Critical Infrastructure

SecList ICS

• ISaPWN – research on the security of ISaGRAF Runtime
• Threat landscape for industrial automation systems, H2 2021

Security Magazine

• Reflecting on the anniversary of Colonial Pipeline ransomware attack
• AGCO's business operations disrupted by ransomware attack
• Tom Patterson joins Board of Directors at Secured Communications
• 2022 SIA GovSummit agenda finalized
• Combatting intrusion, theft and terrorism on railways with security and surveillance technology
• Could Russia launch a cyberattack on the US power grid?

• Global incidents show rogue drones have increased
• TSA preps for uptick in summer travel
• Tokyo International Airport adds security screening technology
• US declares national emergency, bans Russian vessels from ports
• 2022 SIA GovSummit agenda finalized
• Building an airport security operations center

• Frank Castellon named CSO at Metrolink
• Port of Vancouver USA founds cybersecurity intelligence sharing group
• AGCO's business operations disrupted by ransomware attack
• Amazon must review emergency plans after warehouse collapse, says OSHA
• Who is responsible for supply chain security?
• Video management system monitors security & operations at tobacco firm

Case Studies

• Tech university stops cyberattack with AI
• Coding robot teaches K-12 students about cybersecurity
• Anti-human trafficking organization combats abuse with data analytics
• Behavioral psychology training reduces cybersecurity risks
• Cybersecurity institute trains Texas cyber talent
• Metropolitan school system blocks threats with cybersecurity platform

• Early-warning fire and security system protects manufacturing facility
• How AI helps prevent workplace harassment
• Security officers prevent violence with sexual harassment training
• Retail security: Lessons from the front line
• Tokyo International Airport adds security screening technology
• Florida environmental orgs use LiDAR for disaster preparedness

News

• Snake Keylogger Spreads Through Malicious PDFs
• How To Find NPM Dependencies Vulnerable To Account Hijacking
• Clearview AI Fined In UK For Illegally Storing Facial Images
• Researchers Find Backdoor Lurking In WP Plugin Used By Schools
• Global Food Supply Chain At Risk From Malicious Hackers
• Strapi Exposed Data, Password Reset To Unprivileged Users
• 380K Kubernetes API Servers Exposed To Public Internet
• DOJ Announces It Won't Prosecute White Hat Security Researchers
• Putin Promises To Bolster Russia's IT Security In Face Of Cyber Attacks
• Homeland Security Pushes Pause On New Disinformation Board
• This Russian Botnet Does Far More Than DDoS Attacks - And On A Massive Scale
• Iran, China-Linked Gangs Join Putin's Disinformation War Online
• Two Military Satellites Just Communicated Using Space Lasers
• Hot Glare Of The Spotlight Doesn't Slow BlackByte Ransomware Gang
• 2 Vulnerabilities With 9.8 Severity Rating Are Under Exploit. A 3rd Looms
• FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In
• Your Data Is Auctioned Off Up To 987 Times A Day, NGO Reports
• Hackers Compromise A String Of Discord Channels
• April VMware Bugs Abused To Deliver Mirai Malware, Exploit Log4Shell
• DOJ Says Doctor Is Malware Mastermind
• President Rodrigo Chaves Says Costa Rica Is At War With Conti Hackers
• New Bluetooth Hack Can Unlock Your Tesla And More
• APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack 0-Days
• State Of Internet Crime In Q1 2022: Bot Traffic On The Rise, And More
• Wizard Spider Hackers Hire Cold Callers To Scare Ransomware Victims Into Paying Up

Exploits

• iTop Remote Command Execution
• m1k1o's Blog 1.3 Remote Code Execution
• Blockchain FiatExchanger 2.2.1 SQL Injection
• Blockchain AltExchanger 1.2.1 SQL Injection
• OpenCart Newsletter 3.0.2.0 SQL Injection
• Linux USB Use-After-Free
• SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
• LiquidFiles 3.4.15 Cross Site Scripting
• PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting
• Emby Media Server 4.7.0.60 Cross Site Scripting
• Trojan-Ransom.Thanos MVID-2022-0607 Code Execution
• SDT-CW3B1 1.1.0 Command Injection
• Online Discussion Forum Site 1.0 SQL Injection
• Showdoc 2.10.3 Cross Site Scripting
• OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization
• T-Soft E-Commerce 4 SQL Injection
• T-Soft E-Commerce 4 Cross Site Scripting
• Survey Sparrow Enterprise Survey Software 2022 Cross Site Scripting
• SolarView Compact 6.0 Command Injection
• Zyxel Firewall ZTP Unauthenticated Command Injection
• Chrome 100 extensions::ExtensionApiFrameIdMap::GetFrameId Heap Use-After-Free
• IpMatcher 1.0.4.1 Server-Side Request Forgery
• Ransom.Conti MVID-2022-0606 Code Execution
• Zyxel Remote Command Execution
• Ransom.Conti MVID-2022-0605 Code Execution

