Unprecedented numbers of DDoS attacks since February are the result of hacktivists' cyberwar against Russian state interests, researchers say.

The first quarter of 2022 saw a 46% increase in distributed denial-of-service (DDoS) attacks over Q4 2021, which a new report attributes to a community of "hacktivists" intent on disrupting Russian state interests in retaliation for the Ukraine invasion. 

The report, by security vendor Kaspersky, notes that the volume of DDoS attacks was already historically high, but the first months of 2022 saw more targeted and innovative activity than previously seen. The DDoS attacks also persisted for much longer than previously recorded, with the average DDoS session lasting 80 times longer than during the last months of 2021. 

The report points to one instance from the past quarter where attackers set up a site similar to a popular puzzle game called "2048" to make launching attacks on Russian sites more like a game to recruit others to launch additional attacks. 

"In Q1 2022 we witnessed an all-time high number of DDoS attacks," said Alexander Gutnikov, security expert at Kaspersky, in a statement. "The upward trend was largely affected by the geopolitical situation. What is quite unusual is the long duration of the DDoS attacks, which are usually executed for immediate profit. Some of the attacks we observed lasted for days and even weeks, suggesting that they might have been conducted by ideologically motivated cyberactivists."

Gutnikov pointed out that the report found most organizations were unprepared to defend against DDoS attacks.  

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Ukraine Invasion Driving DDoS Attacks to All-Time Highs

UltraDNS Terraform Provider enhances productivity, change management.

**Sterling, Virginia – April 21, 2022** – Neustar Security Services, a leading provider of cloud-oriented security services that enable global business to thrive online, has launched an integration with Terraform, an open-source infrastructure-as-code software tool created by HashiCorp. The new integration, UltraDNS Terraform Provider, enables DevOps teams to provision DNS changes when applications are deployed to realize enhanced productivity during that deployment.

Integrating UltraDNS into the Terraform ecosystem enhances Neustar Security Services’ capability to deliver a platform that provides speed, stability and extensibility when managing DNS. The new integration supports DNS standard and advanced records, including features such as SiteBacker, Simple Monitor/Failover, Simple Load Balancing and Traffic Controller. Available to DevOps teams on the Terraform registry, UltraDNS Terraform Provider includes four categories, 11 resources, 11 data sources, 94 self-check modules and 37 help files.

“As IT infrastructure has grown increasingly complex, so too has the task of managing DNS strategy,” said Enrique Somoza, director of product management with Neustar Security Services. “UltraDNS’s integration with Terraform enhances our customers’ velocity to accurately deploy, manage and automate DNS updates across complex cloud environments.”

The integration will allow Neustar Security Services to enable its customers’ application of Terraform across different use cases and environments.

“This latest integration reflects Neustar Security Services’ commitment to listening to and addressing the evolving needs of its customers, particularly those who use Terraform to define, build and version infrastructure safely and efficiently,” added Somoza.

Neustar Security Services’ UltraDNS integration with Terraform provides a compelling solution for DevOps managers, who can learn more about technical details here.

**About Neustar Security Services**  
The world’s top brands depend on Neustar Security Services to safeguard their digital infrastructure and online presence. Neustar Security Services offers a suite of cloud-delivered services that are secure, reliable, and available to enable global businesses to thrive online. The company’s Ultra Secure suite of solutions protects organizations’ networks and applications against risks and downtime, ensuring that businesses and their customers enjoy exceptional interactions all day, every day. Delivering the industry’s best performance service, Neustar Security Services’ mission-critical security portfolio provides best-in-class DNS, application and network security (including DDoS, WAF and bot management) services to its Global 5000 customers and beyond. For more information, visit https://neustarsecurityservices.com/.

Neustar Security Services’ UltraDNS Integrates Terraform for Streamlined, Automated DNS Management

Comcast Business mitigated 24,845 multi-vector DDoS attacks in 2021, a 47 percent increase over 2020.

**PHILADELPHIA – APRIL 20, 2022 –** Comcast Business today published results from its 2021 Comcast Business DDoS Threat Report. The report provides an overview of the Distributed Denial of Service (DDoS) attack landscape, trends experienced by Comcast Business customers and insights for measuring and mitigating risks. The report found that mulit-vector DDoS attacks targeting Layers 3, 4, and 7 simultaneously represent a 47 percent increase from the record number set in 2020.

“DDoS attacks, when they occur, can be costly and difficult to defend. The risk of losing network, server and application availability is higher than ever,” said Shena Seneca Tharnish, Vice President, Cybersecurity Products, Comcast Business. “With threat actors constantly innovating, organizations must stay vigilant to help protect their infrastructure from bad actors determined to cause financial and reputational damage."

The report indicates that 2021 was another record year for DDoS attacks, as Comcast Business DDoS Mitigation Services successfully identified and helped defend 24,845 multi-vector attacks targeting Layers 3,4, and 7 simultaneously. Overall, 69 percent of Comcast Business customers experienced DDoS attacks, a 41 percent increase over 2020, while 55 percent were targets of mulit-vector attacks, as opposed to in 2020 where most customers experienced single vector attacks.

The data also shows that DDoS attackers were indiscriminate and persistent as no verticals were spared and everyone was fair game – from tow truck drivers to churches, government, utilities, IT companies, online gambling sites, and manufacturing operations. However, the healthcare and education sectors remain favorite targets.

Seventy-three percent of all multi-vector attacks targeted the education, finance, government and healthcare sectors, likely due to vulnerabilities brought on by the COVID-19 pandemic. Threat actors also used industry-specific seasonal trends and activities to guide attacks and maximize impact.

Attacks on education customers followed the cadence of a typical school year, starting strong in January before taking a significant dip over the summer when schools were out, while the financial sector experienced a 3X uptick in attacks during November and December compared to the rest of the year.

Other key findings from the 2021 Comcast Business DDoS Threat report include:

· Attacks on information technology customers grew steadily, ending the year at 10X the January numbers.

· 98 percent of all multi-vector attacks were under 5 Gbps, as bad actors often strike at low volumes to avoid detection, degrade site performance and map out network vulnerabilities for reconnaissance.

· 69 percent of all multi-vector attacks lasted under 10 minutes, as short duration attacks are harder to detect and give IT organizations less time to respond, quickly overwhelming defenses.

· The number of vectors deployed in a single multi-vector attack increased from five to 15, while the number of amplification protocols used in multi-vector attacks increased from three to nine.

· 99 percent of customers experienced repeat attacks, while the largest and most severe attack was delivered at a rate of 242 Gbps.

The 2021 Comcast Business DDoS threat report focuses on multi-vector attacks that target Layers 3, 4, and 7 simultaneously. To download the report, please visit: https://business.comcast.com/community/browse-all/details/2021-comcast-business-ddos-threat-report

Comcast Business 2021 DDoS Threat Report:  DDoS Becomes a Bigger Priority as Multivector Attacks are on the Rise

The Russian government is ratcheting up malicious cyberattacks against critical infrastructure in countries supporting Ukraine.

The US, Australia, Canada, New Zealand, and the UK today issued a detailed joint advisory on the increased risk of cyberattacks out of Russia — both nation-state espionage and cybercriminal activity.

The advisory, issued by the Cybersecurity and Infrastructure Security Agency (CISA), warns that Russia's invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity and that the Russian government is actively trying to use cyberattacks against global organizations as a weapon in its war on Ukraine.

Security teams, including those with critical infrastructure providers in the US and beyond, need to prepare for these threats and shore up their defenses against malware, ransomware, distributed denial-of-service (DDoS) attacks, and cyber espionage. The Russian government is attempting to use cyberattacks in retaliation for sanctions as well as support being provided to the Ukraine defense efforts, according to the advisory.

Cybercrime groups have "threatened to conduct cyber operations against countries and organizations providing materiel support to Ukraine," according to the advisory. "Other cybercrime groups have recently conducted disruptive attacks against Ukrainian websites, likely in support of the Russian military offensive."

