Malware Devil

Monday, July 5, 2021

ESB-2021.1467.2 – UPDATE [Cisco] Multiple Cisco Products: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1467.2
Multiple Cisco Products Snort HTTP Detection Engine File
Policy Bypass Vulnerability
5 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Series Integrated Services Routers (ISRs)
Series Industrial Security Appliances (ISAs)
Catalyst 8xxx Products
Cloud Services Router 1000V Series
Firepower Threat Defense (FTD) Software
Integrated Services Virtual Router (ISRv)
Open Source Snort 2
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Unauthorised Access — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-1495

Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc

Revision History: July 5 2021: Added vulnerability CVE-2021-1494
April 29 2021: Initial Release

– ————————–BEGIN INCLUDED TEXT——————–

TITLE: Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerabilities
Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass
Vulnerabilities

Priority: Medium
Advisory ID: cisco-sa-http-fp-bp-KfDdcQhc
First Published: 2021 April 28 16:00 GMT
Last Updated: 2021 May 20 18:51 GMT
Version 1.1: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvv70864 CSCvw19272 CSCvw26645 CSCvw59055
CVE Names: CVE-2021-1494 CVE-2021-1495
CWEs: CWE-693

Summary

o Multiple Cisco products are affected by vulnerabilities in the Snort
detection engine that could allow an unauthenticated, remote attacker to
bypass a configured file policy for HTTP.

These vulnerabilities are due to incorrect handling of specific HTTP header
parameters. An attacker could exploit these vulnerabilities by sending
crafted HTTP packets through an affected device. A successful exploit could
allow the attacker to bypass a configured file policy for HTTP packets and
deliver a malicious payload.

Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc

Affected Products

o Vulnerable Products

At the time of publication, these vulnerabilities affected all open source
Snort project releases earlier than Release 2.9.17.1. For more information
on open source Snort, see the Snort website .

At the time of publication, these vulnerabilities affected the following
Cisco products if they were running a vulnerable release of Cisco UTD Snort
IPS Engine Software for Cisco IOS XE Software or Cisco UTD Engine for Cisco
IOS XE SD-WAN Software and were configured with a Snort HTTP Detection
Engine File Policy:

1000 Series Integrated Services Routers (ISRs)
3000 Series Industrial Security Appliances (ISAs)
4000 Series Integrated Services Routers (ISRs)
Catalyst 8000V Edge Software
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Catalyst 8500L Series Edge Platforms
Cloud Services Router 1000V Series
Firepower Threat Defense (FTD) Software
Integrated Services Virtual Router (ISRv)
Open Source Snort 2

For information about which Cisco software releases were vulnerable at the
time of release, see the Fixed Software section of this advisory.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.

Cisco has confirmed that these vulnerabilities do not affect the following
Cisco products:

Adaptive Security Appliance (ASA) Software
Catalyst 8500 Series Edge Platforms
Firepower Management Center (FMC) Software
Meraki Security Appliances
Open Source Snort 3

Workarounds

o There are no workarounds that address these vulnerabilities.

Fixed Software

o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.

In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.

Fixed Releases

At the time of publication, the release information in the following table
(s) was accurate. See the Details section in the bug ID(s) at the top of
this advisory for the most complete and current information.

The left column lists Cisco software releases, and the right column
indicates whether a release was affected by the vulnerabilities described
in this advisory and which release included the fix for these
vulnerabilities.

Cisco FTD Software

Cisco FTD Software Release First Fixed Release for these Vulnerabilities
Earlier than 6.2.2 ^1 Migrate to a fixed release.
6.2.2 Migrate to a fixed release.
6.2.3 Migrate to a fixed release.
6.3.0 Migrate to a fixed release.
6.4.0 6.4.0.12
6.5.0 Migrate to a fixed release.
6.6.0 6.6.4 ^2
6.7.0 6.7.0.2

1. Cisco FMC and FTD Software releases 6.0.1 and earlier, as well as
releases 6.2.0 and 6.2.1, have reached end of software maintenance .
Customers are advised to migrate to a supported release that includes the
fix for this vulnerability.

2. The First Fixed Release for the 6.6.0 code train was 6.6.3; however, due
to upgrade issues associated with CSCvx86231 the recommended release is
6.6.4.

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

For devices that are managed by using Cisco Firepower Management Center
(FMC), use the FMC interface to install the upgrade. After installation
is complete, reapply the access control policy.
For devices that are managed by using Cisco Firepower Device Manager
(FDM), use the FDM interface to install the upgrade. After installation
is complete, reapply the access control policy.

Cisco IOS XE Software and Cisco IOS XE SD-WAN Software

Cisco UTD Snort IPS Engine Software
for IOS XE and Cisco UTD Engine for IOS XE First Fixed Release for these
SD-WAN Software ^1 Vulnerabilities
Earlier than 16.12 Migrate to a fixed release.
16.12 16.12.5
17.1 Migrate to a fixed release.
17.2 Migrate to a fixed release.
17.3 17.3.3
17.4 17.4.1

^ 1 Starting with release 17.2.1, Cisco IOS XE Software and Cisco IOS XE
SD-WAN Software share the same image file.

Open Source Snort

The open source Snort project releases 2.9.17.1 and later contain the fix
for these vulnerabilities. For more information on open source Snort, see
the Snort website .

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.

Source

o These vulnerabilities were found by Santosh Krishnamurthy of Cisco during
internal security testing.

Cisco Security Vulnerability Policy

o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc

Revision History

o +———+——————————+———+——–+————-+
| Version | Description | Section | Status | Date |
+———+——————————+———+——–+————-+
| 1.1 | Added CVE-2021-1494 to the | – | Final | 2021-MAY-20 |
| | advisory | | | |
+———+——————————+———+——–+————-+
| 1.0 | Initial public release. | – | Final | 2021-APR-28 |
+———+——————————+———+——–+————-+

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYOKUoONLKJtyKPYoAQjpAA//R/0+R1kD9YvgbPMkx8zJuXX4MR+0xTV3
8px4rs4qxL3Bs5oY1ig1AcV4UAlNXzZNByxw3VZ7L3BBOCUjTJj+Y2vPuNfwVMPD
QJ00WXnqvf2W30k9dEPBbufeZcnasXl08RN+GI9ZGUlB+zyAfo2kw+arceDfxxsO
jMlyUOECE7Qw5bPN5JPeRpg0hFesmy1dqgw+J04kHlprtmp2JD94ccMt115mEnIC
aKE3uFaH7FPEQR7CD580xUdbtAOPrusTRoWpnPQXokvzT8FspvHmbuZHA40uevWI
uto0MFr1wXLJS74cYnejswb7/iM5iyAMw9fYn/FvrpZzw/Cha01vxvk9yRRo+MQf
vPoOqatyNfI+Vm56qjKM1YFkdSlUYw06wbQVIUEUSoDImEz1RpCI4aDYiA/weIhK
vC6MjpEIJtig/lhp7VyXRyBh2atH+Vb2BMWZr7kj9yBq6InkwLCEyY5eoW1EAjGr
JIiIuDILKZE702PnRRICCrcjuRaIuYTuGYJhasFsto2AxlDsIHNHUrgIiW7+8gjQ
mGTL3UBtrYl3lV2IqFpwUMlUG8lh593UXdNZXdGsMdOzJiPasBgTOoC/D5jO2P+5
dBLgIXURlYJ1rDTroSZu9OdoZLDz6OkzgJ6bh/gxXRPtFou7cNHWW/6rm2ZL7Da/
dUh0i4P+vmI=
=PFn3
—–END PGP SIGNATURE—–

