Malware Devil

Thursday, July 8, 2021

Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)

Summary

Last week Microsoft warned Windows users about vulnerabilities in the Windows Print Spooler service – CVE-2021-1675 and CVE-2021-34527 (also known as PrintNightmare). Both vulnerabilities can be used by an attacker with a regular user account to take control of a vulnerable server or client machine that runs the Windows Print Spooler service. This service is enabled by default on all Windows clients and servers, including domain controllers.

Kaspersky products protect against attacks leveraging these vulnerabilities. The following detection names are used:

HEUR:Exploit.Win32.CVE-2021-1675.*
HEUR:Exploit.Win32.CVE-2021-34527.*
HEUR:Exploit.MSIL.CVE-2021-34527.*
HEUR:Exploit.Script.CVE-2021-34527.*
HEUR:Trojan-Dropper.Win32.Pegazus.gen
PDM:Exploit.Win32.Generic
PDM:Trojan.Win32.Generic
Exploit.Win32.CVE-2021-1675.*
Exploit.Win64.CVE-2021-1675.*

Our detection logic is also successfully blocks attack technique from the latest Mimikatz framework v. 2.2.0-20210707.

We are closely monitoring the situation and improving generic detection of these vulnerabilities using our Behavior Detection and Exploit Prevention components. As part of our Managed Detection and Response service Kaspersky SOC experts are able to detect exploitation of these vulnerabilities, investigate such attacks and report to customers.

Technical details

CVE-2021-34527

When using RPC protocols to add a new printer (RpcAsyncAddPrinterDriver [MS-PAR] or RpcAddPrinterDriverEx [MS-RPRN]) a client has to provide multiple parameters to the Print Spooler service:

pDataFile – a path to a data file for this printer;
pConfigFile – a path to a configuration file for this printer;
pDriverPath – a path to a driver file that’s used by this printer while it’s working.

The service makes several checks to ensure pDataFile and pDriverPath are not UNC paths, but there is no corresponding check for pConfigFile, meaning the service will copy the configuration DLL to the folder %SYSTEMROOT%system32spooldriversx643 (on x64 versions of the OS).

Now, if the Windows Print Spooler service tries to add a printer again, but this time sets pDataFile to the copied DLL path (from the previous step), the print service will load this DLL because its path is not a UNC path, and the check will be successfully passed. These methods can be used by a low-privileged account, and the DLL is loaded by the NT AUTHORITYSYSTEM group process.

CVE-2021-1675

The local version of PrintNightmare uses the same method for exploitation as CVE-2021-34527, but there’s a difference in the entrypoint function (AddPrinterDriverEx). This means an attacker can place a malicious DLL in any locally accessible directory to run the exploit.

Mitigations

Kaspersky experts anticipate a growing number of exploitation attempts to gain access to resources inside corporate perimeters accompanied by a high risk of ransomware infection and data theft.

Therefore, it is strongly recommended to follow Microsoft guidelines and apply the latest security updates for Windows.

Quoting Microsoft (as of July 7th, 2021):
“Due to the possibility for exposure, domain controllers and Active Directory admin systems need to have the Print spooler service disabled. The recommended way to do this is using a Group Policy Object (GPO).
While this security assessment focuses on domain controllers, any server is potentially at risk to this type of attack.”

The post Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare) appeared first on Malware Devil.

https://malwaredevil.com/2021/07/08/quick-look-at-cve-2021-1675-cve-2021-34527-aka-printnightmare/?utm_source=rss&utm_medium=rss&utm_campaign=quick-look-at-cve-2021-1675-cve-2021-34527-aka-printnightmare

ISC Stormcast For Thursday, July 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7576, (Thu, Jul 8th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post ISC Stormcast For Thursday, July 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7576, (Thu, Jul 8th) appeared first on Malware Devil.

https://malwaredevil.com/2021/07/08/isc-stormcast-for-thursday-july-8th-2021-https-isc-sans-edu-podcastdetail-htmlid7576-thu-jul-8th/?utm_source=rss&utm_medium=rss&utm_campaign=isc-stormcast-for-thursday-july-8th-2021-https-isc-sans-edu-podcastdetail-htmlid7576-thu-jul-8th

ESB-2021.2337 – [Win][UNIX/Linux] Ruby products: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2337
Ruby 2.6.8, 2.7.4 and 3.0.2 Released
8 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Ruby 2.6.8
Ruby 2.7.4
Ruby 3.0.2
Publisher: Ruby
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands — Remote with User Interaction
Provide Misleading Information — Unknown/Unspecified
Access Confidential Data — Unknown/Unspecified
Reduced Security — Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2021-32066 CVE-2021-31810 CVE-2021-31799

Reference: ESB-2021.1496

Original Bulletin:
https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-6-8-released/
https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-7-4-released/
https://www.ruby-lang.org/en/news/2021/07/07/ruby-3-0-2-released/

Comment: This bulletin contains three (3) Ruby security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

Ruby 2.6.8 Released

Posted by usa on 7 Jul 2021

Ruby 2.6.8 has been released.

This release includes security fixes. Please check the topics below for
details.

o CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
o CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
o CVE-2021-31799: A command injection vulnerability in RDoc

We ordinally do not fix Ruby 2.6 except security fixes, but this release also
includes some regressed bugs and build problem fixes. See the commit logs for
details.

Ruby 2.6 is now under the state of the security maintenance phase, until the
end of March of 2022. After that date, maintenance of Ruby 2.6 will be ended.
We recommend you start planning the migration to newer versions of Ruby, such
as 3.0 or 2.7.

Download

o https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.8.tar.bz2

SIZE: 14131671
SHA1: 7d38cacb6a0779f04b9f19f94406da97e95bbec4
SHA256: dac96ca6df8bab5a6fc7778907f42498037f8ce05b63d20779dce3163e9fafe6
SHA512: 51806d48187dfcce269ff904943dd008df800216ad4797f95481bdeecc2fbac40016bc02eabfff32414839ebb2087511d25eebfd6acead1a1d3813be6c10edf7

o https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.8.tar.gz

SIZE: 16202660
SHA1: 949dce34bba3ae93fd302fe705017b03d13b69ab
SHA256: 1807b78577bc08596a390e8a41aede37b8512190e05c133b17d0501791a8ca6d
SHA512: 4f8b8736bdae8bb4b2b63d576232d376b4c87239d25bf7aa807d3eeea704cb8b06f465c37050be79b57a52b9bde65a5cc05679dd6df0f443c8e00a19513f882a

o https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.8.tar.xz

SIZE: 11599488
SHA1: fa5ad518ef31bbf5c3386dbcec7b57196a1e618e
SHA256: 8262e4663169c85787fdc9bfbd04d9eb86eb2a4b56d7f98373a8fcaa18e593eb
SHA512: d040ad2238523587d8f356fcb796b8b6ad7f8caff7dd6df09e3f7efcbfa0369e33600e78c7f2bc713ae77c040757cce5c4fec223cb9070209f2bf741899c556d

o https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.8.zip

SIZE: 19868666
SHA1: ece4908dd84c7aaefbe6b188c0aca39eaedb2a77
SHA256: d5da2d7e1b9a6b570c66b3bb0cfa2de3ce21d002d2385a1fdf7195e2d0d1d5c7
SHA512: 143ee01da2cba85a2dcb394b1a64b18a748aeb0eda4d6d2d83638706ce4bb05f60f3e80a0429878f823437e0dfba285f8080637523a552eb04aca87df63831dc

Release Comment

Many committers, developers, and users who provided bug reports helped us make
this release. Thanks for their contributions.