In a related development, CISA Director Jen Easterly today also announced the addition of a number of industrial control systems (ICS) companies have now joined the Joint Cyber Defense Collaborative (JCDC), a CISA initiative of government and private industry experts to coordinate on US cyber-defense operation plans for protecting and responding to cyberattacks and threats. Members of the JCDC co-authored the joint advisory CISA published today with its international partners.

The new ICS vendors include Bechtel, Claroty, Dragos, GE, Honeywell, Nozomi Networks, Schneider Electric, Schweitzer Engineering Laboratories, Siemens, and Xylem, among others. 

 "As the destruction or corruption of these control systems could cause grave harm, ensuring their security and resilience must be a collective effort that taps into the innovation, expertise, and ingenuity of the ICS community," Easterly said in her announcement of the JCDC news during the ICS conference S4x22 in Miami. "I’m excited to leverage our evolving JCDC platform to enable us to plan, exercise, and collaborate with industry leaders to drive down risk to the systems and networks we depend on so greatly as a nation.”

CISA, Australia, Canada, New Zealand, & UK Issue Joint Advisory on Russian Cyber Threats

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.

**Cloud Cyber Security PlatformEuropean Cyber Research TeamThreat Intelligence PlatformThe Cyber Security Partner**

La piattaforma di Security Testing e Threat Intelligence e il Cyber Competence Center di Swascan per il Cyber Security Framework Aziendale.  
Sicurezza Predittiva. Sicurezza Preventiva. Sicurezza Proattiva.

Prova il Free Trial

![](https://www.swascan.com/wp-content/uploads/2022/03/awards.png)

**In evidenza**

**Webinar - Cloud Security: dalla teoria alla pratica**

La Cloud security nel framework aziendale. Non perderti il prossimo Webinar Swascan il prossimo 27 aprile dalle 12:00 alle 13:00

Iscriviti

**Cyber Defense: Security e Data Protection in azienda**

Un Corso, affidato ai migliori esperti cyber, che sposa casi reali e LAB tecnici d’eccellenza, con l’obiettivo di supportare i corsisti nella gestione della Sicurezza Informatica. Registrati al corso e frequenta le lezioni a partire dal 03 Giugno 2022.

Scopri di più

**Cyber Risk Indicators: Infrastrutture critiche Italia**

ll servizio di Cyber Risk Indicators determina e misura il potenziale rischio cyber del settore oggetto di analisi, per il mese di febbraio abbiamo preso in esame il livello di esposizione al rischio cyber delle infrastrutture critiche italiane.

Scopri di più

![](https://www.swascan.com/wp-content/uploads/2022/03/CyberSecurity-Framwork-ita.png)

**Cyber Security Framework**

Il Cyber Security Framework è il fondamento della postura di sicurezza della tua azienda. Un insieme di processi e tecnologie che operano all’unisono per ridurre al minimo l’esposizione al rischio cyber. Si fonda sulla sicurezza predittiva, preventiva e proattiva.

**Sicurezza Predittiva**

La Sicurezza Predittiva opera a livello di Threat Intelligence. Attraverso l’analisi di fonti OSINT e CLOSINT, a livello di Web, Dark Web e Deep Web identifica minacce, rischi e informazioni relativi all’azienda target. La Sicurezza Predittiva permette di anticipare le criticità impostando correttamente la sicurezza preventiva e proattiva.

**Sicurezza Preventiva**

La Sicurezza Preventiva agisce in termini di Analisi del Rischio tecnologico, umano e di processo. Attività che rientrano negli obblighi legislativi e in termini di best practice internazionale. Le attività fanno riferimento a penetration test, vulnerability assessment, ransomware attack simulation, phishing simulation, formazione, CIS, NIST, ISO27001, GDPR Assessment.

**Sicurezza Proattiva**

La Sicurezza Proattiva permette l’adozione degli approcci relativi alla security by detection e alla security by reaction. Attraverso l’adozione di security operation center (SOC) permette di monitorare, identificare, analizzare, gestire e bloccare eventuali minacce in essere all’interno dell’azienda. La componente incident response management garantisce la corretta gestione degli incidenti aziendali attraverso l’utilizzo di Team specializzati e competenti.

