CyberAlerts

Description: Joe shares his recent experience presenting at the 32nd Crop Insurance Conference and how it's important to stay curious, be a forever student, and keep learning.

Source: Cisco Talos Blog

January 23rd, 2025 (6 months ago)

A Threat Actor Claims to have Leaked the Data of TTRee App

Description: A Threat Actor Claims to have Leaked the Data of TTRee App

Source: DarkWebInformer

January 23rd, 2025 (6 months ago)

Google launches customizable Web Store for Enterprise extensions

Description: Google has officially launched its Chrome Web Store for Enterprises, allowing organizations to create a curated list of extensions that can be installed in employees' web browsers. [...]

Source: BleepingComputer

January 23rd, 2025 (6 months ago)

[@fastify/multipart] Unlimited consumption of resources in @fastify/multipart

Description: Impact The saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. Patches Fixed in version 8.3.1 and 9.0.3 Workarounds Do not use saveRequestFiles. References This was identified in https://github.com/fastify/fastify-multipart/issues/546 and fixed in https://github.com/fastify/fastify-multipart/pull/567. References https://github.com/fastify/fastify-multipart/security/advisories/GHSA-27c6-mcxv-x3fh https://github.com/fastify/fastify-multipart/issues/546 https://github.com/fastify/fastify-multipart/pull/567 https://github.com/advisories/GHSA-27c6-mcxv-x3fh

Source: Github Advisory Database (NPM)

January 23rd, 2025 (6 months ago)

Hundreds of fake Reddit sites push Lumma Stealer malware

Description: Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware. [...]

Source: BleepingComputer

January 23rd, 2025 (6 months ago)

New Android Identity Check locks settings outside trusted locations

Description: Google has announced a new Android "Identity Check" security feature that lock sensitive settings behind biometric authentication when outside a trusted location. [...]

Source: BleepingComputer

January 23rd, 2025 (6 months ago)

QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app

Description: QNAP has fixed six rsync vulnerabilities that could let attackers gain remote code execution on unpatched Network Attached Storage (NAS) devices. [...]

Source: BleepingComputer

January 23rd, 2025 (6 months ago)

CVE-2025-24030

[github.com/envoyproxy/gateway] Envoy Admin Interface Exposed through prometheus metrics endpoint

Description: Impact A user with access to a Kubernetes cluster where Envoy Gateway is installed can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration (possibly containing confidential data). For example, the following command, if run from within the Kubernetes cluster, can be used to get the configuration dump of the proxy: curl --path-as-is http://<Proxy-Service-ClusterIP>:19001/stats/prometheus/../../config_dump Patches 1.2.6 Workarounds The EnvoyProxy API can be used to apply a bootstrap config patch that restricts access strictly to the prometheus stats endpoint. Find below an example of such a bootstrap patch. apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: name: custom-proxy-config namespace: default spec: bootstrap: type: JSONPatch jsonPatches: - op: "add" path: "/static_resources/listeners/0/filter_chains/0/filters/0/typed_config/normalize_path" value: true - op: "replace" path: "/static_resources/listeners/0/filter_chains/0/filters/0/typed_config/route_config/virtual_hosts/0/routes/0/match" value: path: "/stats/prometheus" headers: - name: ":method" exact_match: GET References Envoy Admin Interface: https://www.envoyproxy.io/docs/envoy/latest/operations/admin Envoy Configuration Best Practices: https://www.envoypro...

CVSS: HIGH (7.1)

EPSS Score: 0.05%

Source: Github Advisory Database (Go)

January 23rd, 2025 (6 months ago)

[RestrictedPython] try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter

Description: Impact Via a type confusion bug in the CPython interpreter when using try/except* RestrictedPython could be bypassed. We believe this should be fixed upstream in Python itself until that we remove support for try/except* from RestrictedPython. (It has been fixed for some Python versions.) Patches Patched in version 8.0 by removing support for try/except* clauses Workarounds There is no workaround. References none References https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-gmj9-h825-chq2 https://github.com/zopefoundation/RestrictedPython/commit/48a92c5bb617a647cffd0dadd4d5cfe626bcdb2f https://github.com/advisories/GHSA-gmj9-h825-chq2

Source: Github Advisory Database (PIP)

January 23rd, 2025 (6 months ago)

CVE-2025-24530

[phpmyadmin/phpmyadmin] phpMyAdmin XSS when checking tables

Description: An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS. References https://nvd.nist.gov/vuln/detail/CVE-2025-24530 https://www.phpmyadmin.net/security/PMASA-2025-1 https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7 https://github.com/advisories/GHSA-222v-cx2c-q2f5

CVSS: MEDIUM (6.4)

EPSS Score: 0.04%

Source: Github Advisory Database (Composer)