The post ESB-2021.1467.2 – UPDATE [Cisco] Multiple Cisco Products: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/05/esb-2021-1467-2-update-cisco-multiple-cisco-products-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1467-2-update-cisco-multiple-cisco-products-multiple-vulnerabilities

ESB-2021.2312 – [UNIX/Linux] F5 Products: Denial of service – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2312
GNU C Library (glibc) vlunerability CVE-2016-10228
5 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: BIG-IP
BIG-IQ
Traffix
F5OS
Publisher: F5 Networks
Operating System: UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2016-10228

Reference: ESB-2021.2232
ESB-2021.2228
ESB-2021.0728

Original Bulletin:
https://support.f5.com/csp/article/K52494142

– ————————–BEGIN INCLUDED TEXT——————–

K52494142: GNU C Library (glibc) vlunerability CVE-2016-10228

Original Publication Date: 03 Jul, 2021

Security Advisory Description

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier,
when invoked with multiple suffixes in the destination encoding (TRANSLATE or
IGNORE) along with the -c option, enters an infinite loop when processing
invalid multi-byte input sequences, leading to a denial of service. (
CVE-2016-10228)

Impact

An attacker can exploit this vulnerability by crafting a sequence of invalid
multi-byte input to an application using the iconv program and causing the
application to enter an infinite loop, leading to a denial-of-service (DoS).

Security Advisory Status

F5 Product Development has assigned ID 1029013 (BIG-IP/BIG-IQ/F5OS) and
SDC-1236 (Traffix) to this vulnerability.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding security advisory versioning.

Note: After a fix is introduced for a given minor branch, that fix applies to
all subsequent maintenance and point releases for that branch, and no
additional fixes for that branch will be listed in the table. For example, when
a fix is introduced in 14.1.2.3, the fix also applies to 14.1.2.4, and all
later 14.1.x releases (14.1.3.x., 14.1.4.x). For more information, refer to
K51812227: Understanding security advisory versioning. Additionally, software
versions preceding those listed in the following table have reached the End of
Technical Support (EoTS) phase of their lifecycle and are no longer evaluated
for security issues. For more information, refer to the Security hotfixes
section of K4602: Overview of the F5 security vulnerability response policy.

+————-+——+————–+———-+——–+——+————–+
| | |Versions known|Fixes | |CVSSv3|Vulnerable |
|Product |Branch|to be |introduced|Severity|score^|component or |
| | |vulnerable^1 |in | |2 |feature |
+————-+——+————–+———-+——–+——+————–+
| |16.x |16.0.0 – |Not | | | |
| | |16.0.1 |applicable| | | |
| +——+————–+———-+ | | |
| |15.x |15.1.0 – |Not | | | |
| | |15.1.3 |applicable| | | |
| +——+————–+———-+ | | |
| |14.x |14.1.0 – |Not | | | |
|BIG-IP (all | |14.1.4 |applicable| | | |
|modules) +——+————–+———-+Low |3.3 |glibc library |
| |13.x |13.1.0 – |Not | | | |
| | |13.1.4 |applicable| | | |
| +——+————–+———-+ | | |
| |12.x |12.1.0 – |Not | | | |
| | |12.1.6 |applicable| | | |
| +——+————–+———-+ | | |
| |11.x |11.6.1 – |Not | | | |
| | |11.6.5 |applicable| | | |
+————-+——+————–+———-+——–+——+————–+
| |8.x |8.0.0 – 8.1.0 |Not | | | |
| | | |applicable| | | |
|BIG-IQ +——+————–+———-+ | | |
|Centralized |7.x |7.0.0 – 7.1.0 |Not |Low |3.3 |glibc library |
|Management | | |applicable| | | |
| +——+————–+———-+ | | |
| |6.x |6.0.1 – 6.1.0 |Not | | | |
| | | |applicable| | | |
+————-+——+————–+———-+——–+——+————–+
|F5OS |1.x |1.1.0 – 1.1.2 |Not |Low |3.3 |glibc library |
| | | |applicable| | | |
+————-+——+————–+———-+——–+——+————–+
|Traffix SDC |5.x |5.1.0 |Not |Low |3.3 |glibc library |
| | | |applicable| | | |
+————-+——+————–+———-+——–+——+————–+

^1F5 evaluates only software versions that have not yet reached the End of
Technical Support (EoTS) phase of their lifecycle.

^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by installing a version listed in
the Fixes introduced in column. If the Fixes introduced in column does not list
a version for your branch, then no update candidate currently exists for that
branch and F5 recommends upgrading to a version with the fix (refer to the
table).

If the Fixes introduced in column lists a version prior to the one you are
running, in the same branch, then your version should have the fix.

Mitigation

None

Supplemental Information

o K41942608: Overview of security advisory articles
o K4602: Overview of the F5 security vulnerability response policy
o K4918: Overview of the F5 critical issue hotfix policy
o K8986: F5 software lifecycle policy
o K9502: BIG-IP hotfix and point release matrix
o K13123: Managing BIG-IP product hotfixes (11.x – 16.x)
o K15106: Managing BIG-IQ product hotfixes
o K15113: BIG-IQ hotfix and point release matrix
o K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM
systems (11.4.x and later)
o K167: Downloading software and firmware from F5
o K9970: Subscribing to email notifications regarding F5 products
o K9957: Creating a custom RSS feed to view new and updated documents

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOKRvuNLKJtyKPYoAQiLBw//WCGd5GxyJN4N+nqBvTgjdsEjyn3k3q5d
1ir2Qw+a91YG4ZqVlxmT27TGZzLmVlWxzK2ZH3Ij86fzS37W2uC7Duz5s4f+R5x5
fyKsUmjbIQewE0JdDQqOQNo7AD6+zjIkIi29/71jnx2jnvBZSnlRen6cqp6c04oQ
HwdMDxZSUIK3zIUdVzetUGg5oXbXv7WEuqqTSYluBJQee5plbv8jlYmiIJdRMH6Z
yTApK9QQWO+aYmRzwtn48IUylcU9RML8UILyWYDeUvNVNZIEuM8gCvX5/4Sqy8S0
eCjL0IpN4oUU+zF2Z6kT2UPBEXA/zqzJI0xtYP9z2HVP3aUVDWITI0Sm2h0M4E02
DM14UIQ3lhoMhbA+NwIxMxa2TSnafBqg2SGnWavMS9KlNKNkXZue3tCU55W6dltS
gNH6BFnKusYp12ThinCXK1V1s8XKkVuN+TK2fchoVOdbROdOj0PqcDX4cqJduyee
C+TDuHZKg1j7Qxne9NAFfLFvCzUZ6KUNj+rPMD6kGSm4sGTQ6ih0BQUMtGYDuPgX
33DF25+SJErboA+pqa7in0lIoAqVv7WqkQurqCp6STZ03ZGvtwtpieqkSq/MuaT/
R88rYnEi/18cohnPLItPj6PoTXMySaD4wkUA4hWpx/OQ3Vh7SOl12ceF7RUxel3V
AHJMgW2zSto=
=gwCs
—–END PGP SIGNATURE—–

The post ESB-2021.2312 – [UNIX/Linux] F5 Products: Denial of service – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/07/05/esb-2021-2312-unix-linux-f5-products-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2312-unix-linux-f5-products-denial-of-service-existing-account

ESB-2021.2311 – [Debian] djvulibre: Multiple Vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2311
djvulibre security update
5 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: djvulibre
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Denial of Service — Existing Account
Reduced Security — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3630

Reference: ESB-2021.2309

Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/07/msg00002.html

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

– – ———————————————————————–
Debian LTS Advisory DLA-2702-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
July 03, 2021 https://wiki.debian.org/LTS
– – ———————————————————————–

Package : djvulibre
Version : 3.5.27.1-7+deb9u2
CVE ID : CVE-2021-3630

An out-of-bounds write vulnerability was found in DjVuLibre in
DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file
which may lead to crash and segmentation fault.

