Yoroi Blog

Introduction Initially three vulnerabilities were discovered, which are described here: Advisory Vulnerabilities CVE-2022-20964 – Command Injection – CWE-78 CVE-2022-20964 - Command Injection - CWE-78 PRODUCT LINE VERSION SCORE IMPACT Cisco Identity Services Engine 2.7 < 3.2 P1 CNA: 6.3NIST: 8.8 High OWASP CATEGORY OWASP CONTROL A03 - Injection WSTG-INPV-12 AFFECTED ENDPOINT - AFFACTED PARAMETER https://ciscoise.server/admin/rs/uiapi/mnt/tcpdump/Starthttps://ciscoise.server/admin/rs/uiapi/mnt/tcpdump/DeleteFile […]

Introduction Through the internal project called Saguri, we started with the analysis of the Cisco Identity Service Engine - 3.1.0.518-Patch3-22042809, the Cisco ISE is a useful tool in the management of one's own network and not only, it allows the implementation and application in a dynamic and automated way of security and 'management' policies, simplifying […]

Introduction Ransomware attacks have emerged as a predominant menace in recent years, with the strategies employed by malicious actors constantly evolving. Among the most effective and worrisome tactics is the "double extortion" model, which has rapidly gained popularity as a preferred business model for threat actors. Financially motivated perpetrators particularly favor the double extortion model, […]

Introduction In July 2022 the Yoroi advisory team, in the context of its internal project Saguri, started analysing the Cisco Identity Service Engine (ver. 3.1.0.518-Patch3-22042809).Cisco ISE is a network management tool which allows definition and implementation of security and management policies, which enable precise controls over who can access the network, what they have access […]

CERT Yoroi informa che a partire dalla giornata del 29/03/2023 è emersa la notizia della compromissione dell’applicativo desktop di 3CX VoIP, che ha scaturito un Supply Chain Attack. L’applicativo, seppur disponibile all’interno del sito web legittimo di 3CX, risulta contenere malware: una volta scaricato ed installato, farà partire in modo autonomo l’aggiornamento di se stesso, […]

Introduction It is concerning to learn about the increasing use of social engineering tactics to exploit users on social media platforms. Cybercriminals commonly disguise malware as games, music, software, and other media content to deceive users into downloading and installing malicious software on their devices. One such sophisticated stealer is DuckTail, which was first identified […]

Introduction In July 2022 the Yoroi advisory team, in the context of its internal project Saguri, started analysing the Cisco Identity Service Engine (ver. 3.1.0.518-Patch3-22042809).Cisco ISE is a network management tool which allows definition and implementation of security and management policies, which enable precise controls over who can access the network, what they have access […]

Introduction The vulnerability has been found during a security assessment on Netlink CCD Onboard version 3.74 and Firmware version 3.80.The Netlink CCD is an IoT control device with 3 DALI-compliant outputs and one LM-Bus interface for open-loop control of maximum 250 luminaires and motors. It can be operated locally or by using an external litenet […]

Introduction Red team operations are fundamental for achieving an adequate cybersecurity maturity level. So, many different C2 commercial frameworks were born to provide help in managing security tests. However, these technologies can be used at the same time even by attackers to make cyber intrusions. One of the most emblematic examples of this phenomenon is […]

CERT Yoroi informa che nella giornata del 19 Gennaio 2023 è stata rilasciata la patch risolutiva di tre vulnerabilità critiche RCE su Git; in particolare: CVE-2022-23521, CVE-2022-41903, CVE-2022-41953. Il team di Git evidenzia come le prime due vulnerabilità (CVE-2022-23521 e CVE-2022-41903) permettano ad un attaccante di eseguire codice arbitrario da remoto. La prima, in modo […]

Con la presente CERT-Yoroi intende informarla riguardo un nuovo attacco sul framework PyTorch, sul quale è stata scoperta una dipendenza malevola chiamata 'torchtriton', caricata sul registro registro Python Package Index (PyPI). Il nome era lo stesso di una libreria ufficiale pubblicata da PyTorch, una piattaforma di apprendimento automatico open source. Nell'importazione delle dipendenze in ambiente […]

La vulnerabilità identificata con il numero CVE-2022-42475 è una vulnerabilità di tipo heap buffer overflow presente in FortiOS SSL-VPN. Questa vulnerabilità può consentire a un attaccante non autenticato di eseguire codice o comandi arbitrari tramite richieste appositamente forgiate. La vulnerabilità è stata segnalata essere sfruttata in modo attivo. La vulnerabilità di buffer overflow di heap […]