1zy2V4bUQOf4+SiXsZpjU7pm79
GqrwqVKRBNldfUANcaqsSgROxFOzUQSiK33KWiKuwOI3u4U0F6BslM+AeXKj9N6+
a7OtPwoDURQ5GaKp5wyBVGlkuJjcgemzRbXOSlJCq5+ehKMfLUn6pnvMQQ2cADIn
cF/cEfPYNgzxbaUMC1XiRNepWHIqZIaYqP1oW5ecpqxjvojrTnTPQgbcwLMkubpm
vH3UzXxSv8lkTi+uW9zkHq7jsFK10eXgQhvGK+vdQOl0hYhm1F8L/5cNpJmj9FEb
BTEqguENwUDLXvesnLWKFKBlgCRxcqW9npCrRKRWJu+UwORYs/3JPOSj+sRLSs3Y
HGYlyyTRJf3M5u0Bip2XQNFqURq2OQt4x0UOuwlD8MEZ9H2SWyHthmN+DOWG768t
FgpnMYFRS6QyjeVjzr6OFm1f0LjIhRwS52VhNKWH6MXRjOTqFYjf88lnzmnCMbt5
Gpmdj6XE6OECjYQZoiA2T9NlQMX/pp1WaMUtC5Sl/Co5wA4+xyC9vGhFn0q9IR7n
9qqHRbzZZT+lwM3zhltJ9VS2YsrLjWcmHJoUQsRy9FNCWQnA/QUPQGH3l5F/IetG
ib2WbzYZeio=
=GSPn
-----END PGP SIGNATURE-----

The post ESB-2021.0422 – [Win] Firefox: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/esb-2021-0422-win-firefox-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0422-win-firefox-multiple-vulnerabilities

ESB-2021.0424 – [Debian] wireshark: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0424
                         wireshark security update
                              8 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           wireshark
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-28030 CVE-2020-26575 CVE-2020-26421
                   CVE-2020-26418 CVE-2020-25863 CVE-2020-25862
                   CVE-2020-15466 CVE-2020-13164 CVE-2020-11647
                   CVE-2020-9431 CVE-2020-9430 CVE-2020-9428
                   CVE-2020-7045 CVE-2019-19553 CVE-2019-16319
                   CVE-2019-13619  

Reference:         ESB-2020.4121
                   ESB-2020.3920
                   ESB-2020.1295

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2547-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
February 06, 2021                             https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : wireshark
Version        : 2.6.20-0+deb9u1
CVE ID         : CVE-2019-13619 CVE-2019-16319 CVE-2019-19553 CVE-2020-7045
                 CVE-2020-9428 CVE-2020-9430 CVE-2020-9431 CVE-2020-11647
                 CVE-2020-13164 CVE-2020-15466 CVE-2020-25862 CVE-2020-25863
                 CVE-2020-26418 CVE-2020-26421 CVE-2020-26575 CVE-2020-28030
Debian Bug     : 958213 974688 974689

Several vulnerabilities were fixed in Wireshark, a network sniffer.

CVE-2019-13619

    ASN.1 BER and related dissectors crash.

CVE-2019-16319

    The Gryphon dissector could go into an infinite loop.

CVE-2019-19553

    The CMS dissector could crash.

CVE-2020-7045

    The BT ATT dissector could crash.

CVE-2020-9428

    The EAP dissector could crash.

CVE-2020-9430

    The WiMax DLMAP dissector could crash.

CVE-2020-9431

    The LTE RRC dissector could leak memory.

CVE-2020-11647

    The BACapp dissector could crash.

CVE-2020-13164

    The NFS dissector could crash.

CVE-2020-15466

    The GVCP dissector could go into an infinite loop.

CVE-2020-25862

    The TCP dissector could crash.

CVE-2020-25863

    The MIME Multipart dissector could crash.

CVE-2020-26418

    Memory leak in the Kafka protocol dissector.

CVE-2020-26421

    Crash in USB HID protocol dissector.

CVE-2020-26575

    The Facebook Zero Protocol (aka FBZERO) dissector
    could enter an infinite loop.

CVE-2020-28030

    The GQUIC dissector could crash.

For Debian 9 stretch, these problems have been fixed in version
2.6.20-0+deb9u1.

We recommend that you upgrade your wireshark packages.