For Debian 9 stretch, this problem has been fixed in version
3.5.27.1-7+deb9u2.

We recommend that you upgrade your djvulibre packages.

For the detailed security status of djvulibre please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/djvulibre

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmDgymAACgkQgj6WdgbD
S5ZZoBAA5lQ3qMy3UocDz+ViZ0/m7Z+Z4NHIJikpfzVngaa0RFkNe9u4F7CSNR57
Nz+QqdgxUJKID552l4SDU3KXjMSanlcQG/WO8cMeFPIX03fdVQgn6GNaIpMHCESA
eDWxAF3+UpXJR+vATMXHQYSXC/gsUWHBFDsVvEHsqogUpLewGM5tqbibkY3VZbV4
7j72iAHE2YN4BsbTxTEtPCo0NqxpOJro4jqTCMpHq7xmmo9jjAo1GYc2NVfSNDnJ
YUI6uWXraEPliwvun4ZD6N2HsbuvHJ/x9fPgqy/kSPO3BHgRutNG6XV4lCVhDNcw
ohrLQp0E5eHvyUjT2DJJmA9ToKDJqTwbBkCqPlPitjvg5YJ4PD5U61B/4cVWXyBg
P40FMz2t/tVyuU7Xy3UwJVoni+rmFVjuAmehKvAAoUkibwo4SLFmKGZfDDrcXiqJ
YykXlEnksEL2KGxL9O3ZoQEC/tAWwdOonQnHRfZTZXpDmO6uNJZLqmfPeducHqWe
4/WeDLBiTuRgy/H7BetLY6bxBuWGUMYjE2jc3ZeySJv8QyDnekGgL+9Fyoqz6lUY
qTbiUsw9FG0bZhm8+Me0xClYFocyCH13XAezvGngi+oibTa8Ee49PHAIQznHYpUa
sowIEy+HjJeP68HENvjirdI226ojcBOWIHWTRsDdt4KzVmlgtes=
=g+jg
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOJ+1ONLKJtyKPYoAQiYWhAAk/BWSMdr1VudpFyHy8/g7YFNGO1EjnvI
ZCs7kyHh0dRSYVZVThL6WrR4Wgm79SSkd55OZs5t23R1mEOaFXZO3j/3QUzJhF2X
UAzSlhuPnEYbxd9CuQRvyhyUCoYO+hYPyoLRDhKs59mGEdMCCwfRiaIsa4URiAFs
+924etIJXhCHX6X7TwdMfeY5m7p3i66tI4O9Af5NxzSYJ17dzixjTu9sKnxBVDUH
Bg/FJwgqTsXfbTU2HvWKg5q0zdRQ7ZugOJO2yPYMYBz3zUGoIQX5crvY70+P1Cd7
4ZFjjZ47gR6ehNvbQbERSJheyNgxcZQ0WjW+ZIlvSHyC7e9D+vkNQQw/pbOhwJhq
5Lh6BihOB7AO+k1RHtRW+xHkkeFRBI22dn9dX5iWT/gpoRCrPiVJKAXmNbmwJ9SY
SYtQzeZ3edRX/TTW201q3RU3xvNhnddKankB1iBgn71bTfKIRBEV0DgC/72Fn2ZA
5XX5/BSaJhv6EFt1lF70yy/bMomP1o8GIL5gy7WbwAIXwCzqWmFUHC4cItHuxcdR
n9zmfqdaaxz2wD3FVUG0RrF6ewJDespjCxJXVxLlsx06ZGmy1Y7Z4EFen++fmIpU
cgmYMt6MUJsYoVyc0WJy2Kno/gdBBwnEEnp7BdrjEEnJ8e4Msp++HwhurTDFniqI
TJSN1oKe4T4=
=zSzl
—–END PGP SIGNATURE—–

The post ESB-2021.2311 – [Debian] djvulibre: Multiple Vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/05/esb-2021-2311-debian-djvulibre-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2311-debian-djvulibre-multiple-vulnerabilities

ASB-2021.0123.2 – UPDATE ALERT [Win] Microsoft Print Spooler: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT Security Bulletin

ASB-2021.0123.2
Windows Print Spooler Remote Code Execution Vulnerability
5 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Microsoft Print Spooler
Operating System: Windows
Impact/Access: Administrator Compromise — Existing Account
Execute Arbitrary Code/Commands — Existing Account
Resolution: Mitigation
CVE Names: CVE-2021-34527 CVE-2021-1675
Reference: ASB-2021.0116
ASB-2021.0115

Revision History: July 5 2021: Microsoft revised advisory to update the FAQ, add a mitigation, and add CVSS score
July 2 2021: Initial Release

OVERVIEW

Microsoft has released an out-of-band critical update to address a
Windows Print Spooler Remote Code Execution Vulnerability.
Microsoft has assigned CVE-2021-34527 to this vulnerability and
acknowledges it has been referred to publicly as PrintNightmare.[1]

This vulnerability has received significant media attention in the past day.
[2] [3] [4] [5]

IMPACT

Microsoft has stated the following:

“Microsoft is aware of and investigating a remote code execution
vulnerability that affects Windows Print Spooler and has assigned
CVE-2021-34527 to this vulnerability. This is an evolving situation
and we will update the CVE as more information is available.

A remote code execution vulnerability exists when the Windows Print
Spooler service improperly performs privileged file operations.
An attacker who successfully exploited this vulnerability could run
arbitrary code with SYSTEM privileges. An attacker could then install
programs; view, change, or delete data; or create new accounts with
full user rights.

