Random in Security is a summary of the cybersecurity news.
The vulnerability is identified as CVE-2023-4911 and has a CVSS score of 7.8 (High). The vulnerability was introduced with glibc 2.34 in April 2021.
The vulnerability allows an attacker to gain full root-level privileges in vulnerable Linux systems. The vulnerability is caused by a buffer overflow in the GNU C Library’s dynamic loader, which is responsible for loading shared libraries into memory at program startup and linking them to the program.
The vulnerability affects a wide range of Linux systems, including Fedora, Ubuntu, and Debian systems. Organizations are advised to update their vulnerable Linux systems as soon as possible.
The vulnerability is identified as CVE-2023-4966 and has a CVSS score of 9.4 (Critical).
Unauthenticated attackers can leak memory that might include authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances.
The vulnerability is caused by a flaw in the implementation of the OpenID Connect Discovery endpoint.
Session cookies always end with the hex sequence 45525d5f4f58455e445a4a42, which can greatly enhance the accuracy of session token detection.
Organizations are advised to update their vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances as soon as possible.
The attacker managed to issue multiple SSL/TLS certificates via Let’s Encrypt for jabber.ru and xmpp.ru domains since 18 Apr 2023 The Man-in-the-Middle attack for jabber.ru/xmpp.ru client XMPP traffic decryption confirmed to be in place since at least 21 July 2023 for up to 19 Oct 2023, possibly (not confirmed) since 18 Apr 2023, affected 100% of the connections to XMPP STARTTLS port 5222 (not 5223). The attacker failed to reissue TLS certificate and MiTM proxy started to serve expired certificate on port 5222 for jabber.ru domain (Hetzner). The MiTM attack stopped shortly after we begun our investigation and network tests on 18 Oct 2023, along with tickets to Hetzner and Linode support team, however passive wiretapping (additional routing hop) is still in place at least on a single Linode server. Both Hetzner and Linode network appear to be reconfigured specifically for this kind of attack for the XMPP service IP addresses.
The regulations push all software-vulnerability reports to the Ministry of Industry and Information Technology (MIIT) before a patch is available. Independent researchers are prohibited from publishing information about vulnerabilities except to the company that owns the product. Companies doing business in China are required to submit notice of a software vulnerability within forty-eight hours of being notified of it. The result is near total collection of software vulnerabilities discovered in China.
MSTIC has observed at least five methods of trojanized open-source applications containing the malicious payload and shellcode that is tracked as the ZetaNile malware family. The targets were convinced to self-compromise their systems. For this purpose, the attackers lured the target to execute an attacker-provided PDF viewer to see the full content of a job offer.
A C# Command & Control framework
Streamline vulnerability patching with CVSS, EPSS, and CISA’s Known Exploited Vulnerabilities. Prioritize actions based on real-time threat information, gain a competitive advantage, and stay informed about the latest trends.
Typosquatting finder is a free and public service to find typosquatted domains in order to quickly assess if there are any existing fake domains used by an adversary. You can enter a domain below to discover potentially typo-squatted domains. An advanced option allows to select the algorithms used.
A lot of people said sniffing a TPM requires advanced knowledge and equipment - so let’s change that!