Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-49cc-xrjf-9qf7: SFTPGo allows administrators to restrict command execution from the EventManager

### Impact One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in all software similar to SFTPGo and is generally unrestricted. However, any SFTPGo administrator with permission to run a script has access to the underlying OS/container with the same permissions as the user running SFTPGo. This is unexpected for some SFTPGo administrators who think that there is a clear distinction between accessing the system shell and accessing the SFTPGo WebAdmin UI. ### Patches To avoid this confusion, running system commands is now disabled by default, and an allow list has been added so that system administrators configuring SFTPGo must explicitly define which commands are allowed to be configured from the WebAdmin UI. https://github.com/drakkan/sftpgo/commit/88b1850b5806eee81150873d4e565144b21021fb https://github.com/drakkan/sftpgo/commit/b524da11e9466d05fe03304713ee1c61bb276ec...

ghsa
Open in Source
#web#git
Microsoft Takes Action Against Phishing-as-a-Service Platform

The ONNX infrastructure has been servicing criminal actors as far back as 2017.

GHSA-hj3w-wrh4-44vp: LLama Factory Remote OS Command Injection Vulnerability

## Summary A critical remote OS command injection vulnerability has been identified in the Llama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on the host system. The issue is caused by insecure usage of the `Popen` function with `shell=True`, coupled with unsanitized user input. Immediate remediation is required to mitigate the risk. ## Affected Version Llama Factory versions **<=0.9.0** are affected by this vulnerability. ## Impact Exploitation of this vulnerability allows attackers to: 1. Execute arbitrary OS commands on the server. 2. Potentially compromise sensitive data or escalate privileges. 3. Deploy malware or create persistent backdoors in the system. This significantly increases the risk of data breaches and operational disruption. ## Root Cause The vulnerability originates from the training process where the `output_dir` value, obtained from the user input, is in...

Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant

In a sign of the times, a backdoor malware whose ancestors date back to 2005 has morphed to target Linux systems.

DOJ Proposes Breaking Up Google: Calls for Sale of Chrome Browser

The DOJ proposes tough proposals in its antitrust lawsuit against Google, including selling the Chrome browser, limiting search…

Bidirectional communication via polyrhythms and shuffles: Without Jon the beat must go on

The Threat Source Newsletter is back! William Largent discusses bidirectional communication in the SOC, and highlights new Talos research including the discovery of PXA Stealers.

US Charges 5 Suspected MGM Hackers from Scattered Spider Gang

Five alleged members of the notorious Scattered Spider hacking group have been charged with executing a sophisticated phishing…