Security News

APPLE-SA-2021-05-25-5 Safari 14.1.1

Full Disclosure - 26 May, 2021 - 11:46

Posted by Apple Product Security via Fulldisclosure on May 26

APPLE-SA-2021-05-25-5 Safari 14.1.1

Safari 14.1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212534.

WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous...

APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6

Full Disclosure - 26 May, 2021 - 11:46

Posted by Apple Product Security via Fulldisclosure on May 26

APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6

iOS 14.6 and iPadOS 14.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212528.

Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary...

APPLE-SA-2021-05-25-8 Boot Camp 6.1.14

Full Disclosure - 26 May, 2021 - 11:46

Posted by Apple Product Security via Fulldisclosure on May 26

APPLE-SA-2021-05-25-8 Boot Camp 6.1.14

Boot Camp 6.1.14* addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212517.

Boot Camp
Available for: Mac Pro (Late 2013 and later), MacBook Pro (Late 2013
and later), MacBook Air (Mid 2013 and later), Mac mini (Mid 2014 and
later), iMac (Mid 2014 and later), MacBook (Early 2015 and later),
iMac Pro (Late 2017)
Impact: A malicious...

APPLE-SA-2021-05-25-3 Security Update 2021-004 Mojave

Full Disclosure - 26 May, 2021 - 11:46

Posted by Apple Product Security via Fulldisclosure on May 26

APPLE-SA-2021-05-25-3 Security Update 2021-004 Mojave

Security Update 2021-004 Mojave addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212531.

AMD
Available for: macOS Mojave
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw

AMD...

APPLE-SA-2021-05-25-4 Security Update 2021-003 Catalina

Full Disclosure - 26 May, 2021 - 11:46

Posted by Apple Product Security via Fulldisclosure on May 26

APPLE-SA-2021-05-25-4 Security Update 2021-003 Catalina

Security Update 2021-003 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212530.

AMD
Available for: macOS Catalina
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw...

Unicorn Emulator 1.0.3 is out!

Full Disclosure - 26 May, 2021 - 11:46

Posted by Nguyen Anh Quynh on May 26

Greetings!

We are very happy to announce version 1.0.3 of Unicorn Emulator!

This version fixes some minor issues of v1.0.2 in the core and some
bindings. We also added a new binding in Rust. For more details, see
https://www.unicorn-engine.org/Version-1.0.3

We wish to express our sincere gratitude to all contributors, who
generously supported us to maintain the Unicorn project!

What is next now? Let us look forward to the next major update:...

X41 D-Sec GmbH Security Advisory X41-2021-002: nginx DNS Resolver Off-by-One Heap Write Vulnerability

Full Disclosure - 26 May, 2021 - 11:46

Posted by X41 D-Sec GmbH Advisories on May 26

Advisory X41-2021-002: nginx DNS Resolver Off-by-One Heap Write
Vulnerability
=============================================================================
Severity Rating: High
Confirmed Affected Versions: 0.6.18 - 1.20.0
Confirmed Patched Versions: 1.21.0, 1.20.1
Vendor: F5, Inc.
Vendor URL: https://nginx.org/
Vendor Reference:
http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
Vector: Remote / DNS
Credit: X41 D-SEC GmbH, Luis...

Backdoor.Win32.Tonerok.d / Unauthenticated Remote Command Execution

Full Disclosure - 25 May, 2021 - 11:07

Posted by malvuln on May 25

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/b297c565899ace88f40e5da833f41561.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Tonerok.d
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 10002 and drops an
executable named "svchost.exe" under Windows dir. Third-party attackers who
can reach an...

Backdoor.Win32.Spion4 / Insecure Transit

Full Disclosure - 25 May, 2021 - 11:07

Posted by malvuln on May 25

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/cb02d2f323db18d7415dca47bceab9db.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Spion4
Vulnerability: Insecure Transit
Description: SPION 4 Server terminal listens on TCP port 222 and passes its
messages in unencrypted plaintext across the network.
Type: PE32
MD5: cb02d2f323db18d7415dca47bceab9db
Vuln ID:...

Backdoor.Win32.Upload.a / Remote Denial of Service

Full Disclosure - 25 May, 2021 - 11:07

Posted by malvuln on May 25

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/70711c4f594fe97ff6ab17039c133458.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Upload.a
Vulnerability: Remote Denial of Service
Description: The malware listens on TCP port 49971, each time it is run the
port increments by one 49972 etc. Third-party attackers who can reach the
infected host can send a payload...

Backdoor.Win32.Spirit.12.b / Insecure Permissions

Full Disclosure - 25 May, 2021 - 11:07

Posted by malvuln on May 25

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2bcd471d9dd0a8d6194f4112c2ee520f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Spirit.12.b
Vulnerability: Insecure Permissions
Description: Trojan Spirit 2001a 1.2 Fixed Edition by ThundeR GoD, creates
an insecure dir named "Ts2k1a" under c:\ drive and grants change (C)
permissions to the...

