Tag Archive for: severity
Ransomware crooks are exploiting IBM file exchange bug with a 9.8 severity
Threat actors are exploiting a critical vulnerability in an IBM file-exchange application in hacks that install ransomware on servers, security researchers have warned.
The IBM Aspera Faspex is a centralized file-exchange application that large organizations use to transfer large files or large volumes of files at very high speeds. Rather than relying on TCP-based technologies such as FTP to move files, Aspera uses IBM’s proprietary FASP—short for Fast, Adaptive, and Secure Protocol—to better utilize available network bandwidth. The product also provides fine-grained management that makes it easy for users to send files to a list of recipients in distribution lists or shared inboxes or workgroups, giving transfers a workflow that’s similar to email.
In late January, IBM warned of a critical vulnerability in Aspera versions 4.4.2 Patch Level 1 and earlier and urged users to install an update to patch the flaw. Tracked as CVE-2022-47986, the vulnerability makes it possible for unauthenticated threat actors to remotely execute malicious code by sending specially crafted calls to an outdated programming interface. The ease of exploiting the vulnerability and the damage that could result earned CVE-2022-47986 a severity rating of 9.8 out of a possible 10.
On Tuesday, researchers from security firm Rapid7 said they recently responded to an incident in which a customer was breached using the vulnerability.
“Rapid7 is aware of at least one recent incident where a customer was compromised via CVE-2022-47986,” company researchers wrote. “In light of active exploitation and the fact that Aspera Faspex is typically installed on the network perimeter, we strongly recommend patching on an emergency basis, without waiting for a typical patch cycle to occur.”
According to other researchers, the vulnerability is being exploited to install ransomware. Sentinel One researchers, for instance, said recently that a ransomware group known as IceFire was exploiting CVE-2022-47986 to install a newly minted Linux version of its file-encrypting malware. Previously, the…
Indian agency CERT-In issues ‘high severity’ advisory for Google Chrome users
Google Chrome is highly susceptible to cyber attacks due to multiple vulnerabilities existing in the browser, warned government’s cyber security arm Computer Emergency Response Team (CERT-In) in its latest advisory. CERT-In said that Google Chrome OS could be exploited by hackers who can “bypass several restrictions, execute arbitrary code” and gain full access to browser.
According to CERT-In, Google Chrome users should immediately update the Chrome browser to avoid targeted attacks. The agency noted that only Chrome versions prior to 98.0.4758.80 are affected by the vulnerabilities. “These vulnerabilities exist in Google Chrome due to Use after free in Safe Browsing, Reader Mode, Web Search, Thumbnail Tab, Strip, Screen Capture, Window Dialogue, Payments, Extensions, Accessibility, and Cast; Heap buffer overflow in ANGLE; Inappropriate implementation in Full Screen Mode, Scroll, Extensions Platform and Pointer Lock; Type Confusion in V8; Policy bypass in COOP and Out of bounds memory access in V8,” the advisory read.
Meanwhile, the vulnerabilities were fixed by Google in Chrome 98 earlier this month. The nodal agency in its advisory categorised the severity of the issues as “high”.
Here’s how you can manually update Google Chrome:
1)Go to Chrome
2)Click on ‘About Google Chrome’
3)Check for updates
4)Once the update is installed, you will need to relaunch the browser to its latest version.
CERT-In is the nodal agency within the Ministry of Electronics and Information Technology of the Government of India. It deals with cyber security threats like hacking and phishing. It aims to strengthens security-related defence of the Indian Internet domain.
It should be noted that CERT-In has always been circumspect of Google Chrome in the past as well. Earlier, the agency came down heavily on the availability of certain extensions on the chrome store. Meanwhile in 2020, the CERT-In had asked Google Chrome users to uninstall certain extensions that were caught collecting “sensitive” user…
AMD reveals an EPYC 50 flaws – 23 of them rated High severity. Intel has 25 problems, too • The Register
Microsoft may have given us a mere 55 CVEs to worry about on November’s Patch Tuesday, but AMD and Intel have topped that number with fixes for their products .
AMD alone dropped 50 new CVEs on Thursday, 23 of them rated of “High” concern, meaning they’re rated at between 7.0 and 8.9 on the the-point Common Vulnerability Scoring System.
Let’s start with the 27 flaws in the AMD Graphics Driver for Windows 10 – 18 of them rated High – because at least they’re in software and Microsoft and Adobe’s patch issuance cadence means readers could be in the mood to fix code.
Detailed here, the flaws allow escalation of privilege, denial of service, the ability for an unprivileged user to drop malicious DLL files, unauthorized code execution, memory corruption, information disclosure
In its acknowledgements to those who found the bugs, AMD hat-tips a chap named “Lucas Bouillot, of the Apple Media Products RedTeam”. So now we know Apple has that team.
AMD’s EPYC processors – all three generations of ‘em – have 22 flaws, four of them rated High. Those flaws, and AMD’s descriptions of them, are:
- CVE-2020-12954 – A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.
- CVE-2020-12961 – A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections.
- CVE-2021-26331 – AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.
- CVE-2021-26335 – Improper input and range checking in the Platform Security Processor (PSP) boot loader image header may allow for an attacker to use attack-controlled values prior to signature validation potentially resulting…