Customer portal
Articles Tagged with

SOS Intelligence

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 26 June 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-26359

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

https://nvd.nist.gov/vuln/detail/CVE-2023-26359

 


 

2. CVE-2023-26360

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

https://nvd.nist.gov/vuln/detail/CVE-2023-26360

 


 

3. CVE-2023-29360

Windows TPM Device Driver Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-29360

 


 

4. CVE-2021-34473

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.

https://nvd.nist.gov/vuln/detail/CVE-2021-34473

 


 

5. CVE-2022-42475

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

https://nvd.nist.gov/vuln/detail/CVE-2022-42475

 


 

6. CVE-2023-32434

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2023-32434

 


 

7. CVE-2023-32435

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2023-32435

 


 

8. CVE-2023-29336

Win32k Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-29336

 


 

9. CVE-2023-33568

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company’s entire customer file, prospects, suppliers, and employee information if a contact file exists.

https://nvd.nist.gov/vuln/detail/CVE-2023-33568

 


 

10. CVE-2022-38005

Windows Print Spooler Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2022-38005

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 19 June 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

https://nvd.nist.gov/vuln/detail/CVE-2023-0386

 


 

2. CVE-2023-26360

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

https://nvd.nist.gov/vuln/detail/CVE-2023-26360

 


 

3. CVE-2023-26359

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

https://nvd.nist.gov/vuln/detail/CVE-2023-26359

 


 

4. CVE-2023-27997

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

https://nvd.nist.gov/vuln/detail/CVE-2023-27997

 


 

5. CVE-2023-29336

Win32k Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-29336

 


 

6. CVE-2023-20887

Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2023-20887

 


 

7. CVE-2023-31904

savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion.

https://nvd.nist.gov/vuln/detail/CVE-2023-31904

 


 

8. CVE-2021-32789

woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.

https://nvd.nist.gov/vuln/detail/CVE-2021-32789

 


 

9. CVE-2019-13050

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.

https://nvd.nist.gov/vuln/detail/CVE-2019-13050

 


 

10. CVE-2023-34362

In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer’s database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.

https://nvd.nist.gov/vuln/detail/CVE-2023-34362

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 12 June 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2022-42475

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

https://nvd.nist.gov/vuln/detail/CVE-2022-42475

 


 

2. CVE-2023-34362

In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer’s database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.

https://nvd.nist.gov/vuln/detail/CVE-2023-34362

 


 

3. CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

https://nvd.nist.gov/vuln/detail/CVE-2019-11358

 


 

4. CVE-2015-7358

The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory.

https://nvd.nist.gov/vuln/detail/CVE-2015-7358

 


 

5. CVE-2023-21823

Windows Graphics Component Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2023-21823

 


 

6. CVE-2015-7359

The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory.

https://nvd.nist.gov/vuln/detail/CVE-2015-7359

 


 

7. CVE-2022-40684

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

https://nvd.nist.gov/vuln/detail/CVE-2022-40684

 


 

8. CVE-2020-7065

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.

https://nvd.nist.gov/vuln/detail/CVE-2020-7065

 


 

9. CVE-2023-28187

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

https://nvd.nist.gov/vuln/detail/CVE-2023-28187

 


 

10. CVE-2023-2868

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl’s qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.

https://nvd.nist.gov/vuln/detail/CVE-2023-2868

 


"CLOP
Ransomware

Clop issue ultimatum and SOS Intelligence quoted on the BBC news site

Joe Tidy, the BBC’s Cyber correspondent has written an interesting piece on the MOVEit hack which we issued a Flash Alert about last week.

A prolific cyber crime gang thought to be based in Russia has issued an ultimatum to victims of a hack that has hit organisations around the world. 

The Clop group posted a notice on the dark web warning firms affected by the MOVEit hack to email them before 14 June or stolen data will be published.

More than 100,000 staff at the BBC, British Airways and Boots have been told payroll data may have been taken.

BBC

The post by the Clop group urges victim organisations to send an email to the gang to begin a negotiation on the crew’s darknet portal. Our CEO and Founder, Amir was also quoted after speaking with Joe:

“My take is that they just have so much data that it is difficult for them to get on top of it all. They’re betting that if you know then you will contact them,” says SOS Intelligence CEO Amir Hadžipasić.”

Amir Hadžipasić

The critical, zero-day vulnerability in MOVEit Transfer is being actively targeted by threat actors to facilitate data theft.

MOVEit Transfer is a managed file transfer (MFT) solution developed by Ipswitch.  It allows the users to securely transfer files between consumers and partners using SFTP, SCP, and HTTP-based uploads.

The exploit, as yet unassigned a CVE, is being utilised by the Clop group to facilitate mass downloads of victim company data, now known to be the likes of the BBC, BA and Boots.