• [webapps] m1k1o's Blog v.10 - Remote Code Execution (RCE) (Authenticated)
• [webapps] OpenCart v3.x Newsletter Module - Blind SQLi
• [webapps] Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
• [remote] SolarView Compact 6.0 - OS Command Injection
• [webapps] T-Soft E-Commerce 4 - SQLi (Authenticated)
• [webapps] T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)
• [webapps] Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting (XSS)
• [remote] SDT-CW3B1 1.1.0 - OS Command Injection
• [webapps] TLR-2005KSH - Arbitrary File Delete
• [webapps] Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated)
• [webapps] College Management System 1.0 - 'course_code' SQL Injection (Authenticated)
• [remote] F5 BIG-IP 16.0.x - Remote Code Execution (RCE)
• [webapps] TLR-2005KSH - Arbitrary File Upload
• [remote] Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated)
• [webapps] WordPress Plugin stafflist 3.1.2 - SQLi (Authenticated)
• [webapps] Joomla Plugin SexyPolling 2.1.7 - SQLi
• [webapps] WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery (CSRF)
• [webapps] MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated)
• [webapps] Beehive Forum - Account Takeover
• [webapps] PHProjekt PhpSimplyGest v1.3. - Stored Cross-Site Scripting (XSS)
• [webapps] Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF) (Authenticated)
• [webapps] Explore CMS 1.0 - SQL Injection
• [remote] DLINK DAP-1620 A1 v1.01 - Directory Traversal
• [remote] PyScript - Read Remote Python Source Code
• [remote] Google Chrome 78.0.3904.70 - Remote Code Execution
• [remote] Tenda HG6 v3.3.0 - Remote Command Injection
• [webapps] Anuko Time Tracker - SQLi (Authenticated)
• [remote] Apache CouchDB 3.2.1 - Remote Code Execution (RCE)
• [remote] Wondershare Dr.Fone 12.0.7 - Remote Code Execution (RCE)
• [local] Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService)
• [local] ExifTool 12.23 - Arbitrary Code Execution
• [webapps] e107 CMS v3.2.1 - Multiple Vulnerabilities
• [webapps] Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS)
• [webapps] Cyclos 4.14.7 - DOM Based Cross-Site Scripting (XSS)
• [remote] DLINK DIR850 - Open Redirect
• [remote] DLINK DIR850 - Insecure Access Control
• [remote] Prime95 Version 30.7 build 9 - Remote Code Execution (RCE)
• [remote] ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure
• [local] Wondershare Dr.Fone 11.4.10 - Insecure File Permissions
• [local] TCQ - ITeCProteccioAppServer.exe - Unquoted Service Path
• [local] UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path
• [remote] SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)
• [webapps] CSZ CMS 1.3.0 - 'Multiple' Blind SQLi
• [webapps] Bitrix24 - Remote Code Execution (RCE) (Authenticated)
• [remote] Bookeen Notea - Directory Traversal
• [webapps] Magento eCommerce CE v2.3.5-p2 - Blind SQLi

Last 20 Website Defacements - Zone-h

• https://nasarawastate.gov.ng/cl.html
• https://taxeszone6.gov.bd/1975.html
• http://ngbvd.mglsd.go.ug/dz.php
• http://sfc.go.ug
• http://user.comune.caprinoveronese.vr.it//allegati/fckeditor/images/97.gif
• http://www.comune.caprinoveronese.vr.it//allegati/fckeditor/images/97.gif
• https://satpolppdamkar.purworejokab.go.id/$.php
• http://kesra.mappikab.go.id
• https://bpkad.mappikab.go.id
• https://bpbd.mappikab.go.id
• https://kerjasama.perpusnas.go.id/forger.html
• https://rb.perpusnas.go.id/forger.html
• https://www.tlanalapa.gob.mx
• http://montealto.sp.gov.br/kurdz.txt
• https://is-mp.nuvem.gov.br/authenticationendpoint/psy.html
• https://api.prodam.sp.gov.br/authenticationendpoint/psy.html
• https://idmtest.secretariajuridica.gov.co//authenticationendpoint/psy.txt
• https://is-admin-mp.nuvem.gov.br/authenticationendpoint/dock.html
• https://is-mp.dev.nuvem.gov.br//authenticationendpoint/dock.html
• https://identity.nise.gov.bd/authenticationendpoint/dock.html

