The Tripwire Vulnerability Exposure and Research Team (VERT) keeps its finger on the cybersecurity pulse. Check out some of the stories that stood out for us recently:
Compromised Linux Endpoints can be isolated with Microsoft Defender
Microsoft Defender for Endpoint can now isolate compromised Linux environments. This can potentially mitigate the amount of data attackers could obtain from infected systems. The network isolation feature cuts off access to the network, but it allows Defender for Endpoint to continue monitoring the system. It is possible to “release from isolation” when the system has been remediated.
QNAP Code Injection Vulnerability
QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1 are subject to a code injection vulnerability. An attacker could inject code upon successful exploitation of this vulnerability. This flaw appears to be exploitable without user interaction or requiring privileges.
Vulnerable systems should be upgraded to QTS 184.108.40.2064 build 20221201 and later or QuTS hero h220.127.116.118 build 20221215 and later.
Atlassian Jira Service Management authentication bug
Jira Service Management is subject to an authentication vulnerability. An attacker could impersonate another user to gain access to the service. This issue affects Jira Service Manager 5.3.0 through 5.5.0. To exploit this issue, an attacker must obtain a signup token. This attack works against accounts that have never logged on. An attacker can acquire a signup token by interacting with a bot account, being included in a request, and receiving an email with a View Request link. To resolve this vulnerability, it is recommended that systems are upgraded to version 5.3.3, 5.4.2, 5.5.1, or 5.6.0.
ImageMagick Image Processing Utility is subject to multiple vulnerabilities
ImageMagick software is subject to a denial-of-service vulnerability. When adding a dash to a PNG file name (CVE-2022-44267), an attacker could cause a denial of service type condition. This vulnerability occurs because the dash makes ImageMagick read from standard input, forcing the process to wait forever for input.
ImageMagick software is subject to an information disclosure vulnerability. An attacker could potentially gain access to remote file content by using the method for the denial of service but referring to a valid file. ImageMagick will process that file and could embed the contents in the processed image.
Keep in Touch with Tripwire VERT
Want more insights from Tripwire VERT before our next cybersecurity news roundup comes out? Subscribe to our newsletter here.