Malware Devil

Monday, March 29, 2021

Network Security News Summary for Tuesday March 30th, 2021

RTF Shellcode; PHP Git Repo Compromise; npm “netmask” package vuln

Jumping Into Shellcode
https://isc.sans.edu/forums/diary/Jumping+into+Shellcode/27256/

PHP git repo compromised
https://news-web.php.net/php.internals/113838

npm “netmask” package vulnerability
https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/

keywords: npm; php; git; github; shellcode; rtf

The post Network Security News Summary for Tuesday March 30th, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/network-security-news-summary-for-tuesday-march-30th-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-tuesday-march-30th-2021

ABCs of UEBA: U is for User

If you ask penetration testers what the easiest path into a target is, the chances…

The post ABCs of UEBA: U is for User appeared first on Gurucul.

The post ABCs of UEBA: U is for User appeared first on Security Boulevard.

The post ABCs of UEBA: U is for User appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/abcs-of-ueba-u-is-for-user/?utm_source=rss&utm_medium=rss&utm_campaign=abcs-of-ueba-u-is-for-user

How to Detect and Stop Click Farm Fraud

Click farm fraud refers to attacks or fraudulent transactions executed at scale using humans, commonly called click farms or sweatshops. These click farms are low-paid human workers—usually from developing economies—employed to execute attacks on behalf of fraud rings Fraudsters are in the ‘business of cybercrime to maximize profits with the least possible investment. They prefer […]

The post How to Detect and Stop Click Farm Fraud appeared first on Security Boulevard.

The post How to Detect and Stop Click Farm Fraud appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/how-to-detect-and-stop-click-farm-fraud/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-detect-and-stop-click-farm-fraud

5G slicing vulnerability could be used in DoS attacks

The IT security researchers at AdaptiveMobile have called out what looks like an important vulnerability in the architecture of 5G network slicing and virtualized network functions. They warn that the risks, if this fundamental vulnerability in the design of 5G standards had gone undiscovered, are significant.

What is 5G?

5G is the 5th generation mobile network. It is the fifth new global wireless standard after (you’ll never guess) 1G, 2G, 3G, and 4G. 5G enables a new kind of network that is designed to connect virtually everyone and everything together, including machines, objects, and devices. 5G is based on OFDM (Orthogonal frequency-division multiplexing), a method of modulating a digital signal across several different channels to reduce interference.

What is 5G network slicing?

5G network slicing is a network architecture that enables the multiplexing of virtualized and independent logical networks on the same physical network. Basically, the actual 5G network is compartmentalized into multiple virtual networks that function independently.

This allows the infrastructure providers to divide their network up into several independent ones for separate mobile network operators. A mobile operator can create specific virtual networks that cater to different clients and use cases.

The vulnerability

Network functions are services available within a network, and in 5G they can be dedicated to single slice, or shared between multiple slices. AdaptiveMobile Security looked at 5G networks that contain both shared and dedicated network functions.

What it learned was that when a network has network functions that support several slices there is a lack of mapping between the application and transport layers identities, which allows rogue slices to do more than they are allowed. The separate networks were not as separate as they should be.

The fundamental vulnerability has the potential to allow data access and denial of service attacks between different network slices on a mobile operator’s network.

5G networks are complex, and so are the attacks. AdaptiveMobile sets out a few examples in its report, but the easiest to explain is an example of a Denial of Service (DoS) attack.

Imagine a network carved into two slices that can both have access to the same shared network function (“the shared service”). We’ll call the slices “Victim” and “Aggressor”, just to make it really obvious! In our example, the Aggressor network slice is under the control of a rogue operator who wants to run a DoS attack against the Victim network slice.

In simple terms, the Aggressor slice sends a message to the shared service, claiming that it is the Victim slice, and that it’s overloaded and does not want to receive any communication from the shared service, thereby denying that service to Victim.

The attack works because although the shared service checks that the Aggressor slice is permitted to speak to it (correctly), it does not have to check that the messages it sends actually relate to it and not a different one.

Or, as the report puts it:

Currently, there is no requirement in the 3GPP specifications to validate if the slice identity in the 3GPP-Sbi-Oci header matches the slice identity in the token for the service API usage.

How can this be abused?

According to AdaptiveMobile, an attacker could gain access to data and launch denial of service attacks across multiple slices if they have access to the 5G Service Based Architecture.

The operator and their customers would be exposed and risk the loss of sensitive location data.
Denial of service against another network function on the same network.
Access to a network function and related information of another vertical customer.

Is there any real danger?

To pull off a successful attack you would have to get accepted as a mobile operator and get assigned a “slice” of the 5G network. Which would set you back by a significant amount. Probably a lot more than you could ever hope to gain by successfully exploiting the flaw. The only real and current danger would be if two competitors on the same network decided to spy on one another. Given the limited amount of network operators and the cost involved in becoming one, the danger to customers seems non-existent.

But, once a flaw has been found, there is a good chance more will follow, and it is better to expose these flaws than to discard them just because they are harmless now. Because, as the head of 5G Security Research at AdaptiveMobile Security, Dr. Silke Holtmanns, put it:

“Having brought this to the industry’s attention through the appropriate forums and processes, we are glad to be working with the operator and standards communities to highlight this issue and promote best practice going forward.”

In short, it’s good to be aware of existing vulnerabilities, but we have seen much more effective DoS attacks against 5G.

The post 5G slicing vulnerability could be used in DoS attacks appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/5g-slicing-vulnerability-could-be-used-in-dos-attacks-6/?utm_source=rss&utm_medium=rss&utm_campaign=5g-slicing-vulnerability-could-be-used-in-dos-attacks-6

Why you need to trust your VPN: Lock and Code S02E05

This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we speak to Malwarebytes senior security researcher JP Taggart about the importance of trusting your VPN.

