What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-17 16:00:00 | Announcing the 2022 CyberScoop 50 award winners (lien direct) | >The awards celebrate and honor the accomplishments of cybersecurity leaders in both the public and private sectors. | Guideline | ||
 |
2022-10-17 13:16:27 | Cap sur le multi-cloud : les entreprises misent sur la monétisation des données (lien direct) | D'après la dernière étude VMware, la souveraineté des données est une préoccupation critique pour la majorité des organisations. En 2024, 89 % des organisations françaises chercheront à monétiser leurs données, d'après les résultats d'une nouvelle étude de VMware Inc. (NYSE : VMW), leader de l'innovation en matière de logiciels d'entreprise. Les données représenteront une source de revenus conséquente pour près de la moitié (49 %) des organisations d'ici les deux prochaines années, contre 41 % à l'heure (...) - Investigations | Guideline | ||
 |
2022-10-17 13:15:10 | CVE-2022-3551 (lien direct) | A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052. | Vulnerability Guideline | ||
|
2022-10-17 13:15:10 | CVE-2022-3550 (lien direct) | A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051. | Vulnerability Guideline | ||
|
2022-10-17 13:15:10 | CVE-2022-3554 (lien direct) | A vulnerability has been found in X.org libX11 and classified as problematic. This vulnerability affects the function _XimRegisterIMInstantiateCallback of the file modules/im/ximcp/imsClbk.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211054 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-17 13:15:10 | CVE-2022-3553 (lien direct) | A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability. | Guideline | ||
|
2022-10-17 13:15:10 | CVE-2022-3555 (lien direct) | A vulnerability was found in X.org libX11 and classified as problematic. This issue affects the function _XFreeX11XCBStructure of the file xcb_disp.c. The manipulation of the argument dpy leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211055. | Vulnerability Guideline | ||
|
2022-10-17 12:15:11 | CVE-2022-3545 (lien direct) | A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-17 12:15:11 | CVE-2022-3546 (lien direct) | A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-17 12:15:11 | CVE-2022-3548 (lien direct) | A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Add New Storage Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211048. | Vulnerability Guideline | ||
|
2022-10-17 12:15:11 | CVE-2022-3544 (lien direct) | A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function damon_sysfs_add_target of the file mm/damon/sysfs.c of the component Netfilter. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211044. | Vulnerability Guideline | ||
|
2022-10-17 12:15:11 | CVE-2022-3549 (lien direct) | A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-17 12:15:11 | CVE-2022-3547 (lien direct) | A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /csms/admin/?page=system_info of the component Setting Handler. The manipulation of the argument System Name/System Short Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-211047. | Vulnerability Guideline | ||
|
2022-10-17 12:15:10 | CVE-2022-3541 (lien direct) | A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211041 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-17 12:15:10 | CVE-2022-3131 (lien direct) | The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users | Guideline | ||
|
2022-10-17 12:15:10 | CVE-2022-3542 (lien direct) | A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211042 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-17 12:15:10 | CVE-2022-3543 (lien direct) | A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211043. | Vulnerability Guideline | ||
|
2022-10-17 12:15:10 | CVE-2022-3149 (lien direct) | The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site Scripting | Guideline | ||
|
2022-10-17 12:15:10 | CVE-2022-3150 (lien direct) | The WP Custom Cursors WordPress plugin through 3.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin | Guideline | ||
|
2022-10-17 12:15:10 | CVE-2022-3243 (lien direct) | The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin | Guideline | ||
 |
2022-10-17 11:00:51 | Check Point named a Fast Mover in GigaOm\'s Radar for Secure Service Access (SSA) (lien direct) | >Check Point is proud to be named a Fast Mover in GigaOm's Radar for SSA, in recognition of the speed at which Harmony Connect SASE is expected to become a Leader in this space. Why Check Point was named a Fast Mover and Challenger As a Fast Mover, GigaOm expects us to quickly become a… | Guideline | ||
 |
2022-10-17 10:00:00 | Stories from the SOC: Feeling so foolish – SocGholish drive by compromise (lien direct) | Executive summary:
SocGholish, also known as FakeUpdate, is a JavaScript framework leveraged in social engineering drive by compromises that has been a thorn in cybersecurity professionals’ and organizations’ sides for at least 5 years now. Upon visiting a compromised website, users are redirected to a page for a browser update and a zip archive file containing a malicious JavaScript file is downloaded and unfortunately often opened and executed by the fooled end user.