Scopri i nostri servizi

![](https://www.swascan.com/wp-content/uploads/2022/03/home1.png)

**La Piattaforma di Swascan**

Swascan è la prima suite interamente in Cloud di Security Testing e Threat Intelligence: scopri tutti i servizi disponibili ora!

Domain Threat Intelligence

Cyber Threat Intelligence

Phishing Attack Simulation

Smishing Attack Simulation

Prova il Free Trial

**Cyber Security Competence Center**

**Cyber Incident Response**

Un Cyber team dedicato di pronto intervento Cyber per la gestione di Cyber Incident, attacchi DDOS, Data Breach e Attacchi Ransomware.

**Soc as a Service**

Il servizio dedicato di Monitoring & Early Warning di Swascan per la corretta gestione della sicurezza proattiva e sicurezza preventiva.

**Penetration Test**

Le attività di Penetration Test sono svolte Penetration Tester certificati e in linea con gli standard internazionali OWASP, PTES e OSSTMM.

**GRC Management**

Servizi di Security Advisory  a livello consulenziale e a livello operativo per supportare i clienti nei piani di remediation, gestione della Cyber Security, Compliance Management e Risk Management.

**Cyber Academy**

Corsi di formazione dedicati di Cybersecurity in aula o tramite Webinar. Attività di Awareness per il personale tecnico, per i dipendenti e per i Top Manager.

**Cloud Security**

Un Cyber Competence Center dedicato al mondo Cloud per le attività di governance, supporto e tutela dell’ intero insieme di tecnologie, protocolli e best practice degli ambienti cloud computing.

![](https://www.swascan.com/wp-content/uploads/2022/03/home2.png)

**24/7 Cyber Security Operation Center**

Un team dedicato nell’attività di Sicurezza Proattiva e Reattiva delle minacce informatiche sulle reti locali, ambienti cloud, applicazioni ed endpoint aziendali. Il nostro team di Security Analyst monitora i dati e le risorse, H24, 7 giorni su 7 per 365 giorni all’anno.

Threat Detection & Analysis

Valutazione minacce e vulnerabilità

Endpoint detection and response (EDR)

Network detection response

Event Correlation / Log Management

**Penetration Testing**

Il team offensive di Swascan è certificato ISO27001 e ISO9001  
Tutte le attività rispettano gli standard OWASP, PTES e OSSTMM.

![](https://www.swascan.com/wp-content/uploads/2022/03/home3.png)

**Cyber Academy**

Nella sicurezza informatica sono indubbiamente i comportamenti umani a fare la differenza, prima ancora che la tecnologia.  
La nostra Cyber Academy offre una vasta gamma di percorsi formativi strutturati per rispondere a differenti livelli di esperienza e di specializzazione tecnica.

Scopri i nostri Corsi

![](https://www.swascan.com/wp-content/uploads/2022/03/home4.png)

**Cyber Threat Intelligence**

Il servizio di Cyber Threat Intelligence di Swascan ha lo scopo e l’obiettivo di individuare le eventuali informazioni pubbliche disponibili a livello Web, Dark Web e Deep Web relative ad un determinato target. L’attività prevede la raccolta e l’analisi delle informazioni relative ad una serie di macro aree critiche quali:

Domain Threat Intelligence

**Diventa Partner Swascan**

Scopri di più sullo Swascan Partner Program, grazie al quale i nostri partner servono al meglio i clienti, forniscono soluzioni rapide e ne promuovono la crescita.

Scopri il Partner Program

CVE-2022-27104: Home - Swascan

Over half of organizations admit their security and compliance controls for managing sensitive content communications—both internally and externally—are inadequate.

PALO ALTO, Calif., April 19, 2022 (GLOBE NEWSWIRE) -- Kiteworks, the leading platform for ensuring regulatory compliance and effectively managing risk with every send, share, receive, and save of sensitive content, found in its “2022 Sensitive Content Communications Privacy and Compliance Report” that more than half of organizations believe they are inadequately protected against third-party security and compliance risks. The report attributes various reasons for this lack of preparedness, including 53% failing to encrypt all sensitive content communications with third parties, 58% lacking content governance controls to measure third-party risk, and nearly 8 out of 10 believing their compliance reports are not completely accurate.  