What is key, is this is likely to be a third party vulnerability which has led to some of these major organisations to be compromised. Many of the organisations are not direct users of the MOVEit software, but outsourced their payroll services to a third-party called Zellis, which was a victim.

Third party cyberthreats are increasingly important due to the porous nature of relationships between companies and organisations.

We are running a webinar on June 14th at 11am UK time discussing how SOS Intelligence can help with this threat. You can sign up here.

"Flipper
Investigation, Opinion

Flipper Zero: An Introduction to Its Capabilities and Potential Risks

By Daniel Collyer, Threat Intelligence Analyst, SOS Intelligence

What is Flipper Zero?

Flipper Zero is a portable, multi-function device, similar in style to the Tamagotchis of the late-90s.  While presenting itself as a cute gaming device, complete with a dolphin mascot, under the covers it is a versatile device that allows the user to interact with access control systems.  It can read, copy, and emulate NFC and RFID tags, radio remotes, iButton, and digital access keys.

The device

Development of Flipper Zero began in August 2020 with a Kickstarter campaign to raise funds for research and development.  It was developed to build a sleek and versatile device to replace the more unwieldy options already available.  The result was a single-case device with multiple features and skills to assist prototyping, hardware research, and penetration testing.

One of the key aspects of Flipper Zero is its commitment to open-source development. Its hardware and firmware are openly available, allowing users to modify and enhance its functionalities according to their specific needs. The open-source nature of Flipper Zero fosters collaboration, knowledge sharing, and continuous improvement within the hacker and security research communities.

Inside Flipper Zero – image credit Flipper Zero

What can it do?

Sub-Ghz radio frequencies

Flipper Zero contains a 433MHz antenna which allows it to access Sub-1 GHz radio frequencies.  Its chipset gives it a range of ~50m for targeting wireless devices and access control systems, such as garage doors, boom barriers, IoT sensors, and remote keyless systems.

RFID (125 kHz)

A 125 kHz antenna allows Flipper Zero to read low-frequency proximity cards.  Older cards, with no authentication mechanisms, can be stored in memory for later emulation.

NFC

Flipper Zero pairs its RFID capability with a 13.56Mhz NFC module.  This provides a high-frequency (HF) alternative  which allows the device to read, write and emulate tags

Infrared

Flipper Zero’s infrared transmitter can control electronics, such as TVs, stereo systems, etc.  Common TV vendor command sequences are contained in a built-in library which is constantly updated and maintained by the Flipper community.  It also functions as a receiver, which can receive signals and store them for later use.

Hardware Hacking

Flipper Zero allows versatility for hardware exploration, firmware flashing, debugging and fuzzing.  The device can be utilised to run code or provide control to hardware connected via GPIO.  It can function as a regular USB to UART/SPI/I2C/etc adapter.

Bad USB

Flipper Zero can emulate USB slave devices, making it appear as a regular device when attached to a computer, similar to a USB Rubber Ducky.  It can be pre-programmed with payloads to execute upon connection or provide functionality for USB stack fuzzing.

iButton

Flipper Zero has a built-in 1-Wire connector with a unique design which allows it to read and probe iButton sockets.  This allows it to read keys, store IDs in memory, write IDs and even emulate keys themselves.

Bluetooth

Flipper Zero has a built-in, fully supported, Bluetooth Low Energy module, allowing it to act as a host and peripheral device.  A corresponding open-source library provided by the developers gives functionality support to community-made apps.

Open-Source Firmware

The key property of Flipper Zero is its open-source firmware.  By making this available to all, the developers have encouraged the modification and extension of the Flipper Zero code.  This allows access to all functions and hardware used by Flipper Zero to allow users to generate bespoke tools, for example, homemade dosimeters or carbon dioxide detectors

What are the risks?

As with a vast majority of technical tools and devices of this type, the Flipper Zero is not inherently malicious or illegal.  Its abilities make it a useful tool for penetration testing, ethical hacking, and hardware development.  However, Amazon has taken the view that the device is a “card skimmer”, and the Brazilian government have been seizing shipments of devices due to its alleged use in criminal activity.

Such a tool is not new to the market.  Existing hardware, such as Arduino or Raspberry Pi, has often been utilised to develop hardware for nefarious purposes.  The initial hardware itself is by no means illegal, and the same can be said for Flipper Zero.  Instead, we have looked at the people using the device.

Using SOS Intelligence’s intelligence platform, we have researched and tracked discussions of Flipper Zero on the Dark Web and across online criminal forums.  Using “Flipper Zero” as a keyword, used our Alerts system to identify and flag instances where Flipper Zero is mentioned online.

