What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-11 10:28:22 | Malware Evasion - Detecting Security and Forensic Tools (lien direct) |
This is the third post in our evasion techniques blog series. Feel free to view the other posts which discussed Sandbox Evasion and Living Off the Land techniques. |
Tool | ||
 |
2022-04-11 10:11:53 | Snap-on Tools Hit by Cyberattack Claimed by Conti Ransomware Gang (lien direct) | Conti ransomware gang claimed responsibility for cyberattack on Wisconsin-based tool maker | Ransomware Tool | ||
 |
2022-04-11 10:01:39 | Fraudsters stole £58m with RATs in 2021 (lien direct) | 2021 saw victims of Remote Access Tool (RAT)scams lost £58m in 2021, official UK police figures show. RAT scams involve scammers taking control of a victims device, typically in order to access bank accounts. Some 20,144 victims fell for this type of scam in 2021, averaging around £2800 stolen per incident. Typically, RAT attacks begin […] | Tool | ★★★ | |
 |
2022-04-09 16:57:55 | A Detailed Guide on Responder (LLMNR Poisoning) (lien direct) | Introduction Responder is a widely used tool in penetration test scenarios and can be used for lateral movement across the network by red teamers. The | Tool | ||
 |
2022-04-08 22:56:18 | Asana vs ClickUp: Project management software comparison (lien direct) | Selecting the best project management tool can be challenging, especially with so many options available. Check out this guide to learn the differences between Asana and ClickUp. | Tool | ||
|
2022-04-08 13:05:39 | Stitch vs Fivetran: ETL tool comparison (lien direct) | Read this feature comparison of popular ETL software solutions Stitch and Fivetran. Automation, compliance, and more features are explored. | Tool | ||
 |
2022-04-08 09:48:47 | Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity (lien direct) | Cybersecurity researchers have uncovered further links between BlackCat (aka AlphaV) and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. "At least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool [...] and which has only been observed in | Ransomware Malware Tool | ||
|
2022-04-08 05:15:24 | Alteryx vs Tableau: BI tool comparison (lien direct) | Find out how the business intelligence tools Atleryx and Tableau compare when it comes to features. | Tool | ||
|
2022-04-07 17:50:31 | A Detailed Guide on Cewl (lien direct) | Hi, Pentesters! In this article, we are going to focus on the Kali Linux tool “Cewl” which will basically help you to create a wordlist. | Tool | ||
|
2022-04-07 15:32:38 | Domo vs Tableau: BI tool comparison (lien direct) | Choosing the best data analysis tool means comparing features to determine how well each product suit your needs. Learn which features you should consider when deciding between Domo and Tableau. | Tool | ||
|
2022-04-07 12:09:29 | BlackCat Ransomware Targets Industrial Companies (lien direct) | A data theft tool used by the ransomware group tracked as BlackCat, ALPHV and Noberus suggests that the cybercriminals are increasingly interested in targeting industrial organizations. | Ransomware Tool | ||
|
2022-04-05 21:59:46 | BigQuery vs Snowflake: Which ETL tool is best? (lien direct) | ETL tools can help you gain more actionable insights from your data sets across multiple sources. Read this comparison of popular solutions BigQuery and Snowflake for your data processing needs. | Tool | ||
 |
2022-04-05 18:17:00 | Anomali Cyber Watch: AcidRain Wiped Viasat Modems, BlackMatter Rewritten into BlackCat Ransomware, SaintBear Goes with Go, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Information stealers, Phishing, Russia, Ukraine, Vulnerabilities, and Wipers. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
AcidRain | A Modem Wiper Rains Down on Europe
(published: March 31, 2022)
On February 24, 2022, Viasat KA-SAT modems became inoperable in Ukraine after threat actors exploited a misconfigured VPN appliance, compromised KA-SAT network, and were able to execute management commands on a large number of residential modems simultaneously. SentinelOne researchers discovered that a specific Linux wiper, dubbed AcidRain, likely used in that attack as it shows the same targeting and the same overwriting method that was seen in a Viasat’s Surfbeam2 modem targeted in the attack. AcidRain shows code similarities with VPNFilter stage 3 wiping plugin called dstr, but AcidRain’s code appears to be sloppier, so the connection between the two is still under investigation.
Analyst Comment: Internet service providers are heavily targeted due to their trust relationships with their customers and they should harden their configurations and access policies. Devices targeted by AcidRain can be brought back to service through flash memory/factory reset. Organizations exposed to Russia-Ukrainian military conflict should plan for backup options in case of a wiper attack.