An AT&T Managed Extended Detection and Response (MXDR) client with Managed Endpoint Security (MES) powered by SentinelOne (S1) received an alert regarding the detection and mitigation of one of these JavaScript files. The MXDR Threat Hunter assigned to this client walked them through the activity resulting from the execution of the malicious file, as well as provide additional guidance on containment and remediation of the host involved in the incident.
Investigation
Upon detection of the follow up activity of the malicious file executed by the end user, S1 created an Incident within the S1 portal. This in turn creates an Alarm within the USM Anywhere platform, where the MXDR SOC team works, reviews, and creates Investigations for client notification as necessary. Since this activity was observed all within S1, this analysis will be out of there.
The best way to start looking into a S1 event is to go to the Storyline of the Incident within Deep Visibility.
Once we have all the events related to the Incident, we can also create a new Deep Visibility search for all activity related to the affected host from about an hour before right up to the first event for the incident. This will let us try to see what happened on the host that lead to the execution of the malicious JavaScript file.
Reviewing the events from both the overall logs on the host and the events related to the Storyline, we can build out a rough timeline of events. Note there are close to 15k events on the host in the timeframe and 448 events in total in the Storyline; I’m just going over the interesting findings for expediency sake.
12:07:08 The user is surfing on Chrome and using Google search to look up electricity construction related companies; we see two sites being visited, with both sites being powered by WordPress. The SocGholish campaign works by injecting malicious code into vulnerable WordPress websites. While I was unable to find the injected code within the potentially compromised sites, I see that one of the banners on the page contains spam messages; while there are no links or anything specifically malicious with this, it lets us know that this site is unsafe to a degree.
12:10:46 The user was redirected to a clean[.]godmessagedme[.]com for the initial download. It likely would have looked like this:
We can assume the URI for the request looks like the /report as seen in VirusTotal and described in open-source intelligence (OSI). Note that the subdomain “clean” has a different resolution than the root domain; this is domain shadowing performed by the attackers by creating a new A-record within the DNS settings of the legitimate domain:
12:12:19 Chrome creates on disk: “C:\Users\[redacted]\Downloads\Сhrome.Updаte.zip”.
12:13:11 User has opened the zip |
Spam Threat Guideline | ||
 |
2022-10-17 09:18:54 | SIEM : qui se distingue sur ce marché en expansion fonctionnelle ? (lien direct) | Cinq fournisseurs se classent " leaders " dans le Magic Quadrant 2022 du SIEM. À quels titres et avec quels axes de progression ? | Guideline | ||
|
2022-10-17 09:15:12 | CVE-2022-3532 (lien direct) | A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function test_map_kptr_success/test_fentry of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211030 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ★★★★ | |
|
2022-10-17 09:15:12 | CVE-2022-3531 (lien direct) | A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function get_syms of the file tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211029 was assigned to this vulnerability. | Vulnerability Guideline | ★★★ | |
|
2022-10-17 09:15:12 | CVE-2022-3533 (lien direct) | A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parse_usdt_arg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument reg_name leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211031. | Vulnerability Guideline | ||
|
2022-10-17 09:15:12 | CVE-2022-3534 (lien direct) | A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032. | Vulnerability Guideline | ||
|
2022-10-17 09:15:12 | CVE-2022-3535 (lien direct) | A vulnerability classified as problematic was found in Linux Kernel. Affected by this vulnerability is the function mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the component mvpp2. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211033 was assigned to this vulnerability. | Vulnerability Guideline | ||
 |