January 23rd, 2025 (6 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Everything is connected to security Description: Joe shares his recent experience presenting at the 32nd Crop Insurance Conference and how it's important to stay curious, be a forever student, and keep learning. Source: Cisco Talos Blog January 23rd, 2025 (6 months ago)
	A Threat Actor Claims to have Leaked the Data of TTRee App Description: A Threat Actor Claims to have Leaked the Data of TTRee App Source: DarkWebInformer January 23rd, 2025 (6 months ago)
	Google launches customizable Web Store for Enterprise extensions Description: Google has officially launched its Chrome Web Store for Enterprises, allowing organizations to create a curated list of extensions that can be installed in employees' web browsers. [...] Source: BleepingComputer January 23rd, 2025 (6 months ago)
	[@fastify/multipart] Unlimited consumption of resources in @fastify/multipart Description: Impact The saveRequestFiles function does not delete the uploaded temporary files when user cancels the request. Patches Fixed in version 8.3.1 and 9.0.3 Workarounds Do not use saveRequestFiles. References This was identified in https://github.com/fastify/fastify-multipart/issues/546 and fixed in https://github.com/fastify/fastify-multipart/pull/567. References https://github.com/fastify/fastify-multipart/security/advisories/GHSA-27c6-mcxv-x3fh https://github.com/fastify/fastify-multipart/issues/546 https://github.com/fastify/fastify-multipart/pull/567 https://github.com/advisories/GHSA-27c6-mcxv-x3fh Source: Github Advisory Database (NPM) January 23rd, 2025 (6 months ago)
	Hundreds of fake Reddit sites push Lumma Stealer malware Description: Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware. [...] Source: BleepingComputer January 23rd, 2025 (6 months ago)
	New Android Identity Check locks settings outside trusted locations Description: Google has announced a new Android "Identity Check" security feature that lock sensitive settings behind biometric authentication when outside a trusted location. [...] Source: BleepingComputer January 23rd, 2025 (6 months ago)
	QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app Description: QNAP has fixed six rsync vulnerabilities that could let attackers gain remote code execution on unpatched Network Attached Storage (NAS) devices. [...] Source: BleepingComputer January 23rd, 2025 (6 months ago)
CVE-2025-24030	[github.com/envoyproxy/gateway] Envoy Admin Interface Exposed through prometheus metrics endpoint Description: Impact A user with access to a Kubernetes cluster where Envoy Gateway is installed can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration (possibly containing confidential data). For example, the following command, if run from within the Kubernetes cluster, can be used to get the configuration dump of the proxy: curl --path-as-is http://<Proxy-Service-ClusterIP>:19001/stats/prometheus/../../config_dump Patches 1.2.6 Workarounds The EnvoyProxy API can be used to apply a bootstrap config patch that restricts access strictly to the prometheus stats endpoint. Find below an example of such a bootstrap patch. apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyProxy metadata: name: custom-proxy-config namespace: default spec: bootstrap: type: JSONPatch jsonPatches: - op: "add" path: "/static_resources/listeners/0/filter_chains/0/filters/0/typed_config/normalize_path" value: true - op: "replace" path: "/static_resources/listeners/0/filter_chains/0/filters/0/typed_config/route_config/virtual_hosts/0/routes/0/match" value: path: "/stats/prometheus" headers: - name: ":method" exact_match: GET References Envoy Admin Interface: https://www.envoyproxy.io/docs/envoy/latest/operations/admin Envoy Configuration Best Practices: https://www.envoypro... CVSS: HIGH (7.1) EPSS Score: 0.05% Source: Github Advisory Database (Go) January 23rd, 2025 (6 months ago)
	[RestrictedPython] try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter Description: Impact Via a type confusion bug in the CPython interpreter when using try/except* RestrictedPython could be bypassed. We believe this should be fixed upstream in Python itself until that we remove support for try/except* from RestrictedPython. (It has been fixed for some Python versions.) Patches Patched in version 8.0 by removing support for try/except* clauses Workarounds There is no workaround. References none References https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-gmj9-h825-chq2 https://github.com/zopefoundation/RestrictedPython/commit/48a92c5bb617a647cffd0dadd4d5cfe626bcdb2f https://github.com/advisories/GHSA-gmj9-h825-chq2 Source: Github Advisory Database (PIP) January 23rd, 2025 (6 months ago)
CVE-2025-24530	[phpmyadmin/phpmyadmin] phpMyAdmin XSS when checking tables Description: An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS. References https://nvd.nist.gov/vuln/detail/CVE-2025-24530 https://www.phpmyadmin.net/security/PMASA-2025-1 https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7 https://github.com/advisories/GHSA-222v-cx2c-q2f5 CVSS: MEDIUM (6.4) EPSS Score: 0.04% Source: Github Advisory Database (Composer) January 23rd, 2025 (6 months ago)