Customer portal
Articles Tagged with

SOS Intelligence

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 05 September 2022

by Amir Hadzipasic
September 5, 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 

 

1.  CVE-2012-2459

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

 

 

2. CVE-2022-24637

Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with ‘

https://nvd.nist.gov/vuln/detail/CVE-2022-24637

 

 

3. CVE-2020-29260

libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().

https://nvd.nist.gov/vuln/detail/CVE-2020-29260

 

 

4. CVE-2022-22067

Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

https://nvd.nist.gov/vuln/detail/CVE-2022-22067

 

 

5. CVE-2022-30075

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.

https://nvd.nist.gov/vuln/detail/CVE-2022-30075

 

 

6. CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

 

 

7. CVE-2022-37042

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.

https://nvd.nist.gov/vuln/detail/CVE-2022-37042

 

 

8. CVE-2021-41617

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

https://nvd.nist.gov/vuln/detail/CVE-2021-41617

 

 

9. CVE-2022-21449

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

https://nvd.nist.gov/vuln/detail/CVE-2022-21449

 

 

10. CVE-2022-29154

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

https://nvd.nist.gov/vuln/detail/CVE-2022-29154

 

"broadband"/
Opinion

New cyber security rules for for UK mobile and broadband carriers

by Amir Hadzipasic
August 31, 2022

Yesterday, the UK government announced that mobile and broadband carriers must follow a new set of rules that will strengthen our protection against cyber attacks.

“we know that today the security and resilience of our communications networks and services is more important than ever. From heightened geopolitical threats through to malicious cyber criminals exploiting network vulnerabilities, global events have shown the importance of providing world-leading security for our networks and services.

That’s why the creation of a new telecoms security framework via the Telecommunications (Security) Act 2021 was so important. With the help of the telecoms industry, we’ve now been able to move that framework forwards.”

– Matt Warman, Minister of State for Digital, Culture, Media and Sport

The new rules which the companies will need to follow, look at areas such as

  • how (and from whom) providers can procure infrastructure and services
  • how providers police activity and access
  • the investments they make into their security and data protection and the monitoring of that
  • how providers inform stakeholders of resulting data breaches or network outagesprocedures by March 2024

The executive summary of the consultation outcome is one we completely endorse:

The UK is becoming ever more dependent on public telecoms networks and services. The increased reliance of the economy, society and critical national infrastructure (CNI) on such networks and services means it is important to have confidence in their security. As the value of our connectivity increases, it becomes a more attractive target for attackers. It is important to make sure that our networks and services are secure in this evolving threat landscape.

Proposals for new telecoms security regulations and code of practice – government response to public consultation – Updated 30 August 2022.

TechCrunch highlights that those who fail to comply with the new regulations will face big fines, up to £100,000 per day.

SOS Intelligence is focused on providing effective and affordable cyber threat intelligence. We would welcome a conversation with any mobile and / or broadband carrier as we can definitely help you.

We can help you avoid the question from your CEO or MD… Why didn’t we know about this?
Simply put, we monitor keywords, email addresses, domains and more online including the Dark Web, so you get to know immediately if your data has been leaked. You can then do something about it.

Forewarned in many cases will be incredibly helpful.

The results of a GOV.UK survey released in March 2020 confirms cyber security breaches are becoming more frequent. It found 46% of UK businesses and charities reported a cyber- attack during the year. Of those, 33% claimed they experienced a cyber breach in 2020 at least once a week – up from 22% in 2017.

The consultation is recognising that the threats from certain countries are not going away, but more likely to be increasing. The UK’s vigilance needs to increase to meet these threats.

Photo by Compare Fibre on Unsplash

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 29 August 2022

by Amir Hadzipasic
August 29, 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 

 

1.  CVE-2021-3590

A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

https://nvd.nist.gov/vuln/detail/CVE-2021-3590

 

 

2. CVE-2021-0887

In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-236848817

https://nvd.nist.gov/vuln/detail/CVE-2021-0887

 

 

3. CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

 

 

4. CVE-2021-3736

A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information.

https://nvd.nist.gov/vuln/detail/CVE-2021-3736

 

 

5. CVE-2021-0698

In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-236848165

https://nvd.nist.gov/vuln/detail/CVE-2021-0698

 

 

6. CVE-2022-22963

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

https://nvd.nist.gov/vuln/detail/CVE-2022-22963

 

 