You’ve likely heard the benefits of using a VPN: You can watch TV shows restricted to certain countries, you can encrypt your web traffic on public WiFi networks, and, importantly, you can obscure your Internet activity from your Internet Service Provider, which may use that activity for advertising.

But obscuring your Internet activity—including the websites you visit, the searches you make, the files you download—doesn’t mean that a VPN magically disappears those things. It just means that the VPN itself gets to see that information instead.

Tune in to hear about what your VPN can see, why it is important for that information to be secured, and how you can safely transfer your trust to a VPN, on the latest episode of Lock and Code, with host David Ruiz.

https://feed.podbean.com/lockandcode/feed.xml

You can also find us on the Apple iTunes store, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.

We cover our own research on:

Other cybersecurity news:

Hades ransomware has been linked to the Evil Corp cybercrime gang who uses it to evade sanctions. (Source: BleepingComputer)
Researchers discover two dozen Chrome extensions that are being used to serve up unwanted adds, steal data, and divert users to malicious sites. (Source: DarkReading)
An advisory for two high-severity flaws has been issued by the OpenSSL project. (Source: SecureBlink)
A $50m ransomware demand made against PC manufacturer Acer by the REvil/Sodinokibi cyber crime syndicate sets a nw record. (Source: ComputerWeekly)

Stay safe!

The post Why you need to trust your VPN: Lock and Code S02E05 appeared first on Malwarebytes Labs.

The post Why you need to trust your VPN: Lock and Code S02E05 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/why-you-need-to-trust-your-vpn-lock-and-code-s02e05-6/?utm_source=rss&utm_medium=rss&utm_campaign=why-you-need-to-trust-your-vpn-lock-and-code-s02e05-6

Average Enterprise Runs 464 Custom Applications

According to a report published by the Cloud Security Alliance, the average enterprise has 464 custom applications deployed today. Security for custom applications is more important than ever. It’s time to look at RASP technologies.

The post Average Enterprise Runs 464 Custom Applications appeared first on K2io.

The post Average Enterprise Runs 464 Custom Applications appeared first on Security Boulevard.

The post Average Enterprise Runs 464 Custom Applications appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/average-enterprise-runs-464-custom-applications/?utm_source=rss&utm_medium=rss&utm_campaign=average-enterprise-runs-464-custom-applications

Why you need to trust your VPN: Lock and Code S02E05

But obscuring your Internet activity–including the websites you visit, the searches you make, the files you download–doesn’t mean that a VPN magically disappears those things. It just means that the VPN itself gets to see that information instead.

You can also find us on the Apple iTunes store, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.

We cover our own research on:

Other cybersecurity news:

Hades ransomware has been linked to the Evil Corp cybercrime gang who uses it to evade sanctions. (Source: BleepingComputer)
Researchers discover two dozen Chrome extensions that are being used to serve up unwanted adds, steal data, and divert users to malicious sites. (Source: DarkReading)
An advisory for two high-severity flaws has been issued by the OpenSSL project. (Source: SecureBlink)
A $50m ransomware demand made against PC manufacturer Acer by the REvil/Sodinokibi cyber crime syndicate sets a nw record. (Source: ComputerWeekly)

Stay safe!

The post Why you need to trust your VPN: Lock and Code S02E05 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/why-you-need-to-trust-your-vpn-lock-and-code-s02e05-5/?utm_source=rss&utm_medium=rss&utm_campaign=why-you-need-to-trust-your-vpn-lock-and-code-s02e05-5

Why you need to trust your VPN: Lock and Code S02E05

You can also find us on the Apple iTunes store, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.

We cover our own research on:

Other cybersecurity news:

Hades ransomware has been linked to the Evil Corp cybercrime gang who uses it to evade sanctions. (Source: BleepingComputer)
Researchers discover two dozen Chrome extensions that are being used to serve up unwanted adds, steal data, and divert users to malicious sites. (Source: DarkReading)
An advisory for two high-severity flaws has been issued by the OpenSSL project. (Source: SecureBlink)
A $50m ransomware demand made against PC manufacturer Acer by the REvil/Sodinokibi cyber crime syndicate sets a nw record. (Source: ComputerWeekly)

Stay safe!

The post Why you need to trust your VPN: Lock and Code S02E05 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/why-you-need-to-trust-your-vpn-lock-and-code-s02e05-4/?utm_source=rss&utm_medium=rss&utm_campaign=why-you-need-to-trust-your-vpn-lock-and-code-s02e05-4

Why you need to trust your VPN: Lock and Code S02E05

You can also find us on the Apple iTunes store, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.

We cover our own research on:

Other cybersecurity news:

Hades ransomware has been linked to the Evil Corp cybercrime gang who uses it to evade sanctions. (Source: BleepingComputer)
Researchers discover two dozen Chrome extensions that are being used to serve up unwanted adds, steal data, and divert users to malicious sites. (Source: DarkReading)
An advisory for two high-severity flaws has been issued by the OpenSSL project. (Source: SecureBlink)
A $50m ransomware demand made against PC manufacturer Acer by the REvil/Sodinokibi cyber crime syndicate sets a nw record. (Source: ComputerWeekly)

Stay safe!

The post Why you need to trust your VPN: Lock and Code S02E05 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/why-you-need-to-trust-your-vpn-lock-and-code-s02e05-3/?utm_source=rss&utm_medium=rss&utm_campaign=why-you-need-to-trust-your-vpn-lock-and-code-s02e05-3

Why you need to trust your VPN: Lock and Code S02E05

You can also find us on the Apple iTunes store, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.