An attack must involve an authenticated user calling RpcAddPrinterDriverEx().”
[1]

= Update by Microsoft 20210703 =
Microsoft updated advisory to confirm that client systems and non domain
controller member servers are affected under certain specified conditions. [1]

MITIGATION

Microsoft recommends applying the latest security updates released on June 8
AND determining if the Print Spooler service is running and either disabling it
or disabling inbound remote printing through Group Policy. [1]

Microsoft acknowledges this vulnerability is similar to but distinct from the
recent Print Spooler vulnerability reported as CVE-2021-1675 and addressed by
the June 2021 security updates, and that they are still investigating the issue
and will update the page as more information becomes available. [1]

= Update by Microsoft 20210703 =
Microsoft updated advisory to include further mitigation options as an alternative
to disabling printing which involves modifying various group memberships, but notes
this does risk compatibility problems. [1]

REFERENCES

[1] Windows Print Spooler Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

[2] ‘PrintNightmare’ Stuxnet-style zero-day
https://www.itnews.com.au/news/researchers-accidentally-publish-printnightmare-stuxnet-style-zero-day-566767

[3] Public Windows PrintNightmare 0-day exploit allows domain takeover
https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/

[4] Researchers accidentally release exploit code for new Windows
‘zero-day’ bug PrintNightmare
https://portswigger.net/daily-swig/researchers-accidentally-release-exploit-code-for-new-windows-zero-day-bug-printnightmare

[5] PrintNightmare, Critical Windows Print Spooler Vulnerability
https://us-cert.cisa.gov/ncas/current-activity/2021/06/30/printnightmare-critical-windows-print-spooler-vulnerability

AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation’s site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOJuweNLKJtyKPYoAQiUIA/9FWkR8obYyuPaLQa5p9d6g36lxWvEgu/6
Se+JoI7K6fU/jPZ1Pz/jqHgC05zGkrwgQ+XEvGYrVDvR3YU6T41oGyCkuOVUsO9d
yhwVW0zrlfIHI8IVe+OPVAIOqhNKGUii1072v9zoj7lLcpFkw9i52109M61utq2l
ksfTI06VgOgy276LrBHrP4/N4/8Xpz8JJk8aXmPzganNrJdOCuq4cABKElSo1u6U
s5FiSgIchG5m4AH/n+qj4XkaajaqMhCR+qucrpHVOO+4pMI5xD1sbgpEy2BAZILf
YDdbA/Hlbzs07R/cCm1z+rdHApH2zrKkNOylj7v4jFxUGhErs5Y4MzwbMS5/y1vG
Vg+wnLQAgfl/HHlCWyKXEy+NaHH+B8W4dyjTjnWlHhz+9Fw67o0VukPy7xKs2r3a
ii0tACJ81mbtKR/xYZycX+qwsqOCnk6zeU3GWNbXYPDpmX4uTjBoelV/J+ldf3Qd
obAewgRjccWppXENzMay54u/HyJSFEw10LkoI4YjqdkMTh5WSiBKiMCbSPuaUNqn
qJ3ZBk9tfY8kyqFSh7nE3ZzYYu9C49UGeawVaUwHXe5hrY9Z1KZIL6MA8GvXFdE8
8j73eOxjUd9e1UTTTnv8NMe8NVcsyasCNYyOpfYTYFrIIFm6hVnYDUF2PDuQm3PJ
PjrdOqXLvCU=
=rfbJ
—–END PGP SIGNATURE—–

The post ASB-2021.0123.2 – UPDATE ALERT [Win] Microsoft Print Spooler: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/05/asb-2021-0123-2-update-alert-win-microsoft-print-spooler-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=asb-2021-0123-2-update-alert-win-microsoft-print-spooler-multiple-vulnerabilities

ESB-2021.2309 – [Win][UNIX/Linux][SUSE] djvulibre: Multiple Vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2309
Security update for djvulibre
5 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: djvulibre
Publisher: SUSE
Operating System: SUSE
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Denial of Service — Existing Account
Reduced Security — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3630

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-202114761-1

Comment: This advisory references vulnerabilities in products which run on
platforms other than SUSE. It is recommended that administrators
running djvulibre check for an updated version of the software for
their operating system.

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for djvulibre

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:14761-1
Rating: important
References: #1187869
Cross-References: CVE-2021-3630
Affected Products:
SUSE Linux Enterprise Server 11-SP4-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for djvulibre fixes the following issues:

o CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp
(bsc#1187869)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Server 11-SP4-LTSS:
zypper in -t patch slessp4-djvulibre-14761=1
o SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-djvulibre-14761=1
o SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-djvulibre-14761=1
o SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-djvulibre-14761=1

Package List:

o SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64):
libdjvulibre21-3.5.21-3.15.1
o SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
libdjvulibre21-3.5.21-3.15.1
o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):
djvulibre-debuginfo-3.5.21-3.15.1
djvulibre-debugsource-3.5.21-3.15.1
o SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
djvulibre-debuginfo-3.5.21-3.15.1
djvulibre-debugsource-3.5.21-3.15.1

References:

o https://www.suse.com/security/cve/CVE-2021-3630.html
o https://bugzilla.suse.com/1187869

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOJuT+NLKJtyKPYoAQhXcQ//fBDGIEt331uEx2KjspVdTm3k5e03Muaa
wvysvY6otStBMGULfry/kyhkxRBM7LY5rZSZivNWuUmZ4y4ytJoBdXqKts3ga/3i
yLbezGRS1LQo9/1DokV1qncuDFkvaq34A9P8CmOh+WKNJqtaht5L6OJTdgEEEH9q
h5K4oLSJM2+D6mjC1ILxfvHiMikKD1EdPBwKl4yebFk8pmscQ5heazLty6yezxlb
f1Nsjr7E4GTI7NyGRbbYCYnAF5JrbuvxYcXFvrwaN5EBaOCWlETxmA4nROzMNRs9
egSGz9unQ3ZdTSOQ+Gnlk+XVS4xwUfc6DkTtFDZcEA+1q6Q5pcVwq3B0jQvZRW1j
V5VwvwGicJ8g90AV8e/db1WPPQAHMFGiktR3JYGpemj64JMrTBprTksjCpBNpc0g
qUdJ7hJ4XmvuqBV3JxGu0plQm2ETiurbJBIuDxFgjXrpyvyol6T8JlldDxrAgkoz
Cn9qmFqhG4lWkaWkvBWe4rndSu3DtxCVMhR7zfnSLvwloreoNpDyIuTpIsMxaJQQ
eIxU103v6CGuXoZ0LEzQdSDT83ALj6pJkYq+Al9aRm2R74rOrnr4wGL5jcSevOJJ
F5eoa54qfS6VXdvNZRsnwRBhpOIoilrq8FJUngp5M9XYgCtdrucz3p5jG5TaENbI
1vjWbYJXO2w=
=eWxH
—–END PGP SIGNATURE—–

The post ESB-2021.2309 – [Win][UNIX/Linux][SUSE] djvulibre: Multiple Vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/05/esb-2021-2309-winunix-linuxsuse-djvulibre-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2309-winunix-linuxsuse-djvulibre-multiple-vulnerabilities

ESB-2021.2310 – [SUSE] crmsh: Increased privileges – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2310
Security update for crmsh
5 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: crmsh
Publisher: SUSE
Operating System: SUSE
Impact/Access: Increased Privileges — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-35459

Reference: ESB-2021.1024
ESB-2021.0957
ESB-2021.0296

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20212238-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for crmsh

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:2238-1
Rating: moderate
References: #1163460 #1175982 #1179999 #1184465 #1185423 #1187553
Cross-References: CVE-2020-35459
Affected Products:
SUSE Linux Enterprise High Availability 15-SP1
______________________________________________________________________________

An update that solves one vulnerability, contains one feature and has 5 fixes
is now available.

