CyberAlerts

Description: Come learn how to pry government records from the new Trump administration.

Source: 404 Media

January 13th, 2025 (6 months ago)

Microsoft: macOS bug lets hackers install malicious kernel drivers

Description: Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. [...]

Source: BleepingComputer

January 13th, 2025 (6 months ago)

Dread Pirate Roberts, of the original Silk Road, makes a post about "Why Claims are dangerous to believe."

Description: Dread Pirate Roberts, of the original Silk Road, makes a post about "Why Claims are dangerous to believe."

Source: DarkWebInformer

January 13th, 2025 (6 months ago)

Azure and M365 MFA outage locks out users across regions

Source: TheRegister

January 13th, 2025 (6 months ago)

A Threat Actor Claims to be Selling Data of Insurgentes University

Description: A Threat Actor Claims to be Selling Data of Insurgentes University

Source: DarkWebInformer

January 13th, 2025 (6 months ago)

Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Description: Threat actors are targeting people searching for pirated or cracked software with fake downloaders that include infostealing malware such as Lumma and Vidar.

Source: Dark Reading

January 13th, 2025 (6 months ago)

Leaked Gravy Analytics Data Expose Scale of Location Tracking

Description: New insights into the Gravy Analytics data breach reveal the vast extent of the company’s location-tracking operations and the potential for user de-anonymization. The leaked data, part of a 10 TB dataset, exposes the granular details of individuals’ movements and raises fresh concerns about the security and ethics of location data collection. Looking into the … The post Leaked Gravy Analytics Data Expose Scale of Location Tracking appeared first on CyberInsider.

Source: CyberInsider

January 13th, 2025 (6 months ago)

[github.com/notaryproject/notation-go] notation-go has an OS error when setting CRL cache leads to denial of signature verification

Description: Summary The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature. After retrieving the CRL, notation-go attempts to update the CRL cache using the os.Rename method. However, this operation may fail due to operating system-specific limitations, particularly when the source and destination paths are on different mount points. This failure could lead to an unexpected program termination. Details In method crl.(*FileCache).Set, a temporary file is created in the OS dedicated area (like /tmp for, usually, Linux/Unix). The file is written and then it is tried to move it to the dedicated notation cache directory thanks os.Rename. As specified in Go documentation, OS specific restriction may apply. When used with Linux OS, it is relying on rename syscall from the libc and as per the documentation, moving a file to a different mountpoint raises an EXDEV error, interpreted as Cross device link not permitted error. Some Linux distribution, like RedHat use a dedicated filesystem (tmpfs), mounted on a specific mountpoint (usually /tmp) for temporary files. When using such OS, revocation check based on CRL will repeatedly crash notation. PoC Ensure that the temporary file storage area (e.g., /tmp) is mounted on a different mount point than the user's 'notation' cache directory. Either disable the Online Certificate Status Protocol (OCSP) revocation check, or utilize certificates that exclusively support Certific...

Source: Github Advisory Database (Go)

January 13th, 2025 (6 months ago)

[github.com/notaryproject/notation-go] notation-go's timestamp signature generation lacks certificate revocation check

Description: This issue was identified during Quarkslab's audit of the timestamp feature. Summary During the timestamp signature generation, the revocation status of the certificate(s) used to generate the timestamp signature was not verified. Details During timestamp signature generation, notation-go did not check the revocation status of the certificate chain used by the TSA. This oversight creates a vulnerability that could be exploited through a Man-in-The-Middle attack. An attacker could potentially use a compromised, intermediate, or revoked leaf certificate to generate a malicious countersignature, which would then be accepted and stored by notation. Impact This could lead to denial of service scenarios, particularly in CI/CD environments during signature verification processes because timestamp signature would fail due to the presence of a revoked certificate(s) potentially disrupting operations. References https://github.com/notaryproject/notation-go/security/advisories/GHSA-45v3-38pc-874v https://github.com/notaryproject/notation-go/commit/e99be1954a15673020150c5f8800b8174cd7428d https://github.com/advisories/GHSA-45v3-38pc-874v

Source: Github Advisory Database (Go)

January 13th, 2025 (6 months ago)

DEFACER KAMPUNG Targeted the Website of HARDZON

Description: DEFACER KAMPUNG Targeted the Website of HARDZON

Source: DarkWebInformer

January 13th, 2025 (6 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Our New FOIA Forum! 1/23, 1PM EST Description: Come learn how to pry government records from the new Trump administration. Source: 404 Media January 13th, 2025 (6 months ago)
	Microsoft: macOS bug lets hackers install malicious kernel drivers Description: Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. [...] Source: BleepingComputer January 13th, 2025 (6 months ago)
	Dread Pirate Roberts, of the original Silk Road, makes a post about "Why Claims are dangerous to believe." Description: Dread Pirate Roberts, of the original Silk Road, makes a post about "Why Claims are dangerous to believe." Source: DarkWebInformer January 13th, 2025 (6 months ago)
	Azure and M365 MFA outage locks out users across regions Source: TheRegister January 13th, 2025 (6 months ago)
	A Threat Actor Claims to be Selling Data of Insurgentes University Description: A Threat Actor Claims to be Selling Data of Insurgentes University Source: DarkWebInformer January 13th, 2025 (6 months ago)
	Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results Description: Threat actors are targeting people searching for pirated or cracked software with fake downloaders that include infostealing malware such as Lumma and Vidar. Source: Dark Reading January 13th, 2025 (6 months ago)
	Leaked Gravy Analytics Data Expose Scale of Location Tracking Description: New insights into the Gravy Analytics data breach reveal the vast extent of the company’s location-tracking operations and the potential for user de-anonymization. The leaked data, part of a 10 TB dataset, exposes the granular details of individuals’ movements and raises fresh concerns about the security and ethics of location data collection. Looking into the … The post Leaked Gravy Analytics Data Expose Scale of Location Tracking appeared first on CyberInsider. Source: CyberInsider January 13th, 2025 (6 months ago)
	[github.com/notaryproject/notation-go] notation-go has an OS error when setting CRL cache leads to denial of signature verification Description: Summary The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature. After retrieving the CRL, notation-go attempts to update the CRL cache using the os.Rename method. However, this operation may fail due to operating system-specific limitations, particularly when the source and destination paths are on different mount points. This failure could lead to an unexpected program termination. Details In method crl.(*FileCache).Set, a temporary file is created in the OS dedicated area (like /tmp for, usually, Linux/Unix). The file is written and then it is tried to move it to the dedicated notation cache directory thanks os.Rename. As specified in Go documentation, OS specific restriction may apply. When used with Linux OS, it is relying on rename syscall from the libc and as per the documentation, moving a file to a different mountpoint raises an EXDEV error, interpreted as Cross device link not permitted error. Some Linux distribution, like RedHat use a dedicated filesystem (tmpfs), mounted on a specific mountpoint (usually /tmp) for temporary files. When using such OS, revocation check based on CRL will repeatedly crash notation. PoC Ensure that the temporary file storage area (e.g., /tmp) is mounted on a different mount point than the user's 'notation' cache directory. Either disable the Online Certificate Status Protocol (OCSP) revocation check, or utilize certificates that exclusively support Certific... Source: Github Advisory Database (Go) January 13th, 2025 (6 months ago)
	[github.com/notaryproject/notation-go] notation-go's timestamp signature generation lacks certificate revocation check Description: This issue was identified during Quarkslab's audit of the timestamp feature. Summary During the timestamp signature generation, the revocation status of the certificate(s) used to generate the timestamp signature was not verified. Details During timestamp signature generation, notation-go did not check the revocation status of the certificate chain used by the TSA. This oversight creates a vulnerability that could be exploited through a Man-in-The-Middle attack. An attacker could potentially use a compromised, intermediate, or revoked leaf certificate to generate a malicious countersignature, which would then be accepted and stored by notation. Impact This could lead to denial of service scenarios, particularly in CI/CD environments during signature verification processes because timestamp signature would fail due to the presence of a revoked certificate(s) potentially disrupting operations. References https://github.com/notaryproject/notation-go/security/advisories/GHSA-45v3-38pc-874v https://github.com/notaryproject/notation-go/commit/e99be1954a15673020150c5f8800b8174cd7428d https://github.com/advisories/GHSA-45v3-38pc-874v Source: Github Advisory Database (Go) January 13th, 2025 (6 months ago)
	DEFACER KAMPUNG Targeted the Website of HARDZON Description: DEFACER KAMPUNG Targeted the Website of HARDZON Source: DarkWebInformer January 13th, 2025 (6 months ago)