We cover our own research on:

Other cybersecurity news:

Hades ransomware has been linked to the Evil Corp cybercrime gang who uses it to evade sanctions. (Source: BleepingComputer)
Researchers discover two dozen Chrome extensions that are being used to serve up unwanted adds, steal data, and divert users to malicious sites. (Source: DarkReading)
An advisory for two high-severity flaws has been issued by the OpenSSL project. (Source: SecureBlink)
A $50m ransomware demand made against PC manufacturer Acer by the REvil/Sodinokibi cyber crime syndicate sets a nw record. (Source: ComputerWeekly)

Stay safe!

The post Why you need to trust your VPN: Lock and Code S02E05 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/why-you-need-to-trust-your-vpn-lock-and-code-s02e05-2/?utm_source=rss&utm_medium=rss&utm_campaign=why-you-need-to-trust-your-vpn-lock-and-code-s02e05-2

Why you need to trust your VPN: Lock and Code S02E05

You can also find us on the Apple iTunes store, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.

We cover our own research on:

Other cybersecurity news:

Hades ransomware has been linked to the Evil Corp cybercrime gang who uses it to evade sanctions. (Source: BleepingComputer)
Researchers discover two dozen Chrome extensions that are being used to serve up unwanted adds, steal data, and divert users to malicious sites. (Source: DarkReading)
An advisory for two high-severity flaws has been issued by the OpenSSL project. (Source: SecureBlink)
A $50m ransomware demand made against PC manufacturer Acer by the REvil/Sodinokibi cyber crime syndicate sets a nw record. (Source: ComputerWeekly)

Stay safe!

The post Why you need to trust your VPN: Lock and Code S02E05 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/why-you-need-to-trust-your-vpn-lock-and-code-s02e05/?utm_source=rss&utm_medium=rss&utm_campaign=why-you-need-to-trust-your-vpn-lock-and-code-s02e05

3 Foundations of a Data Security Strategy

Data is one of the most important assets your organization has, and protecting it is no longer optional. Cyberattacks can come in multiple forms, including outsider attacks such as phishing or malware, as well as insider threats via social engineering attacks, unauthorized file sharing or physical theft of company devices. A robust data security strategy..

The post 3 Foundations of a Data Security Strategy appeared first on Security Boulevard.

The post 3 Foundations of a Data Security Strategy appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/3-foundations-of-a-data-security-strategy/?utm_source=rss&utm_medium=rss&utm_campaign=3-foundations-of-a-data-security-strategy

CISO Career In Tech | Avast

Jaya Baloo, Avast’s Chief Information Security Officer, never meant to work in tech. Born in India on International Women’s Day, Baloo moved to the US at age four when her parents started working for the United Nations in New York City. That’s where she had her first exposure to computers.

The post CISO Career In Tech | Avast appeared first on Security Boulevard.

The post CISO Career In Tech | Avast appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/ciso-career-in-tech-avast/?utm_source=rss&utm_medium=rss&utm_campaign=ciso-career-in-tech-avast

Jumping into Shellcode, (Mon, Mar 29th)

Malware analysis is exciting because you never know what you will find. In previous diaries[1], I already explained why it’s important to have a look at groups of interesting Windows API call to detect some behaviors. The classic example is code injection. Usually, it is based on something like this:

1. You allocate some memory
2. You get a shellcode (downloaded, extracted from a specific location like a section, a resource, …)
3. You copy the shellcode in the newly allocated memory region
4. You create a new threat to execute it.

But it’s not always like this! Last week, I worked on an incident involving a malicious DLL that I analyzed. The technique used to execute the shellcode was slightly different and therefore interesting to describe it here.

The DLL was delivered on the target system with an RTF document. This file contained the shellcode:

remnux@remnux:/MalwareZoo/20210318$ rtfdump.py suspicious.rtf
    1 Level  1        c=    3 p=00000000 l=    1619 h=     143;       5 b=       0   u=     539 rtf1
    2  Level  2       c=    2 p=00000028 l=      91 h=       8;       2 b=       0   u=      16 fonttbl
    3   Level  3      c=    0 p=00000031 l=      35 h=       3;       2 b=       0   u=       5 f0
    4   Level  3      c=    0 p=00000056 l=      44 h=       5;       2 b=       0   u=      11 f1
    5  Level  2       c=    0 p=00000087 l=      33 h=       0;       4 b=       0   u=       2 colortbl
    6  Level  2       c=    0 p=000000ac l=      32 h=      13;       5 b=       0   u=       5 *generator
    7 Remainder       c=    0 p=00000655 l=  208396 h=   17913;       5 b=       0   u=  182176 
      Whitespace = 4878  NULL bytes = 838  Left curly braces = 832  Right curly braces = 818