Findings in the Sensitive Content Communications Privacy and Compliance Report are based on a survey of 400 IT, security, privacy, and compliance professionals from numerous industries and 15 different countries around the world. In addition to struggling to manage security and compliance risks efficiently and effectively, respondents indicated they spend significant time on manual tasks related to key management and encryption/decryption, governance controls, and compliance reporting.

“Nation-states and cybercriminals know that confidential, private data holds great value, and studies show that it is increasingly the target of cyberattacks,” said Tim Freestone, Chief Strategy Officer at Kiteworks. “At the same time, regulatory bodies see these trends and have instituted, and continue to do so, standards that help protect sensitive content. This report reveals that many organizations are ill-equipped to deal with the sophistication and volume of today’s cyberattacks as well as the breadth of compliance standards when it comes to sharing and storing sensitive content. This lack of maturity creates significant security and compliance risk exposures.”

In addition to the above findings, notable admissions in the report include:

*   Nearly two-thirds of organizations share and transfer confidential data with more than 1,000 third-party entities, including one-third that do so with over 2,500 third parties.
*   41% of organizations want to see significant improvement or even a whole new approach to managing sensitive content communications.
*   59% of organizations cited distributed denial of service (DDoS), malware, and ransomware in their top two concerns for external threats.
*   Only 21% of organizations believe their compliance reports are fully accurate.
*   Almost 8 in 10 organizations spend 20-plus hours compiling audit trails and generating reports.
*   Only 14% of organizations manage and monitor all their sensitive communications taking place in the cloud.

“The Kiteworks platform provides our customers with a Private Content Network that delivers a comprehensive security and compliance approach for sharing and storing sensitive content communications,” said Frank Balonis, CISO and SVP of Operations at Kiteworks. “Granular audit controls and reporting to the level of user, folder, and file, and capabilities such as geofencing and encryption for data at rest and in motion enable our customers to protect all of their sensitive content communications while remaining compliant with a long list of regulatory standards.”

To read the 2022 Sensitive Content Communications Privacy and Compliance Report, download your copy here. You can also register to hear a panel of privacy and compliance experts discuss the findings and pinpoint actionable recommendations in a webinar scheduled for April 13 at 10 a.m. PT.

**About Kiteworks**   
Kiteworks' mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. The Kiteworks platform provides customers with a Private Content Network that delivers content governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications.

New Kiteworks Report Reveals Significant Risk Maturity Gap

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.

Valid

Reported on

May 13th 2021

**✍️ Description**

heap-buffer-overflow of decctx.cc in function read\_sps\_NAL

**🕵️‍♂️ Proof of Concept**

Verification steps： 1.Get the source code of Bento4 2.Compile the Bento4

    $ ./autogen.sh
    $ export CFLAGS="-g -lpthread -fsanitize=address"
    $ export CXXFLAGS="-g -lpthread -fsanitize=address"
    $ CC=clang CXX=clang++ ./configure --disable-shared
    $ make -j 32
    

3.run

    $./dec265 poc
    

**💥 Impact**

This vulnerability is capable of DDOS or code execution

Fixed in 8e89fe0e175d2870c39486fdd09250b230ec10b8

@farindk - thanks for the information. Would you be able to approve and confirm the fix using the action buttons in the drop-down section above?

Dirk Farin validated this vulnerability 10 months ago

RouX has been awarded the disclosure bounty

The fix bounty is now up for grabs

This vulnerability will not receive a CVE

to join this conversation

Fixed in 8e89fe0e175d2870c39486fdd09250b230ec10b8

@farindk - thanks for the information. Would you be able to approve and confirm the fix using the action buttons in the drop-down section above?