MITRE ATT&CK: [MITRE ATT&CK] Data Destruction - T1485 | [MITRE ATT&CK] System Shutdown/Reboot - T1529 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Supply Chain Compromise - T1195
Tags: AcidRain, Viasat KA-SAT, Russia, Ukraine, Germany, target-country:UA, target-country:DE, Wiper, Modem, Supply-chain compromise, VPN appliance, VPNFilter
BlackCat Ransomware
(published: March 31, 2022)
BlackCat (ALPHV) ransomware-as-a-service surfaced on Russian-speaking underground forums in late 2021. The BlackCat ransomware is perhaps the first ransomware written entirely in Rust, and is capable of targeting both Windows and Linux machines. It targeted multiple industries in the US, Europe, the Philippines, and other regions, and Polyswarm researchers expect it to expand its operations. It is attributed to the BlackMatter/DarkSide ransomware threat group. BlackCat used some known BlackMatter infrastructure and shared the same techniques: reverse SSH tunnels and scheduled tasks for persistence, LSASS for credential access, lmpacket, RDP, and psexec for command and control.
Analyst Comment: It is crucial for your company to ensure that servers are always running the most current software version. Your company should have policies in place in regards to the proper configurations needed for your servers in order to conduct your business needs safely. Additionally, always practice Defense in Depth (do not rely on single security mechanisms - security measures should be layered, redundant, and failsafe). Furthermore, a business continuity plan should be in place in the case of a |
Ransomware Malware Tool Vulnerability Threat Guideline | VPNFilter VPNFilter | |
 |
2022-04-05 17:31:41 | Infosec control attributes paper completed (lien direct) |  Yesterday, I completed and published the white paper on information security control attributes. Today I drafted a set of comments on ISO/IEC JTC 1/SC 27's proposed Preliminary Work Item for ISO/IEC 27028, using content from the white paper to build a 'donor document' with fairly minor changes in accordance with ISO's rquired structure and format. It includes the following summary: "This document extends the concept of 'control attributes' introduced in ISO/IEC 27002:2022, discussing a wider variety of factors potentially worth bearing in mind when considering, selecting, designing, using and reviewing information security controls. Control attributes are a powerful and flexible tool for information security management purposes, a novel way to design, manage and improve an organisation's approach to mitigating unacceptable information risks, supplementing more traditional or conventional methods. The document includes pragmatic suggestions on how to make use of control attributes in the business context, with a worked example illustrating the approach." Once the comments are submitted, we must wait patiently to see how much of it (if any!) makes it through to the Working Draft, blended with inputs and comments from other committee members. Although it seems to take 'forever' to develop new standards, I'm hoping that the donor document will set the project off to a flying start.Meanwhile, I'm actively looking for opportunities for clients to start using control attributes as an integral part of their ISO27k information risk and security management activities - designing better, more relevant and meaningful security metrics for instance. If that or any other ideas in the paper catch your imagination, please comment below or email me (Gary@isect.com). I see a lot of potential business value in control attributes: how about you? |
Tool | ||
 |
2022-04-05 10:50:32 | GitHub now scans for secret leaks in developer workflows (lien direct) | The new tool aims to protect developers against API and token exposure. | Tool | ||
|
2022-04-05 02:28:02 | Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams (lien direct) | Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks. The development was first reported by Bleeping Computer. The company, which was acquired by financial software firm Intuit in September 2021, told the publication that it became aware of the incident | Data Breach Tool | ||
|
2022-04-04 22:42:16 | Azure Synapse vs Snowflake: ETL tool comparison (lien direct) | Azure Synapse and Snowflake are both good ETL platforms, so how do you choose between them? See how their features stack up and which one is more suitable for your use cases. | Tool | ||
|
2022-04-04 15:46:16 | Easily manage your Google activity with this handy tool (lien direct) | Try this very useful tool to manage all your activity on Google and increase your privacy. Jack Wallen shows you how. | Tool | ||
 |
2022-04-04 00:00:00 | MITRE Engenuity ATT&CK Tests (lien direct) | Trend Micro Vision One achieved a protection score of 100% in this year's evaluation, proving once again that it is an invaluable tool that provides higher confidence detections for security operations teams.