7. CVE-2022-29154

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

https://nvd.nist.gov/vuln/detail/CVE-2022-29154

 

 

8. CVE-2021-30975

This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions.

https://nvd.nist.gov/vuln/detail/CVE-2021-30975

 

 

9. CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

https://nvd.nist.gov/vuln/detail/CVE-2021-3690

 

 

10. CVE-2021-3905

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

https://nvd.nist.gov/vuln/detail/CVE-2021-3905

 

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 22 August 2022

by Amir Hadzipasic
August 22, 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 

 

1.  CVE-2022-35110

SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.

https://nvd.nist.gov/vuln/detail/CVE-2022-35110

 

 

2. CVE-2020-12720

vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.

https://nvd.nist.gov/vuln/detail/CVE-2020-12720

 

 

3. CVE-2022-35433

ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c.

https://nvd.nist.gov/vuln/detail/CVE-2022-35433

 

 

4. CVE-2022-1400

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00.

https://nvd.nist.gov/vuln/detail/CVE-2022-1400

 

 

5. CVE-2022-37042

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.

https://nvd.nist.gov/vuln/detail/CVE-2022-37042

 

 

6. CVE-2022-36152

tifig v0.2.2 was discovered to contain a memory leak via operator new[](unsigned long) at /asan/asan_new_delete.cpp.

https://nvd.nist.gov/vuln/detail/CVE-2022-36152

 

 

7. CVE-2022-37438

In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.

https://nvd.nist.gov/vuln/detail/CVE-2022-37438

 

 

8. CVE-2012-2459

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

 

 

9. CVE-2021-26639

This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system.

https://nvd.nist.gov/vuln/detail/CVE-2021-26639

 

 

10. CVE-2022-2610

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2022-2610

 

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 15 August 2022

by Amir Hadzipasic
August 15, 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 

 

1.  CVE-2022-20259

In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221431393

https://nvd.nist.gov/vuln/detail/CVE-2022-20259

 

 

2. CVE-2022-2610

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2022-2610

 

 

3. CVE-2021-33646

The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.

https://nvd.nist.gov/vuln/detail/CVE-2021-33646

 

 

4. CVE-2021-33645

The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.

https://nvd.nist.gov/vuln/detail/CVE-2021-33645

 

 

5. CVE-2020-12720

vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.

https://nvd.nist.gov/vuln/detail/CVE-2020-12720

 

 

6. CVE-2022-24086

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

https://nvd.nist.gov/vuln/detail/CVE-2022-24086

 

 

7. CVE-2022-30190

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-30190

 

 

8. CVE-2022-1215

A format string vulnerability was found in libinput

https://nvd.nist.gov/vuln/detail/CVE-2022-1215

 

 

9. CVE-2022-30075

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-30075

 

 

10. CVE-2022-24087

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

https://nvd.nist.gov/vuln/detail/CVE-2022-24087

 

"Offensive
Product news, Tips

Offensive Cyber Threat Intelligence for Lawyers and Private Investigators

by Ben Hurst
August 10, 2022

In the last article, I wrote about how legal firms can utilise cyber threat intelligence and the SOS Intel toolkit for cyber defence. But in this article I want to explore a different idea, namely, offensive threat intelligence for legal firms. 

When someone says “cyber crime” what do most people think of? Likely something along the lines of “hacker”. Most will picture someone in a dark room staring at a computer screen with hundreds of lines of code flashing by while frantically typing on their keyboard. 

While hackers like this do exist, they make up a minority of cyber criminals. Cyber stalking is, by far, the most common cyber crime. 

Every year almost 10 million people in the United States are victims of cyber stalking or harassment. The vast majority, about ~80%, of cyber stalking incidents go unreported to law enforcement. To make matters worse, cases of cyber stalking that are reported often go unpunished. From 2010 – 2013, of the roughly 2.5 million reported cases of online harassment, only 10 cases resulted in a prosecution. 

A major reason many of these cases go unresolved is the extensive evidence required to make a case. Collecting evidence on a cyber stalker is a difficult and time consuming process. But, this doesn’t have to be the case. 

Utilising cyber threat intelligence tools, it is possible to collect large amounts of data on a target. Much like other cyber criminals, cyber stalkers use platforms like Telegram and Signal. Threat intelligence tools like the SOS Intel toolkit can pull data from these platforms on a mass scale. Just by crafting a few keywords you can search thousands of terabytes of data.

This “offensive” use of the SOS intelligence toolkit is not isolated to just cyberstalking cases. The SOS toolkit is incredibly versatile, it’s capable of assisting with any sort of research into any internet crime. Let’s take a look at what the SOS toolkit is capable of…

SOS Intelligence Toolkit API

The best way to utilise the SOS Toolkit is the API. The API allows you to integrate the toolkit into 3rd party programs. The API provides you the raw aggregate data and leaves the organisation up to your personal preferences. To start working with the API, first you will need to generate your API key. 

You can do this in the “API” tab of the web interface. Once you click the “generate” button you will see this message:

There are many API clients out there, but for the purpose of simplicity in the example I will be using Postman.

SOS Intelligence offers a Postman Collection file to further simplify the process of  implementing API requests in postman. If you are interested in using the Postman collection, please send an email to “[email protected]” 

Once you have your API key and have imported the Postman collection file (or you plan on manually adding the API requests) you need to add the key to Postman as such:

 Once you have your API key set you are ready to start making API requests! In this example I will be making queries as if I was investigating a cyber crime case. 

Quick note: The user I am searching for in this example is “pompompurin” a known cyber criminal who is active on Twitter and Telegram and administrator of the infamous “Breached Forums”.

Here is a simple query for “breached forums” using the Twitter search function. (Note: At the moment the Twitter search function has a search history limit of 6 months)

The Twitter search function will return any data that matches the search query. If the query matches any of the values or sub-values of a post, the function will return all of the data of said post. 

The data aggregated on each post is entirely dependent on the post itself, i.e. if other users are mentioned or if there are hashtags. It’s worth noting that searches are passed as phrases with “AND” logic. For example, my search for “breached forums” searches for “breached” AND “forums”. This way you can refine your results easily by crafting search queries that match exactly what you’re looking for, automatically weeding out all of the bad results.

Sometimes collecting intelligence from clearnet sources is not sufficient enough. Many hacking forums run both clearnet and darknet sites. The SOS Darkweb search function can search with several different categorical options. The first option is the “Full Text Search” as seen below.

The “full text search” searches through the full text of the site’s page. To narrow down your search results, you can set parameters like “phrase” to true. For example, if I search for SOS Intelligence, the query will pass as SOS “OR” Intelligence. However, if I set the “phrase” parameter to true, this query is passed as SOS “AND” Intelligence. 

The Dark Web Search tool also has special functions for more specific searches like emails and Bitcoin wallet addresses.

The SOS Toolkit puts all of these tools at your disposal instantly. The API is just one method of utilising the toolkit. 

The SOS web application allows you to access the same tools with a more friendly user interface. But the API allows you to integrate the SOS Toolkit into 3rd party OSINT frameworks as well as your own programs/scripts. 

The API provides a simple way to work with the tool kit “offensively”. Utilising several or all of these search functions you can gather a great amount of information on a suspect. You can try these searches out yourself! Remember, we have two community APIs:

  • DARKSEARCH: Provides information about onion websites.
  • CVE Top Talkers: Provides a top list of most talked about CVEs across our threat feeds.

Both can be accessed via a free plan which you can sign up for here 🙂

Photo by Tingey Injury Law Firm on Unsplash.

"SOS
Product news

SOS Intelligence Development Update

by Amir Hadzipasic
August 10, 2022

We can’t stand still. We believe it is vital to keep investigating new threat intel feeds for our customers, so over the last 2 weeks we have created 15 new bespoke collection pipelines to gather intelligence from various hacking forums.

We have also been listening closely to customer feedback…

  • We have developed our alert feedback system with an additional feedback text entry box so that customers can provide additional information web submitting feedback about an alert that was not useful. 
Pop up to give us feedback
  • You can now perform multiple alert actions. If you need to mass acknowledge alerts, or mass vote alerts, select all or a number of individual alerts and perform a multi action. This can be very helpful when acknowledging and closing of a number of alerts that have been dealt with.
Multiple alert actions

We value all of our customer feedback and aim to deliver feature requests as soon as realistically possible. Please continue to give us suggestions and feedback!

Photo by Fotis Fotopoulos on Unsplash.