Description:

This update for crmsh fixes the following issues:
Update to version 4.3.1+20210624.67223df2:

o Fix: ocfs2: Skip verifying UUID for ocfs2 device on top of raid or lvm on
the join node (bsc#1187553)
o Fix: history: use Path.mkdir instead of mkdir command(bsc#1179999,
CVE-2020-35459)
o Dev: crash_test: Add big warnings to have users’ attention to potential
failover(jsc#SLE-17979)
o Dev: crash_test: rename preflight_check as crash_test(jsc#SLE-17979)
o Fix: bootstrap: update sbd watchdog timeout when using diskless SBD with
qdevice(bsc#1184465)
o Dev: utils: allow configure link-local ipv6 address(bsc#1163460)
o Fix: parse: shouldn’t allow property setting with an empty value(bsc#
1185423)
o Fix: help: show help message from argparse(bsc#1175982)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-2238=1

Package List:

o SUSE Linux Enterprise High Availability 15-SP1 (noarch):
crmsh-4.3.1+20210624.67223df2-3.69.1
crmsh-scripts-4.3.1+20210624.67223df2-3.69.1

References:

o https://www.suse.com/security/cve/CVE-2020-35459.html
o https://bugzilla.suse.com/1163460
o https://bugzilla.suse.com/1175982
o https://bugzilla.suse.com/1179999
o https://bugzilla.suse.com/1184465
o https://bugzilla.suse.com/1185423
o https://bugzilla.suse.com/1187553

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOJuXuNLKJtyKPYoAQg56A/+Pc814EAYf5S4YNCaZUDvZCG+IG13Y+r/
sbH6aA56RWMa4RhDeTHz3HLt4s86MvFPKnYXhUd1q6zO6f2Ri4xWTuTAKb+DKIbQ
1j8R1BUOvyDEuz6rbPmHJkcl6Ho/QZ4jwotUtjKkozthF9DV2kAk9W6AI5dqrnFi
LKjCnYuldBxXjfPotmeOCI3TohiuoP6RIzQ+JOWoNl90pIuvU2ASU7CWx6mG5J5N
LhEZPj4fBcPy6id0eUxLvuGltA4soi2o88HbK8djt6Dgmlk7y8d3eUkAcbYR56Wh
CNjrBex3e4BxwP8g942ilgCCy9GBEwKjs1u7DCvJp5IQJDrPnwAUVeAl2Ry5BwWB
qin859PHztFKYZKIZPidnJRhT60WoTPb5/V5lIBmqF/g8nmBM31FQWa4pkr9c0s7
PePh71PNHnob4LVeSrr8vn9WTIYi85hgFdOyajAkFIREx+bo8DNkL71SAbs/tV7q
AmiLOdRpBjPbgUAC+iyq1YDXmglfF4wVlt4JkjKEobzXSFtiNt++++Ge/IcnPWjD
JJ5G84KReVRqNSNRLo3bhQ3PYZsJRNdZmZM6hjn1gWwWjbh2gif8b1taxjGlalxS
VkjbKV5udguLGcYWvNy/SBPBygsb+NtFGzLLLfd41MlK7dTJdWBhcAdbkZjOTeFE
s7k+5UF9sgo=
=vzcq
—–END PGP SIGNATURE—–

The post ESB-2021.2310 – [SUSE] crmsh: Increased privileges – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/07/05/esb-2021-2310-suse-crmsh-increased-privileges-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2310-suse-crmsh-increased-privileges-existing-account

ASB-2021.0124 – ALERT [Win][UNIX/Linux] Kaseya VSA: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT Security Bulletin

ASB-2021.0124
Kaseya VSA Supply-Chain Ransomware Attack
5 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Kaseya VSA
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands — Unknown/Unspecified
Unauthorised Access — Unknown/Unspecified
Resolution: Mitigation

OVERVIEW

Kaseya have advised that their VSA product has been the victim of a
sophisticated cyberattack. [1]

Kaseya is used by multiple MSPs, the affected organisations are
being contacted by Kaseya directly. [1]

Multiple sources have reported that this is a supply chain attack
culminating in the deployment of REvil ransomware. Multiple
organisations worldwide appear to have been affected. [1] [4] [6]
[7] [8]

IMPACT

Kaseya report “Kaseya’s VSA product has unfortunately been the
victim of a sophisticated cyberattack. Due to our teams fast
response, we believe that this has been localized to a very small
number of on-premises customers only.”. [1]

ACSC have advised “At this time, the ACSC has not received any
reporting of this incident impacting Australian organisations. The
ACSC will update this alert as the situation changes, if
required.”[2]

Huntress Labs report “We are tracking ~30 MSPs across the US, AUS,
EU, and LATAM where Kaseya VSA was used to encrypt well over 1,000
businesses and are working in collaboration with many of them.” [4]

CISA have advised that they are also investigating the attack. [3]

MITIGATION

Kaseya have advised to shutdown VSA servers immediately. [1]

Kaseya have released a new compromise detection tool, this can
downloaded and run to analyse systems for IoCs. [1][5]

Kaseya have been providing regular updates on this issue, please
refer to their advisory for the most up to date information. [1]

REFERENCES

[1] KASEYA VSA UPDATE
https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689

[2] Kaseya VSA Supply-Chain Ransomware Attack
https://www.cyber.gov.au/acsc/view-all-content/alerts/kaseya-vsa-supply-chain-ransomware-attack

[3] Kaseya VSA Supply-Chain Ransomware Attack
https://us-cert.cisa.gov/ncas/current-activity/2021/07/02/kaseya-vsa-supply-chain-ransomware-attack

[4] Rapid Response: Mass MSP Ransomware Incident
https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident

[5] VSA Detection Tools.zip
https://kaseya.app.box.com/s/0ysvgss7w48nxh8k1xt7fqhbcjxhas40

[6] Kaseya Supply-Chain Attack Hits Nearly 40 Service Providers With
REvil Ransomware
https://thehackernews.com/2021/07/kaseya-revil-ransomware-attack.html

[7] Shutdown Kaseya VSA servers now amidst cascading REvil attack
against MSPs, clients
https://blog.malwarebytes.com/cybercrime/2021/07/shutdown-kaseya-vsa-servers-now-amidst-cascading-revil-attack-against-msps-clients/

[8] Kaseya Ransomware Supply Chain Attack: What You Need To Know
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/kaseya-ransomware-supply-chain

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOJvvuNLKJtyKPYoAQghkxAAjJkTmvJTeNQ58CWX902nqhYqbS6WD77T
JmcWqG9DYOSMNe9LbUc8/6wCkS1IzAW2KSXeVMPyRKJUsCZsqW2t0rokyrLYAIVa
AP9/sc9LSKRzKOg1aONXCqx/2L84mBSZ+BgzlRFZ+Jw3csrAixLiT+i2i9B/bnp1
RzBWPDBMSl5daRp22ByFKP5aZRi6Qd8gy4TdJaPenMYjG0t8IQ3pq+WvH/pKzTRT
js1pmzDEpfHiO71QEfuxYUGVMqebmlRLYw9b3HejftIw3Y6+wyF4r2ULxHT0K3wg
oYkiMqFD8Ig2BhG4ckdc20VkKiDvOqeQX/LcLM7xk68eOZLiFz+YwLR+Jf42pT3K
3Uh5dWG0jNU8K/IczBz1tqB9tPTV+6A6935DgAYkBU8m4xGmHftmavWqQYvCm1/L
FKEnwnCy0huPjJUM1/xRWPenZConrWQw+e87bUyLShoiw0PFFn6ZDKVg2kOGVyx0
u56TuRioEFo7mkk5QH+2h/eskPjRmdw10NxDu+yQR5lJYZQZ+kZFCvLN/8UBujHu
LWUDcepuxRV+fGSED7TD/P3/KfpZhbPoPogM0C/g2h+O21UcCV1o4q0tQvSk7hng
0Qx/lSCPV3PGFQs32mdgPI/X4uL2pgt0ls1Un8r077CVtlW2doMmEY0CbibFBDZp
NJXZLXWOEK4=
=7Wyd
—–END PGP SIGNATURE—–