– ——————————————————————————–

Ruby 2.7.4 Released

Posted by usa on 7 Jul 2021

Ruby 2.7.4 has been released.

This release includes security fixes. Please check the topics below for
details.

o CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
o CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
o CVE-2021-31799: A command injection vulnerability in RDoc

See the commit logs for details.

Download

o https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.4.tar.bz2

SIZE: 14804934
SHA1: f5bdecded2d68e4f2f0ab1d20137e8b4b0614e52
SHA256: bffa8aec9da392eda98f1c561071bb6e71d217d541c617fc6e3282d79f4e7d48
SHA512: f144c32c9cb0006dfcfa7d297f83f88b881f68c94f0130346c74dfd8758583a68d22accfd0fc9f31db304ab5ff0bc135bfb2868145c0dec1ee6cec5ac6c3725d

o https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.4.tar.gz

SIZE: 16915699
SHA1: 86ec4a97bc43370050b5aef8d6ea3ed3938fb344
SHA256: 3043099089608859fc8cce7f9fdccaa1f53a462457e3838ec3b25a7d609fbc5b
SHA512: a317752e9a32c8d1261e67ca89c396722ee779ec8ba4594987812d065b73751f51485a1ede8044aae14b3b16e8d049c6953cef530ae1b82abb135b446c653f8a

o https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.4.tar.xz

SIZE: 12067588
SHA1: 6e044d835f9f432cfa9441241c1ef66e3d607cbf
SHA256: 2a80824e0ad6100826b69b9890bf55cfc4cf2b61a1e1330fccbcb30c46cef8d7
SHA512: 2cbb70ecfdd69120e789023ddb2b25cab0d03bc33fdc367a8f74ca8a3ee785c18c8ded9de3ecee627c7e275ffb85147e6abf921b6a61e31851b37c7fedf45bf9

o https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.4.zip

SIZE: 20701195
SHA1: 32bdd5288dcc1e531832c14d26ff7cd218b55bc3
SHA256: a4fe29bfc6a8338fe4b017705aa9d3358225ea305359520d4995096a4382034e
SHA512: 2877b809bafe72cba789add85993a1954008012afcfb5fc4645e482478479bb02166b0d5ee12263983a6c828e6970eb1385632409793dcbc5185d7bbc9c4f349

Release Comment

Many committers, developers, and users who provided bug reports helped us make
this release. Thanks for their contributions.

The maintenance of Ruby 2.7, including this release, is based on the
Agreement for the Ruby stable version of the Ruby Association.

– ——————————————————————————–

Ruby 3.0.2 Released

Posted by nagachika on 7 Jul 2021

Ruby 3.0.2 has been released.

This release includes security fixes. Please check the topics below for
details.

o CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
o CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
o CVE-2021-31799: A command injection vulnerability in RDoc

See the commit logs for details.

Download

o https://cache.ruby-lang.org/pub/ruby/3.0/ruby-3.0.2.tar.gz

SIZE: 19941179
SHA1: e00784956ed2083a40e269d8b14e571b8fae9a0f
SHA256: 5085dee0ad9f06996a8acec7ebea4a8735e6fac22f22e2d98c3f2bc3bef7e6f1
SHA512: e1fba6f5429b5fca9c3f52a32535615fcf95fafa415efc71c46db4cce159f249112c01574c305026be5c50140335696042e47a74194caea045acbfaa4da738cd

o https://cache.ruby-lang.org/pub/ruby/3.0/ruby-3.0.2.tar.xz

SIZE: 14746080
SHA1: cd04711ed3adecbe244c3b4391e67430d11fa9f8
SHA256: 570e7773100f625599575f363831166d91d49a1ab97d3ab6495af44774155c40
SHA512: 0f702e2d8ca1342a9d4284dbdd234a3588e057b92566353aa7c21835cf09a3932864b2acf459a976960a1704e9befa562155d36b98b7cda8bd99526e10a374c4

o https://cache.ruby-lang.org/pub/ruby/3.0/ruby-3.0.2.zip

SIZE: 24293508
SHA1: 9cde469fec5c9f8edd1d055fc4a9cc90b9611700
SHA256: 79e34f7fab000cb64ede8c39724ae240e36ee5905c752d77ec61a067d5e4e1dd
SHA512: 2eb1ce4d66b06ccdee835a017c0edd4028fff99a29f4a631ffb5b39289afcb6a88f79eb24cf09e78d2baaa7c3e494448e2701a0a976bb092de6f2929f1934325

Release Comment

Many committers, developers, and users who provided bug reports helped us make
this release. Thanks for their contributions.

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYOZ6RuNLKJtyKPYoAQgLrxAAhcEL2gHe5S4qyIh6Q35IHuAVBG4m3vFK
wPSuzTD0UftM/44CrFLz+pXNQWtF2jbNlSyiSto3gyoNrGINnCiJ0FUwBFyfVxM8
jAZWVwDl91qX59qqHe+9Xpq6edH8hBFdNDAW1LGCXT2J2e7CDdmp4laS9IBPY/Ef
jy1hse1Grt16w+zVvW2e9kCxo2OD5Dz4lc+6RTAGIp+hZ+ceMR//xnYU2sDBygLs
awREJUSsyADGhPuBYbPsP7DXLvlmSUAkVm+AZ3WioRreBnlE/9KqxXSjp/GRGrqQ
l8gnjekV0ZUHah2s5h96MHINMl4vQnp258hY0oxGu0lYBzVF0nbDcSln8mkntMHN
b/xNhGdgWnMF2Y9j5gKjwpzpJ0sVuOmtPF+85Ocp8oAeIEhX4XtnKD+phxhTifhn
p0k0gIyQdSBgSNxzhr4VzP0KfTatMsX+oLq/FJl9Kq0C1Vw2m82n4FB4aqN9svYK
JMlv4ibttf3ukQ9zKol2mmQcJ3CQDykDFg/AEldzJu9clCqKnZlfFr2K8LSs3MtS
62AUOxk8J592XnI9XqiDyDX+38YCAqVTlzfckAlgjFMjf5PiJiw2reMCRNxVN0D4
q0ATGx+4idtQfkKVp9GcnhO6Wz3Y2gCADinGIHjeZFddsnv7RyRoFrItuR2PpuWk
QjBQVtIWY6g=
=Bl9D
—–END PGP SIGNATURE—–

The post ESB-2021.2337 – [Win][UNIX/Linux] Ruby products: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/08/esb-2021-2337-winunix-linux-ruby-products-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2337-winunix-linux-ruby-products-multiple-vulnerabilities

ESB-2021.2338 – [Win][UNIX/Linux] Ruby: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2338
CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
8 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Ruby
Publisher: Ruby
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Provide Misleading Information — Unknown/Unspecified
Access Confidential Data — Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2021-31810

Reference: ESB-2021.2337

Original Bulletin:
https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/

– ————————–BEGIN INCLUDED TEXT——————–

CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP

Posted by shugo on 7 Jul 2021

A trusting FTP PASV responses vulnerability was discovered in Net::FTP. This
vulnerability has been assigned the CVE identifier CVE-2021-31810 . We strongly
recommend upgrading Ruby.

net-ftp is a default gem in Ruby 3.0.1 but it has a packaging issue, so please
upgrade Ruby itself.

