Archive | Security Bulletins RSS feed for this section

Quick Malicious VBS Analysis, (Fri, Oct 18th)

Let’s have a look at a VBS sample found yesterday. It started as usual with a phishing email that contained a link to a malicious ZIP archive. This technique is more and more common to deliver the first stage via a URL because it reduces the risk to have the first file blocked by classic security […]

Leave a comment Continue Reading →

Phishing e-mail spoofing SPF-enabled domain, (Thu, Oct 17th)

On Monday, I found what looked like a run-of-the-mill phishing e-mail in my malware quarantine. The “hook” it used was quite a common one – it was a fake DHL delivery notification inserted as an image into the body of the e-mail in an attempt to make user open its attachments.   There were two […]

Leave a comment Continue Reading →

CVE-2019-17666

rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.

Leave a comment Continue Reading →

CVE-2018-9062 (e42-80_firmware, e42-80_isk_firmware, e52-80_firmware, e52-80_isk_firmware, miix_720-12ikb_firmware, thinkpad_e480_firmware, thinkpad_e580_firmware, thinkpad_l380_firmware, thinkpad_l480_firmware, thinkpad_l580_firmware, thinkpad_p51_firmware, thinkpad_p51s_firmware, thinkpad_p52_firmware, thinkpad_p52s_firmware, thinkpad_p71_firmware, thinkpad_p72_firmware, thinkpad_s1_firmware, thinkpad_t25_firmware, thinkpad_t470_firmware, thinkpad_t470p_firmware, thinkpad_t470s_firmware, thinkpad_t480_firmware, thinkpad_t480s_firmware, thinkpad_t570_firmware, thinkpad_t580_firmware, thinkpad_x1_carbon_firmware, thinkpad_x1_tablet_firmware, thinkpad_x1_yoga_firmware, thinkpad_x270_firmware, thinkpad_x280_firmware, thinkpad_x380_yoga_firmware, thinkpad_yoga_11e_firmware, thinkpad_yoga_370_firmware, v310-14ikb_firmware, v310-14isk_firmware, v310-15ikb_firmware, v310-15isk_firmware, v510-14ikb_firmware, v510-15ikb_firmware)

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

Leave a comment Continue Reading →

CVE-2017-1002201

In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like ” ‘ must be escaped properly. In this case, the ‘ character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code.

Leave a comment Continue Reading →

CVE-2019-14832

A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks.

Leave a comment Continue Reading →

CVE-2019-17355

In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

Leave a comment Continue Reading →

CVE-2019-17356

The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network.

Leave a comment Continue Reading →

CVE-2019-17601

In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued.

Leave a comment Continue Reading →

CVE-2019-17398

In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat.

Leave a comment Continue Reading →