Notable Recent Security Issues

Notable Recent Security Issues

  • 40 high-severity vulnerabilities included in June’s Patch Tuesday

Description: Microsoft released its monthly security update Tuesday, disclosing 55 vulnerabilities in the company’s firmware and software. One of these vulnerabilities is considered critical, 40 are listed as high severity, and the remainder is considered “moderate.” The most serious issue is CVE-2022-30136, a remote code execution vulnerability in the Windows Network File System (NFS) service, version NFSv4.1, with a severity score of near-maximum 9.8. An attacker can exploit the vulnerability over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to execute remote code. To mitigate this vulnerability, users are advised to disable the vulnerable version NFSV4.1 and restart the NFS server or reboot the machine. Microsoft SharePoint server contains a remote code execution vulnerability, CVE-2022-30157, with a severity score of 8.8.


Snort SIDs: 59967, 59968, 59971 and 59972

Snort 3 SIDs: 300201 and 300202

  • Symbiote malware can remain undetected on Linux machines

Description: A new Linux malware that can go undetected on infected machines is being used to target the financial sector in Latin America. Once the “Symbiote” malware infects the machine, it hides itself, making infections hard to detect. If successful, the malware provides a backdoor for the threat actor and allows them to log in as any user on the machine with a hardcoded password. They can also execute arbitrary code on the infected machine with the highest privileges. Because of its stealth, security researchers are unaware how widespread the campaign currently is and are unsure if it can even be detected by conventional security software.


Snort SIDs: 59957, 59958

Interesting News from Around The Security Community 

  • A vulnerability in Tesla’s NFC cards could give an attacker their own personal key to affected cars through a Bluetooth LowEnergy attack.

  • A proposed bill in Canada would give the country’s federal government more power to compel companies in certain sectors to improve their cybersecurity capabilities.

  • iOS 16 for iPhone devices will include standalone, automatic security updates and will not require users to install a new version of the operating system to implement.

  • The recent Conti ransomware attack against the Costa Rican government highlights a new phase of ransomware campaigns targeting national governments.

  • Attackers are actively targeting Microsoft Exchange Servers to spread the BlackCat ransomware.

  • Microsoft fixed the high-profile Follina vulnerability this month as part of its cumulative Windows Updates.

Recent Vulnerabilities with Available Exploits 

This is a list of recent vulnerabilities for which exploits are available. System administrators can use this list to help in prioritization of their remediation activities. The Qualys Vulnerability Research Team compiles this information based on various exploit frameworks, exploit databases, exploit kits and monitoring of internet activity.

ID: CVE-2021-34079                          

  • OS Command injection vulnerability in Mintzo Docker-Tester

Description: docker-tester is a Start a testing environment with a docker-compose file and verify it’s up before running tests.

Affected versions of this package are vulnerable to Command Injection via shell meta-characters in the ‘ports’ entry of a crafted docker-compose.yml file.

CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

ID: CVE-2021-34080                

  • OS Command Injection vulnerability in es128 ssl-utils

Description: ssl-utils is a Node.js utility for SSL certificates using OpenSSL (generating, verifying, etc.).

Affected versions of this package are vulnerable to Remote Code Execution (RCE) via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.

CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

ID: CVE-2021-34082                        

  • OS Command Injection vulnerability in allenhwkim proctree

Description: proctree is a Retrieve or display process tree. 

OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsensitized shell metacharacters provided to the createCertRequest() and the createCert() functions.

CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

ID: CVE-2021-34084                        

  • OS command injection vulnerability in Turistforeningen node-s3-uploader

Description: s3-uploader is a Flexible and efficient image resize, rename, and upload to Amazon S3 disk storage. Uses the official AWS Node SDK, im-resize, and im-metadata for image processing. OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.

CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Most Prevalent Malware Files June 9-16, 2022

SHA 256: e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934

MD5: 93fefc3e88ffb78abb36365fa5cf857c


Typical Filename: Wextract

Claimed Product: Internet Explorer

Detection Name:

SHA 256: 125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645 

MD5: 2c8ea737a232fd03ab80db672d50a17a 


Typical Filename: LwssPlayer.scr 

Claimed Product: ????????? 

Detection Name: Auto.125E12.241442.in02

SHA 256: e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c

MD5: a087b2e6ec57b08c0d0750c60f96a74c


Typical Filename: AAct.exe

Claimed Product: N/A 

Detection Name: PUA.Win.Tool.Kmsauto::1201

SHA 256: b2ef49a10d07df6db483e86516d2dfaaaa2f30f4a93dd152fa85f09f891cd049

MD5: 067f9a24d630670f543d95a98cc199df


Typical Filename: RzxDivert32.sys

Claimed Product: WinDivert 1.4 driver

Detection NameW32.B2EF49A10D-95.SBX.TG

SHA 256: c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0

MD5: 8c69830a50fb85d8a794fa46643493b2


Typical Filename: AAct.exe

Claimed Product: N/A

Detection Name: PUA.Win.Dropper.Generic::1201

@ The information contained in this newsletter, including any external links, is provided “AS IS,” with no express or implied warranty, for informational purposes only. Original Info come from SANS Institute

More To Explore

Red Hat Security Advisory 2023-3304-01

Red Hat Security Advisory 2023-3304-01 – Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private

We can help improve your Business

Ensure your Organization Assets are well  protected in front of the Cyber Attacks

Delivery Workflow

Register for Free and get your test done withn 24 to 48 hours

See Workflow

Sample Report

Here is a sample report of a Security Testing Engagement

See Sample Report PDF

Work Request

Order your security test and Get Your Report

Get Your Test Report

1. Client Onboarding

Access to all of Cyber Legion's services is provided through the Web Secure Client Portal. To create a Free account, you can sign up through the portal, or contact the Cyber Legion team and they will set up an account for you.

2. NDA , Agreements & Digital Signature

The integration of Digital Signature in our Web Client Portal allows us to legally sign all necessary documents and agreements, enabling us to carry out security assessments on targeted systems.

3. Submit Work Request

Our pricing structure is adaptable to meet the needs of all clients. By filling out the Work Request Form, you can select from pre-existing services or request a personalized proposal.

The Cyber Legion team will acknowledge your order, set up a project in your account, and proceed with the testing and delivery.

4. Security Testing & Report

We meet agreed upon SLAs and follow security testing framework checklists. Based on our commitment, our team of engineers will utilize all of our tools, automation, and testing capabilities to achieve the objectives.

Within the agreed upon timeframe, you will receive a report on the security test that was conducted, including the results, recommendations, and references for addressing any identified issues.

5. Retesting & Validation of Remediation

We not only identify potential threats, risks, and vulnerabilities, but also provide detailed recommendations for resolution. To ensure complete remediation, we offer complimentary retesting and a range of ongoing security testing options for continued vulnerability detection and verification.