yaracroft @venom@nanao.cybtex.fr

CVE-2023-3128 (🚨 CVSS:9.4) - Authentication Bypass in Grafana #vuln #software #threats #grafana #informatique

This leads to account takeover & authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

( 📸 Picture credits: Netlas⁠.⁠io

https://grafana.com/security/security-advisories/cve-2023-3128/

While collecting the evidence in 2023 we (Marco Lux & Pedro Umbelino) recognized the ESXi attack by a random #ransomware group. We decided it is time to publish our results which cumulated in CVE-2023-29552 #vuln #forensics ( via John Kristoff )

Interestingly, #internet search engines like @shodan, still missing SLP in their collection, which is a pity. #ddos #systems #devices #products #services #tools #routers #management #cyber #printers #daemons #hypervisors #networks #threats #informatique

https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html

• 🛠 https://github.com/curesec/slpscan

• 🛠 https://github.com/curesec/slpload/

Microsoft has addressed an authorization misconfiguration for multi-tenant applications that use Azure AD, initially discovered by Hillai Ben-Sasson, a security researcher at Wiz (wiz.io) #microsoft #azure #cloud #office365 #outlook #teams #sharepoint #provider #vuln #networks #services #informatique



https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration

Suspected nation-state involvement by the threat actor LABYRINTH CHOLLIMA. The application is available for Windows, macOS, #Linux, & mobile. At time of writing, activity has been observed on both #Windows & #macOS #software #supply #chain #vuln #systems #products #malware #networks #cyber #infrastructure #softphone #mobile #application #voip #phones #sip #threats #informatique ( thx: Colin Cowie ( @th3_protoCOL ) & Florian Roth (@cyb3rops) )

https://falcon.laggar.gcw.crowdstrike.com/intelligence-v2/reports/csa-230489-labyrinth-chollima-suspected-of-conducting-supply-chain-attack-with-3cx-application

★ https://github.com/SigmaHQ/sigma/pull/4151/files

★ https://github.com/Neo23x0/signature-base/blob/master/yara/gen_mal_3cx_compromise_mar23.yar

• (PoC) CVE-2023-23397

An attacker is able to force a victim to make a connection to its server without manipulation from the user (zero click vulnerability). An attacker exploiting this vulnerability retrieves a NetNTLMv2 digest based on the password of the trapped user through an SMB request #microsoft #vuln #outlook #software #threats #informatique

https://github.com/Trackflaw/CVE-2023-23397

CVE-2023-21036 - Acropalypse Screenshot Hack : Explained #vuln #software #threats #informatique

🇫🇷 Compromission du site web de la Ville de Chantilly (ville-chantilly.fr) #france #city #services #cms #wordpress #incident #vuln #threats #informatique

This paper describes a vulnerability in implementations of SHA-3, SHAKE, EdDSA, and other NIST-approved algorithms #vuln #software #crypto #poc #threats #informatique

https://eprint.iacr.org/2023/331.pdf

🐛 Can you spot the vulnerability? Identifieras-tu la vulnérabilité ? #vuln #infosec #informatique

Credits: ACCEIS (acceis.fr)

Cert-IST - bilan 2022 #isc #scada #threats #report #vuln #informatique

https://www.cert-ist.com/pub/files/Cert-IST_Bilan2022_fr.pdf

CVE-2022-39952 PoC #vuln #fortinet #fortinac #software #informatique

https://github.com/horizon3ai/CVE-2022-39952

This framework describes how a natural or legal person with no fraudulent intent or intention to cause harm can detect and must report existing vulnerabilities in networks and information systems in 🇧🇪 Belgium #belgium #cyber #online #vuln #threats #framework #belgique #informatique

https://ccb.belgium.be/en/news/new-legal-framework-reporting-it-vulnerabilities

https://ccb.belgium.be/en/vulnerability-reporting-ccb

🇵🇱 Artemis

This tool is built to find website misconfigurations and vulnerabilities on a large scale #online #website #threats #web #software #vuln #tools #informatique

https://cert.pl/en/posts/2023/02/artemis-open-source/

CVE-2023-21608 - Adobe Acrobat Reader RCE #adobe #software #exploit #vuln #informatique

https://github.com/hacksysteam/CVE-2023-21608

🇮🇳 Diksha, a public education application, exposed the personal information of students and teachers #india #virtual #government #education #cloud #vuln #enrollment #platform #teachers #databreach #students #threats #digital #application #inde #informatique

https://www.wired.com/story/diksha-india-education-app-data-exposure/

Vulnerabilities in git #vuln #git #gitlab #informatique

• github.blog

• gitlab.com

https://www.cert.europa.eu/static/SecurityAdvisories/2023/CERT-EU-SA2023-002.pdf

CVE-2023-22809 sudo #vuln #linux #informatique

https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf

🐧 Linux Kernel ksmbd Use-After-Free RCE #vuln #linux #informatique

https://www.zerodayinitiative.com/advisories/ZDI-22-1690/

🚨 CVE-2022-27518

A vulnerability has been discovered in Citrix Gateway and Citrix ADC, listed below, that, if exploited, could allow an unauthenticated Remote attacker to perform arbitrary Code Execution on the appliance #vuln #citrix #gateway #networks #informatique

https://support.citrix.com/article/CTX474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518

Backdoor discovered in PLDT Home Fiber routers (pldthome.com) #vuln #networks # firmware #backdoor #router #informatique

https://0xsp.com/security%20research%20%20development%20srd/backdoor-discovered-in-pldt-home-fiber-routers/