This file is completely valid from an RTF format point of view, will open successfully, and render a fake document. But the attacker appended the shellcode at the end of the file (have a look at stream 7 which has a larger size and a lot of unexpected characters (“u=”). Let’s try to have a look at the shellcode:

remnux@remnux:/MalwareZoo/20210318$ rtfdump.py suspicious.rtf -s 7 | head -20
00000000: 0D 0A 00 6E 07 5D A7 5E  66 D2 97 1F 65 31 FD 7E  ...n.].^f...e1.~
00000010: D9 8E 9A C4 1C FC 73 79  F0 0B DA EA 6E 06 C3 03  ......sy....n...
00000020: 27 7C BD D7 23 84 0B BD  73 0C 0F 8D F9 DF CC E7  '|..#...s.......
00000030: 88 B9 97 06 A2 F9 4D 8C  91 D1 5E 39 A2 F5 9A 7E  ......M...^9...~
00000040: 4C D6 C8 A2 2D 88 D0 C4  16 E6 2B 1C DA 7B DD F7  L...-.....+..{..
00000050: C4 FB 61 34 A6 BE 8E 2F  9D 7D 96 A8 7E 00 E2 E8  ..a4.../.}..~...
00000060: BB A2 D9 53 1C F3 49 81  77 93 30 16 11 9D 88 93  ...S..I.w.0.....
00000070: D2 6C 9D 56 60 36 66 BA  29 3E 73 45 CE 1A BE E3  .l.V`6f.)>sE....
00000080: 5A C7 96 63 E0 D7 DF C9  21 2F 56 81 BD 84 6C 2D  Z..c....!/V...l-
00000090: CF 4C 4E BE 90 23 47 DC  A7 A9 8E A2 C3 A3 2E D1  .LN..#G.........

It looks encrypted and a brute force of a single XOR encoding was not successful. Let’s see how it works in a debugger.

First, the RTF file is opened to get a handle and its size is fetched with GetFileSize(). Then, a classic VirtualAlloc() is used to allocate a memory space equal to the size of the file. Note the “push 40” which means that the memory will contain executable code (PAGE_EXECUTE_READWRITE):

Usually, the shellcode is extracted from the file by reading the exact amount of bytes. The malware jumps to the position of the shellcode start in the file and reads bytes until the EOF. In this case, the complete RTF file is read then copied into the newly allocated memory:

This is the interesting part of the code which processes the shellcode:

The first line “mov word ptr ss:[ebp-18], 658” defines where the shellcode starts in the memory map. In a loop, all characters are XOR’d with a key that is generated in the function desktop.70901100. The next step is to jump to the location of the decoded shellcode:

The address where to jump is based on the address of the newly allocated memory (0x2B30000) + the offset (658). Let’s have a look at this location (0x2B30658):

Sounds good, we have a NOP sled at this location + the string “MZ”. Let’s execute the unconditional JMP:

We reached our shellcode! Note the NOP instructions and also the method used to get the EIP:

02B30665 | E8 00000000 | call 2B3066A | call $0
02B3066A | 5B          | pop ebx      |

Now the shellcode will execute and perform the next stages of the infection…

[1] https://isc.sans.edu/forums/diary/Malware+Triage+with+FLOSS+API+Calls+Based+Behavior/26156

Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Jumping into Shellcode, (Mon, Mar 29th) appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/jumping-into-shellcode-mon-mar-29th/?utm_source=rss&utm_medium=rss&utm_campaign=jumping-into-shellcode-mon-mar-29th

Securing Vaccine Passport Applications

The single most valuable document today is a COVID-19 vaccination card. That golden ticket is the passport to a ‘normal’ life. If you are lucky enough to have one of those cards, however, you know already how awkward they are to carry around. And carrying one also means risking its loss. But since it is..

The post Securing Vaccine Passport Applications appeared first on Security Boulevard.

The post Securing Vaccine Passport Applications appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/securing-vaccine-passport-applications/?utm_source=rss&utm_medium=rss&utm_campaign=securing-vaccine-passport-applications

Top 3 Privacy Tips for Travel

This week, co-host Tom Eston shares his top 3 tips to stay more private when you travel this year on vacation. ** Links mentioned on the show ** Smartphone privacy screens (Amazon) https://www.amazon.com/s?k=smartphone+privacy+screen&ref=nb_sb_noss_1 Laptop privacy screens (Amazon) https://www.amazon.com/s?k=laptop+privacy+screen&ref=nb_sb_noss_2 ** Watch this episode on YouTube ** https://youtu.be/2izHDB80qgA ** Thank you to our sponsors! ** Silent Pocket […]

The post Top 3 Privacy Tips for Travel appeared first on The Shared Security Show.

The post Top 3 Privacy Tips for Travel appeared first on Security Boulevard.

The post Top 3 Privacy Tips for Travel appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/top-3-privacy-tips-for-travel/?utm_source=rss&utm_medium=rss&utm_campaign=top-3-privacy-tips-for-travel

NIST SP 800-172 (Formerly SP 800-171B) Release Couldn’t Come at a Better Time

NIST’s timely new release of Special Publication (SP) 800-172 (formerly referred to in draft form as 800-171B) provides exactly what its title says, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171. Yet it goes a step further to protect controlled unclassified information (CUI) specifically from APTs. According to Scott […]… Read More

The post NIST SP 800-172 (Formerly SP 800-171B) Release Couldn’t Come at a Better Time appeared first on The State of Security.

The post NIST SP 800-172 (Formerly SP 800-171B) Release Couldn’t Come at a Better Time appeared first on Security Boulevard.