Dirk Farin validated this vulnerability 10 months ago

RouX has been awarded the disclosure bounty

The fix bounty is now up for grabs

This vulnerability will not receive a CVE

to join this conversation

CVE-2022-1253: Heap-based Buffer Overflow in libde265

Valid

Reported on

May 13th 2021

**✍️ Description**

heap-buffer-overflow of decctx.cc in function read\_sps\_NAL

**🕵️‍♂️ Proof of Concept**

Verification steps： 1.Get the source code of Bento4 2.Compile the Bento4

    $ ./autogen.sh
    $ export CFLAGS="-g -lpthread -fsanitize=address"
    $ export CXXFLAGS="-g -lpthread -fsanitize=address"
    $ CC=clang CXX=clang++ ./configure --disable-shared
    $ make -j 32
    

3.run

    $./dec265 poc
    

**💥 Impact**

This vulnerability is capable of DDOS or code execution

![](https://avatars.githubusercontent.com/u/968944?v=4)

Fixed in 8e89fe0e175d2870c39486fdd09250b230ec10b8

![](https://avatars.githubusercontent.com/u/55323451?v=4)

@farindk - thanks for the information. Would you be able to approve and confirm the fix using the action buttons in the drop-down section above?

![](https://avatars.githubusercontent.com/u/968944?v=4)

Dirk Farin validated this vulnerability 3 days ago

RouX has been awarded the disclosure bounty

The fix bounty is now up for grabs

![](https://avatars.githubusercontent.com/u/968944?v=4)

to join this conversation

![](https://avatars.githubusercontent.com/u/968944?v=4)

Fixed in 8e89fe0e175d2870c39486fdd09250b230ec10b8

![](https://avatars.githubusercontent.com/u/55323451?v=4)

@farindk - thanks for the information. Would you be able to approve and confirm the fix using the action buttons in the drop-down section above?

![](https://avatars.githubusercontent.com/u/968944?v=4)

Dirk Farin validated this vulnerability 3 days ago

RouX has been awarded the disclosure bounty

The fix bounty is now up for grabs

![](https://avatars.githubusercontent.com/u/968944?v=4)

to join this conversation

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.

On 14 Dec 2021, we have reported a vulnerability (CVE-2021-45040) for the Spatie media-library-pro library. In short, the Spatie media-library-pro library through 1.17.10 & 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.

**Introduction**

Media Library Pro is a paid add-on package for Spatie Laravel Media Library. Laravel Media Library Pro intended to solve file upload challenges for PHP developers by providing a convenient “Temporary Upload” function and frontend package for Blade, Livewire, React, and Vue.

The “Temporary Upload” function of Media Library Pro also provides a route macro “Route::mediaLibrary()” which will register a route at “media-library-pro/uploads”. This is the default URI endpoint but can be changed by the developer. It accepts POST requests to upload files and store the uploaded files inside a temporary directory. However, this route Marco has **NO authentication enabled by default** for Laravel API-style design.

This temporary upload route accepts 3 POST parameters including **uuid**, **name**, and **file**:

*   **uuid** is a random string in this format: c46c4540-5803-11ec-970b-00155d4e8236, and it is possible to generate a random uuid using Linux command “uuid”
*   **name** represents the file name which is an arbitrary string
*   **file** is the actual file to be upload.

**Unauthenticated Arbitrary File Upload concern (CVE-2021-45040)**

After a successful POST request to the route “media-library-pro/uploads”, a JSON payload including “**original\_url**” string will be returned. Therefore, the user can directly access this file. If the server is not hardened properly, this approach opened up the possibilities and lets the attacker upload a web shell because there is no filtering of file type/extension at the temporary upload stage.

**Other concerns**

In addition to the above “unauthenticated arbitrary file upload” issue, there is a lack of file name length protection and rate-limiting which may also open possibilities of DDoS attack or other potential issues.

Furthermore, the Media Library Pro library is a PHP software library that may be included by the other software or website, it may impact some of the website or other software packages. Therefore, it can also be classified as **Supply**–**Chain vulnerability**.

**Simulation environment for CVE-2021-45040**

Below are some components to simulate a vulnerable environment (CVE-2021-45040):

*   Laradock / XAMPP
*   composer – PHP package management tools
*   Laravel Media Library
*   Subscription of Laravel Media Library Pro
*   Postman
*   A PHP Webshell (e.g. wwwolf’s PHP web shell) – wwwolf’s PHP web shell is certaintly a good one, but Windows Defender treat it as malware. You can also try our modified version of PHP webshell here, which can evade Window Defender as of this writing.