Our period of monitoring ran from the start of 2023 to  June 2023.  In that time we generated 158 alerts on the keyword “Flipper Zero”.  We have been able to break these down into the following:

Number vs Post Content
Number vs Language
Source Occurence

Our data shows that, while there has not been much in terms of published development within criminal forums or the dark web, there has been significant interest in what has been posted.  Exploit development has been particularly popular within the Russian-language forums.  The use of Portuguese in more recent Dark Web posts was noted, and this appears to coincide with the Brazilian Government banning the importation of Flipper Zero.

As the product becomes more widely available and used by the community, we expect to see a rise in the number of posts details exploit development as more people share their work with the community.

Cracked.io

Tesla Charging Door Mods

On 16 May 2023, we identified Cracked.io member AKA Fu33y creating the thread “OPEN TESLA CHARGING DOORS MOD WITH FLIPPER ZERO”.  

The result was a post containing Anonfiles links to two .sub files.  These contained configuration data required to utilise Flipper Zero’s sub-GHz antenna to open the charging doors on Tesla vehicles.

Probing further into AKA Fu33y’s activity, we identified a second post from 16 May 2023 titled “HACKER FIRMWARE FOR FLIPPER ZERO”.

Hacker Firmware

This post provided a link to a GitHub repository where over 250 contributors have customised and improved the Flipper Zero firmware, creating an “Unleashed” variant.  The creators of this variant are explicit in their condoning of any illegal activity using Flipper Zero and state that their software is for experimental purposes only.  This variant provides a massive expansion to the abilities of Flipper Zero’s inbuilt capabilities, widening the scope for criminal use.

Hackforums

We were able to identify similar activity on Hackforums.  User AKA aleff shared their own GitHub repository (my-flipper-shits).

Bad USB Payloads

This repository focused on scripts to utilise the BadUSB function.  They range from simple pranks, such as rick-rolling, to more exploitative functions, including data exfiltration or malicious code execution.

User AKA Angela White provided instructions on utilising cheap components and open-source software to create a WiFi Dev Board.

Utilising this upgrade, with the mentioned Wifi Marauder software, would turn the Flipper Zero into a device capable of sniffing or attacking WiFi networks.

Exploit.in

Flipper Zero is still relatively new to the market, and supply issues have meant that they have not progressed far into the community as yet.  However, as it does, more opportunities will be given to both benevolent and malicious developers to generate custom firmware and code for Flipper Zero.  Our alert system has identified user AKA Rain_4, a member of Exploit.in, discussing the BadUSB possibilities of Flipper Zero and providing a basic code for creating a reverse shell for MacOS devices.  This highlights how, with only a few lines of code, the Flipper Zero can be utilised to gain access to victim devices (this does of course require Flipper Zero to be connected to the victim device).


Key Takeaways

The device itself: To reiterate, Flipper Zero is not in and of itself a malicious device.  It can have multiple benevolent uses and has the potential to be a useful multitool for practical operators in the cyber security industry, such as ethical hackers and penetration testers.  However, our data is showing that as the product becomes more widespread and available to the public as a whole, malicious users are generating code, tools and firmware to turn Flipper Zero into something more malicious than maybe its creators intended.

Using SOS Intelligence: What was apparent from the research undertaken, was how SOS Intelligence enabled us to do this in a straight forward and efficient manner. Historically, this kind of deep dive into the more nefarious uses would not have been possible.

Using keywords and phrases and looking into the forums and sites where this kind of thing is routinely discussed was both easy and enjoyable. We’ve worked hard improving the user experience and UI and the feedback from this continues to be incredibly positive.

“In today’s rapidly evolving digital and physical landscape, comprehending emerging threats like FlipperZero is of utmost importance. Robust intelligence coverage, including monitoring adversary communication, enables informed risk-based analysis to understand the implications of this new digital radiofrequency tool. Our publication of article on “Flipper Zero:  An Introduction to Its Capabilities and Potential Risks” serves as a valuable guide for defence, equipping stakeholders with insights to navigate this threat through informed analysis and strategic decision-making while demonstrating the capability and ease of use of our platform.”

Amir Hadzipasic, CEO and Founder

If you’d like to learn more, then please click here to book a demo.

References

  1. https://habr.com/ru/companies/vk/articles/723996/
  2. https://www.bleepingcomputer.com/news/technology/flipper-zero-banned-by-amazon-for-being-a-card-skimming-device-/
  3. https://www.bleepingcomputer.com/news/security/brazil-seizing-flipper-zero-shipments-to-prevent-use-in-crime/
  4. https://github.com/meshchaninov/flipper-zero-mh-z19
"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 05 June 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2022-40684

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

https://nvd.nist.gov/vuln/detail/CVE-2022-40684

 


 

2. CVE-2018-13379

An Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

https://nvd.nist.gov/vuln/detail/CVE-2018-13379

 


 

3. CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

https://nvd.nist.gov/vuln/detail/CVE-2019-11358

 


 

4. CVE-2020-6507

Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2020-6507

 


 

