Palo Alto Recognizes Vulnerability Impacting PAN-OS® (CVE-2022-0028)
Global Critical Infrastructure Potentially Vulnerable To Reflected Amplification-Based Denial-Of-Service (RDoS) Attacks Introduction Over the past few weeks, Cyble Research & Intelligence Labs has observed the active exploitation of a recently discovered vulnerability found in the Palo Alto Networks’ PAN-OS operating system that runs the firewalls and could allows a remote...
Read more
New Android Banking Trojan Zanubis Spotted In The Wild.
Cyble Research and Intelligence Labs (CRIL) has been tracking the activities of various Android Banking Trojans such as Hydra, Ermac, and Amextroll, amongst several others. During a routine threat-hunting exercise, we came across a Twitter post where a researcher mentioned a malware sample. After an in-depth analysis, the malware was identified as a new Android...
Read more
Zeppelin Ransomware
Technical Details Note: this advisory uses the MITRE ATT&CK® for Enterprise framework, version 11. See MITRE ATT&CK for Enterprise for all referenced tactics and techniques. Zeppelin ransomware is a derivative of the Delphi-based Vega malware family and functions as a Ransomware as a Service (RaaS). From 2019 through at least June 2022,...
Read more
Threat Actors Exploiting CVE-2022-27925 chained with CVE-2022-37042 Against Zimbra Collaboration Suite
An authentication bypass Zimbra security vulnerability is actively exploited to compromise Zimbra Collaboration Suite (ZCS) email servers worldwide.According to threat intelligence firm Volexity, attackers have been abusing a ZCS remote code execution flaw tracked as CVE-2022-27925 requiring authentication with the help of an auth bypass bug (tracked as CVE-2022-37042). Description:...
Read more
Linux Kernel eBPF local privilege escalation (CVE-2022-23222) vulnerability
Description:kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Impact: A local attacker...
Read more
Follina / CVE-2022-30190: New Microsoft Office zero-day
Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute maliciously PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document. Workarounds: In Microsoft Defender’s Attack Surface Reduction (ASR) activating the rule “Block all Office applications from creating child...
Read more
CVE-2022-1388 : BIG-IP iControl REST vulnerability
CVE-2022-1388: On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Impact: This vulnerability may allow an unauthenticated attacker with network access to the...
Read more
CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution
Description: All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The specific flaw exists within the parsing of EA metadata when opening files...
Read more
Millions of Dell Devices at Risk for Remote BIOS Attacks – CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, CVE-2021-21574
Description:Eclypsium researchers have identified multiple vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS.This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate Dell.com andgain arbitrary code execution at the BIOS/UEFI level of the affected device. Such an attack...
Read more