For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmAe/OcACgkQiNJCh6LY
mLHeUxAAprtNtAcO4sZ1bVL6OCpLZyd0HxQ5lFPFpvZWaCzXXDcngk9419kfVDFI
/tbgssx0HKVhcyrqTyb9JJ+WIkTYLt01aR9JmGZX4TBzu2n3el/qyp66iPRhAibn
AtEGIy6FVvqoTXEGTJseRVMssPXjdNKTlYI9qCdZd/UbGS6yhjvjz3BEWTb66C9A
dBpZrOIEO5kMotL2tahWmySvqbxfL7W14XNks3o1d8IK2hJg0YZi8+1InrIYFmRl
FF+nNTswxHfEerR4r893MTFc7mbX+B8ehYfFBQpOSKquvP04f/k0sJGOuatg0z5s
XGQ9PDKEbW0dSH9MGghw4UsUEvhpkGhf1z/iEFbffY8bf0Yq18j/+27zTmg+arV7
10NGXnn4qSg6MZ0wQFxo1noTerhXIAW/6+Uf1KrG5SrAEH+Pp8sJsrALRog7lPa7
bQJaqWsQdyfNBTuoPmKjQMkJtr5Lw0N5v+ro4SB0g4I2KGRYTaTD9bWq4es7jHD6
IpcLx6HO2uZX6osTiErZVcTDDYy23EDe/Tu9p9PF1TN3ACybMQfaUcov3zfRTnlI
ZeWJOMOTx47X+b11uVKETp1eGlovYRuSnfukjp5amVFITcn8lB5rmzhqp5Dgo14p
Zcr2ahh4LDTO9NFliKf0Dh4wQstehE6f94/mkqqxOfakIMMZLJw=
=ds+T
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYCCa3eNLKJtyKPYoAQjSOQ/9G/LwQ452G13YDXzTQ6+CDI7qYpht7eNY
RGZcdGZQQAt2imCluFILPV5+CaTQmJT8QS1IRt/gKS2PcvbdLt0ZdAWyk/4M2d3I
EiA1lMSrUsIqu7hQ0uAIr4CY+jplsFGdqfAZ1Lj87Gxp2W258JuD3XBvfecj5bu1
pPmoDc1FeJKGaafQF+PeNgSLE4LOmaFIHKl610bm9D2yWbHgqfCny9UmFOTb6eMY
ZQt5p+5DR/7n8F7D/or7gsCM0aJrPGdT6zQ/n4y0s2xBK+dLYAWZsO9rbcH0xQ2r
Q6dYWonSPzxOPqk/hJjj6LHWi5yTaY+wxpocVvsGWWJbrdgZvXcBsWN0P0nIom5S
OIbGWUgIGK6zzfQaOjnkpWZ85Ek+DJSh9QZ1Im50C6ih2iXgfdLGWPYGMDDA9fuI
1YloS7yPesWmTlse7yTibyPeBBWU5OZbti6oibQbO2cCiEsA3gQzyML7yM8W3B4Z
z2jBfd7H/ejpHclsnqhjOnFaMAvq8ZJRTROolgm24O1bwsQaUv/YY/O5supeu4yc
cQyWckVnM/VfJ1MNBnt4d57E5lFBcipj48Cm0VYlrNJICKkrc0hDXHeB82MdFLgo
TdHjprZJU877L+kRmgGCKM+M9wf14jdv5po5JGnZNOTwf3Y0mQdJgHi/Sth+AbMe
zUU6DTG2L2g=
=i4mk
-----END PGP SIGNATURE-----

The post ESB-2021.0424 – [Debian] wireshark: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/02/08/esb-2021-0424-debian-wireshark-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0424-debian-wireshark-denial-of-service-remote-unauthenticated

Malware Devil

Malware Devil

Monday, February 8, 2021

Extortionists Publish Data Stolen from Two Healthcare Service Providers

Coalition Against Stalkerware | Avast

XKCD ‘Tower Of Babel’

Detailed: Here’s How Iran Spies on Dissidents with the Help of Hackers

Domestic Kitten Mimics a Tehran Restaurant App

Infy Returns With New, Previously Unknown, Second-Stage Malware

Top 5 Bug Bounty Programs to Watch in 2021

Last Kind Words

Safer Internet Day: The Future is Digital, Let’s Keep it Safe!

Top 50 Application Security Pros to Follow on Twitter

3 Critical Data Security Strategies for 2021

Cybersecurity 2021: Asking the Right Question

Dangerous Social Media Algorithms, A Moral Imperative for AI Powered Weapons?

White Hat, Black Hat, and Grey Hat Hackers: What Do They Do, and What Is the Difference Between Them?

Security Alert: [Updated] Alert Regarding Vulnerability in SonicWall SMA 100 Series (CVE-2021-20016)

I. Overview

II. Affected Products

III. Solution

IV. Workarounds

V. Investigation for compromise

VI. References

ISC Stormcast For Monday, February 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7362, (Mon, Feb 8th)

ESB-2021.0427 – [Appliance] Baseboard Management Controller: Multiple vulnerabilities

ESB-2021.0426 – [Debian] chromium: Multiple vulnerabilities

ESB-2021.0425 – [Win][UNIX/Linux][Debian] privoxy: Multiple vulnerabilities

ESB-2021.0423 – [Debian] intel-microcode: Access confidential data – Existing account

ESB-2021.0422 – [Win] Firefox: Multiple vulnerabilities

ESB-2021.0424 – [Debian] wireshark: Denial of service – Remote/unauthenticated

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me