2022-10-17 02:00:00 | Top skill-building resources and advice for CISOs (lien direct) | The role of the CISO has evolved, and so have the responsibilities. Some believe a CISO must have technical knowledge and experience as a cybersecurity professional, others think leadership skills such as being able to communicate with boards are what matters most.Ultimately, the hiring organisations will define what it needs in terms of cybersecurity to find the right person. In finance and insurance, for example, there will be specific rules that must be followed in different countries and cybersecurity leaders in such organisations may even be liable. In telecommunications, the skills required are likely to be more technical, whereas in government knowledge around governance and risk are top of the list.To read this article in full, please click here | Guideline | ||
 |
2022-10-16 22:46:14 | Xi Jinping hails \'improved cyber ecology\', says state to direct strategic tech research (lien direct) | Samsung and TSMC hit with chip tech patent suit; Ant Group's DB hits AWS; PayPal drops Hong Kong rights group; and more Asia In Brief Chinese president Xi Jinping has opened the 20th Congress of the Chinese Communist Party with a call for the nation he leads to win the race for development of “core technologies” and to become self-reliant in strategic tech.… | Guideline | ||
|
2022-10-16 19:15:10 | CVE-2022-3530 (lien direct) | A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function ipaddr_link_get of the file ip/ipaddress.c of the component iproute2. The manipulation leads to memory leak. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211028. | Vulnerability Guideline | ||
|
2022-10-16 19:15:10 | CVE-2022-3529 (lien direct) | A vulnerability has been found in Linux Kernel and classified as problematic. Affected by this vulnerability is the function fdb_get of the file bridge/fdb.c of the component iproute2. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211027. | Vulnerability Guideline | ||
|
2022-10-16 19:15:09 | CVE-2022-3527 (lien direct) | A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function ipneigh_get of the file ip/ipneigh.c of the component iproute2. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211025 was assigned to this vulnerability. | Guideline | ||
|
2022-10-16 19:15:09 | CVE-2022-3526 (lien direct) | A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024. | Vulnerability Guideline | ||
|
2022-10-16 19:15:09 | CVE-2022-3528 (lien direct) | A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function mptcp_addr_show of the file ip/ipmptcp.c of the component iproute2. The manipulation leads to memory leak. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-211026 is the identifier assigned to this vulnerability. | Guideline | ||
|
2022-10-16 10:15:10 | CVE-2022-3524 (lien direct) | A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-16 10:15:10 | CVE-2022-3523 (lien direct) | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211020. | Vulnerability Guideline | ||
|
2022-10-16 10:15:10 | CVE-2022-3522 (lien direct) | A vulnerability was found in Linux Kernel and classified as problematic. This issue affects the function hugetlb_no_page of the file mm/hugetlb.c. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211019. | Vulnerability Guideline | ||
|
2022-10-16 10:15:09 | CVE-2022-3521 (lien direct) | A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-15 10:15:12 | CVE-2022-3519 (lien direct) | A vulnerability classified as problematic was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Quote Requests Tab. The manipulation of the argument Manage Remarks leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-211015. | Vulnerability Guideline | ||
|
2022-10-15 10:15:09 | CVE-2022-3518 (lien direct) | A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-211014 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-15 04:15:17 | CVE-2022-42961 (lien direct) | An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.) | Guideline | ||
|
2022-10-14 20:15:17 | CVE-2022-42342 (lien direct) | Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2022-10-14 20:15:15 | CVE-2022-38449 (lien direct) | Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2022-10-14 20:15:14 | CVE-2022-38443 (lien direct) | Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2022-10-14 20:15:13 | CVE-2022-38437 (lien direct) | Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Vulnerability Guideline | ||
|
2022-10-14 19:15:18 | CVE-2022-39128 (lien direct) | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | Guideline | ||
|
2022-10-14 19:15:17 | CVE-2022-39122 (lien direct) | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | Guideline | ★★★★★ | |
|
2022-10-14 19:15:17 | CVE-2022-39121 (lien direct) | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | Guideline | ★★★★ | |
|
2022-10-14 19:15:17 | CVE-2022-39127 (lien direct) | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | Guideline |
To see everything:
