Grafana fixes zero-day vulnerability after exploits spread over Twitter
Google disrupts massive Glupteba botnet, sues Russian operators
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
New Cerber ransomware targets Confluence and GitLab servers
XE Group exposed for eight years of hacking, credit card theft
Tor’s main site blocked in Russia as censorship widens
SonicWall ‘strongly urges’ customers to patch critical SMA 100 bugs
This ethical hacking bundle offers 161 hours of learning for just $39
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Grafana fixes high-severity bug CVE-2021-43798 after exploits become public
Open-source analytics and interactive visualization solution Grafana received an emergency update today to fix a high-severity, zero-day vulnerability that enabled remote access to local files.
Details about the issue started to become public earlier this week, before Grafana Labs rolled out updates for affected versions 8.0.0-beta1 through 8.3.0.
Earlier today, Grafana 8.3.1, 8.2.7, 8.1.8, and 8.0.7 were released to fix a path traversal vulnerability that could allow an attacker to navigate outside the Grafana folder and remotely access restricted locations on the server, such as /etc/passwd/.
Grafana Labs published a blog post today explaining that problem was with the URL for installed plug-ins, which was vulnerable to path traversal attacks.
Since all Grafana installations have a set of plugins installed by default, the vulnerable URL path was present on every instance of the application.
Grafana Labs received a report about the vulnerability at the end of last week, on December 3, and came up with a fix on the same day.
The developer planned a private customer release for today and a public one for December 14.
A second report came in yesterday, though, indicating that information about the issue started to spread, the confirmation coming when news about the bug appeared in the public space.
It didn’t take long for technical details along with proof-of-concepts (PoC) to exploit the bug to become available on Twitter and GitHub.
Since the privately reported bug had become a leaked zero-day, Grafana Labs was forced to publish the fix:
Now tracked as CVE-2021-43798, the flaw received a 7.5 severity score and is still exploitable on on-premise servers that have not been updated.
Grafana Cloud instances have not been impacted, the developer said today.
According to public reports, there are thousands of Grafana servers exposed on the public internet. If updating a vulnerable instance is not possible in a timely manner, it is recommended to make the server inaccessible from the public web.
Over 30,000 GitLab servers still unpatched against critical bug
CISA urges admins to patch critical Discourse code execution bug
Moobot botnet spreading via Hikvision camera vulnerability
New Cerber ransomware targets Confluence and GitLab servers
27 flaws in USB-over-network SDK affect millions of cloud users
@Ionut
In the sentence:
“Now tracked as CVE-2021-43798 …”
The link actually points to CVE-2021-34798.
Not a member yet? Register Now
Google disrupts massive Glupteba botnet, sues Russian operators
Hundreds of SPAR stores shut down, switch to cash after cyberattack
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

You May Also Like

BlackMatter ransomware moves victims to LockBit after shutdown

CISA orders federal agencies to fix hundreds of exploited security flawsUS sanctions…

APT37 targets journalists with Chinotto multi-platform malware

Panasonic discloses data breach after network hackIKEA email systems hit by ongoing…

New Twitter phishing campaign targets verified accounts

FBI: Cuba ransomware breached 49 US critical infrastructure orgsResearchers discover 14 new…

US State Dept employees’ phones hacked using NSO spyware

FBI: Cuba ransomware breached 49 US critical infrastructure orgsResearchers discover 14 new…