Details

A malicious FTP server can use the PASV response to trick Net::FTP into
connecting back to a given IP address and port. This potentially makes Net::FTP
extract information about services that are otherwise private and not disclosed
(e.g., the attacker can conduct port scans and service banner extractions).

Affected Versions

o Ruby 2.6 series: 2.6.7 and earlier
o Ruby 2.7 series: 2.7.3 and earlier
o Ruby 3.0 series: 3.0.1 and earlier

Credits

Thanks to Alexandr Savca for reporting the issue.

History

o Originally published at 2021-07-07 09:00:00 UTC

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOZ6beNLKJtyKPYoAQhymxAAnR9S5cbrq/rvn3V2Ah9K2nNZ4oF1hkdA
0Wc8Ggvm8LqomTtmLHsk9Q1wpIfAa5U4jM5WOQgBHSUg79uFU214VknOjvljRgxh
fQ9tG1D6RTwnXiOOpzIctscvSzOOFN1rcVQ06knmCjgtZxRKXdL9S2a/PAg7e6Ao
kjh6LkTI/hSPV9xsUh8JHOVlX+MEu0zgldEydrp1pxUkDSf9LhCs6kuFul2we+/O
frWlUeZoXZN7pt1C+RuRAvw8YQLoLn5bbzXHY1eW9V9uhW8hmzDuJn0igHT/cVLc
PQcNlxmNxtVeKtq8BpTgMcYscBq+hY4z1ZvsiRU9S6HUnEHFkCiv8G0+Rq6Gn5GQ
2bDz+HRMrfpZx38o9xLrAAie/zQaHiGSxAENq057U1WrribyHb9Bg6FO+OuJ0UI5
ySnHWIshbGQeFwPU+FW+NDD1slZi40kZZVl9PPsy/cP570CDCNzsoa12Vt3GverU
ejEMsYxhT8X6TKt8jOJycWIJj+gNo91z1z+kZTId0lgwWLkRLI0PKwaUtGqssWUR
ggYhm9BSBVEEEswrvK4QMI0mdY6/5SOF6Br7zYw6o2lbBHkq6auY2tgZuqk0gUpS
DaX3lTcXO4zZU59O/0w/21d+q6AyeDCvqx3IQpsznCyU8my2AwYOTjrv6uItzjs8
rKVwLno/Lc4=
=RZgW
—–END PGP SIGNATURE—–

The post ESB-2021.2338 – [Win][UNIX/Linux] Ruby: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/08/esb-2021-2338-winunix-linux-ruby-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2338-winunix-linux-ruby-multiple-vulnerabilities

ESB-2021.2339 – [Win][UNIX/Linux] Ruby: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2339
CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
8 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Ruby
Publisher: Ruby
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Provide Misleading Information — Unknown/Unspecified
Reduced Security — Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2021-32066

Reference: ESB-2021.2337

Original Bulletin:
https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/

– ————————–BEGIN INCLUDED TEXT——————–

CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP

Posted by shugo on 7 Jul 2021

A StartTLS stripping vulnerability was discovered in Net::FTP. This
vulnerability has been assigned the CVE identifier CVE-2021-32066 . We strongly
recommend upgrading Ruby.

net-imap is a default gem in Ruby 3.0.1 but it has a packaging issue, so please
upgrade Ruby itself.

Details

Net::IMAP does not raise an exception when StartTLS fails with an unknown
response, which might allow man-in-the-middle attackers to bypass the TLS
protections by leveraging a network position between the client and the
registry to block the StartTLS command, aka a StartTLS stripping attack.

Affected Versions

o Ruby 2.6 series: 2.6.7 and earlier
o Ruby 2.7 series: 2.7.3 and earlier
o Ruby 3.0 series: 3.0.1 and earlier

Credits

Thanks to Alexandr Savca for reporting the issue.

History

o Originally published at 2021-07-07 09:00:00 UTC

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOZ6fONLKJtyKPYoAQjAgA/+KoccraMJxKrHtgar76h2L1q/2eM8P7cq
o/C68J1/M3yYYzDSuwvyZy0tr5Hc8EshPQFANCl5MRrA2oVWod3/CQfo1twocAvs
91b7Rt6aUVTBmr2fmCXMOmS9N/ukUfwuXsRGoa9GsLXFjCC8+pFz1HDwPZtdVwCv
JHuKoFs8Z2zTGz+AdNderO0NbCwEB10r11U8tfZhCEPjp72eSUscoH4Z0ADokTMU
XEh+1biedi4OS7pS8ncYxh1lYYMZ2ZcBqN8F5V6vs5wqOPibZ/OF/PmgR5eD2KEs
BYchUcyC7ySK3qrSNsA6nyecepyph2cHROnYC4QYQGM4gF7Xgdx/8FzU2jftsLAy
WLmB9NgszLtCYoUl25XeS5aDDA4SpNd3fYmqqIYErp6NmjkfYwerDVWcoshY2hts
e6udT+0NBDKvdJYXiuC/YHog4peERvJ8lgZW2Re9hUtNUloU+M7IPm3Odl3OQz/N
3Hrpt+wo4XpzKwkXdu2q7z5drQIgCN5aHLgo6CTTXH2btWY4JxTgY8f6q3RPPKOj
083u8cYNKw0/jXAVyKzLmtvBfjQqgbNBFqjCVaMmfjKdg4mUUlVCpTHik6BLtNzQ
XtCjuFk+/XrmVOn+41sJ2GCusHSceEbELGNJm3lmKStvuI2wIR+nvwYsQy8+qxo/
Y1ldJOQtuNw=
=KG7o
—–END PGP SIGNATURE—–

The post ESB-2021.2339 – [Win][UNIX/Linux] Ruby: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/08/esb-2021-2339-winunix-linux-ruby-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2339-winunix-linux-ruby-multiple-vulnerabilities

ESB-2021.2336 – GitLab Community Edition and GitLab Enterprise Edition: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2336
GitLab Critical Security Release 14.0.4, 13.12.8, and 13.11.7
8 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: GitLab Community Edition
GitLab Enterprise Edition
Publisher: GitLab
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Virtualisation
Impact/Access: Read-only Data Access — Unknown/Unspecified
Reduced Security — Unknown/Unspecified
Resolution: Patch/Upgrade

Original Bulletin:
https://about.gitlab.com/releases/2021/07/07/critical-security-release-gitlab-14-0-4-released/

– ————————–BEGIN INCLUDED TEXT——————–

Jul 7, 2021 – Costel Maxim

GitLab Critical Security Release: 14.0.4, 13.12.8, and 13.11.7

Learn more about GitLab Critical Security Release: 14.0.4, 13.12.8, and 13.11.7
for GitLab Community Edition (CE) and Enterprise Edition (EE).