Backdoor.Win32.SkyDance.216 / Remote Stack Buffer Overflow

Full Disclosure - 25 May, 2021 - 11:07

Posted by malvuln on May 25

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/694ecf256c97ef6e206e2073d37e5944.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.SkyDance.216
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 4000. Third-party attackers
who can reach an infected system can trigger a buffer overflow by sending a
specially crafted packet....

Backdoor.Win32.Singu.a / Remote Stack Buffer Overflow (UDP Datagram)

Full Disclosure - 25 May, 2021 - 11:07

Posted by malvuln on May 25

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c7aabf5d248c6974b4cea6c070d6d441.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Singu.a
Vulnerability: Remote Stack Buffer Overflow (UDP Datagram)
Description: The malware listens on UDP ports 2211 and 8899. Third-party
attackers who can reach an infected host can send a specially crafted UDP
packet to port...

Vol. 2 (2021) No. 1 of Journal of Cyber Forensics and Advanced Threat Investigations - Now Published

Full Disclosure - 25 May, 2021 - 11:06

Posted by Andrew Zayine on May 25

Dear Cybersecurity Researchers,
Red || Yellow || Blue Teamers,

International Journal of Cyber Forensics and Advanced Threat
Investigations (IJCFATI) is the first open access, peer-reviewed,
scholarly journal dedicated entirely to the study of tools,
techniques, procedures, and methodologies of Red, Yellow, and Blue
teamers.

IJCFATI is a gold-open access journal, which means it does not charge
fees neither to authors nor to readers...

Cross-Site Scripting Vulnerability in Zen Cart 1.5.7

Full Disclosure - 25 May, 2021 - 10:45

Posted by Daniel Bishtawi via Fulldisclosure on May 25

Hello,

We are informing you about a Cross-Site Scripting Vulnerability in Zen Cart
1.5.7.

Here are the details:

Information
--------------------
Advisory by Netsparker
Name: Cross-Site Scripting Vulnerability in Zen Cart 1.5.7
Affected Software: Zen Cart
Affected Versions: 1.5.7
Homepage: https://www.zen-cart.com/
Vulnerability: Cross-Site Scripting
Severity: High
Status: Fixed
CVSS Score (3.0): AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Netsparker...

[CFP]: 2nd Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2021)

Full Disclosure - 25 May, 2021 - 10:45

Posted by Call For Papers CPSIOTSEC21 on May 25

---------------------------------------------------------------------------------------------------------------
C a l l F o r P a p e r s

2nd Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2021)

Seoul, South Korea, November 15 (Monday), 2021

URL: https://cpsiotsec.github.io

co-located with the ACM Conference on Computer and Communications
Security (ACM CCS 2021)...

CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology

Full Disclosure - 21 May, 2021 - 00:35

Posted by Roman Fiedler on May 20

Hello list,

A missing length check in libX11 causes data from LookupColor
requests mess up the client-server communication protocol and
inject malicious X server requests. The flaw is comparable to
SQLi injecting commands into database connections granting an
attacker access to all features of the connection protocol.

Even with the flaw being embedded in the C-API/library, it can
be easily demonstrated with a simple PoC run in xterm [1]. On...

Re: (u)rxvt terminal (+bash) remoteish code execution 0day

Full Disclosure - 21 May, 2021 - 00:34

Posted by def on May 20

Minor clarifications and additional details for the post.

First and foremost, this vulnerability is not technically a zero-day for
rxvt-unicode since the bug has been independently discovered & publicly
discussed at oss-security at least in 2017:

https://www.openwall.com/lists/oss-security/2017/05/01/20

Upstream patched the vulnerability silently back in 2017. According to
rxvt-unicode commit messages and changelog entries, the...

"Hack the Planet"

Daily Dave - 20 May, 2021 - 05:10

Posted by Dave Aitel via Dailydave on May 20

[image: image.png]

Ok ya'll - you're letting me down. There's a thousand ways you and your
friends can use 10k to improve the world - engineering a solution nobody
would pay for because it's not something you can put at a booth at RSAC.

EVERYONE ON THIS LIST needs to either submit for a grant, or find someone
who will submit for a grant. You're telling me not one of those
superhackers at Microsoft and Google can find a...

Backdoor.Win32.RMFdoor.c / Authentication Bypass RCE

Full Disclosure - 18 May, 2021 - 22:12

Posted by malvuln on May 18

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/5e2e6ca532c20ee6a59861d936df7076.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.RMFdoor.c
Vulnerability: Authentication Bypass RCE
Description: The malware listens on TCP ports 21, 14920. Attackers who can
reach infected systems can logon using any username/password combination.
Intruders may then upload...
Syndicate content