The post NIST SP 800-172 (Formerly SP 800-171B) Release Couldn’t Come at a Better Time appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/nist-sp-800-172-formerly-sp-800-171b-release-couldnt-come-at-a-better-time/?utm_source=rss&utm_medium=rss&utm_campaign=nist-sp-800-172-formerly-sp-800-171b-release-couldnt-come-at-a-better-time

ISC Stormcast For Monday, March 29th, 2021 https://isc.sans.edu/podcastdetail.html?id=7432, (Mon, Mar 29th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post ISC Stormcast For Monday, March 29th, 2021 https://isc.sans.edu/podcastdetail.html?id=7432, (Mon, Mar 29th) appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/isc-stormcast-for-monday-march-29th-2021-https-isc-sans-edu-podcastdetail-htmlid7432-mon-mar-29th/?utm_source=rss&utm_medium=rss&utm_campaign=isc-stormcast-for-monday-march-29th-2021-https-isc-sans-edu-podcastdetail-htmlid7432-mon-mar-29th

ESB-2021.1073 – [Win] McAfee ePolicy Orchestrator: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1073
        ePolicy Orchestrator update addresses three vulnerabilities
             (CVE-2021-23888, CVE-2021-23889, CVE-2021-23890)
                               29 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           McAfee ePolicy Orchestrator
Publisher:         McAfee
Operating System:  Windows
Impact/Access:     Cross-site Scripting           -- Remote with User Interaction
                   Provide Misleading Information -- Remote with User Interaction
                   Access Confidential Data       -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-23890 CVE-2021-23889 CVE-2021-23888

Original Bulletin: 
   https://kc.mcafee.com/corporate/index?page=content&id=SB10352

- --------------------------BEGIN INCLUDED TEXT--------------------

McAfee Security Bulletin - ePolicy Orchestrator update addresses three
vulnerabilities (CVE-2021-23888, CVE-2021-23889, CVE-2021-23890)

Security Bulletins ID   : SB10352

Last Modified           : 3/25/2021

Summary

First Published: March 25, 2021
+----------------+----------+--------------+----------------+--------+--------+
|                |          |              |                |        |CVSS    |
|                |Impacted  |              |Impact of       |Severity|v3.1    |
|Product:        |Versions: |CVE ID:       |Vulnerabilities:|Ratings:|Base/   |
|                |          |              |                |        |Temporal|
|                |          |              |                |        |Scores: |
+----------------+----------+--------------+----------------+--------+--------+
|                |          |              |CWE-938:        |        |        |
|                |          |CVE-2021-23888|Unvalidated     |Medium  |6.3 /   |
|                |5.10 prior|              |Redirects and   |        |5.7     |
|                |to Update |              |Forwards        |        |        |
|ePolicy         |10        +--------------+----------------+--------+--------+
|Orchestrator    |5.9.1     |              |CWE 79:         |        |3.5 /   |
|(ePO)           |prior to  |CVE-2021-23889|Cross-Site      |Low     |3.2     |
|                |HF        |              |Scripting (XSS) |        |        |
|                |EPO-937000+--------------+----------------+--------+--------+
|                |          |              |CWE-717:        |        |6.5 /   |
|                |          |CVE-2021-23890|Information Leak|Medium  |5.9     |
|                |          |              |/Disclosure     |        |        |
+----------------+----------+--------------+----------------+--------+--------+
|                |Install or update to the versions listed below:             |
|Recommendations:|                                                            |
|                |  o ePO 5.10.0 Update 10                                    |
|                |  o ePO 5.9.1 HF EPO-937000                                 |
+----------------+------------------------------------------------------------+
|Security        |                                                            |
|Bulletin        |None                                                        |
|Replacement:    |                                                            |
+----------------+------------------------------------------------------------+
|Location of     |                                                            |
|updated         |http://www.mcafee.com/us/downloads/downloads.aspx           |
|software:       |                                                            |
+----------------+------------------------------------------------------------+

To receive email notification when this Security Bulletin is updated, click
Subscribe on the right side of the page. You must be logged on to subscribe.

Article contents:

  o Vulnerability Description
  o Remediation
  o Additional steps required to address CVE-2021-23890
  o Acknowledgments
  o Frequently Asked Questions (FAQs)
  o Resources
  o Disclaimer

Vulnerability Description

 1. CVE-2021-23888
    Unvalidated client-side URL redirect vulnerability in McAfee ePolicy
    Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO
    user to load an untrusted site in an ePO iframe which could steal
    information from the authenticated user.

    This would require the attacker to convince the ePO user to click a
    malicious link whilst logged into the ePO server through the same browser
    they clicked on the malicious link in. The results of this attack are not
    stored in ePO.
    https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2021-23888
    https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2021-23888
 2. CVE-2021-23889
    Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO)
    prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web
    script or HTML via multiple parameters where the administrator's entries
    were not correctly sanitized.

    To exploit this the attacker would either:
       Need to know an existing registered command in the ePO system which
        they can pass parameters to, triggering the Cross-site scripting
        vulnerability
       Add a new registered command to the ePO system which does not sanitize
        parameters. Adding a new command to the ePO system requires
        administrator privileges and they must be logged onto the local ePO
        system, not through the User Interface. This could then be exploited by
        a another ePO user. Execution of these commands is not granted by
        default to non-administrator ePO users.
    https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2021-23889
    https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2021-23889
 3. CVE-2021-23890
    Information leak vulnerability in the Agent Handler of McAfee ePolicy
    Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user
    to download McAfee product packages (specifically McAfee Agent) available
    in ePO repository and install them on their own machines to have it managed
    and then in turn get policy details from the ePO server. This can only
    happen when the ePO Agent Handler is installed in a Demilitarized Zone
    (DMZ) to service machines not connected to the network through a VPN.

    Once the software fix has been applied, further configuration changes are
    required. See the Additional steps required to address CVE-2021-23890 
    section below.
    https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2021-23890
    https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2021-23890

Remediation
To remediate this issue:

  o Customers using ePO 5.10 should update to ePO 5.10.0 Update 10.
  o Customers using ePO 5.9.x and earlier should upgrade to ePO 5.10.0 Update
    10.
  o Customers using ePO 5.9.x and earlier could apply ePO 5.9.1 HF EPO-937000
    to resolve only CVE-2021-23890. McAfee strongly recommends upgrading ePO to
    version 5.10 as the End of Life for ePO 5.9.1 has been announced as August
    31, 2021. For more information, see: KB93286 - End of Life for ePolicy
    Orchestrator 5.9.x .