|
Tool | ||
 |
2022-04-01 23:15:08 | CVE-2019-14839 (lien direct) | It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. | Tool | ||
|
2022-03-31 19:08:37 | Qlik vs Tableau: BI tool comparison (lien direct) | Qlik Sense and Tableau are business intelligence tools that have a lot to offer. See the BI tools' features compare. | Tool | ||
|
2022-03-31 18:36:01 | Looker vs Tableau: BI tool comparison (lien direct) | Choosing the right BI tool for your needs requires thorough consideration of features and capabilities. See which of these two top-notch solutions, Looker and Tableau, might be a good fit for your organization. | Tool | ||
|
2022-03-31 17:09:23 | Asana vs Monday: Project management software comparison (lien direct) | Building tasks and projects in a project management software tool doesn't have to be difficult. Asana and monday.com are easy-to-use platforms with robust PM features. Compare them now. | Tool | ||
|
2022-03-31 10:00:00 | The Need to Share (lien direct) | The Benefits of Sharing Threat Intelligence Inside and Outside Your Organization Welcome to this week’s blog. I hope you’re enjoying this series and what you’ve read so far if you’ve been following along. If you’re new, welcome as I dive deeper into the Top 10 Cybersecurity Challenges enterprise organizations face, as found in our recently released Cybersecurity Insights Report 2022: The State of Cyber Resilience. Coming in at number seven on our Top 10 List of the Challenges Cybersecurity Professionals Face is "Lack of ability to share threat intelligence cross-functionally." In an August blog, I wrote about President Biden’s Executive Order that sought to ensure that IT service providers share threat information about incidents with the federal government and collect and preserve data that could aid threat detection, investigation, and response. My comment was that before we share information as an industry, organizations need to break down their silos to share threat intelligence internally. It was not surprising to see this surface as one of the Top 10 Challenges organizations face. (I know, a clock is right twice a day, too, I’m taking the win here. Even if no one else is reading, I enjoy writing these.) Digital transformation has quickly expanded attack surfaces. Now more than ever, global organizations must balance a rapidly evolving cybersecurity threat landscape against business requirements. Threat information sharing is critical for security teams and organizations to protect themselves from cyber-attacks. The problem with sharing threat intelligence is that most organizations don’t know where to start. Enter Cyber Fusion Thirty years ago, military intelligence organizations developed the concept of cyber fusion, which combines HUMINT (human Intelligence) with COMINT (computer intelligence). They used the idea to collaborate with different intelligence communities and gain an in-depth understanding of the threat landscape. Cyber fusion is becoming increasingly popular in the cybersecurity industry, with organizations creating cyber fusion centers or using technologies like threat intelligence management or XDR (extended detection and response) solutions to eliminate silos, enhance threat visibility, and increase cyber resilience and collaboration between security teams. Cyber fusion offers a unified approach to cybersecurity by combining the intelligence from different teams into one cohesive picture. It also helps to integrate contextualized strategic, tactical, and operational threat intelligence for immediate threat prediction, detection, and analysis. How to Start Sharing Threat Intelligence Internally Cyber fusion takes a proactive approach to cybersecurity that helps organizations break down barriers and open communications across their entire organization to help them identify and address cyber risks before they become an issue. A cyber fusion approach helps foster collaboration among different departments within the company to focus on areas that ensure protection against relevant threats. By getting more people involved in keeping up with security issues and cyber incidents, organizations can ensure their investments and resources focus right where they need to be. Click on the image below to download our new ebook to learn more about how you can utilize cyber fusion to help break down silos within your organization. | Tool Threat Guideline | ||
|
2022-03-30 19:19:10 | How to benchmark a website with the Siege command-line tool (lien direct) | Need to stress-test your websites to see how well they're performing? Jack Wallen shows you how with the command-line Siege tool. | Tool | ||
|
2022-03-30 17:15:10 | CVE-2021-44310 (lien direct) | An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality. | Tool | ||
|
2022-03-30 17:15:10 | CVE-2021-44312 (lien direct) | An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page. | Tool | ||
|
2022-03-30 15:15:08 | CVE-2022-25619 (lien direct) | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86. | Tool Vulnerability | ||
|
2022-03-30 15:08:45 | How to install the Matomo web analytics platform on Ubuntu Server 20.04 (lien direct) | Website analysis is an important aspect of administration. If your company needs to track such data, there's an open-source tool for that very purpose. Jack Wallen shows you how to deploy Matomo. | Tool | ||
|
2022-03-30 09:40:44 | This new ransomware targets data visualization tool Jupyter Notebook (lien direct) | Misconfigured environments are the entry point for the ransomware strain. | Ransomware Tool | ||
|
2022-03-29 18:14:00 | Anomali Cyber Watch: North Korean APTs Used Chrome Zero-Day, Russian Energy Sector SCADA Targeting Unsealed, Lapsus$ Breached Microsoft - Finally Arrested, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Data leak, Drive-by, ICS, Spearphishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Hive Ransomware Ports Its Linux VMware ESXi Encryptor to Rust
(published: March 27, 2022)
The Hive ransomware operators actively copy features first introduced in the BlackCat/ALPHV ransomware to make their ransomware samples more efficient and harder to reverse engineer. They have converted all their builds (targeting Windows, Linux, VMware ESXi) from Golang to the Rust programming language. They also moved from storing the victim's Tor negotiation page credentials in the encryptor executable to requiring the attacker to supply the user name and login password as a command-line argument when launching the malware.
Analyst Comment: Ransomware is an evolving threat, and the most fundamental defense is having proper backup processes in place. Follow the 1-2-3 rule: 3 copies, 2 devices, and 1 stored in a secure location. Data loss is manageable as long as regular backups are maintained.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Deobfuscate/Decode Files or Information - T1140
Tags: Hive, Ransomware, BlackCat, VMware ESXi, Rust, Tor
US Says Kaspersky Poses Unacceptable Risk to National Security
(updated: March 25, 2022)
On March 25, 2022, the US Federal Communications Commission (FCC) added three new entities to its Covered List: China Mobile International USA Inc., China Telecom (Americas) Corp, and AO Kaspersky Labs. The action is aimed to secure US networks from threats posed by Chinese and Russian state-backed entities seeking to engage in espionage and otherwise harm America’s interests. Previously the FCC Covered List had five Chinese entities added in March 2021 including Huawei and ZTE. Kaspersky denied the allegations and stressed that the company “will continue to assure its partners and customers on the quality and integrity of its products, and remains ready to cooperate.” Earlier the same day, HackerOne blocked Kaspersky from its bug bounty program.
Analyst Comment: It seems that the FCC decision does not directly affect private parties using Kaspersky antivirus and other security products. There is no public data showing directly that Kaspersky is currently involved in cyberespionage or some malware distribution activity, but such suspicions were raised in previous years. Direct connections of Kaspersky to Russia and its own Federal Security Services (FSB) makes it both a potential security risk and a reputation risk as the military conflict in Ukraine leads to new sanctions and increased cyber activity.
Tags: Russia, USA, China, Ukraine, Kaspersky, FCC, FSB, Huawei, ZTE, China Mobile, China Telecom
|
Ransomware Malware Tool Vulnerability Threat Guideline | ★★★★★ | |
|
2022-03-25 20:44:17 | Zoho Analytics vs. Qlik Sense: BI tool comparison (lien direct) | Business intelligence tools are vital to organizations seeking information to make sound decisions. This comparison of BI platforms Zoho Analytics and Qlik Sense will help you determine if either is the best choice for you. | Tool | ★★★ | |
|
2022-03-25 19:15:10 | CVE-2022-1049 (lien direct) | A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. | Tool | ||
|
2022-03-25 18:15:22 | CVE-2022-24778 (lien direct) | The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function `CheckAuthorization` is supposed to check whether the current used is authorized to access an encrypted image and prevent the user from running an image that another user previously decrypted on the same system. In versions prior to 1.1.4, a failure occurs when an image with a ManifestList is used and the architecture of the local host is not the first one in the ManifestList. Only the first architecture in the list was tested, which may not have its layers available locally since it could not be run on the host architecture. Therefore, the verdict on unavailable layers was that the image could be run anticipating that image run failure would occur later due to the layers not being available. However, this verdict to allow the image to run enabled other architectures in the ManifestList to run an image without providing keys if that image had previously been decrypted. A patch has been applied to imgcrypt 1.1.4. Workarounds may include usage of different namespaces for each remote user. | Tool | ||
|
2022-03-25 17:23:38 | SaaS startup aims to eliminate digital friction in remote transactions and reduce tool overload (lien direct) | Reach combines video chat, document collaboration and e-signature into one platform with no download required. | Tool | ||
|
2022-03-25 16:54:44 | LogRhythm vs. SolarWinds: SIEM tool comparison (lien direct) | In a world of escalating security threats, organizations need a solid platform to defend their critical assets. As you weigh your options, consider the features that LogRhythm and SolarWinds offer. | Tool | ||
|
2022-03-25 13:06:32 | How to use the Google Meet quality tool to solve conferencing problems (lien direct) | With the Meet quality tool, a Google Workspace administrator may help people in the organization troubleshoot conferencing challenges. | Tool | ||
|
2022-03-25 03:08:04 | IBM QRadar vs. LogRhythm: SIEM tool comparison (lien direct) | Organizations rely on security information and event management tools to detect, analyze and respond to security threats. Compare the features offered by two top SIEM platforms: IBM QRadar and LogRhythm. | Tool | ||
|
2022-03-24 22:25:58 | Focalboard is a kanban tool that anyone can use for better task management (lien direct) | If you're looking for a kanban board that's simple to install and use to help you get control over your mounting tasks, Jack Wallen believes Focalboard might be just the ticket. | Tool | ||
|
2022-03-24 17:57:19 | SolarWinds vs. Splunk: SIEM tool comparison (lien direct) | SIEM tools help IT pros get ahead of potential threats with features for monitoring, detecting, analyzing and responding to attacks. See what SolarWinds and Splunk have to offer your security team. | Tool | ||
|
2022-03-24 17:48:08 | Tableau vs. Databox: BI tool comparison (lien direct) | Organizations are turning data into actionable insights thanks to business intelligence platforms, but it's critical to select the right BI platform for the job. See how Tableau vs. Databox compare. | Tool | ||
|
2022-03-24 17:10:08 | Exabeam vs. Splunk: SIEM tool comparison (lien direct) | Security information and event management software has become increasingly essential for any modern business. See the similarities and differences of two top offerings: Exabeam and Splunk. | Tool | ||
 |
2022-03-24 00:00:00 | Penetration Testing with Azure Cloud Shell (lien direct) | Penetration Testing with Azure Cloud ShellAzure Cloud Shell is a useful tool for admins, but also makes for a great staging area for attackers. Azure Cloud Shell is a useful tool for admins, but also makes for a great staging area for attackers looking to get signature flagged tooling into a target environment without dealing with EDR solutions or Antivirus. | Tool | ||
|
2022-03-23 22:15:13 | CVE-2022-24768 (lien direct) | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting with 0.8.0 and 0.5.0 contain limited versions of this issue. To perform exploits, an authorized Argo CD user must have push access to an Application's source git or Helm repository or `sync` and `override` access to an Application. Once a user has that access, different exploitation levels are possible depending on their other RBAC privileges. A patch for this vulnerability has been released in Argo CD versions 2.3.2, 2.2.8, and 2.1.14. Some mitigation measures are available but do not serve as a substitute for upgrading. To avoid privilege escalation, limit who has push access to Application source repositories or `sync` + `override` access to Applications; and limit which repositories are available in projects where users have `update` access to Applications. To avoid unauthorized resource inspection/tampering, limit who has `delete`, `get`, or `action` access to Applications. | Tool Vulnerability | Uber | |
|
2022-03-23 22:07:53 | Power BI vs. Tableau: Business intelligence tools comparison (lien direct) | Power BI and Tableau are business intelligence tools. Which top BI tool best fits your needs? We compare features and more. | Tool | ||
|
2022-03-23 21:50:11 | QRadar vs. Splunk: SIEM tool comparison (lien direct) | Choosing a SIEM platform for your organization requires a close look at how well various solutions deliver what you need. Learn about the relative merits of two solid options: IBM QRadar and Splunk. | Tool | ||
|
2022-03-23 21:15:08 | CVE-2022-24730 (lien direct) | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `get` access for a repository containing a Helm chart can craft an API request to the `/api/v1/repositories/{repo_url}/appdetails` endpoint to leak the contents of out-of-bounds files from the repo-server. The malicious payload would reference an out-of-bounds file, and the contents of that file would be returned as part of the response. Contents from a non-YAML file may be returned as part of an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from other Applications' source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The patches prevent path traversal and limit access to users who either A) have been granted Application `create` privileges or B) have been granted Application `get` privileges and are requesting details for a `repo_url` that has already been used for the given Application. There are currently no known workarounds. | Tool Vulnerability | Uber | |
|
2022-03-23 21:15:08 | CVE-2022-24731 (lien direct) | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been granted `create` or `update` access to Applications can leak the contents of any text file on the repo-server. By crafting a malicious Helm chart and using it in an Application, the attacker can retrieve the sensitive file's contents either as part of the generated manifests or in an error message. The attacker would have to know or guess the location of the target file. Sensitive files which could be leaked include files from another Application's source repositories or any secrets which have been mounted as files on the repo-server. This vulnerability is patched in Argo CD versions 2.1.11, 2.2.6, and 2.3.0. The problem can be mitigated by avoiding storing secrets in git, avoiding mounting secrets as files on the repo-server, avoiding decrypting secrets into files on the repo-server, and carefully limiting who can `create` or `update` Applications. | Tool Vulnerability | Uber | |
|
2022-03-23 20:15:08 | CVE-2021-27428 (lien direct) | GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10. | Tool | ||
|
2022-03-23 19:13:59 | How to deploy the Redash data visualization dashboard with the help of Docker (lien direct) | Jack Wallen shows you how easily you can deploy the powerful data visualization tool Redash as a Docker container. | Tool |
To see everything:
Our RSS (filtrered)