Advisories

• Ubuntu Security Notice USN-5432-1 Mon, 23 May 2022 14:24:19 GMT
  Ubuntu Security Notice 5432-1 - It was discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute arbitrary code. Zhengxiong Luo discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute arbitrary code.
• Ubuntu Security Notice USN-5424-2 Fri, 20 May 2022 15:31:21 GMT
  Ubuntu Security Notice 5424-2 - USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database.
• Red Hat Security Advisory 2022-4668-01 Thu, 19 May 2022 15:53:21 GMT
  Red Hat Security Advisory 2022-4668-01 - Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2022-4690-01 Thu, 19 May 2022 15:53:12 GMT
  Red Hat Security Advisory 2022-4690-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.
• Red Hat Security Advisory 2022-4692-01 Thu, 19 May 2022 15:53:03 GMT
  Red Hat Security Advisory 2022-4692-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.
• Red Hat Security Advisory 2022-4691-01 Thu, 19 May 2022 15:52:51 GMT
  Red Hat Security Advisory 2022-4691-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.
• Red Hat Security Advisory 2022-4623-01 Thu, 19 May 2022 15:52:41 GMT
  Red Hat Security Advisory 2022-4623-01 - This release of Red Hat build of Quarkus 2.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include HTTP request smuggling, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.
• Red Hat Security Advisory 2022-4644-01 Thu, 19 May 2022 15:52:32 GMT
  Red Hat Security Advisory 2022-4644-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a privilege escalation vulnerability.
• Red Hat Security Advisory 2022-2205-01 Thu, 19 May 2022 15:52:21 GMT
  Red Hat Security Advisory 2022-2205-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.33. Issues addressed include a cross site scripting vulnerability.
• Red Hat Security Advisory 2022-4661-01 Thu, 19 May 2022 15:52:09 GMT
  Red Hat Security Advisory 2022-4661-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.
• Red Hat Security Advisory 2022-4655-01 Thu, 19 May 2022 15:52:01 GMT
  Red Hat Security Advisory 2022-4655-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a privilege escalation vulnerability.
• Red Hat Security Advisory 2022-4642-01 Thu, 19 May 2022 15:51:52 GMT
  Red Hat Security Advisory 2022-4642-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and privilege escalation vulnerabilities.
• Red Hat Security Advisory 2022-4667-01 Thu, 19 May 2022 15:51:44 GMT
  Red Hat Security Advisory 2022-4667-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.10.1 RPMs. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2022-4651-01 Thu, 19 May 2022 15:51:29 GMT
  Red Hat Security Advisory 2022-4651-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include a privilege escalation vulnerability.
• Ubuntu Security Notice USN-5429-1 Thu, 19 May 2022 15:51:19 GMT
  Ubuntu Security Notice 5429-1 - Thomas Amgarten discovered that Bind incorrectly handled certain TLS connections being destroyed. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.
• Ubuntu Security Notice USN-5430-1 Thu, 19 May 2022 15:51:11 GMT
  Ubuntu Security Notice 5430-1 - It was discovered that GNOME Settings incorrectly handled the remote desktop sharing configuration. When turning off desktop sharing, it may be turned on again after rebooting, contrary to expectations.
• Ubuntu Security Notice USN-5428-1 Wed, 18 May 2022 16:36:48 GMT
  Ubuntu Security Notice 5428-1 - Tobias Stoeckmann discovered that libXrandr incorrectly handled certain responses. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
• Ubuntu Security Notice USN-5423-2 Wed, 18 May 2022 16:36:26 GMT
  Ubuntu Security Notice 5423-2 - USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service.
• Jupiter / JupiterX Theme Privilege Escalation / LFI / DoS / Access Control Issues Wed, 18 May 2022 16:30:22 GMT
  Jupiter Theme versions 6.10.1 and below as well as JupiterX Core plugin versions 2.0.7 and below suffer from privilege escalation and post deletion vulnerabilities. JupiterX Theme versions 2.0.6 and below as well as JupiterX Core versions 2.0.6 and below suffer from plugin deactivation and setting modification flaws. JupiterX Theme versions 2.0.6 and below as well as Jupiter Theme versions 6.10.1 and below suffer from path traversal and local file inclusion vulnerabilities. Jupiter Theme versions 6.10.1 and below suffer from an arbitrary plugin deletion vulnerability. JupiterX Core plugin versions 2.0.6 and below suffer from information disclosure, modification, and denial of service vulnerabilities.
• Ubuntu Security Notice USN-5427-1 Tue, 17 May 2022 17:25:51 GMT
  Ubuntu Security Notice 5427-1 - Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this issue to connect to arbitrary sockets as the root user.
• Ubuntu Security Notice USN-5426-1 Tue, 17 May 2022 17:25:44 GMT
  Ubuntu Security Notice 5426-1 - Jakub Wilk discovered that needrestart incorrectly used some regular expressions. A local attacker could possibly use this issue to execute arbitrary code.
• Ubuntu Security Notice USN-5425-1 Tue, 17 May 2022 17:25:20 GMT
  Ubuntu Security Notice 5425-1 - Yunho Kim discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to have unexpected behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
• Apple Security Advisory 2022-05-16-8 Tue, 17 May 2022 17:18:31 GMT
  Apple Security Advisory 2022-05-16-8 - Xcode 13.4 addresses a logic issue and a privilege escalation issue.
• Ubuntu Security Notice USN-5424-1 Tue, 17 May 2022 17:14:57 GMT
  Ubuntu Security Notice 5424-1 - It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database.
• Ubuntu Security Notice USN-5423-1 Tue, 17 May 2022 17:12:26 GMT
  Ubuntu Security Notice 5423-1 - Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service.