The post ASB-2021.0124 – ALERT [Win][UNIX/Linux] Kaseya VSA: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/05/asb-2021-0124-alert-winunix-linux-kaseya-vsa-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=asb-2021-0124-alert-winunix-linux-kaseya-vsa-multiple-vulnerabilities

ESB-2021.2306 – [Debian] openexr: Denial of service – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2306
openexr security update
5 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: openexr
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Denial of Service — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-26260 CVE-2021-23215 CVE-2021-20296
CVE-2021-3598 CVE-2021-3479 CVE-2021-3478
CVE-2021-3477 CVE-2021-3476 CVE-2021-3475
CVE-2021-3474 CVE-2020-16587

Reference: ESB-2021.2241
ESB-2021.2206
ESB-2021.2205

Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– – ————————————————————————-
Debian LTS Advisory DLA-2701-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
July 03, 2021 https://wiki.debian.org/LTS
– – ————————————————————————-

Package : openexr
Version : 2.2.0-11+deb9u3
CVE ID : CVE-2020-16587 CVE-2021-3474 CVE-2021-3475 CVE-2021-3476
CVE-2021-3477 CVE-2021-3478 CVE-2021-3479 CVE-2021-3598
CVE-2021-20296 CVE-2021-23215 CVE-2021-26260
Debian Bug : 986796 990450

Several vulnerabilities were discovered in OpenEXR, a library and
tools for the OpenEXR high dynamic-range (HDR) image format. An
attacker could cause a denial of service (DoS) through application
crash and excessive memory consumption.

For Debian 9 stretch, these problems have been fixed in version
2.2.0-11+deb9u3.

We recommend that you upgrade your openexr packages.

For the detailed security status of openexr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openexr

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmDgqCIACgkQDTl9HeUl
XjCBhg/7Bcqfg80BNKbiRGciy0QtJUjVK5qbFrr3eHfHD9daMZhq4cShlr0DiNlp
pyVdPGoSgkSbCZYU92XHbRHKy3vVDEki/dFyvuUeCpETL2lyrBEwpN2isMSDZQQy
HEtEQ+qtPRu0uUwnQsMdsHDMk4uVjBVvws4u5rJeaYwkMAEsERhIXF8rGMpSkves
xGuhN8vyyU8FH5IycOjDsZgLuiZpwwF4tN2/P2gUA+8JVQeSt7V7wZPBhxO1qBuh
FALwdldOdlvKKRf4g9PLXsA15E5jdJLuseYety9pq8qy5FsuwwkfZtMgypWXoFF3
ofP65tnyxebL7WRK+cLqgdQrbrJ61CSwVOrKqDsJoK+xM6dC1IYXuMIZu/1IEOBL
XANLfxuHoTi9mQ4rlkghd306/xeXISe/dBRp50ae0W1P1VSLjt76VIDGkKPD3kGL
Ykkg1fuvrvCIhCZdMLDLOeAbwJQyUjm3jLQ+9lrfzP6ycdB8CEEKvzsDu0E/VpGF
597NYu8npz0BVmKkd20aNS3XZP6Bokwiq7x0dE3SLG+A9Uh86HpzynMAwKqwtIJM
UQXwYYSaEkx4rxgt0SphpuUPq0RcWzXEqQcS/vgH3U09smb27QYA/viEeHD+S+SC
78dLix8GOVYAGV/vGyVN50ZZMRjYbqZh/YNAypihmKQetHazo7s=
=Umlk
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOJik+NLKJtyKPYoAQidEw/+OrRBXHvjDmW5jr/GR2WAS7aHvOtxf9+Q
tbEnIzEwe+iDjaDxVvdVXleoX+GX+qnzop6qLY+tI6q0PS/ZyWmNaKr/vCrKto+t
EtXoOfKQM/Qzz/hAm1kfuNH7OKPJh3FUVV9OlIyM2z8IokoCFiP646HGfXQOGieJ
PqYaHZeaWMknS0cQJaWdu/K0ApHwo+6T0QxCqwNAbVOvdBqGrwrWSEwp3q300SYt
/vJAS+Qm21C5mwd/O57NCz/vib22pIUNDXZeVTGlA3ge6RfXU6z+om6oDe6zvYfm
aFHK5g/MvYV4p9UqDdVeiGjHKjzbkZgHRENDVHSMDQYPOr8gAVGaOt1Ajfpl8oe6
GfD00CzEzky+Cwf9ds1Ohy0pYz15/4odT3bpcVYm23sz2BkgodK844uAEG0rvODQ
92/ptjKFTFj1ih9CLDe5VD04aFsE6dUi7LY/ojr+ldFk1UfLErHH7xCu2oR8Bab0
PKaDHyc+HJzdbppV/aTvra04XZBzcO2fvmO69XANvX5Q+5JymWpCZnkJI0hjGM+D
UVW8Az/ehaStlCewOcrMBWAPplx8HbYCUc/lDAHRP2bw0ZP1BoVGCL5/h6IXZ5Hl
3ywHEN5xYapwQshj9l76KBIGyxX9iygIYRNr2bnV3bQfyhn9WPXanjyt7b5MHfQB
+EWXMGXEOMw=
=NowJ
—–END PGP SIGNATURE—–

The post ESB-2021.2306 – [Debian] openexr: Denial of service – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/07/05/esb-2021-2306-debian-openexr-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2306-debian-openexr-denial-of-service-existing-account

ESB-2021.2307 – [SUSE] python-py: Denial of service – Remote with user interaction

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2307
Security update for python-py
5 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: python-py
Publisher: SUSE
Operating System: SUSE
Impact/Access: Denial of Service — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-29651

Reference: ESB-2021.2117
ESB-2021.1960

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20212236-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for python-py

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:2236-1
Rating: moderate
References: #1179805 #1184505
Cross-References: CVE-2020-29651
Affected Products:
SUSE OpenStack Cloud 7
SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

An update that solves one vulnerability and has one errata is now available.