Today we are releasing versions 14.0.4, 13.12.8, and 13.11.7 for GitLab
Community Edition (CE) and Enterprise Edition (EE).

These versions contain important security fixes, and we strongly recommend that
all GitLab installations be upgraded to one of these versions immediately.

GitLab releases patches for vulnerabilities in dedicated security releases.
There are two types of security releases: a monthly, scheduled security
release, released a week after the feature release (which deploys on the 22nd
of each month), and ad-hoc security releases for critical vulnerabilities. For
more information, you can visit our security FAQ. You can see all of our
regular and security release blog posts here. In addition, the issues detailing
each vulnerability are made public on our issue tracker 30 days after the
release in which they were patched.

We are dedicated to ensuring all aspects of GitLab that are exposed to
customers or that host customer data are held to the highest security
standards. As part of maintaining good security hygiene, it is highly
recommended that all customers upgrade to the latest security release for their
supported version. You can read more best practices in securing your GitLab
instance in our blog post.

Table of Fixes

Title Severity
Arbitrary file read via design feature critical

Arbitrary file read via design feature

An issue has been discovered in GitLab CE/EE affecting all versions starting
with 13.11, 13.12 and 14.0. A specially crafted design allowed attackers to
read arbitrary files on the server. This is a critical severity issue. We will
update this blog post with the CVSS vector string once we have finished the
full assessment of the impact. We have requested a CVE ID and will update this
blog post when it is assigned.

Thanks vakzz for reporting this vulnerability through our HackerOne bug bounty
program.

Remediation

We strongly recommend that all installations running an affected version above
are upgraded to the latest version as soon as possible.

Updating

To update GitLab, see the Update page. To update Gitlab Runner, see the
Updating the Runner page.

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOZ41ONLKJtyKPYoAQhIpxAApRBYg9iIKd2jXh6pY5zX2uu8VjY6BU+z
+8nWdyEPZE+UmbnsfGHSTBJwx/uCCH1xR7NdUXqJA60WqDEiKYKWflwHWAdfiSke
sHdpZLBOjCnYO8qbAAxzxQgxthGwwIRJjYBnVxuJ3bhtRGgYfAtEZW91By27ixFv
oDo9Vrb/j9NcKOSmJxFIKl52aX6zLKb8/CRlTfKsf+d+YBbDZV2oUdBJkj+R5ADH
G8Ys9+4bVARnO1/GDTk5+eaBSXg09YH/W9az/Nx4L3xj5YM1QpLX4d6PItIFKwDR
nzt2XrTECwJz0t6fhpqSOv1TiJp2/6iDv83mG9QXPcPU4UpC5RlvtOGuTDXUL1cM
tvqxpZD9TQojSeyjYAFPiG5hlnAkMR6VmK34y5NLI3TCAgqwUpZU3H07K6xapiLN
oKzFi8GStfXFP6e82JBLujxN93y5owxpLuQm7jTwO0Q0D9e9cao4/0bwskNyzlQn
kNdQxZu1UKE2fOnjm7gm0o2Kefh21zXGsS7WJFiw+Eh02rBBFdrCNaO/r7L8ESU6
3r5s0x/bjSiWjiZUbh+PPKNFPmuGZ6+RnStcdowiH4zShuTRnMHLBrBIlAgUV042
4r2+s0+QiVlCnm52mhWxhI+7Fppr7pJ1upp692forbwewBAHjvXKddYdPRL7PNvi
/T/1ldi0R/4=
=X5/u
—–END PGP SIGNATURE—–

The post ESB-2021.2336 – GitLab Community Edition and GitLab Enterprise Edition: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/08/esb-2021-2336-gitlab-community-edition-and-gitlab-enterprise-edition-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2336-gitlab-community-edition-and-gitlab-enterprise-edition-multiple-vulnerabilities

ESB-2021.2335 – [Cisco] Cisco Virtualized Voice Browser: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2335
Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability
8 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Cisco Virtualized Voice Browser
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Cross-site Scripting — Remote with User Interaction
Access Confidential Data — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-1575

Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vvb-xss-wG4zXRp3

– ————————–BEGIN INCLUDED TEXT——————–

Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability

Priority: Medium
Advisory ID: cisco-sa-vvb-xss-wG4zXRp3
First Published: 2021 July 7 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvx89188
CVE Names: CVE-2021-1575
CWEs: CWE-79

Summary

o A vulnerability in the web-based management interface of Cisco Virtualized
Voice Browser could allow an unauthenticated, remote attacker to conduct a
cross-site scripting (XSS) attack against a user of the interface.

This vulnerability exists because the web-based management interface does
not properly validate user-supplied input. An attacker could exploit this
vulnerability by persuading a user of an affected interface to click a
crafted link. A successful exploit could allow the attacker to execute
arbitrary script code in the context of the affected interface or access
sensitive, browser-based information.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vvb-xss-wG4zXRp3

Affected Products

o Vulnerable Products

At the time of publication, this vulnerability affected Cisco Virtualized
Voice Browser releases earlier than Release 12.6(1).

See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.

In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.

Fixed Releases

At the time of publication, Cisco Virtualized Voice Browser releases 12.6
(1) and later contained the fix for this vulnerability.

See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o Cisco would like to thank Saad Yehia for reporting this vulnerability.

Cisco Security Vulnerability Policy

o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.

Related to This Advisory

o Cross-Site Scripting

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vvb-xss-wG4zXRp3

Revision History

o +———-+—————————+———-+——–+————–+
| Version | Description | Section | Status | Date |
+———-+—————————+———-+——–+————–+
| 1.0 | Initial public release. | – | Final | 2021-JUL-07 |
+———-+—————————+———-+——–+————–+

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOZcq+NLKJtyKPYoAQietg/+NTyHxu5hdAX0v+u5l90KmMm631tZ+PhS
mqdY3yvFEWUXYitdWtLVBX4urM10wJ8VoWlv3WsEW6PZJCtnZohVHo15tmAvfdZv
ItEvB/eCp73PZj8ZOSAr6+AD6GnB3htdhUZz4Z4nEfano9n3iGKj8wEoPlu4MHBV
WSrvjEO+vSDAptJfFd2k68udL/qE89iFdKpcRzFd0TYrMmmjyQUYCaSffnenRpnk
LHJokeyXZUwxA0IjYRMwSu8t0wlkp3BBWFs7o9QB+vsFXE6sWspOV/lIMAYWjzjP
HrM0YmaPhsaR+5JcjYg33G7JoD1JnLhFViJUR/2I1kXvGE7on2iMRkVQUWnIuWpS
jYLo6K2HRyJrrcIpi2HnjNO2JGu+r4XO8/9g1Ddx4yBgYkEnLPxJUDuPNwtFBD0V
I7KracfKKAm2vNAnk5SJ7DgPBaReRIE06y1fBkBjsFbj4I9A/24oXaarqRa6EQ2m
OykGbZAfe9ihZq5/vQsjsIJmWvxFxGHIlWNuMta9KC+EE0fULAc2OJBA89GJUubI
TnEj9j1G5EOPejk8Xhys96vF0gtQCDKy6YKOr5Zrk5z/4r3htM24WoZMcLvPZTaq
lGL2leouDjh20ipyAtciucobg8t5L2cIzgA4JWpolvnq6YlCHv3br8euryioVnB3
yyOsuA6DuTc=
=7VAE
—–END PGP SIGNATURE—–

