Logo
Hamburger Menu Icon
Yoroi Background

Yoroi Blog

ブログ

Vulnerabilità critiche in Git

CERT Yoroi informa che nella giornata del 19 Gennaio 2023 è stata rilasciata la patch risolutiva di tre vulnerabilità critiche RCE su Git; in particolare: CVE-2022-23521, CVE-2022-41903, CVE-2022-41953. Il team di Git evidenzia come le prime due vulnerabilità (CVE-2022-23521 e CVE-2022-41903) permettano ad un attaccante di eseguire codice arbitrario da remoto. La prima, in modo […]

Read More

Dipendenza malevola su PyTorch

Con la presente CERT-Yoroi intende informarla riguardo un nuovo attacco sul framework PyTorch, sul quale è stata scoperta una dipendenza malevola chiamata 'torchtriton', caricata sul registro registro Python Package Index (PyPI). Il nome era lo stesso di una libreria ufficiale pubblicata da PyTorch, una piattaforma di apprendimento automatico open source. Nell'importazione delle dipendenze in ambiente […]

Read More

Grave Vulnerabilità Buffer Overflow in FortiOS SSL-VPN

La vulnerabilità identificata con il numero CVE-2022-42475 è una vulnerabilità di tipo heap buffer overflow presente in FortiOS SSL-VPN. Questa vulnerabilità può consentire a un attaccante non autenticato di eseguire codice o comandi arbitrari tramite richieste appositamente forgiate. La vulnerabilità è stata segnalata essere sfruttata in modo attivo. La vulnerabilità di buffer overflow di heap […]

Read More

CVE Advisory - Partial Disclosure Cisco ISE Multiple Vulnerabilities

Introduction Initially three vulnerabilities were discovered, which are described here: https://yoroi.company/?s=saguri. Further research prompted the discovery of four other vulnerabilities including a Command Injection, which if exploited allows one to gain root access to the system shell.Cisco ISE is a network management tool which allows definition and implementation of security and management policies, which enable […]

Read More

Reconstructing the last activities of Royal Ransomware 

Introduction Royal Ransomware is a new group first spotted on Bleeping Computer last September, where the cybersecurity news site revealed a connection with another malware known as Zeon.   At the moment, we don’t have much information about the group and all its actual TTPs, but we know that they use the Double Extortion model to […]

Read More

CVE Advisory - Partial Disclosure Cisco ISE Broken Access Control

Introduction Through the internal project called Saguri, we started with the analysis of the Cisco Identity Service Engine - 3.1.0.518-Patch3-22042809, the Cisco ISE is a useful tool in the management of one's own network and not only, it allows the implementation and application in a dynamic and automated way of security and 'management' policies, simplifying […]

Read More

CVE Advisory - Full Disclosure Multiple Vulnerabilities

Introduction During a security assessment on FusionDirectory version 1.3 two criticalities have been identified.FusionDirectory allows to manage data archived in LDAP directories so, as you might imagine, security problems leading to an exposure of personal and enterprise could have a serious impact on the business. Advisory https://github.com/fusiondirectory/fusiondirectory/commit/cb349516a641e5933a7f0e0dd3df481b21e7455f CVE-2022-36180 - Cross Site Scripting – CWE 79 […]

Read More

CVE Advisory - Partial Disclosure Cisco ISE Cross Site Scripting

Introduction In July 2022 the Yoroi advisory team, in the context of its internal project Saguri, started analysing the Cisco Identity Service En-gine (ver. 3.1.0.518-Patch3-22042809).Cisco ISE is a network management tool which allows definition and implementation of security and management policies, which enable precise controls over who can access the network, what they have access […]

Read More

CVE Advisory - Partial Disclosure CISCO ISE Path Traversal

Introduction In July 2022 the Yoroi advisory team, in the context of its internal project Saguri, started analysing the Cisco Identity Service Engine (ver. 3.1.0.518-Patch3-22042809). Cisco ISE is a network management tool which allows definition and implementation of security and management policies, which enable precise controls over who can access the network, what they have […]

Read More

Grave vulnerabilità 0day su Microsoft
Exchange - ProxyNotShell

Con la presente CERT-Yoroi desidera informarla riguardo una grave vulnerabilità 0day su Microsoft Exchange, nota con identificativo CVE-2022-41082 e conosciuta anche con l’alias ProxyNotShell. Per sfruttare entrambe le vulnerabilità è necessario, per un attaccante remoto, possedere le credenziali di un utente non privilegiato. In questo modo sono possibili due differenti tecniche di attacco di cui […]

Read More

Dissecting BlueSky Ransomware Payload

Introduction BlueSky is a ransomware firstly spotted in May 2022 and it gained the attention of the threat researchers for two main reasons: the first one is that the group behind the ransomware doesn’t adopt the double-extortion model; the second one is that their targets are even normal users because the ransomware has been discovered […]

Read More

Grave vulnerabilità 0-day su dispositivi Apple

Con la presente CERT-Yoroi desidera informarla riguardo una grave vulnerabilità su dispositivi Apple. La vulnerabilità coinvolge la maggior parte dei prodotti del Vendor, in modalità "zero-day". Essa è nota con identificativo CVE-2022-32917 e riguarda una importante falla nel kernel. La falla può permettere ad un attaccante remoto in grado di convincere la vittima ad installare un'app […]

Read More
1 2 3 45
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram