Description: The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected. Impact: Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Linux Kernel 4.11.5 is vulnerable; other versions may also be...
Read More
Description: In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree. Impact: Successful exploits may allow attackers to execute arbitrary code in context of the application. Failed exploits may result in denial-of-service conditions. Mitigation: Updates...
Read More
In the last 24 hours, the Barracuda advanced security team has observed about 20 million attempts at a ransomware attack through an email attachment “Payment_201708-6165.7z.” In this attack, the source of the email is a spoofed address, and the attachment name and number is included in the subject line and body of the message. The full subject line in this example is “Emailing: Payment_201708-6165” and...
Read More
We have identified a new drive-by download campaign that distributes the Princess ransomware (AKA PrincessLocker), leveraging compromised websites and the RIG exploit kit. This is somewhat of a change for those tracking malvertising campaigns and their payloads. We had analyzed the PrincessLocker ransomware last November and pointed out that despite similarities with Cerber’s onion page, the actual code was much different. A new payment page seemed to have...
Read More
The Zscaler ThreatLabZ research team has been monitoring a new remote access Trojan (RAT) family called Cobian RAT since February 2017. The RAT builder for this family was first advertised on multiple underground forums where cybercriminals often buy and sell exploit and malware kits. This RAT builder caught our attention as it was being offered for free and had lot of similarities to the njRAT/H-Worm...
Read More
Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the same time, it is not feasible to scan the whole internet with 330+ million domains and billions of web pages. Even Google can’t do it, but hackers are always getting better at reconnaissance. Despite these limitations, scanning just 1% of the internet allows...
Read More
Description: A kernel data leak due to an out-of-bound read was found in Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since v4.7-rc1 upto v4.13 including. A data leak happens when these functions fill in sockaddr data structures used to export socket’s diagnostic information. As a result upto 100 bytes of the slab data could be leaked to a userspace. Impact: Local attackers can exploit...
Read More
Description: AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971. Impact: Remote attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Mitigation: Updates are available. Please check specific vendor advisory for more information....
Read More
Description: udevd in udev 232, when the Linux kernel 4.8.0 is used, does not properly verify the source of a Netlink message, which allows local users to execute arbitrary commands by leveraging access to the NETLINK_KOBJECT_UEVENT family, and the presence of the /lib/udev/rules.d/50-udev-default.rules file, to provide a crafted REMOVE_CMD value. Impact: Local attackers may exploit this issue to execute arbitrary commands with elevated privileges. Mitigation:...
Read More
Description: A privilege escalation vulnerability was found in nagios that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It’s possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change. Impact: A local attacker may exploit this issue to gain elevated root privileges on the affected...
Read More