The post ESB-2021.2335 – [Cisco] Cisco Virtualized Voice Browser: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/08/esb-2021-2335-cisco-cisco-virtualized-voice-browser-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2335-cisco-cisco-virtualized-voice-browser-multiple-vulnerabilities

ASB-2021.0123.4 – UPDATE ALERT [Win] Microsoft Print Spooler: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT Security Bulletin

ASB-2021.0123.4
Windows Print Spooler Remote Code Execution Vulnerability
8 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Microsoft Print Spooler
Operating System: Windows
Impact/Access: Administrator Compromise — Existing Account
Execute Arbitrary Code/Commands — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-34527 CVE-2021-1675
Reference: ASB-2021.0116
ASB-2021.0115

Revision History: July 8 2021: Microsoft revised advisory to announce patches are now available for additional Windows versions
July 7 2021: Microsoft revised advisory to announce patches are now available for CVE-2021-34527
July 5 2021: Microsoft revised advisory to update the FAQ, add a mitigation, and add CVSS score
July 2 2021: Initial Release

OVERVIEW

Microsoft has released an out-of-band critical update to address a
Windows Print Spooler Remote Code Execution Vulnerability.
Microsoft has assigned CVE-2021-34527 to this vulnerability and
acknowledges it has been referred to publicly as PrintNightmare.[1]

This vulnerability has received significant media attention in the past day.
[2] [3] [4] [5]

IMPACT

Microsoft has stated the following:

“Microsoft is aware of and investigating a remote code execution
vulnerability that affects Windows Print Spooler and has assigned
CVE-2021-34527 to this vulnerability. This is an evolving situation
and we will update the CVE as more information is available.

A remote code execution vulnerability exists when the Windows Print
Spooler service improperly performs privileged file operations.
An attacker who successfully exploited this vulnerability could run
arbitrary code with SYSTEM privileges. An attacker could then install
programs; view, change, or delete data; or create new accounts with
full user rights.

An attack must involve an authenticated user calling RpcAddPrinterDriverEx().”
[1]

= Update by Microsoft 20210703 =
Microsoft updated advisory to confirm that client systems and non domain
controller member servers are affected under certain specified conditions. [1]

MITIGATION

Microsoft recommends applying the latest security updates released
on June 8 AND determining if the Print Spooler service is running
and either disabling it or disabling inbound remote printing through
Group Policy. [1]

Microsoft acknowledges this vulnerability is similar to but distinct
from the recent Print Spooler vulnerability reported as
CVE-2021-1675 and addressed by the June 2021 security updates, and
that they are still investigating the issue and will update the page
as more information becomes available. [1]

= Update by Microsoft 20210703 = Microsoft updated advisory to
include further mitigation options as an alternative to disabling
printing which involves modifying various group memberships, but
notes this does risk compatibility problems. [1]

= Update by Microsoft 20210706 = Microsoft updated advisory to
announce an update is being released for several versions of Windows
to address this vulnerability. Updates are not yet available for
Windows 10 version 1607, Windows Server 2016, or Windows Server
2012. Microsoft have stated that security updates for these versions
of Windows will be released at a later date. Microsoft advise the
updates should be applied immediately. [1]

= Update by Microsoft 20210707 = Microsoft updated advisory to
announce that updates are available for Windows 10 version 1607,
Windows Server 2016, and Windows Server 2012. [1]

REFERENCES

[1] Windows Print Spooler Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

[2] ‘PrintNightmare’ Stuxnet-style zero-day
https://www.itnews.com.au/news/researchers-accidentally-publish-printnightmare-stuxnet-style-zero-day-566767

[3] Public Windows PrintNightmare 0-day exploit allows domain takeover
https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/

[4] Researchers accidentally release exploit code for new Windows
‘zero-day’ bug PrintNightmare
https://portswigger.net/daily-swig/researchers-accidentally-release-exploit-code-for-new-windows-zero-day-bug-printnightmare

[5] PrintNightmare, Critical Windows Print Spooler Vulnerability
https://us-cert.cisa.gov/ncas/current-activity/2021/06/30/printnightmare-critical-windows-print-spooler-vulnerability

AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation’s site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOZVYONLKJtyKPYoAQg1OhAAl7u50yfUDfy+4JKC6vVWnwHr+/ZupSpD
k7u8luO9aklBJI3KTVu3Ub82zrTmL3Nawr88xTzAV1Y1l/mjVgnfF1N50vsxQOdk
XxkmsiWnAKdelAPqqUj9Gj+S78C0fS2JWv7KsWvRhBUz/kU8BulRzexsnaEEwxoE
ZtNkyiwcrGeWsZvNAgn93KqeaO8+2cFXFVWT7xJ2Qgc5T+xYq+FAGBtyiuLjnAod
db/crH8E+Ks/9f+UeYRm5EK1VUJEQPpvRy+wiqy7VpfPT7N9u8mIFM7Uj2sAcBHX
xuZStJuD1Qzq7JCDrz79mR6qQ1L1a949yCkEWZAJGetGovsrOxFHxDAAeNEu3Wdi
CEzFiMq8+XA+3jg/m0FMHbJjtPw8xXKKGUdADhGD5LPQPgnswmed/ZeqGmXNHLLv
cQ7TvD4t4LEI4Cqu4NRtwoXpdxQAk3szrNA25MNrCpS7hAe7G7ep1BdM4kDZxaMd
QxTPkT2b05iOfGLIC+VEQrNdBStGeK/1P4GpSItbBiD10JCVYkf7+PWk41Tu/XAw
iWjivMekYucExXyZmKle5m5HrDnVOROpLOVF214rWU5EH5FgEr0yz+MWpcxa+XJq
CbqtKvFA8ZpZglHa3KCX0MqjHmHGymSv1fO2cLt8j64vjU6FwJqHoXhv2k0onlbc
+EbhfV62yHM=
=zraA
—–END PGP SIGNATURE—–

The post ASB-2021.0123.4 – UPDATE ALERT [Win] Microsoft Print Spooler: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/08/asb-2021-0123-4-update-alert-win-microsoft-print-spooler-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=asb-2021-0123-4-update-alert-win-microsoft-print-spooler-multiple-vulnerabilities

ESB-2021.2331 – [Cisco] Cisco Identity Services Engine: Cross-site scripting – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2331
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities
8 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Cisco Identity Services Engine
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Cross-site Scripting — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-1607 CVE-2021-1606 CVE-2021-1605
CVE-2021-1604 CVE-2021-1603

Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stored-xss-TWwjVPdL

– ————————–BEGIN INCLUDED TEXT——————–

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Priority: Medium
Advisory ID: cisco-sa-ise-stored-xss-TWwjVPdL
First Published: 2021 July 7 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvv95150 CSCvw53652 CSCvw53661 CSCvw53668 CSCvw53683
CVE Names: CVE-2021-1603 CVE-2021-1604 CVE-2021-1605 CVE-2021-1606
CVE-2021-1607
CWEs: CWE-79

Summary

o Multiple vulnerabilities in the web-based management interface of Cisco
Identity Services Engine (ISE) could allow an authenticated, remote
attacker to conduct a stored cross-site scripting (XSS) attack against a
user.

