A vulnerability was recently discerned by Marc Newlin, Principal Reverse Engineer for Skysafe. This vulnerability, classified as CVE-2023-45866 allows unauthenticated keystroke-injection through Bluetooth. This is done by tricking the Bluetooth host machine into pairing with a fake keyboard through an unauthenticated pairing mechanism defined in the Bluetooth specification.
Atlassian has released four security advisories and patches fixing remote code execution flaws in several Atlassian products. The CVEs mentioned are CVE-2022-1471, CVE-2023-22523, CVE-2023-22524, and CVE-2023-22522 each having a CVSS 3.1 score ranging from 9.0 – 9.8 according to Atlassian and the National Vulnerability Database.
A Use-After-Free (UAF) vulnerability has been identified in the Linux kernel which is identified as CVE-2023-40283 with a CVSS 3.1 score of 7.8 HIGH. The issue was discovered in l2cap_sock_release in /net/Bluetooth/l2cap_sock.c in versions of the linux kernel before 6.4.10. This is one of several recent vulnerabilities associated with the Linux kernel which all allow for a Secure Boot Bypass. The collection of vulnerabilities dubbed LogoFAIL leverages the UEFI BIOs capabilities of displaying images during boot to achieve arbitrary code execution and compromise the security of the entire system.
Henry Schein, a Fortune 500 healthcare company, faced a severe cybersecurity incident, falling prey to the 'BlackCat/ALPHV' ransomware gang for the second time in a month. The most recent attack, detected on November 22, targeted critical systems, causing disruptions to the organization's applications and e-commerce platform. This recurrence underscores the persistence posed by the threat actor, necessitating a comprehensive response to safeguard the company's operations and sensitive data.
Google Chrome versions prior to 119.0.6045.199 are vulnerable to CVE-2023-6345 (CVSS v3: 8.8) a vulnerability with evidence of active exploitation. An integer overflow exists in Skia which allows a remote attacker who had compromised the renderer process to potentially perform a sandbox escape with a malicious file.
A vulnerability was discovered in ownCloud, a tool used to share and sync data collaboratively, classified as CVE-2023-49103. MITRE has designated this vulnerability with a CVSS score of 10.0. It is related to the graphapi portion of the application. Because the graphapi relys on a third-party library to provide a URL that contains the phpinfo, the viewing of sensitive data such as ownCloud admin password, mail server credentials, and license key is allowed.
Fidelity National Financial (FNF), a prominent title insurance giant, finds itself in the throes of a significant cyberattack, resulting in disruptive service interruptions. This incident has a far-reaching impact on critical services, including title insurance, escrow, mortgage transaction services, and technology supporting the real estate and mortgage industries. The cyberattack has prompted FNF to take down multiple systems in an urgent bid to contain and neutralize the threat. Detected just before Thanksgiving, the incident raises concerns about the potential compromise of sensitive data and critical systems. The notorious Alphv/BlackCat ransomware group has claimed responsibility, further emphasizing the severity of the situation and the need for a comprehensive response.
A high severity (CVSS: 7.8) vulnerability has been identified in the GNU C Library. Identified as CVE-2023-4911, nicknamed Looney Tunables, it was recently added to CISA’s Known Exploited Vulnerabilities catalogue because it is now being actively exploited. This buffer overflow vulnerability makes use of a flaw within the libraries’ dynamic loader and GLIBC_TUNABLES environment variable. This can allow a local attacker to use specifically crafted GLIBC_TUNABLES environment variables while launching binaries with SUID permission to execute code with elevated privileges.
A vulnerability has been discovered internally by Adham El Karn of the Fortinet Product Security team. Identified as CVE-2023-36553 (CVSS 9.8), this Critical vulnerability affects all versions of FortiSIEM 4.7, 4.9, 4.10, 5.0, 5.1, 5.2, 5.3, and 5.4. According to Fortiguard, it has to do with an improper neutralization of special elements used in an OS Command vulnerability in FortiSIEM report server. This can allow a remote, unauthenticated attacker to execute unauthorized commands via specifically crafted API requests.