Yoroi Blog

Proto: N020623 CERT Yoroi informa che recentemente è stato rilasciato un paper scientifico riguardante alcune vulnerabilità presenti all'interno del sistema di firme OOXML usate dai prodotti Microsoft.  OOXML è uno standard Ecma/ISO usato da tutte le più recenti versioni di Microsoft Office. Lo standard serve a garantire l’autenticità, l’integrità e la non ripudiabilità consentendo agli […]

CERT Yoroi informa che a partire dalla giornata del 08/06/2023 è emersa la notizia di uno 0-Day su dispositivi ESG (Email Security Gateway) relativi a Barracuda Networks identificata con la CVE ID CVE-2023-2868.  La vulnerabilità deriva dall’errata convalidazione dell'input fornito dall'utente dei file “.tar”. Di conseguenza, un utente malintenzionato remoto non autenticato può caricare codice […]

Introduction Initially three vulnerabilities were discovered, which are described here: Advisory Vulnerabilities CVE-2022-20964 – Command Injection – CWE-78 CVE-2022-20964 - Command Injection - CWE-78 PRODUCT LINE VERSION SCORE IMPACT Cisco Identity Services Engine 2.7 < 3.2 P1 CNA: 6.3NIST: 8.8 High OWASP CATEGORY OWASP CONTROL A03 - Injection WSTG-INPV-12 AFFECTED ENDPOINT - AFFACTED PARAMETER https://ciscoise.server/admin/rs/uiapi/mnt/tcpdump/Starthttps://ciscoise.server/admin/rs/uiapi/mnt/tcpdump/DeleteFile […]

Introduction Through the internal project called Saguri, we started with the analysis of the Cisco Identity Service Engine - 3.1.0.518-Patch3-22042809, the Cisco ISE is a useful tool in the management of one's own network and not only, it allows the implementation and application in a dynamic and automated way of security and 'management' policies, simplifying […]

Introduction Ransomware attacks have emerged as a predominant menace in recent years, with the strategies employed by malicious actors constantly evolving. Among the most effective and worrisome tactics is the "double extortion" model, which has rapidly gained popularity as a preferred business model for threat actors. Financially motivated perpetrators particularly favor the double extortion model, […]

Introduction In July 2022 the Yoroi advisory team, in the context of its internal project Saguri, started analysing the Cisco Identity Service Engine (ver. 3.1.0.518-Patch3-22042809).Cisco ISE is a network management tool which allows definition and implementation of security and management policies, which enable precise controls over who can access the network, what they have access […]

CERT Yoroi informa che a partire dalla giornata del 29/03/2023 è emersa la notizia della compromissione dell’applicativo desktop di 3CX VoIP, che ha scaturito un Supply Chain Attack. L’applicativo, seppur disponibile all’interno del sito web legittimo di 3CX, risulta contenere malware: una volta scaricato ed installato, farà partire in modo autonomo l’aggiornamento di se stesso, […]

Introduction It is concerning to learn about the increasing use of social engineering tactics to exploit users on social media platforms. Cybercriminals commonly disguise malware as games, music, software, and other media content to deceive users into downloading and installing malicious software on their devices. One such sophisticated stealer is DuckTail, which was first identified […]

Introduction In July 2022 the Yoroi advisory team, in the context of its internal project Saguri, started analysing the Cisco Identity Service Engine (ver. 3.1.0.518-Patch3-22042809).Cisco ISE is a network management tool which allows definition and implementation of security and management policies, which enable precise controls over who can access the network, what they have access […]

Introduction The vulnerability has been found during a security assessment on Netlink CCD Onboard version 3.74 and Firmware version 3.80.The Netlink CCD is an IoT control device with 3 DALI-compliant outputs and one LM-Bus interface for open-loop control of maximum 250 luminaires and motors. It can be operated locally or by using an external litenet […]

Introduction Red team operations are fundamental for achieving an adequate cybersecurity maturity level. So, many different C2 commercial frameworks were born to provide help in managing security tests. However, these technologies can be used at the same time even by attackers to make cyber intrusions. One of the most emblematic examples of this phenomenon is […]

CERT Yoroi informa che nella giornata del 19 Gennaio 2023 è stata rilasciata la patch risolutiva di tre vulnerabilità critiche RCE su Git; in particolare: CVE-2022-23521, CVE-2022-41903, CVE-2022-41953. Il team di Git evidenzia come le prime due vulnerabilità (CVE-2022-23521 e CVE-2022-41903) permettano ad un attaccante di eseguire codice arbitrario da remoto. La prima, in modo […]