Go to the Product Downloads site , and download the applicable product update/
hotfix file:
+-------+-------+------+--------------------+--------------+
|Product|Version|Type  |File Name           |Release Date  |
+-------+-------+------+--------------------+--------------+
|ePO    |5.9.1  |Hotfix|EPO-937000          |March 25, 2021|
+-------+-------+------+--------------------+--------------+
|ePO    |5.10.0 |Update|ePO 5.10.0 Update 10|March 25, 2021|
+-------+-------+------+--------------------+--------------+

Download and Installation Instructions
For instructions to download McAfee product updates and hotfixes, see: KB56057
- - How to download Enterprise product updates and documentation . Review the
Release Notes and the Installation Guide for instructions on how to install
these updates. All documentation is available at https://docs.mcafee.com .
Additional steps required to address CVE-2021-23890
Apply these two settings changes after applying ePO 5.10.0 Update 10 or ePO
5.9.1 HF EPO-937000:

Setting 1: Stop auto-install of the agent into the ePO System Tree coming
through the DMZ.

 1. On the remote ePO Agent Handler that is installed in a DMZ, navigate to the
    Agent HandlerDB folder.
 2. Edit the server.ini configuration file.
 3. Add the setting DMZ=1 under the [Server] section and save the file.

Setting 2: Block download of McAfee Agent packages from DMZ installed ePO Agent
Handlers.

NOTE: The following instructions also prevent off-network/off-VPN McAfee Agents
from upgrading their McAfee Agent client software.

 1. On the remote ePO Agent Handler that is installed in a DMZ, navigate to the
    apache2conf folder.
 2. Open the httpd.conf file.
 3. Search for this line:  require all denied 
 4. Add the following contents to below the location found in the previous step
    3.

    # Block agent package requests from being served by this agent handler
    
    SetHandler none
    Require all denied
    
 5. Save the httpd.conf file.
 6. Open Service Control Manager and restart the ePO 5.10 Server service.

Acknowledgments
McAfee credits the following for responsibly reporting these flaws:
CVE-2021-23888 - Ricardo Almeida (vibrio)
CVE-2021-23889 - Michal Skowron from ING Tech Poland
CVE-2021-23890 - Saulius Pranckevicius from Danske Bank Red Team
Frequently Asked Questions (FAQs)
How do I know if my McAfee product is vulnerable or not
For ePO/server products:
Use the following instructions for server-based products:

  o Check the version and build of ePO that is installed. For instructions, see
    KB52634 - How to determine what update is installed for ePO .
  o Create a query in ePO for the product version of the product installed
    within your organization.

What is CVSS
CVSS, or Common Vulnerability Scoring System, is the result of the National
Infrastructure Advisory Council's effort to standardize a system of assessing
the criticality of a vulnerability. This system offers an unbiased criticality
score between 0 and 10 that customers can use to judge how critical a
vulnerability is and plan accordingly. For more information, visit the CVSS
website at: https://www.first.org/cvss/ .

When calculating CVSS scores, McAfee has adopted a philosophy that fosters
consistency and repeatability. Our guiding principle for CVSS scoring is to
score the exploit under consideration by itself. We consider only the immediate
and direct impact of the exploit under consideration. We do not factor into a
score any potential follow-on exploits that might be made possible by the
successful exploitation of the issue being scored.

What are the CVSS scoring metrics

 1. CVE-2021-23888: ePO unvalidated URL redirect vulnerability
    +------------------------+--------------------+
    |Base Score              |6.3                 |
    +------------------------+--------------------+
    |Attack Vector (AV)      |Network (N)         |
    +------------------------+--------------------+
    |Attack Complexity (AC)  |Low (L)             |
    +------------------------+--------------------+
    |Privileges Required (PR)|Low (L)             |
    +------------------------+--------------------+
    |User Interaction (UI)   |Required (R)        |
    +------------------------+--------------------+
    |Scope (S)               |Unchanged (U)       |
    +------------------------+--------------------+
    |Confidentiality (C)     |High (H)            |
    +------------------------+--------------------+
    |Integrity (I)           |Low (L)             |
    +------------------------+--------------------+
    |Availability (A)        |None (N)            |
    +------------------------+--------------------+
    |Temporal Score (Overall)|5.7                 |
    +------------------------+--------------------+
    |Exploitability (E)      |Proof of Concept (P)|
    +------------------------+--------------------+
    |Remediation Level (RL)  |Official Fix (O)    |
    +------------------------+--------------------+
    |Report Confidence (RC)  |Confirmed (C)       |
    +------------------------+--------------------+

    NOTE: The below CVSS version 3.1 vector was used to generate this score.
    https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:N/AC:L/PR:L/
    UI:R/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C&version=3.1
 2. CVE-2021-23889: ePO Cross-site Scripting vulnerability
    +------------------------+--------------------+
    |Base Score              |3.5                 |
    +------------------------+--------------------+
    |Attack Vector (AV)      |Network (N)         |
    +------------------------+--------------------+
    |Attack Complexity (AC)  |Low (L)             |
    +------------------------+--------------------+
    |Privileges Required (PR)|High (H)            |
    +------------------------+--------------------+
    |User Interaction (UI)   |Required (R)        |
    +------------------------+--------------------+
    |Scope (S)               |Unchanged (U)       |
    +------------------------+--------------------+
    |Confidentiality (C)     |Low (L)             |
    +------------------------+--------------------+
    |Integrity (I)           |Low (L)             |
    +------------------------+--------------------+
    |Availability (A)        |None (N)            |
    +------------------------+--------------------+
    |Temporal Score (Overall)|3.2                 |
    +------------------------+--------------------+
    |Exploitability (E)      |Proof of Concept (P)|
    +------------------------+--------------------+
    |Remediation Level (RL)  |Official Fix (O)    |
    +------------------------+--------------------+
    |Report Confidence (RC)  |Confirmed (C)       |
    +------------------------+--------------------+