"Legal
Opinion, The Dark Web

Hacking your lawyer: Why Legal Firms need Cyber Threat Intelligence

by Ben Hurst
August 8, 2022

Data breaches are not good for anyone (excluding the cyber criminals), but breaches are particularly bad for industries that handle sensitive information. Unfortunately companies that often handle sensitive data typically do not take their security threats seriously. The pharmaceutical and medical sectors saw a 20% increase in cyber attacks in 2021, costing them, on average, $45,000 per hour of downtime. 

The medical industry is not the only industry handling sensitive data. Legal firms hold a tremendous amount of personal data on, not only clients, but also anyone involved in their respective cases.

For threat actors, legal firms hold a treasure trove of data that they can use for criminal activities such as, financial fraud, extortion, or even just crude doxxing. 

Unlike hospitals and pharmaceutical companies legal firms typically are not held to the same security and data privacy standards and regulations. In the United States acts like HIPAA and GLBA require any company that handles certain information to abide by set security standards. But, regardless of the law, a data breach looks good for no one. 

Defensive security measures like proper data storage and encryption are a must for any legal firm, but these measures can only go so far. In order to take your security to the next level proactive measures are needed.

Luckily for us, threat actors are often very open about their upcoming or ongoing attacks. Hackers will post on dark web forums or even in public chat rooms. 

Publicly posted data leak of a New York legal firm 

Collecting and aggregating this information can be difficult for a small legal firm with less resources. This is where SOS Intelligence comes in. SOS Intelligence can offer your legal firm – small or large – tools to bolster your proactive security measures. 

Due to the nature of established and emerging threat actors, defensive measures like proper data encryption and storage is not enough. Threat actors will always be able to find a way around these defences.

Whether it involves paying an insider for access to your network or exploiting a n-day vulnerability in your VPN software, SOS cyber threat intelligence will be able to provide insider intelligence not found anywhere else. 

Our Dark Web monitoring tool can be utilised for searching for hackers discussing your company. You can quickly build a profile on threat actors targeting your firm then proactively adapt your defensive measures to compensate. 

Getting a sense for threat actors targeting your firm will do wonders for both your cyber defence and – in the case of a breach – can assist incident response. SOS Intelligence offers tools that can actively pull information from common dark web forums and chat rooms. 

Our tools can also grab messages from closed source forums and chats. Dark web monitoring will be able to offer a different perspective than the hundreds of various defensive tools. The SOS Intelligence toolkit will allow you to see through the eyes of a hacker. It’s time to take your security to the next level, try out the SOS toolkit today.

If you are a legal firm who would like some advice on what you need to be doing plus a demo of how we can help you, then click here now to book some time with Amir, our founder. We promise this is something you won’t regret.

Photo by Tingey Injury Law Firm on Unsplash

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 08 August 2022

by Amir Hadzipasic
August 8, 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 

 

1.  CVE-2022-1215

A format string vulnerability was found in libinput

https://nvd.nist.gov/vuln/detail/CVE-2022-1215

 

 

2. CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

https://nvd.nist.gov/vuln/detail/CVE-2022-34918

 

 

3. CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.

https://nvd.nist.gov/vuln/detail/CVE-2022-36446

 

 

4. CVE-2010-3972

Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka “IIS FTP Service Heap Buffer Overrun Vulnerability.” NOTE: some of these details are obtained from third party information.

https://nvd.nist.gov/vuln/detail/CVE-2010-3972

 

 

5. CVE-2019-1040

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka ‘Windows NTLM Tampering Vulnerability’.

https://nvd.nist.gov/vuln/detail/CVE-2019-1040

 

 

6. CVE-2022-26134

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2022-26134

 

 

7. CVE-2022-35918

Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.

https://nvd.nist.gov/vuln/detail/CVE-2022-35918

 

 

8. CVE-2022-2652

Depending on the way the format strings in the card label are crafted it’s possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).

https://nvd.nist.gov/vuln/detail/CVE-2022-2652

 

 

9. CVE-2022-22620

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

https://nvd.nist.gov/vuln/detail/CVE-2022-22620

 

 

10. CVE-2022-1012

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

https://nvd.nist.gov/vuln/detail/CVE-2022-1012

 

1 2 16 17 18 19 20 21
Recent Posts
Recent Comments
    Privacy Settings
    We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
    Youtube
    Consent to display content from - Youtube
    Vimeo
    Consent to display content from - Vimeo
    Google Maps
    Consent to display content from - Google
    Spotify
    Consent to display content from - Spotify
    Sound Cloud
    Consent to display content from - Sound
    Save