These vulnerabilities exist because the web-based management interface does
not sufficiently validate user-supplied input. An attacker could exploit
these vulnerabilities by injecting malicious code into specific pages of
the interface. A successful exploit could allow the attacker to execute
arbitrary script code in the context of the affected interface or access
sensitive, browser-based information. To exploit these vulnerabilities, the
attacker would need valid administrative credentials.

Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stored-xss-TWwjVPdL

Affected Products

o Vulnerable Products

At the time of publication, these vulnerabilities affected Cisco ISE
releases earlier than the following:

2.6 Patch 9
2.7 Patch 4
3.0 Patch 3

See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.

Workarounds

o There are no workarounds that address these vulnerabilities.

Fixed Software

Fixed Releases

At the time of publication, the following Cisco ISE releases contained the
fix for these vulnerabilities:

2.6 Patch 9 and later
2.7 Patch 4 and later
3.0 Patch 3 and later

See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.

Source

o These vulnerabilities were found during the resolution of a Cisco TAC
support case.

Cisco Security Vulnerability Policy

Related to This Advisory

o Cross-Site Scripting

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stored-xss-TWwjVPdL

Revision History

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOZQ4+NLKJtyKPYoAQgqYw//aEXBR2T0JxfcylgaZkRThav15lq4+oOR
lFhl0oPBGf9LCXqU8XeePzDMjmmEuS4LR+PpieS3ZkgY6MC9yw4m9C8FvGhcuz44
wcItFMtoHAGh7h/MBKSMSjvjBaYuf+epHK5aQ0FyaWnVabT7IOF3kfiPZzxLUvm1
PLv5/7xCDs7oO5V5XNgwed+gjiZAWBBjwstZE2m3F2UKyCvlx+QvLYnIOwEC87lf
8f0kJib8ob70RkU/o4dM+IbfTUHwcQeCXWFgScklJny3ZCywXWl+m6oaLwEK4ghj
6wmv9WLlRkCTVO8Hn8eX0pZidzz2Vr7pmUZIE2ucCD33idMMpZRossGJzxbaWNba
rdXO8IBjGtHMjt1y88Kj06Sj6TNaBNw1CpqwtNmyiEhNb8Sh0bom9f7qir2p1EzA
BuHnnB3TOUV3ofZBjYCFO2qFIasFkzlUA+lx0UbO9qu+6zq6t5EJ3x+Dg/EzoVOl
UoGe3ZdoCh6uZRs/61P4ERvqJ6pxn5hAJOA589ZdOf+xNAKOSPnhHurx0Q7ITlH3
TPYU2qtNk/jKrGb3uhtpkb42wUSpxn6tRnWngKAxEjJuh7R28gRlc67mFi9rA6Rz
FGQPNiPp1xoGyZGpPK3o1vroFsDVhqSZ/34bH7gBX08+oDOjsLz4h2iBd7omJQxv
WdQV1pa8Gf0=
=eKyq
—–END PGP SIGNATURE—–

The post ESB-2021.2331 – [Cisco] Cisco Identity Services Engine: Cross-site scripting – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/07/08/esb-2021-2331-cisco-cisco-identity-services-engine-cross-site-scripting-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2331-cisco-cisco-identity-services-engine-cross-site-scripting-existing-account

ESB-2021.2332 – [Cisco] Cisco Web Security Appliance: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2332
Cisco Web Security Appliance Privilege Escalation Vulnerability
8 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Cisco Web Security Appliance
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Root Compromise — Existing Account
Execute Arbitrary Code/Commands — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-1359

Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-scr-web-priv-esc-k3HCGJZ

– ————————–BEGIN INCLUDED TEXT——————–

Cisco Web Security Appliance Privilege Escalation Vulnerability

Priority: High
Advisory ID: cisco-sa-scr-web-priv-esc-k3HCGJZ
First Published: 2021 July 7 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvv81569
CVE Names: CVE-2021-1359
CWEs: CWE-112

Summary

o A vulnerability in the configuration management of Cisco AsyncOS for Cisco
Web Security Appliance (WSA) could allow an authenticated, remote attacker
to perform command injection and elevate privileges to root .

This vulnerability is due to insufficient validation of user-supplied XML
input for the web interface. An attacker could exploit this vulnerability
by uploading crafted XML configuration files that contain scripting code to
a vulnerable device. A successful exploit could allow the attacker to
execute arbitrary commands on the underlying operating system and elevate
privileges to root . An attacker would need a valid user account with the
rights to upload configuration files to exploit this vulnerability.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-scr-web-priv-esc-k3HCGJZ

Affected Products

o Vulnerable Products

This vulnerability affects Cisco AsyncOS for Cisco WSA, both virtual and
hardware appliances.

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following
Cisco products:

Email Security Appliance, both virtual and hardware appliances
Content Security Management Appliance, both virtual and hardware
appliances

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.

When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.

Customers Without Service Contracts

Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

Customers are advised to upgrade to an appropriate fixed software release
as indicated in the following table:

Cisco AsyncOS for Web Security Appliance First Fixed Release
Major Release
11.8 and earlier 12.0.3-005
12.0 12.0.3-005
12.5 12.5.2 ^1
14.0 Not affected.

1: Release 12.5.2 will be a Maintenance Release (MR) a few days after the
publication date of this security advisory.

In most cases, the software can be upgraded over the network by using the
System Upgrade options in the Cisco WSA web interface. To upgrade a device
by using the web interface, do the following:

1. Choose System Administration > System Upgrade .
2. Click Upgrade Options .
3. Choose Download and Install .
4. Choose the release to upgrade to.
5. In the Upgrade Preparation area, choose the appropriate options.
6. Click Proceed to begin the upgrade. A progress bar displays the status
of the upgrade.

After the upgrade is complete, the device reboots.