    NOTE: The below CVSS version 3.1 vector was used to generate this score.
    https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:N/AC:L/PR:H/
    UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C&version=3.1
 3. CVE-2021-23890: ePO Information Leak vulnerability
    +------------------------+--------------------+
    |Base Score              |6.5                 |
    +------------------------+--------------------+
    |Attack Vector (AV)      |Network (N)         |
    +------------------------+--------------------+
    |Attack Complexity (AC)  |Low (L)             |
    +------------------------+--------------------+
    |Privileges Required (PR)|None (N)            |
    +------------------------+--------------------+
    |User Interaction (UI)   |None (N)            |
    +------------------------+--------------------+
    |Scope (S)               |Unchanged (U)       |
    +------------------------+--------------------+
    |Confidentiality (C)     |Low (L)             |
    +------------------------+--------------------+
    |Integrity (I)           |Low (L)             |
    +------------------------+--------------------+
    |Availability (A)        |None (N)            |
    +------------------------+--------------------+
    |Temporal Score (Overall)|5.9                 |
    +------------------------+--------------------+
    |Exploitability (E)      |Proof of Concept (P)|
    +------------------------+--------------------+
    |Remediation Level (RL)  |Official Fix (O)    |
    +------------------------+--------------------+
    |Report Confidence (RC)  |Confirmed (C)       |
    +------------------------+--------------------+

    NOTE: The below CVSS version 3.1 vector was used to generate this score.
    https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:N/AC:L/PR:N/
    UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C&version=3.1

Where can I find a list of all Security Bulletins
All Security Bulletins are published on our external PSIRT website at https://
www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To see
Security Bulletins for McAfee Enterprise products on this website click
Enterprise Security Bulletins . Security Bulletins are retired (removed) once a
product is both End of Sale and End of Support (End of Life).

How do I report a product vulnerability to McAfee
If you have information about a security issue or vulnerability with a McAfee
product, visit the McAfee PSIRT website for instructions at https://
www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To report an
issue, click Report a Security Vulnerability .

How does McAfee respond to this and any other reported security flaws
Our key priority is the security of our customers. If a vulnerability is found
within any McAfee software or services, we work closely with the relevant
security software development team to ensure the rapid and effective
development of a fix and communication plan.

McAfee only publishes Security Bulletins if they include something actionable
such as a workaround, mitigation, version update, or hotfix. Otherwise, we
would simply be informing the hacker community that our products are a target,
putting our customers at greater risk. For products that are updated
automatically, a non-actionable Security Bulletin might be published to
acknowledge the discoverer.

View our PSIRT policy on the McAfee PSIRT website at https://www.mcafee.com/us/
threat-center/product-security-bulletins.aspx by clicking About PSIRT .
Resources
To contact Technical Support, log on to the ServicePortal and go to the Create
a Service Request page at https://support.mcafee.com/ServicePortal/faces/
serviceRequests/createSR :

  o If you are a registered user, type your User ID and Password, and then
    click Log In .
  o If you are not a registered user, click Register and complete the required
    fields. Your password and logon instructions will be emailed to you.

Disclaimer
The information provided in this Security Bulletin is provided as is without
warranty of any kind. McAfee disclaims all warranties, either express or
implied, including the warranties of merchantability and fitness for a
particular purpose. In no event shall McAfee or its suppliers be liable for any
damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages, even if McAfee or its suppliers have
been advised of the possibility of such damages. Some states do not allow the
exclusion or limitation of liability for consequential or incidental damages so
the preceding limitation may not apply.

Any future product release dates mentioned in this Security Bulletin are
intended to outline our general product direction, and they should not be
relied on in making a purchasing decision. The product release dates are for
information purposes only, and may not be incorporated into any contract. The
product release dates are not a commitment, promise, or legal obligation to
deliver any material, code, or functionality. The development, release, and
timing of any features or functionality described for our products remains at
our sole discretion and may be changed or canceled at any time

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYGEgp+NLKJtyKPYoAQgWCRAAo7aQ+w41BSaClU9i4+GgDyXCTE8L81ZT
Pqdz138M0FD+CRhjQWIUdmJCUXN9GgDtKRcd9UWSq6faqvHWAQw1FYgdcfSsSFzb
lebAaSF2+jeny4KfUFa86A6yLT9Rx+Oj2oxGwJtBtJ3nNgq69RW2YPmJcop40/fQ
1za/KGOYCAfzTOMe5a2nqiPfujOuIsDkfDRzjJ+rwtK34EEhOrPpqlYepDJOj8Up
GvRbPbsBiKfl/9Fjn/DlUMjYfNdGxUtm8nmxPR5C4S66LwefsypCvxBGMyunvv8i
1w8eA3BnxVTBrzFIKLGgoxZX449sKuuWpAoQPRX9jexZSu2vh0YT/YALlcaSoC+Z
dMXfxpKnligKtcql7IGxRMWwWTcNL6gCngeltmrCMc43KO/MOH3Dp5Iwl7qJTIn8
MLMNGyyw6BMZo7HK1qWsQLQeLVVEk6+w8iJ5TZ1EfK5jKbkmq5fug5zmfj3jSsv3
xgzFemvfAPbvea+HjIid2Kshu5457TK7geutIYg/+T6BRUeHoRS4kszu+HC0C3RL
ajTwz+mECPf7aCdsdxPMFxfSZNoVLjVNSMA2pg4K5Y0eKRv7cBovlUDf7zmGjUDQ
U+cNOQmnh/6RVT9XZ7Hkel3bAKjPmRAxsSF/UBalOouUcX3BgeoNmeB7SJm/1wwA
CKcoD1zeG6s=
=cuCK
-----END PGP SIGNATURE-----