Description:

This update for python-py fixes the following issues:

o CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc
#1179805, bsc#1184505).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE OpenStack Cloud 7:
zypper in -t patch SUSE-OpenStack-Cloud-7-2021-2236=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2236=1

Package List:

o SUSE OpenStack Cloud 7 (noarch):
python-py-1.8.1-11.12.4
o SUSE Linux Enterprise Server 12-SP5 (noarch):
python-py-1.8.1-11.12.4

References:

o https://www.suse.com/security/cve/CVE-2020-29651.html
o https://bugzilla.suse.com/1179805
o https://bugzilla.suse.com/1184505

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOJjyuNLKJtyKPYoAQjd3A/+P8oY4nFmEjBjRV+WAPkLLZibO2dci/yk
4phIN3ae9YRMsfKctSvGMTSsDvVRStZAHZRpe0mNlTNUVOZxvJmh1lhBN/Zbkzm6
JQfJ1hG9Chnj2Xt4Uot+TaGPri5L22o28KccBIzXjy15LQAZeeoXsUV2O17JK8xH
ECNXbmwNrwU+ANun+bZQyKdhJ09v+1LhglpRTHHy4GbMOJXufe4gdI4oGljrZbdx
UlfS+Q3OwZbTUDZa8NbR4Fqhh0PDpdGrOwxDelNDWRMRYWYSXVKlG8cZu68ZPIGs
w7BH+EdWCtyFGIsrG6mouqNx7Ch6rvZAaPu2o5dQSe+txzdOVOl7EcVJg8WjWLy7
nQokAnBjEjQtPUI3EdBhARwBk39fS3GU8SjQkDNoF9LMBNtT2zrvuMvB9n5O8c+u
NwDRxivCRxB+Du4H7jBa4E5b5ZUd/rtmSvbUnAUONfb/aHmx5MO/tuA2rKrw6djL
OwrxmdWj1MHhdBqLrymJ2mCz3G/EcojkhpkW3yalJch6ttE0g8QACpufZLQbE/Ic
sJf4RNXGhkcvzkxs243+RXv3yeTLkMTmpMkiWjjZeyLYjnIoVCwAjlbcPaiJufyg
cU1xjpaa8XbZn4wyQLWIJvvUjeuwwyv8/o9Y/d6CMjOcXimwoHjz8tPtskbqX4Qc
xDj6Xqdcjag=
=4MtQ
—–END PGP SIGNATURE—–

The post ESB-2021.2307 – [SUSE] python-py: Denial of service – Remote with user interaction appeared first on Malware Devil.

https://malwaredevil.com/2021/07/05/esb-2021-2307-suse-python-py-denial-of-service-remote-with-user-interaction/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2307-suse-python-py-denial-of-service-remote-with-user-interaction

ESB-2021.2308 – [SUSE] python-rsa: Multiple Vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2308
Security update for python-rsa
5 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: python-rsa
Publisher: SUSE
Operating System: SUSE
Impact/Access: Access Confidential Data — Remote/Unauthenticated
Reduced Security — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-13757

Reference: ESB-2021.2169
ESB-2020.2990
ESB-2020.2943

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20212237-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for python-rsa

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:2237-1
Rating: important
References: #1172389
Cross-References: CVE-2020-13757
Affected Products:
SUSE OpenStack Cloud 7
SUSE Linux Enterprise Module for Public Cloud 12
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for python-rsa fixes the following issues:

o CVE-2020-13757: Proper handling of leading ” bytes during decryption of
ciphertext (bsc#1172389)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE OpenStack Cloud 7:
zypper in -t patch SUSE-OpenStack-Cloud-7-2021-2237=1
o SUSE Linux Enterprise Module for Public Cloud 12:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-2237=1

Package List:

o SUSE OpenStack Cloud 7 (noarch):
python-rsa-3.1.4-12.16.1
o SUSE Linux Enterprise Module for Public Cloud 12 (noarch):
python-rsa-3.1.4-12.16.1

References:

o https://www.suse.com/security/cve/CVE-2020-13757.html
o https://bugzilla.suse.com/1172389

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOJkX+NLKJtyKPYoAQiJmg/+PV4tZkkw+MjhD1P3X9oYiRkO+EhVQ7WF
dgO36ZC/4WG7okgs8vksFwo1s7NppXhK0YG5S7OIFG4iwIMC5jH0q8pGF2LjVFSv
Vbzdcj3IH9CdnWiHPWrgdbztvXuy4lwgIK86EArXP43xdSG7lUTfVXcq0t1focL0
MhKudX3dFiE9XruuJnUJB8jxadV3nD38KhOae9q+3NdXNUXMUWlmNZKb+E7FjmiB
ZIrTM4v5+XPWKB2NMLVJ4bHLraNHQuDk7r6hHah+G3Gr/6lal6FHThMsyGO/LIOJ
CKHTId7YyKYk+z8AOYiJBIywgrap0UulkRtDqo9vJYk+RkeGlbs/QlsOu9KLtbVt
BYehIi2qDvL2ZjIIpGa2L5OiRU8tfzCDWZCyfzMZMsZTM8zbQeRvaYEP4CfuJXL4
gpKiFqmZsjGh6s1JHoL5Wz1hvisMTY97WNtUiv4C60cKEqJ453JzHKc9iOXWciaI
K8dtRkQ1Q+2JEnGyTvT1AXfVFMc5RF84mStpRa57b5Z8A2FkV9nQmH2nbqhH4ur3
XhH5zoWW9bqJhqmi+B6T/MmdWzDlX6C37J5z4u8QbpVaKsKoxEtHcpZhB79EK5EN
4tQaE6vW8INaij0poNl6f+Vn5UFjBlAvNw1jIIbzysUqz57RgBS04Lmd4x6qgz6z
VmyqNoxHLgY=
=hxDj
—–END PGP SIGNATURE—–

The post ESB-2021.2308 – [SUSE] python-rsa: Multiple Vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/05/esb-2021-2308-suse-python-rsa-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2308-suse-python-rsa-multiple-vulnerabilities

Sunday, July 4, 2021

ISC Stormcast For Monday, July 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7570, (Sun, Jul 4th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post ISC Stormcast For Monday, July 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7570, (Sun, Jul 4th) appeared first on Malware Devil.

https://malwaredevil.com/2021/07/04/isc-stormcast-for-monday-july-5th-2021-https-isc-sans-edu-podcastdetail-htmlid7570-sun-jul-4th/?utm_source=rss&utm_medium=rss&utm_campaign=isc-stormcast-for-monday-july-5th-2021-https-isc-sans-edu-podcastdetail-htmlid7570-sun-jul-4th

Network Security News Summary for Monday July 5th, 2021

Special Podcast: Kaseya VSA REvil Ransomware Incident

Kaseya VSA REvil Ransomware Incident
https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident
https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b
https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/

keywords: Kaseya; REVIL; Ransomware

The post Network Security News Summary for Monday July 5th, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/07/04/network-security-news-summary-for-monday-july-5th-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-monday-july-5th-2021

DIY CD/DVD Destruction – Follow Up, (Sun, Jul 4th)

Thanks a lot to all of you who posted a comment on my diary entry “DIY CD/DVD Destruction“. They inspired me to try out some other methods.

The most popular suggestion, was to destroy the CDs inside a microwave. And when I watched YouTube videos of CDs inside a microwave, I certainly was impressed by the damage done to the metal layer of the CD.

But I only have one microwave that we use to prepare food, and I’m not willing to experiment with something that we will continue to use for food preparation. So I did not try out that method.

Someone suggested to just snap the CDs in two, wearing gloves. I tried that: I put 10 CDs in a plastic bag, and snapped them in two (sometimes more than 2 pieces) wearing gloves, inside that bag to contain plastic and metal flakes. It took me 38 seconds to snap 10 CDs, and it was not difficult. So that method worked for me.