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o Cisco would like to thank Alvaro Gutierrez of mnemonic for reporting this
vulnerability.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-scr-web-priv-esc-k3HCGJZ

Revision History

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOZQ+ONLKJtyKPYoAQj7vBAAsdVsgRQq0vMjsGkcY5qzXosL5Hf4Z0sI
6ytpCS9IBU5wmoCCz/bM4AJrUfEwKHppSUgoZ0sxPSsB57ikvRx4J4X+hJHN6+/r
1NKm6X7UBWrEtCT/K4tQvACjMHGfDFxPeuspQfmE2Bcc07JzLoM8UIxN2rXvQ64n
Jn/1ZuF/CnNqvKCnV5+ncWMA22TbsO/0DVFAA9TJ+GvzM+abwpJBYwCbTV1jy932
WO8NQMuFn/qzE1DfR8vLsbU2NdW89D8b9hIn/Aket4/T0NQU5wt+gxHLSeBCCVdp
jdxVZIlQEbk47Y/kSMil8zblYGhPjth4mRCxhY4rfzOwaXCPJHaGKkxa/53OBYGt
eKclpjM1iIVr523F/2uXvyt/ng3tAzaYu0peULqasxaXTrcSUCiLWAxcy/PSdH3v
PRvZVLIZlT0UdiEsX+ajBJ4c6z3HScOoLW669CENCZM0yG9llOXSt/HXnBe5uJMe
CVm6/7TfVXzETCcONClr3bomOtKs4UQUv16wbKka7WqJ5lFitT0tMmZBgSGwgEh0
mNm3YWO9b9v72TqtaV9MAtHknt42VKrxd9oVsFjtcg6EC4XOwV96tIsvbYE+dNCO
yNqAqiD/K1c8URlekITAmN71XzNrXgdHJIHqWNe4TCJ7AJ2lY6fJWOxUlClqb6FR
cF1PYknCAgw=
=fRF9
—–END PGP SIGNATURE—–

The post ESB-2021.2332 – [Cisco] Cisco Web Security Appliance: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/08/esb-2021-2332-cisco-cisco-web-security-appliance-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2332-cisco-cisco-web-security-appliance-multiple-vulnerabilities

ESB-2021.2333 – [Cisco] Cisco IP Phone Products: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2333
Broadcom MediaxChange Vulnerability Affecting Cisco Products: July 2021
8 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Cisco IP Phone Products
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Execute Arbitrary Code/Commands — Console/Physical
Increased Privileges — Console/Physical
Resolution: Patch/Upgrade
CVE Names: CVE-2021-33478

Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh

Comment: To exploit this vulnerability on the affected Cisco products, the
attacker would need to dismount the backplate of the device and
trigger a specific series of impulses on the chipset.

– ————————–BEGIN INCLUDED TEXT——————–

Broadcom MediaxChange Vulnerability Affecting Cisco Products: July 2021

Priority: Medium
Advisory ID: cisco-sa-brcm-mxc-jul2021-26LqUZUh
First Published: 2021 July 7 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvx08743 CSCvx08744 CSCvx08753 CSCvx08762 CSCvx08807
CVE Names: CVE-2021-33478
CWEs: CWE-120

Summary

o A vulnerability in the TrustZone implementation in certain Broadcom
MediaxChange firmware was reported by security researchers. To exploit this
vulnerability on the affected Cisco products, the attacker would need to
dismount the backplate of the device and trigger a specific series of
impulses on the chipset. This would reload the device in a special mode
allowing access to the bootshell. The attacker would then issue specific
commands with crafted parameters in the bootshell, which would trigger the
vulnerability. Exploitation of this vulnerability could result in arbitrary
code execution with privilege escalation.

At the time of publication, a link to the details about this vulnerability
was not available.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh

Affected Products

o Cisco investigated its product line to determine which products may be
affected by this vulnerability.

The Vulnerable Products section of this advisory includes Cisco bug IDs for
each affected product. The bugs are accessible through the Cisco Bug Search
Tool and contain additional platform-specific information, including
workarounds (if available) and fixed software releases.

Any product or service not listed in the Vulnerable Products section of
this advisory is to be considered not vulnerable.

Vulnerable Products

The following table lists Cisco products that are affected by the
vulnerability that is described in this advisory. If a future release date
is indicated for software, the date provided represents an estimate based
on all information known to Cisco as of the Last Updated date at the top of
the advisory. Availability dates are subject to change based on a number of
factors, including satisfactory testing results and delivery of other
priority features and fixes. If no version or date is listed for an
affected component (indicated by a blank field and/or an advisory
designation of Interim), Cisco is continuing to evaluate the fix and will
update the advisory as additional information becomes available. After the
advisory is marked Final, customers should refer to the associated Cisco
bug(s) for further details. Unless otherwise documented, all software
releases earlier than the first fixed release are to be considered affected
by this vulnerability.

Product Cisco Bug Fixed Release
ID Availability
Cisco IP Phone 8800 Series with
Multiplatform Firmware
Cisco IP Phone 8811 with Multiplatform
Firmware
Cisco IP Phone 8841 with Multiplatform CSCvx08743 11.3(4) (available)
Firmware
Cisco IP Phone 8851 with Multiplatform
Firmware
Cisco IP Phone 8861 with Multiplatform
Firmware
Cisco IP Phone 8845 with Multiplatform
Firmware CSCvx08744 11.3(4) (available)
Cisco IP Phone 8865 with Multiplatform
Firmware
Cisco IP Phone 8845 CSCvx08753 14.0(1) (available)
Cisco IP Phone 8865
Cisco IP Phone 8800 Series
Cisco IP Phone 8811
Cisco IP Phone 8841 CSCvx08762 14.0(1) (available)
Cisco IP Phone 8851
Cisco IP Phone 8861
Cisco Wireless IP Phone 8821 CSCvx08807 11.0(6)SR1
(available)

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

o For information about fixed software releases , consult the Cisco bugs
identified in the Vulnerable Products section of this advisory.

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o Cisco would like to thank Yuanzhe Wu, James E. Posen, and Ang Cui of Red
Balloon Security, Inc. for reporting this vulnerability.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh

Revision History

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOZW+ONLKJtyKPYoAQgOLhAAg39QLKnoGeKgGdi4wlKgnPPhUXPWmZX7
Ck5JiVVbWJprrm7TZFt/rmu2A3sKF966R/0tf+IvxY6CHPNrDzflG9Bxosd2+j46
fT/jZ+V78qwBfexmnDJWhJ5O7UXJj+tR3HKm+DEWAbTOSdRB6f9rdqMgeph631qk
OHx9zdRTZ33BLQFPlVI34yW6WppHKYtTmPA8hgKWd2uZd5aykB2p4waRZU98DHoP
n087oH7C7FwVPNXhHgQlhqkSBh9s5b+Uc7cqcZ+2jddin9uLs0ZDD2IJ720s/9zk
E/Ih2YENd6gXPCogJmFQqsjJ7Zr5urnHhF+X06EsIaBkkAExS31zlCLpLgWcRTHf
AAz0APbG3+2Mk3EaIn7oNROfBMitcIfDw618iEBO8LqU4Q57wvY+o0wW7cNmc9Q/
7TPcYpxp5jbgIlyWzVyeSdEzw9sflm2bSPH6yJVwv1M3y+bj/6DTU8s5aHAAQ8zt
V1wQbXzqvtxMohAXgmgYrYflv6tbhbvU+7VPOSyV8GyPfLUZJkzJa1lefCJo8Bg4
ocEaYnL7lbxg6syp4VI8FYyfcFKSIQelXm7/aDcRHxifb1sJbeJWDZGhzYVQK3yp
P6U8SOvIC7psWZXQaH54ZROOylBxvDOhXqygBFLQ2aTsn4Acfl7MBRD1thOxUbAl
1nlbkVpsEBs=
=JidY
—–END PGP SIGNATURE—–