Below are instructions to setup the simulate a vulnerable environment. Firstly, we need to create a basic project skeleton:

    composer create-project --prefer-dist laravel/laravel laravel8_medialibrarypro

Then, we need to install Laravel media Library, generate corresponding configuration and perform database migration. A complete documentation is available here.

    cd laravel8_medialibrarypro/
    composer require "spatie/laravel-medialibrary:^9.0.0"
    php artisan vendor:publish --provider="Spatie\MediaLibrary\MediaLibraryServiceProvider" --tag="migrations"
    php artisan migrate
    php artisan vendor:publish --provider="Spatie\MediaLibrary\MediaLibraryServiceProvider" --tag="config"

Before proceed the following instructions, we need to configure the repository and add license, you can refer to the documentation here. Then, we can proceed to install Laravel media library pro and generate its configuration.

    composer require spatie/laravel-medialibrary-pro
    php artisan vendor:publish --provider="Spatie\MediaLibraryPro\MediaLibraryProServiceProvider" --tag="media-library-pro-migrations"

Next, we can add the route and run the service:

    echo 'Route::mediaLibrary();' to routes/web.php
    php artisan serve

If everything is setup correctly, you will be able to upload webshell PHP file to the server, and able to check the value of “original\_url”.

![CVE-2021-45040 postman upload](https://i0.wp.com/cybersecthreat.com/wp-content/uploads/2022/03/CVE-2021-45040_postman_upload.png?resize=1024%2C571&ssl=1)

CVE-2021-45040 Postman upload screen

Finally, we can access the webshell and run arbitrary command as the user of web service.

![CVE-2021-45040 webshell](https://i0.wp.com/cybersecthreat.com/wp-content/uploads/2022/03/CVE-2021-45040_webshell.png?resize=1024%2C467&ssl=1)

CVE-2021-45040 webshell screen

**Solution**

In this section, we will cover some possible solutions for CVE-2021-45040.

If you are using Apache or Nginx, you can limit attacker execute the PHP webshell using configuration directives:

*   Nginx Location directives
*   Apache Directory/Location directives

We will also discuss a another approach for each problems, but you need to do more customization:

**Unauthenticated upload**

Do not use Route macro, and add “auth:api” middleware. You may refer to following sample:

    Route::post('media-library/uploads', TemporaryUpload::class)
        ->name('media-library-uploads')
        ->middleware(['auth:api'])

**User able to upload any kind of files**

Adapt your new controller class, and perform validation.

**User can directly access the original file**

Extend TemporaryUpload model, force image conversion, and delete the original file.

**Original file name is returned in Json response**

Extend Media model, and override the getOriginalUrlAttribute function to return converted file.

**Predicatable path may allow brute-forcing**

Extend the file\_namer & path\_generator class to generate non-predictable path. One thing to note is that you cannot generate random path or filename.

**Rate-Limiting**

Add a new middleware using RateLimiter.

**Summary**

To summarize, the default implementation and documentation of Laravel medialibrary-pro allow “Unauthenticated Arbitrary File Upload” which may lead to uploading a PHP web shell, and potentially take over the entire system. We have discussed some possible solutions, and some best practices when designing file upload functions for a web application.

**Full Disclosure URL:**

https://seclists.org/fulldisclosure/2022/Mar/15

**Updated on 16 Mar 2022:**

Laravel Media Library Pro teams are working on a fix.

CVE-2021-45040: CVE-2021-45040

Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.

*   Security Overview
*   Features
*   Practices
*   Compliance
*   Legal

**Your Computers, Network, and Data are Safe**

Splashtop has been committed to offering secure remote access solutions since 2006. Today, we power over 200K businesses and 30 million end users around the world, including large banks, law enforcement, government agencies, local governments, and government contractors.

With Splashtop remote access software, you can rest assured knowing your data is safe.

![Your Computers, Network, and Data are Safe](https://www.splashtop.com/wp-content/uploads/security-image.jpg)

![Standards and Compliance](https://www.splashtop.com/wp-content/uploads/standard-and-compliance-icon.svg)

Standards and Compliance

Splashtop remote access and remote support solutions comply with or support compliance with the industry and government standards and regulations that you adhere to. Splashtop is GDPR and SOC 2 compliant. Splashtop also supports HIPAA, FERPA, PCI, and many other industry compliances. Learn more about Splashtop compliance.

![Advanced Security Features](https://www.splashtop.com/wp-content/uploads/security-compliance-new.svg)

Advanced Security Features

Splashtop solutions are built to give IT full control over securing the data while giving users the flexibility to access it from anywhere. Features include two-factor authentication, multi-level password security, blank screen, screen auto-lock, session idle timeout, remote connection notification, logging, and much more! Learn more about Splashtop’s security features.

![Security Infrastructure](https://www.splashtop.com/wp-content/uploads/cloud.svg)

Security Infrastructure

Our Cloud infrastructure is hosted on Amazon Web Services (AWS) which provides a secure network and computing environment, including but not limited to firewalls at network, application and instance layer, data encryption, DDoS mitigation etc. Learn more about Splashtop’s security practices. Read the Splashtop Cloud Security White Paper.

![Intrusion Prevention](https://www.splashtop.com/wp-content/uploads/intrusion-protection-icon.svg)

Intrusion Prevention

We have intrusion detection and defense mechanisms for our production environment running 24×7. We have adopted industry best practices when building our Cloud application stacks to ensure security is enforced and instances are fortified. Learn more about Splashtop’s security practices.

![App Security](https://www.splashtop.com/wp-content/uploads/app-security-icon.svg)

App Security

On endpoint devices, we have multiple levels of security protection, including mandatory device authentication and optional two-factor-authentication and security code. All remote sessions are protected with TLS (including TLS 1.2) and 256-bit AES encryption. Learn more about Splashtop’s security practices.

![Endpoint Security](https://www.splashtop.com/wp-content/uploads/endpoint-security-icon.svg)

Endpoint Security

You can ensure that your managed endpoints are protected. View endpoint security protection status for Windows computers running Bitdefender, Windows Defender, Kaspersky, and more. Purchase, deploy and manage Bitdefender endpoint security technology through Splashtop Remote Support.

![Single Sign-On Integration (SSO)](https://www.splashtop.com/wp-content/uploads/single-sign-on-new.svg)

Single Sign-On Integration (SSO)

Take advantage of the Splashtop SSO integration to have your users authenticate their Splashtop account using a centralized SSO user ID and password. Support available for Okta, Azure AD, ADFS, JumpCloud, OneLogin, Workspace ONE, G-Suite, and TrustLogin. SSO is available in Splashtop Enterprise. Learn more about Splashtop SSO.

**Why Security is Our Priority**

Cybersecurity has become the biggest challenge faced by today’s IT professionals and MSPs. We take this seriously, which is why we’ve made security our top focus since day one. We work hard to ensure that our customers can trust our ability to protect their data and privacy.

That is why we invest millions every year to continually improve our infrastructure and security measures. We constantly scan our products to ensure their integrity, and we work with top-notch security firms to conduct audits regularly. We also formed our own Security Advisory Council to help guide Splashtop in achieving our rigorous security and compliance goals.

Security is something that is never ‘done’; it’s a constant effort to keep up with ever-evolving threats. We owe it to our current and future customers to do everything in our power to make Splashtop’s remote access and remote support offerings as secure as they can be.

**Security Feed**

Did you know that Splashtop hosts a security feed for MSPs and IT professionals to stay up to date with the latest cybersecurity news and vulnerability alerts related to OS, browsers, VPN and RDP? Check it out now and subscribe to receive email alerts so you can protect your business and your clients with security news as it comes. See the MSP & IT Security Feed.

Tuesday February 1, 2022

Wednesday January 26, 2022

Wednesday January 26, 2022

**Security Blogs**

Monday February 7, 2022

Monday January 31, 2022

Tuesday January 18, 2022

**Get Started with Splashtop**

Check out Splashtop’s remote access and remote support solutions for individuals, small teams, enterprises, IT, help desk, MSPs, and education! See all Splashtop Products and start a free trial now.

Tag

#ddos