CyberAlerts

Windows 11 24H2 upgrades blocked on some PCs due to audio issues

Description: Microsoft has added another Windows 11 24H2 upgrade block for systems with Dirac audio improvement software due to compatibility issues breaking sound output. [...]

Source: BleepingComputer

December 19th, 2024 (4 months ago)

Shodan Dorks for Advanced OSINT

Description: Shodan Dorks for Advanced OSINT

Source: DarkWebInformer

December 19th, 2024 (4 months ago)

Vendors Chase Potential of Non-Human Identity Management

Description: Non-human identities authenticate machine-to-machine communication. The big challenge now is to secure their elements and processes — before attackers can intercept.

Source: Dark Reading

December 19th, 2024 (4 months ago)

Moon_WALK Claims to be Selling Data of Office of the Basic Education Commission in Thailand

Description: Moon_WALK Claims to be Selling Data of Office of the Basic Education Commission in Thailand

Source: DarkWebInformer

December 19th, 2024 (4 months ago)

A Threat Actor Claims to have Leaked the Data of Las Piedras Shopping

Description: A Threat Actor Claims to have Leaked the Data of Las Piedras Shopping

Source: DarkWebInformer

December 19th, 2024 (4 months ago)

Microsoft says Auto HDR causes game freezes on Windows 11 24H2

Description: Microsoft is now blocking Windows 11 24H2 upgrades on systems with Auto HDR enabled due to a compatibility issue that causes game freezes. [...]

Source: BleepingComputer

December 19th, 2024 (4 months ago)

[github.com/clidey/whodb/core] WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service

Description: Summary A Denial of Service (DoS) vulnerability in the authentication middleware allows any client to cause memory exhaustion by sending large request bodies. The server reads the entire request body into memory without size limits, creating multiple copies during processing, which can lead to Out of Memory conditions. Affects all versions up to the latest one (v0.43.0). Details The vulnerability exists in the AuthMiddleware function in core/src/auth/auth.go. The middleware processes all API requests (/api/*) and reads the entire request body using io.ReadAll without any size limits: func AuthMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r http.Request) { // No size limit on body reading body, err := io.ReadAll(r.Body) // ... // Creates another copy of the body r.Body = io.NopCloser(bytes.NewReader(body)) // ... // Unmarshals the body again, creating more copies if err := json.Unmarshal(body, &query); err != nil { return false } }) } The issue is amplified by: A generous 10-minute timeout (middleware.Timeout(10*time.Minute)) High throttle limits (10000 concurrent requests, 1000 backlog) Multiple copies of the request body being created during processing No per-client rate limiting PoC Run the latest WhoDB: docker run -it -p 127.0.0.1:8080:8080 clidey/whodb Prepare a PoC Python script: import requests import base64 import json import time # Create a sample token c...

Source: Github Advisory Database (Go)

December 19th, 2024 (4 months ago)

[pyrage] pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

Description: pyrage uses the Rust age crate for its underlying operations, and age is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to pyrage for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions of pyrage before 1.2.0 lack plugin support and are therefore not affected. An equivalent issue was fixed in the reference Go implementation of age, see advisory GHSA-32gq-x56h-299c. Thanks to ⬡-49016 for reporting this issue. References https://github.com/FiloSottile/age/security/advisories/GHSA-32gq-x56h-299c https://github.com/str4d/rage/security/advisories/GHSA-4fg7-vxc8-qx5w https://github.com/woodruffw/pyrage/security/advisories/GHSA-47h8-jmp3-9f28 https://github.com/advisories/GHSA-47h8-jmp3-9f28

Source: Github Advisory Database (PIP)

December 19th, 2024 (4 months ago)

[astro] Astro's server source code is exposed to the public if sourcemaps are enabled

Description: Summary A bug in the build process allows any unauthenticated user to read parts of the server source code. Details During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible folder. https://github.com/withastro/astro/blob/176fe9f113fd912f9b61e848b00bbcfecd6d5c2c/packages/astro/src/core/build/static-build.ts#L139 Any outside party can read them with an unauthorized HTTP GET request to the same server hosting the rest of the website. While some server files are hashed, making their access obscure, the files corresponding to the file system router (those in src/pages) are predictably named. For example. the sourcemap file for src/pages/index.astro gets named dist/client/pages/index.astro.mjs.map. PoC Here is one example of an affected open-source website: https://creatorsgarten.org/pages/index.astro.mjs.map The file can be saved and opened using https://evanw.github.io/source-map-visualization/ to reconstruct the source code. The above accurately mirrors the source code as seen in the repository: https://github.com/creatorsgarten/creatorsgarten.org/blob/main/src/pages/index.astro The above was found as the 4th result (and the first one on Astro 5.0+) when making the following search query on GitHub.com (search results link): path:astro.config.mjs @sentry/astro This vulnerability is the root cause of https://github.com/withastro/astro/issues/12703, which links to a simple stackblitz pro...

Source: Github Advisory Database (NPM)

December 19th, 2024 (4 months ago)

DNI Claims to be Selling RDP Access of a Unidentified Retail Company in India

Description: DNI Claims to be Selling RDP Access of a Unidentified Retail Company in India

Source: DarkWebInformer

December 19th, 2024 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Windows 11 24H2 upgrades blocked on some PCs due to audio issues Description: Microsoft has added another Windows 11 24H2 upgrade block for systems with Dirac audio improvement software due to compatibility issues breaking sound output. [...] Source: BleepingComputer December 19th, 2024 (4 months ago)
	Shodan Dorks for Advanced OSINT Description: Shodan Dorks for Advanced OSINT Source: DarkWebInformer December 19th, 2024 (4 months ago)
	Vendors Chase Potential of Non-Human Identity Management Description: Non-human identities authenticate machine-to-machine communication. The big challenge now is to secure their elements and processes — before attackers can intercept. Source: Dark Reading December 19th, 2024 (4 months ago)
	Moon_WALK Claims to be Selling Data of Office of the Basic Education Commission in Thailand Description: Moon_WALK Claims to be Selling Data of Office of the Basic Education Commission in Thailand Source: DarkWebInformer December 19th, 2024 (4 months ago)
	A Threat Actor Claims to have Leaked the Data of Las Piedras Shopping Description: A Threat Actor Claims to have Leaked the Data of Las Piedras Shopping Source: DarkWebInformer December 19th, 2024 (4 months ago)
	Microsoft says Auto HDR causes game freezes on Windows 11 24H2 Description: Microsoft is now blocking Windows 11 24H2 upgrades on systems with Auto HDR enabled due to a compatibility issue that causes game freezes. [...] Source: BleepingComputer December 19th, 2024 (4 months ago)
	[github.com/clidey/whodb/core] WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service Description: Summary A Denial of Service (DoS) vulnerability in the authentication middleware allows any client to cause memory exhaustion by sending large request bodies. The server reads the entire request body into memory without size limits, creating multiple copies during processing, which can lead to Out of Memory conditions. Affects all versions up to the latest one (v0.43.0). Details The vulnerability exists in the AuthMiddleware function in core/src/auth/auth.go. The middleware processes all API requests (/api/) and reads the entire request body using io.ReadAll without any size limits: func AuthMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r http.Request) { // No size limit on body reading body, err := io.ReadAll(r.Body) // ... // Creates another copy of the body r.Body = io.NopCloser(bytes.NewReader(body)) // ... // Unmarshals the body again, creating more copies if err := json.Unmarshal(body, &query); err != nil { return false } }) } The issue is amplified by: A generous 10-minute timeout (middleware.Timeout(10time.Minute)) High throttle limits (10000 concurrent requests, 1000 backlog) Multiple copies of the request body being created during processing No per-client rate limiting PoC Run the latest WhoDB: docker run -it -p 127.0.0.1:8080:8080 clidey/whodb Prepare a PoC Python script: import requests import base64 import json import time # Create a sample token c... Source: Github Advisory Database (Go) December 19th, 2024 (4 months ago)
	[pyrage] pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution Description: pyrage uses the Rust age crate for its underlying operations, and age is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to pyrage for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions of pyrage before 1.2.0 lack plugin support and are therefore not affected. An equivalent issue was fixed in the reference Go implementation of age, see advisory GHSA-32gq-x56h-299c. Thanks to ⬡-49016 for reporting this issue. References https://github.com/FiloSottile/age/security/advisories/GHSA-32gq-x56h-299c https://github.com/str4d/rage/security/advisories/GHSA-4fg7-vxc8-qx5w https://github.com/woodruffw/pyrage/security/advisories/GHSA-47h8-jmp3-9f28 https://github.com/advisories/GHSA-47h8-jmp3-9f28 Source: Github Advisory Database (PIP) December 19th, 2024 (4 months ago)
	[astro] Astro's server source code is exposed to the public if sourcemaps are enabled Description: Summary A bug in the build process allows any unauthenticated user to read parts of the server source code. Details During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible folder. https://github.com/withastro/astro/blob/176fe9f113fd912f9b61e848b00bbcfecd6d5c2c/packages/astro/src/core/build/static-build.ts#L139 Any outside party can read them with an unauthorized HTTP GET request to the same server hosting the rest of the website. While some server files are hashed, making their access obscure, the files corresponding to the file system router (those in src/pages) are predictably named. For example. the sourcemap file for src/pages/index.astro gets named dist/client/pages/index.astro.mjs.map. PoC Here is one example of an affected open-source website: https://creatorsgarten.org/pages/index.astro.mjs.map The file can be saved and opened using https://evanw.github.io/source-map-visualization/ to reconstruct the source code. The above accurately mirrors the source code as seen in the repository: https://github.com/creatorsgarten/creatorsgarten.org/blob/main/src/pages/index.astro The above was found as the 4th result (and the first one on Astro 5.0+) when making the following search query on GitHub.com (search results link): path:astro.config.mjs @sentry/astro This vulnerability is the root cause of https://github.com/withastro/astro/issues/12703, which links to a simple stackblitz pro... Source: Github Advisory Database (NPM) December 19th, 2024 (4 months ago)
	DNI Claims to be Selling RDP Access of a Unidentified Retail Company in India Description: DNI Claims to be Selling RDP Access of a Unidentified Retail Company in India Source: DarkWebInformer December 19th, 2024 (4 months ago)