The post ESB-2021.2333 – [Cisco] Cisco IP Phone Products: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/08/esb-2021-2333-cisco-cisco-ip-phone-products-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2333-cisco-cisco-ip-phone-products-multiple-vulnerabilities

Wednesday, July 7, 2021

Network Security News Summary for Thursday July 8th, 2021

Printnightmare Update Update; GitLab Update; Vuln Nuget Packages

Microsoft Releases Patches for CVE-2021-34527 UPDATED
https://isc.sans.edu/forums/diary/Microsoft+Releases+Patches+for+CVE202134527/27610/

GitLab Update
https://www.ehackingnews.com/2021/07/gitlab-fixes-several-vulnerabilities.html

Vulnerable NuGet Packages
https://blog.secure.software/third-party-code-comes-with-some-baggage

keywords: nuget; gitlab; microsoft; printnightmare;

The post Network Security News Summary for Thursday July 8th, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/07/07/network-security-news-summary-for-thursday-july-8th-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-thursday-july-8th-2021

Critical Sage X3 RCE Bug Allows Full System Takeovers

Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims’ business-critical processes and to intercept data.
Read More

The post Critical Sage X3 RCE Bug Allows Full System Takeovers appeared first on Malware Devil.

https://malwaredevil.com/2021/07/07/critical-sage-x3-rce-bug-allows-full-system-takeovers/?utm_source=rss&utm_medium=rss&utm_campaign=critical-sage-x3-rce-bug-allows-full-system-takeovers

MacOS Targeted in WildPressure APT Malware Campaign

Threat actors enlist compromised WordPress websites in campaign targeting macOS users.
Read More

The post MacOS Targeted in WildPressure APT Malware Campaign appeared first on Malware Devil.

https://malwaredevil.com/2021/07/07/macos-targeted-in-wildpressure-apt-malware-campaign/?utm_source=rss&utm_medium=rss&utm_campaign=macos-targeted-in-wildpressure-apt-malware-campaign

Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing

The unnamed suspect allegedly helped to develop carding and phishing kits with the aim of stealing customers’ bank-card data.
Read More

The post Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing appeared first on Malware Devil.

https://malwaredevil.com/2021/07/07/suspected-dr-hex-hacker-busted-for-9-years-of-phishing/?utm_source=rss&utm_medium=rss&utm_campaign=suspected-dr-hex-hacker-busted-for-9-years-of-phishing

Fake Kaseya VSA Security Update Drops Cobalt Strike

Threat actors are planting Cobalt Strike backdoors by malspamming a bogus Microsoft update along with a SecurityUpdates.exe.
Read More

The post Fake Kaseya VSA Security Update Drops Cobalt Strike appeared first on Malware Devil.

https://malwaredevil.com/2021/07/07/fake-kaseya-vsa-security-update-drops-cobalt-strike/?utm_source=rss&utm_medium=rss&utm_campaign=fake-kaseya-vsa-security-update-drops-cobalt-strike

Microsoft Issues Emergency Patch for Windows Flaw

Microsoft on Tuesday issued an emergency software update to quash a security bug that’s been dubbed “PrintNightmare,” a critical vulnerability in all supported versions of Windows that is actively being exploited. The fix comes a week ahead of Microsoft’s normal monthly Patch Tuesday release, and follows the publishing of exploit code showing would-be attackers how to leverage the flaw to break into Windows computers.

At issue is CVE-2021-34527, which involves a flaw in the Windows Print Spooler service that could be exploited by attackers to run code of their choice on a target’s system. Microsoft says it has already detected active exploitation of the vulnerability.

Satnam Narang, staff research engineer at Tenable, said Microsoft’s patch warrants urgent attention because of the vulnerability’s ubiquity across organizations and the prospect that attackers could exploit this flaw in order to take over a Windows domain controller.

“We expect it will only be a matter of time before it is more broadly incorporated into attacker toolkits,” Narang said. “PrintNightmare will remain a valuable exploit for cybercriminals as long as there are unpatched systems out there, and as we know, unpatched vulnerabilities have a long shelf life for attackers.”

In a blog post, Microsoft’s Security Response Center said it was delayed in developing fixes for the vulnerability in Windows Server 2016, Windows 10 version 1607, and Windows Server 2012. The fix also apparently includes a new feature that allows Windows administrators to implement stronger restrictions on the installation of printer software.

“Prior to installing the July 6, 2021, and newer Windows Updates containing protections for CVE-2021-34527, the printer operators’ security group could install both signed and unsigned printer drivers on a printer server,” reads Microsoft’s support advisory. “After installing such updates, delegated admin groups like printer operators can only install signed printer drivers. Administrator credentials will be required to install unsigned printer drivers on a printer server going forward.”

Windows 10 users can check for the patch by opening Windows Update. Chances are, it will show what’s pictured in the screenshot below — that KB5004945 is available for download and install. A reboot will be required after installation.

Friendly reminder: It’s always a good idea to backup your data before applying security updates. Windows 10 has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

This post will be updated if Windows users start reporting any issues in applying the patch.

The post Microsoft Issues Emergency Patch for Windows Flaw appeared first on Malware Devil.

https://malwaredevil.com/2021/07/07/microsoft-issues-emergency-patch-for-windows-flaw/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-issues-emergency-patch-for-windows-flaw

Malware Devil

Malware Devil

Thursday, July 8, 2021

Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)

Summary

Technical details

CVE-2021-34527

CVE-2021-1675

Mitigations

ISC Stormcast For Thursday, July 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7576, (Thu, Jul 8th)

ESB-2021.2337 – [Win][UNIX/Linux] Ruby products: Multiple vulnerabilities

ESB-2021.2338 – [Win][UNIX/Linux] Ruby: Multiple vulnerabilities

ESB-2021.2339 – [Win][UNIX/Linux] Ruby: Multiple vulnerabilities

ESB-2021.2336 – GitLab Community Edition and GitLab Enterprise Edition: Multiple vulnerabilities

ESB-2021.2335 – [Cisco] Cisco Virtualized Voice Browser: Multiple vulnerabilities

ASB-2021.0123.4 – UPDATE ALERT [Win] Microsoft Print Spooler: Multiple vulnerabilities

ESB-2021.2331 – [Cisco] Cisco Identity Services Engine: Cross-site scripting – Existing account

ESB-2021.2332 – [Cisco] Cisco Web Security Appliance: Multiple vulnerabilities

ESB-2021.2333 – [Cisco] Cisco IP Phone Products: Multiple vulnerabilities

Wednesday, July 7, 2021

Network Security News Summary for Thursday July 8th, 2021

Critical Sage X3 RCE Bug Allows Full System Takeovers

MacOS Targeted in WildPressure APT Malware Campaign

Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing

Fake Kaseya VSA Security Update Drops Cobalt Strike

Microsoft Issues Emergency Patch for Windows Flaw

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me