Another reader suggested to cut the CDs, using something like metal shears.

I tried that too with 10 CDs. It worked, but it took met 45 seconds to cut 10 CDs and I found it harder than snapping CDs.

All the comments regarding (microwave) ovens, inspired me to try with a heat gun.

That didn’t work out. First of all, after 1 minute, I still had not melted a stack of 10 CDs. When I tried just one CD, it took 42 seconds to deform the CD so that it would no longer fit inside a drive. I used the heat gun outdoors, just in case fumes would be generated, but I didn’t see any. Maybe there were fumes coming out of the melting plastic, but I didn’t see or smell any.

If you have more ideas, feel free to post a comment! Keep it safe!

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post DIY CD/DVD Destruction – Follow Up, (Sun, Jul 4th) appeared first on Malware Devil.

https://malwaredevil.com/2021/07/04/diy-cd-dvd-destruction-follow-up-sun-jul-4th/?utm_source=rss&utm_medium=rss&utm_campaign=diy-cd-dvd-destruction-follow-up-sun-jul-4th

Saturday, July 3, 2021

Finding Strings With oledump.py, (Sat, Jul 3rd)

In diary entry “CFBF Files Strings Analysis” I show how to extract strings from CFBF/ole files with my tool oledump.py.

What if you have found an interesting string, and want to know from which stream it was extracted? Like the URL extracted in my previous diary entry: hxxp://example[.]com/phishing

oledump has an option to check the content of streams with YARA rules: -y.

You could make a small YARA rule to search for example.com, save it to disk and use it as oledump’s -y value:

oledump.py -y rule.yara example.com

But you don’t need to create a file with a YARA rule, you can also do this from the command-line using “Ad Hoc rules“, like this:

With this result, we know that stream 2 and 8 contain string example.com:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Finding Strings With oledump.py, (Sat, Jul 3rd) appeared first on Malware Devil.

https://malwaredevil.com/2021/07/03/finding-strings-with-oledump-py-sat-jul-3rd/?utm_source=rss&utm_medium=rss&utm_campaign=finding-strings-with-oledump-py-sat-jul-3rd

Kaseya Details REvil Attack, Incident Response Plan

Kaseya, an IT service management (ITSM) tools provider employed by managed service providers (MSPs) and internal IT teams, announced it expects to bring the software-as-a-service (SaaS) edition of its platform back online today after a ransomware attack impacted approximately 40 of its customers. Some of those customers are MSPs, which resulted in this attack impacting..

The post Kaseya Details REvil Attack, Incident Response Plan appeared first on Security Boulevard.

The post Kaseya Details REvil Attack, Incident Response Plan appeared first on Malware Devil.

https://malwaredevil.com/2021/07/03/kaseya-details-revil-attack-incident-response-plan/?utm_source=rss&utm_medium=rss&utm_campaign=kaseya-details-revil-attack-incident-response-plan

2021-07-02 – Astaroth/Guildma from Brazil malspam

The post 2021-07-02 – Astaroth/Guildma from Brazil malspam appeared first on Malware Devil.

https://malwaredevil.com/2021/07/03/2021-07-02-astaroth-guildma-from-brazil-malspam-2/?utm_source=rss&utm_medium=rss&utm_campaign=2021-07-02-astaroth-guildma-from-brazil-malspam-2

Friday, July 2, 2021

2021-07-02 – Astaroth/Guildma from Brazil malspam

The post 2021-07-02 – Astaroth/Guildma from Brazil malspam appeared first on Malware Devil.

https://malwaredevil.com/2021/07/02/2021-07-02-astaroth-guildma-from-brazil-malspam/?utm_source=rss&utm_medium=rss&utm_campaign=2021-07-02-astaroth-guildma-from-brazil-malspam

Kaseya VSA Users Hit by Ransomware, (Fri, Jul 2nd)

We are aware that some MSSP’s customers (Managed Security Services Providers) have been hit by a ransomware. It seems that four(4) MSSP’s have been affected until now. The ransomware was spread through the remote management solution “VSA” provided by Kaseya[1]. This looks to be a brand new type of supply chain attack.

What we know so far? Kaseya requested all customers to shutdown their on-premises servers (the cloud version is already down) because, once compromised, prevent access to the device.

The ransomware is dropped to c:kworkingagent.exe[2].

If you’re a Kaseya’s VSA user, please check as soon as possible with your representative to mitigate this attack. We will update this diary with more information when available.

[1] https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
[2] https://www.virustotal.com/gui/file/d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e/detection

Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Kaseya VSA Users Hit by Ransomware, (Fri, Jul 2nd) appeared first on Malware Devil.

https://malwaredevil.com/2021/07/02/kaseya-vsa-users-hit-by-ransomware-fri-jul-2nd/?utm_source=rss&utm_medium=rss&utm_campaign=kaseya-vsa-users-hit-by-ransomware-fri-jul-2nd

New Security Threats Stemming from PII Online

If you missed last night’s episode of PSW with Rob Shavelle, Haseeb Awan, Dr. Doug’s new meat scented candles, and the security news, you can find the full episode and show notes at https://securityweekly.com/psw701 !

The post New Security Threats Stemming from PII Online appeared first on Malware Devil.

https://malwaredevil.com/2021/07/02/new-security-threats-stemming-from-pii-online/?utm_source=rss&utm_medium=rss&utm_campaign=new-security-threats-stemming-from-pii-online

Malware Devil

Malware Devil

Monday, July 5, 2021

ESB-2021.1467.2 – UPDATE [Cisco] Multiple Cisco Products: Multiple vulnerabilities

ESB-2021.2312 – [UNIX/Linux] F5 Products: Denial of service – Existing account

ESB-2021.2311 – [Debian] djvulibre: Multiple Vulnerabilities

ASB-2021.0123.2 – UPDATE ALERT [Win] Microsoft Print Spooler: Multiple vulnerabilities

ESB-2021.2309 – [Win][UNIX/Linux][SUSE] djvulibre: Multiple Vulnerabilities

ESB-2021.2310 – [SUSE] crmsh: Increased privileges – Existing account

ASB-2021.0124 – ALERT [Win][UNIX/Linux] Kaseya VSA: Multiple vulnerabilities

ESB-2021.2306 – [Debian] openexr: Denial of service – Existing account

ESB-2021.2307 – [SUSE] python-py: Denial of service – Remote with user interaction

ESB-2021.2308 – [SUSE] python-rsa: Multiple Vulnerabilities

Sunday, July 4, 2021

ISC Stormcast For Monday, July 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7570, (Sun, Jul 4th)

Network Security News Summary for Monday July 5th, 2021

DIY CD/DVD Destruction – Follow Up, (Sun, Jul 4th)

Saturday, July 3, 2021

Finding Strings With oledump.py, (Sat, Jul 3rd)

Kaseya Details REvil Attack, Incident Response Plan

2021-07-02 – Astaroth/Guildma from Brazil malspam

Friday, July 2, 2021

2021-07-02 – Astaroth/Guildma from Brazil malspam

Kaseya VSA Users Hit by Ransomware, (Fri, Jul 2nd)

New Security Threats Stemming from PII Online

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me