The post ESB-2021.1073 – [Win] McAfee ePolicy Orchestrator: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/esb-2021-1073-win-mcafee-epolicy-orchestrator-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1073-win-mcafee-epolicy-orchestrator-multiple-vulnerabilities

ESB-2021.1072 – [Debian] thunderbird: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1072
                        thunderbird security update
                               29 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           thunderbird
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-23987 CVE-2021-23984 CVE-2021-23982
                   CVE-2021-23981  

Reference:         ESB-2021.1064
                   ESB-2021.1062

Original Bulletin: 
   http://www.debian.org/lts/security/2021/dla-2609

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2609-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
March 26, 2021                                https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : thunderbird
Version        : 1:78.9.0-1~deb9u1
CVE ID         : CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code or information disclosure.

For Debian 9 stretch, these problems have been fixed in version
1:78.9.0-1~deb9u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmBd/q0ACgkQnUbEiOQ2
gwJ69RAAgQf/5fg2KjMVWjyWoaZiZeUmL0FYCcA0NlleZnTWniemILeGfHVhPDf6
gjoBQzvE2vIPzvs2fUzJgZ/vWQUxiQQ00W/lzIslWPq40vppdUQeHQkMdgb6V3n9
AMGUPKYzfUqrCUaupWc9kheoGtRZJabtp/oIZnov2FMa5st9E6pJLHmFm5GynVgA
kV59CFBidBJG6UvODkkP8CMb/lpnGPsLB3rcBSuqpgI7Pa6xPjRSg+l5IDZXHxxf
o5sTJ5oHmTe+zwr9c+ru5Q6tlSlsMC7Zg+9l9WNG5LIMh2/TyNq3Bz52t8lneXWJ
oFTnCtWQpPl0/d6v6CgOi67xytJS43CKuy8rx7ERu8Zx6B0LomObw+UAXPM62a6X
OlNQJB+y4wYdtr6pHMS2Mut2VZqahiF5HcBrsUEre8g6XflxF9+F0kAwlApLzzO5
xajsLmZHi8f2ZagClc/o+dYTi879V+uKZRiBW4p77wM8sVvkAB3mIyiEc0BIy73U
ebPaSEOdJZqVLKVwburMcGILAoQJlFhPXfnHVsXFq9CgF/k/LfgP2FkpDtuqxoeZ
cjDyq1jAWDl3qzaOTeq+eJ9URy2f27b1Vmm7/0oJmvPUPkSozp3UmAYmRsR1Ub6o
VDXWJEI9eMb1+qBvktcwK7oW6mOXxQyvCJtHc+xTn44VQMegOrY=
=Psxo
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYGEgQeNLKJtyKPYoAQhRNw//SFJEVTc/RfBD2x/4pg13X9jxj/J4XAtA
u9VFV6zfdW8QK40Y9IsO/T8DiQFX00fAAbvLTYiClilD8KOjJgokc/+cynpFBSKH
77f0zbFgiaFeOc+0tTmVxnSq+LWXHBTjWXvPnfhP+nVQ7XqFEDwmGABtrVWcGNEM
WFPwfD4PVpKa6HHNiiKaW0jqhr4nabrMbdDE99dzDDMY9VAsprxsX/Ucgf2CxL60
9nAIXCzVwWaUK/OxIezVPDasWdCD/rg6WlfOu78ulITAjv0WkX8aJHC9d8vUwu2Z
DtFtGpJFeXHI9i3jX30XXp/4+HLzTqt0ypVeBQPIo5IcLVnAUAuU4RS5xQ+9p3KF
TkH9sR0xkKc8bb88XOSrGBaWWhuQ7We+wj4SB+LgayaM0my3t6P6oxmQ5aOIYGyp
Sv9eUFJ0N79uO2sgWLyZ1fhOZ1lO/1YdNRVrDhIhtrnf6mwlUVECVUwby09FlI5y
uoONdTEMT9vg1IUkcS/MEVyCbTTVU3FdGyj5U6M+53TsB/YaWye4U9iMZVmJ9uFP
gZN3W/cPnXMa7QI2aEjI6XXEHQQnApSwfVs3mkE93I6tTlO28hp3papQE9yj/Rns
UREGPNzkvi1NxDmRW2wtgrC0RpA579wxhX2Av6DEZ/W05+z/OW9EgIFSAq726+zc
1asvU9bn+kY=
=ktGm
-----END PGP SIGNATURE-----

The post ESB-2021.1072 – [Debian] thunderbird: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/esb-2021-1072-debian-thunderbird-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1072-debian-thunderbird-multiple-vulnerabilities

Malware Devil

Monday, March 29, 2021

What is 5G?

What is 5G network slicing?

The vulnerability

How can this be abused?

Is there any real danger?

We cover our own research on:

Other cybersecurity news:

We cover our own research on:

Other cybersecurity news:

We cover our own research on:

Other cybersecurity news:

We cover our own research on:

Other cybersecurity news:

We cover our own research on:

Other cybersecurity news:

We cover our own research on:

Other cybersecurity news:

Blog Archive

About Me