Security Leftovers

posted by Roy Schestowitz on Jul 02, 2023

• VLC DoS, Remote Code Execution Vulns Fixed

  Multiple remotely exploitable denial of service (DoS) and code execution vulnerabilities have been found in the VLC multimedia player and streamer. These bugs have been classified as ''high-severity'' by the National Vulnerability Database due to their high confidentiality, integrity and availability impact.

• CVE-2023-36617: ReDoS vulnerability in URI

  We have released the uri gem version 0.12.2, 0.10.3 that has a security fix for a ReDoS vulnerability.

  This vulnerability has been assigned the CVE identifier CVE-2023-36617.

• Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution

  Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems. "These SQL injections happened despite the use of an Object-Relational Mapping (ORM) library and prepared statements," SonarSource researcher Thomas Chauchefoin said , adding they could result in RCE on Soko because of a "misconfiguration of the database."

• [Ed: Microsoft-connected clickbait and FUD sites trying to blame "Linux" for proprietary VMware issues]

  There's Now a Linux Version of This Dangerous VMware Ransomware

  A ransomware operation known as Akira has been seen encrypting VMware ESXi virtual machines using a Linux encryptor after a couple of months of targeting Windows systems.

• CISA election security lead Kim Wyman to leave agency

  Wyman, who previously served as Washington state's top election official, will step down as CISA's top election security adviser.

• Russian telecom confirms hack after group backing Wagner boasted about an attack

  A Dozor-Teleport CJSC executive told ComNews that the company has been the victim of a cyberattack affecting its cloud infrastructure.

• 200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin

  Attackers exploit critical vulnerability in the Ultimate Member plugin to create administrative accounts on WordPress websites.

• Proton Launches Open Source Password Manager

  Proton makes its open source Proton Pass password manager globally available for major browsers and mobile devices.

• Sandfly Security, (Sat, Jul 1st)

  Agentless Linux security with unmatched speed and reliability

• Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor

  CISA adds 6 Samsung mobile device flaws to its known exploited vulnerabilities catalog and they have likely been exploited by a spyware vendor.

• Windows TCO

  • TSMC hardware supplier hit by LockBit, group demands US$70m as ransom

    Additionally, the ransomware group said it would delay the data leak by 24 hours if it were paid US$5000.

    Commenting on the incident, Lior Yaari, chief executive and co-founder of Grip Security, an Israeli cyber security start-up that provides SaaS visibility, governance and data security, said: “This breach is a great example of why machine identities are just as important as employee identities. Data is everywhere and accessed from anywhere by anybody.

    "Companies which are able to secure employee and machine identities will be more secure than those that cannot.

    "The securing of identities beyond the enterprise border to your suppliers or partners is increasingly important.

  • TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant

    LockBit ransomware group claims to have hacked TSMC and is asking for a $70 million ransom, but the chip giant says only a supplier was breached.

  • In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools

    Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of June 26, 2023.