5. CVE-2023-26359

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

https://nvd.nist.gov/vuln/detail/CVE-2023-26359

 


 

6. CVE-2020-8516

** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2020-8516

 


 

7. CVE-2023-26360

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

https://nvd.nist.gov/vuln/detail/CVE-2023-26360

 


 

8. CVE-2021-34473

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.

https://nvd.nist.gov/vuln/detail/CVE-2021-34473

 


 

9. CVE-2020-36620

A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.1 is able to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2020-36620

 


 

10. CVE-2021-38001

Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2021-38001

 


"SOS
Product news

Join us for our next SOS Intelligence webinar on Understanding Third-Party Risk for Cybersecurity

I’m delighted to invite you to our next webinar on Wednesday 14th June at 11am for twenty minutes.

Understanding Third-Party Risk for Cybersecurity 

Who is this for?

  • Anyone in a business or organisation who has responsibility for online security.
  • CTOs or senior managers who want to understand the risks of third-party cyber breaches and how to monitor them.
  • MSSPs who would like to leverage our solution with their clients.

You will learn:

  • What are third-party cyber security risks and what are the common breaches + consequences
  • The role of cyber threat intelligence in third-party risk management
  • How SOS Intelligence will help you manage your risk and your third parties

We are recording the session so if you sign up and are not able to make it, you will be sent a replay.

Sign up takes seconds, just click the button below.

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 29 May 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1. 

https://nvd.nist.gov/vuln/detail/

 


 

2.

https://nvd.nist.gov/vuln/detail/

 


 

3.

https://nvd.nist.gov/vuln/detail/

 


 

4.

https://nvd.nist.gov/vuln/detail/

 


 

5.

https://nvd.nist.gov/vuln/detail/

 


 

6.

https://nvd.nist.gov/vuln/detail/

 


 

7.

https://nvd.nist.gov/vuln/detail/

 


 

8.

https://nvd.nist.gov/vuln/detail/

 


 

9.

https://nvd.nist.gov/vuln/detail/

 


 

10.

https://nvd.nist.gov/vuln/detail/

 


"SOS
Flash Alert

Flash Alert – Brute-Force scanning of VPNs

SOS Intelligence has recently seen indications of brute-force login activity against VPN services associated with a customer.  

Our research has linked this activity to an Initial Access Broker (IAB), who has recently released access to a brute force scanning tool through their profile on a high-profile cyber-crime forum. 

Thanks to Daniel, our new Threat Intelligence Analyst who has been investigating this. Future flash alerts and intelligence reports will come from Daniel via email. If you would like to get these, you can sign up here.

The IAB has shared information with our Intelligence Team, showing statistics relating to successful logins they have found whilst scanning VPN networks.

This has highlighted a concerning amount of networks accessible using commonly known default login credentials.  However, the IAB has acknowledged that some of these may represent honeypots.

Source: SOS Intelligence discussion with Bassterlord

Initial Access Brokerage is a common feature of cyber-crime forums.  The individuals concerned involve themselves with the compromise of computer networks. 

Once persistence within the network has been maintained, they monetize that access by selling it within forums, often to actors with access to destructive malware.  Therefore, IAB activity can often be a precursor to Ransomware and/or Data-exfiltration attacks.

Other Discussions identified by the SOS Intelligence Platform related to VPN Provider Scanning

Recommendation

We recommend reviewing any VPN services in use to ensure all default account passwords have been changed, and any built-in accounts have been disabled, in accordance with the best practices of your provider.

At SOS Intelligence we can provide bespoke intelligence feeds to help monitor your data to help you identify when credentials have been leaked and are appearing online, helping you to stay ahead of the attackers and keep your networks safe.

Photo by Kevin Ku on Unsplash

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 22 May 2023

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2023-26818

N/A

https://nvd.nist.gov/vuln/detail/CVE-2023-26818

 


 

2. CVE-2022-21894

Secure Boot Security Feature Bypass Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-21894

 


 

3. CVE-2022-32939

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

https://nvd.nist.gov/vuln/detail/CVE-2022-32939

 


 

4. CVE-2018-13379

An Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

https://nvd.nist.gov/vuln/detail/CVE-2018-13379

 


 

5. CVE-2020-17087

Windows Kernel Local Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2020-17087

 


 

6. CVE-2022-30190

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-30190

 


 

7. CVE-2022-42846

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

https://nvd.nist.gov/vuln/detail/CVE-2022-42846

 


 

8. CVE-2022-42850

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

https://nvd.nist.gov/vuln/detail/CVE-2022-42850

 


 

9. CVE-2022-3266

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

https://nvd.nist.gov/vuln/detail/CVE-2022-3266

 


 

10. CVE-2022-22675

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

https://nvd.nist.gov/vuln/detail/CVE-2022-22675

 


1 2 13 14 15 16 17 23 24
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound