CyberAlerts

ICONICS and Mitsubishi Electric GENESIS64 Products

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS GENESIS64 Product Suite and Mitsubishi Electric MC Works64 Vulnerabilities: Uncontrolled Search Path Element, Dead Code 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ICONICS reports that the following versions of ICONICS and Mitsubishi Electric products are affected: GENESIS64 AlarmWorX Multimedia (AlarmWorX64 MMX): Versions prior to 10.97.3 (CVE-2024-8299 and CVE-2024-9852) GENESIS64: Version 10.97.2, 10.97.2 CFR1, 10.97.2 CFR2, and 10.97.3 (CVE-2024-8300) Mitsubishi Electric MC Works64: all versions (CVE-2024-8299, CVE-2024-9852) 3.2 Vulnerability Overview 3.2.1 Uncontrolled Search Path Element CWE-427 An uncontrolled search path element in the AlarmWorX64 MMX Phone agent can provide the potential for DLL hijacking and malicious code execution. CVE-2024-8299 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-8299. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 Uncontrolled Search Path Element CWE-427 An uncontrolled search path element in the AlarmWorX64 MMX Fax agent can provid...

Source: All CISA Advisories

December 3rd, 2024 (6 months ago)

Police seize Matrix encrypted chat service after spying on criminals

Description: An international law enforcement operation codenamed 'Operation Passionflower' has shut down MATRIX, an encrypted messaging platform used by cybercriminals to coordinate illegal activities while evading police. [...]

Source: BleepingComputer

December 3rd, 2024 (6 months ago)

Ransomware's Grip on Healthcare

Description: Until C-level executives fully understand potential threats and implement effective mitigation strategies, healthcare organizations will remain vulnerable and at risk of disruption.

Source: Dark Reading

December 3rd, 2024 (6 months ago)

Note From the Editor-in-Chief

Description: A change in ownership and what it means for our readers.

Source: Dark Reading

December 3rd, 2024 (6 months ago)

'White FAANG' Data Export Attack: A Gold Mine for PII Threats

Description: Websites these days know everything about you — even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe's GDPR-mandated data portability rules.

Source: Dark Reading

December 3rd, 2024 (6 months ago)

[ruzstd] `ruzstd` uninit and out-of-bounds memory reads

Description: Affected versions of ruzstd miscalculate the length of the allocated and init section of its internal RingBuffer, leading to uninitialized or out-of-bounds reads in copy_bytes_overshooting of up to 15 bytes. This may result in up to 15 bytes of memory contents being written into the decoded data when decompressing a crafted archive. This may occur multiple times per archive. References https://github.com/KillingSpark/zstd-rs/issues/75 https://github.com/KillingSpark/zstd-rs/pull/76 https://rustsec.org/advisories/RUSTSEC-2024-0400.html https://github.com/advisories/GHSA-x3f4-45xf-rjm7

Source: Github Advisory Database (Rust)

December 3rd, 2024 (6 months ago)

[rails-html-sanitizer] rails-html-sanitize has XSS vulnerability with certain configurations

Description: Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. Versions affected: 1.6.0 Not affected: < 1.6.0 Fixed versions: 1.6.1 Please note that the fix in v1.6.1 is to update the dependency on Nokogiri to 1.15.7 or >= 1.16.8. Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements or allow both "svg" and "style" elements Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information on these configuration options. Code is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways: using application configuration to configure Action View sanitizers' allowed tags: # In config/application.rb config.action_view.sanitized_allowed_tags = ["math", "style"] # or config.action_view.sanitized_allowed_tags = ["svg", "style"] see https://guides.rubyonrails.org/configuring.html#configuring-action-view using a :tags option to the Action View helper sanitize: <%= sanitize @comment.body, tags: ["math", "style"] %&...

Source: Github Advisory Database (RubyGems)

December 3rd, 2024 (6 months ago)

[rails-html-sanitizer] rails-html-sanitizer has XSS vulnerability with certain configurations

Description: Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. Versions affected: 1.6.0 Not affected: < 1.6.0 Fixed versions: 1.6.1 Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in the following way: the "noscript" element is explicitly allowed Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information on these configuration options. The default configuration is to disallow all of these elements. Code is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways: using application configuration to configure Action View sanitizers' allowed tags: # In config/application.rb config.action_view.sanitized_allowed_tags = ["noscript"] see https://guides.rubyonrails.org/configuring.html#configuring-action-view using a :tags option to the Action View helper sanitize: <%= sanitize @comment.body, tags: ["noscript"] %> see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize setting Rails::HTML5::SafeListSanitizer class attribute allowed_tags: # class-level option Rails::HTML...

Source: Github Advisory Database (RubyGems)

December 3rd, 2024 (6 months ago)

[github.com/cli/go-gh/v2] `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

Description: Summary A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. Details go-gh sources authentication tokens from different environment variables depending on the host involved: GITHUB_TOKEN, GH_TOKEN for GitHub.com and ghe.com GITHUB_ENTERPRISE_TOKEN, GH_ENTERPRISE_TOKEN for GitHub Enterprise Server Prior to 2.11.1, auth.TokenForHost could source a token from the GITHUB_TOKEN environment variable for a host other than GitHub.com or ghe.com when within a codespace. In 2.11.1, auth.TokenForHost will only source a token from the GITHUB_TOKEN environment variable for GitHub.com or ghe.com hosts. Impact Successful exploitation could send authentication token to an unintended host. Remediation and mitigation Upgrade go-gh to 2.11.1 Advise extension users to regenerate authentication tokens: Personal access tokens GitHub CLI OAuth app Advise extension users to review their personal security log and any relevant audit logs for actions associated with their account or enterprise References https://github.com/cli/go-gh/security/advisories/GHSA-55v3-xh23-96gh https://nvd.nist.gov/vuln/detail/CVE-2024-53859 https://docs.github.com/en/apps/using-github-apps/reviewing-and-revoking-authorization-of-github-apps#reviewing-your-authorized-github-apps https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log https://docs.github.co...

Source: Github Advisory Database (Go)

December 3rd, 2024 (6 months ago)

[github.com/cli/cli/v2] Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

Description: Summary A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. Details This vulnerability stems from several gh commands used to clone a repository with submodules from a non-GitHub host including gh repo clone, gh repo fork, gh pr checkout. These GitHub CLI commands invoke git with instructions to retrieve authentication tokens using the credential.helper configuration variable for any host encountered. Prior to 2.63.0, hosts other than GitHub.com and ghe.com are treated as GitHub Enterprise Server hosts and have tokens sourced from the following environment variables before falling back to host-specific tokens stored within system-specific secured storage: GITHUB_ENTERPRISE_TOKEN GH_ENTERPRISE_TOKEN GITHUB_TOKEN when CODESPACES environment variable is set The result being git sending authentication tokens when cloning submodules. In 2.63.0, these GitHub CLI commands will limit the hosts for which gh acts as a credential helper to source authentication tokens. Additionally, GITHUB_TOKEN will only be used for GitHub.com and ghe.com. Impact Successful exploitation could lead to a third-party using leaked authentication tokens to access privileged resources. Remediation and mitigation Upgrade gh to 2.63.0 Revoke authentication tokens used with the GitHub CLI: Personal access tokens GitHub CLI OAuth app Review your personal security...

Source: Github Advisory Database (Go)

December 3rd, 2024 (6 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	ICONICS and Mitsubishi Electric GENESIS64 Products Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS GENESIS64 Product Suite and Mitsubishi Electric MC Works64 Vulnerabilities: Uncontrolled Search Path Element, Dead Code 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ICONICS reports that the following versions of ICONICS and Mitsubishi Electric products are affected: GENESIS64 AlarmWorX Multimedia (AlarmWorX64 MMX): Versions prior to 10.97.3 (CVE-2024-8299 and CVE-2024-9852) GENESIS64: Version 10.97.2, 10.97.2 CFR1, 10.97.2 CFR2, and 10.97.3 (CVE-2024-8300) Mitsubishi Electric MC Works64: all versions (CVE-2024-8299, CVE-2024-9852) 3.2 Vulnerability Overview 3.2.1 Uncontrolled Search Path Element CWE-427 An uncontrolled search path element in the AlarmWorX64 MMX Phone agent can provide the potential for DLL hijacking and malicious code execution. CVE-2024-8299 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-8299. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 Uncontrolled Search Path Element CWE-427 An uncontrolled search path element in the AlarmWorX64 MMX Fax agent can provid... Source: All CISA Advisories December 3rd, 2024 (6 months ago)
	Police seize Matrix encrypted chat service after spying on criminals Description: An international law enforcement operation codenamed 'Operation Passionflower' has shut down MATRIX, an encrypted messaging platform used by cybercriminals to coordinate illegal activities while evading police. [...] Source: BleepingComputer December 3rd, 2024 (6 months ago)
	Ransomware's Grip on Healthcare Description: Until C-level executives fully understand potential threats and implement effective mitigation strategies, healthcare organizations will remain vulnerable and at risk of disruption. Source: Dark Reading December 3rd, 2024 (6 months ago)
	Note From the Editor-in-Chief Description: A change in ownership and what it means for our readers. Source: Dark Reading December 3rd, 2024 (6 months ago)
	'White FAANG' Data Export Attack: A Gold Mine for PII Threats Description: Websites these days know everything about you — even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe's GDPR-mandated data portability rules. Source: Dark Reading December 3rd, 2024 (6 months ago)
	[ruzstd] `ruzstd` uninit and out-of-bounds memory reads Description: Affected versions of ruzstd miscalculate the length of the allocated and init section of its internal RingBuffer, leading to uninitialized or out-of-bounds reads in copy_bytes_overshooting of up to 15 bytes. This may result in up to 15 bytes of memory contents being written into the decoded data when decompressing a crafted archive. This may occur multiple times per archive. References https://github.com/KillingSpark/zstd-rs/issues/75 https://github.com/KillingSpark/zstd-rs/pull/76 https://rustsec.org/advisories/RUSTSEC-2024-0400.html https://github.com/advisories/GHSA-x3f4-45xf-rjm7 Source: Github Advisory Database (Rust) December 3rd, 2024 (6 months ago)
	[rails-html-sanitizer] rails-html-sanitize has XSS vulnerability with certain configurations Description: Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. Versions affected: 1.6.0 Not affected: < 1.6.0 Fixed versions: 1.6.1 Please note that the fix in v1.6.1 is to update the dependency on Nokogiri to 1.15.7 or >= 1.16.8. Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements or allow both "svg" and "style" elements Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information on these configuration options. Code is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways: using application configuration to configure Action View sanitizers' allowed tags: # In config/application.rb config.action_view.sanitized_allowed_tags = ["math", "style"] # or config.action_view.sanitized_allowed_tags = ["svg", "style"] see https://guides.rubyonrails.org/configuring.html#configuring-action-view using a :tags option to the Action View helper sanitize: <%= sanitize @comment.body, tags: ["math", "style"] %&... Source: Github Advisory Database (RubyGems) December 3rd, 2024 (6 months ago)
	[rails-html-sanitizer] rails-html-sanitizer has XSS vulnerability with certain configurations Description: Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. Versions affected: 1.6.0 Not affected: < 1.6.0 Fixed versions: 1.6.1 Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in the following way: the "noscript" element is explicitly allowed Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information on these configuration options. The default configuration is to disallow all of these elements. Code is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways: using application configuration to configure Action View sanitizers' allowed tags: # In config/application.rb config.action_view.sanitized_allowed_tags = ["noscript"] see https://guides.rubyonrails.org/configuring.html#configuring-action-view using a :tags option to the Action View helper sanitize: <%= sanitize @comment.body, tags: ["noscript"] %> see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize setting Rails::HTML5::SafeListSanitizer class attribute allowed_tags: # class-level option Rails::HTML... Source: Github Advisory Database (RubyGems) December 3rd, 2024 (6 months ago)
	[github.com/cli/go-gh/v2] `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace Description: Summary A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. Details go-gh sources authentication tokens from different environment variables depending on the host involved: GITHUB_TOKEN, GH_TOKEN for GitHub.com and ghe.com GITHUB_ENTERPRISE_TOKEN, GH_ENTERPRISE_TOKEN for GitHub Enterprise Server Prior to 2.11.1, auth.TokenForHost could source a token from the GITHUB_TOKEN environment variable for a host other than GitHub.com or ghe.com when within a codespace. In 2.11.1, auth.TokenForHost will only source a token from the GITHUB_TOKEN environment variable for GitHub.com or ghe.com hosts. Impact Successful exploitation could send authentication token to an unintended host. Remediation and mitigation Upgrade go-gh to 2.11.1 Advise extension users to regenerate authentication tokens: Personal access tokens GitHub CLI OAuth app Advise extension users to review their personal security log and any relevant audit logs for actions associated with their account or enterprise References https://github.com/cli/go-gh/security/advisories/GHSA-55v3-xh23-96gh https://nvd.nist.gov/vuln/detail/CVE-2024-53859 https://docs.github.com/en/apps/using-github-apps/reviewing-and-revoking-authorization-of-github-apps#reviewing-your-authorized-github-apps https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log https://docs.github.co... Source: Github Advisory Database (Go) December 3rd, 2024 (6 months ago)
	[github.com/cli/cli/v2] Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts Description: Summary A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. Details This vulnerability stems from several gh commands used to clone a repository with submodules from a non-GitHub host including gh repo clone, gh repo fork, gh pr checkout. These GitHub CLI commands invoke git with instructions to retrieve authentication tokens using the credential.helper configuration variable for any host encountered. Prior to 2.63.0, hosts other than GitHub.com and ghe.com are treated as GitHub Enterprise Server hosts and have tokens sourced from the following environment variables before falling back to host-specific tokens stored within system-specific secured storage: GITHUB_ENTERPRISE_TOKEN GH_ENTERPRISE_TOKEN GITHUB_TOKEN when CODESPACES environment variable is set The result being git sending authentication tokens when cloning submodules. In 2.63.0, these GitHub CLI commands will limit the hosts for which gh acts as a credential helper to source authentication tokens. Additionally, GITHUB_TOKEN will only be used for GitHub.com and ghe.com. Impact Successful exploitation could lead to a third-party using leaked authentication tokens to access privileged resources. Remediation and mitigation Upgrade gh to 2.63.0 Revoke authentication tokens used with the GitHub CLI: Personal access tokens GitHub CLI OAuth app Review your personal security... Source: Github Advisory Database (Go) December 3rd, 2024 (6 months ago)