Cybersecurity information flow

Posted by Mateusz Jurczyk, Google Project Zero
Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values", used by Windows and applications to store a variety of settings and configuration data. It is represented by a tree structure, in which keys may have one or more sub-keys, and every subkey is associated with exactly one parent key. Furthermore, every key may also contain one or more values, which have a type (integer, string, binary blob etc.) and are used to store actual data in the registry. Every key can be uniquely identified by its name and the names of all of its ascendants separated by the special backslash character ('\'), and starting with the name of one of the top-level keys (HKEY_LOCAL_MACHINE, HKEY_USERS, etc.). For example, a full registry path may look like this: HKEY_CURRENT_USER\Software\Microsoft\Wind

This article originally featured in the very first issue of our PROMPT# zine — Choose Wisely. You can find that issue (and all the others) here: https://www.blackhillsinfosec.com/prompt-zine/ I remember a […]
The post Red Teaming: A Story From the Trenches appeared first on Black Hills Information Security.

" 本文最初出现在我们的PROMPT#杂志第一期——明智选择中。您可以在这里找到那期杂志（以及其他期杂志）：https://www.blackhillsinfosec.com/prompt-zine/\n\n我记得有一次……\n\n红队：来自战壕的故事 首先出现在Black Hills信息安全网站上。"

Red Hat Security Advisory 2024-1876-03 - An update for shim is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

" 红帽安全公告2024-1876-03：现已为Red Hat企业Linux 9.2扩展更新支持提供shim更新。解决的问题包括缓冲区溢出、绕过、整数溢出和越界读取漏洞。"

Red Hat Security Advisory 2024-1877-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include denial of service, information leakage, null pointer, and use-after-free vulnerabilities.

" 红帽安全公告2024-1877-03 - 针对Red Hat Enterprise Linux 8.6 Extended Update Support的 kernel 更新现已可用。解决的问题包括服务拒绝、信息泄露、空指针和释放后使用等漏洞。"

Red Hat Security Advisory 2024-1878-03 - An updated version of Red Hat Update Infrastructure is now available. RHUI 4.8 fixes several security an operational bugs, adds some new features and upgrades the underlying Pulp to a newer version. Issues addressed include HTTP request smuggling, crlf injection, denial of service, and traversal vulnerabilities.

" 红帽安全公告2024-1878-03 - 现已提供Red Hat更新基础设施的更新版本。RHUI 4.8修复了多个安全和操作性缺陷，添加了一些新功能，并将底层Pulp升级到较新版本。解决的问题包括HTTP请求走私、CRLF注入、拒绝服务以及遍历漏洞等。"

Red Hat Security Advisory 2024-1879-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.

" 红帽安全公告2024-1879-03：现已为红帽企业Linux 9提供gnutls更新。解决的问题包括一个信息泄漏漏洞。"

Red Hat Security Advisory 2024-1880-03 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include denial of service and privilege escalation vulnerabilities.

" 红帽安全公告2024-1880-03：现已为Red Hat Enterprise Linux 8.8扩展更新支持提供nodejs：18模块的更新。解决的问题包括服务拒绝和权限提升漏洞。"

Red Hat Security Advisory 2024-1881-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.

" 红帽安全公告2024-1881-03 - 针对Red Hat Enterprise Linux 9.2 Extended Update Support的 kernel 更新现已可用。解决的问题包括空指针和内存泄漏后的使用漏洞。"

Red Hat Security Advisory 2024-1882-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

" 红帽安全公告2024-1882-03 - 针对Red Hat Enterprise Linux 9.2 Extended Update Support的kernel-rt更新现已可用。解决的问题包括一个使用后释放漏洞。"

Red Hat Security Advisory 2024-1883-03 - An update for shim is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

" 红帽安全公告2024-1883-03：现已为Red Hat企业Linux 8.8扩展更新支持提供shim更新。解决的问题包括缓冲区溢出、绕过、整数溢出和越界读取漏洞。"

Red Hat Security Advisory 2024-1901-03 - OpenShift container images for the Red Hat Service Interconnect 1.5 release.

" 红色 Hat 安全公告 2024-1901-03 - 有关 Red Hat 服务互连 1.5 发布的 OpenShift 容器镜像。"

Red Hat Security Advisory 2024-1904-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

" 红帽安全公告2024-1904-03 - 适用于红帽企业Linux 8.2高级更新支持、红帽企业Linux 8.2电信更新服务和红帽企业Linux 8.2 SAP解决方案更新服务的火狐更新现已可用。解决的问题包括一个使用后释放漏洞。"

Ubuntu Security Notice 6729-2 - USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.

" Ubuntu安全通知6729-2 - USN-6729-1修复了Apache中的多个漏洞。此更新提供了适用于Ubuntu 16.04 LTS和Ubuntu 18.04 LTS的相应更新。Orange Tsai发现Apache HTTP服务器在处理某些输入验证方面存在错误。远程攻击者可能利用此问题执行HTTP请求分割攻击。"

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS source code release.

" Clam AntiVirus是一款针对Unix的防病毒工具套件。该软件的主要功能是与邮件服务器（附件扫描）集成。该软件提供了一个灵活且可扩展的多线程守护程序，一个命令行扫描器和通过互联网自动更新的工具。这些程序基于Clam AntiVirus软件包中分发的一个共享库，您可以将其用于自己的软件中。这是LTS源代码发布版。"

Ubuntu Security Notice 6737-1 - Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.

" Ubuntu安全通知6737-1 - Charles Fol发现GNU C库的iconv功能对某些输入序列处理不当。攻击者可以利用这个问题导致GNU C库崩溃，从而导致服务拒绝，或者可能执行任意代码。"

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.

" Elber Signum DVB-S/S2 IRD无线网络版1.999存在一处认证绕过漏洞，攻击者通过直接且未经授权访问密码管理功能来实现。该问题使得攻击者可以通过操纵set_pwd端点来绕过认证，从而覆盖系统内任何用户的密码。这赋予了攻击者未经授权的管理权限，进入应用的保护区域，从而破坏了设备的系统安全。"

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.

" 埃尔伯 Signum DVB-S/S2 IRD无线电网络版1.999存在未经身份验证的设备配置和客户端隐藏功能披露漏洞。"

Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.

" Elber Cleber/3 广播多功能平台版本1.0.0 存在一个通过直接且未经授权访问密码管理功能导致的认证绕过漏洞。此问题允许攻击者通过操纵 set_pwd 端点来绕过认证，从而覆盖系统内任何用户的密码。这为未经授权的管理员访问应用程序的受保护区域提供了权限，从而破坏了设备的系统安全。"

Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.

" Elber Cleber/3 广播多功能平台版本1.0.0存在未经认证的设备配置和客户端隐藏功能披露漏洞。"

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.

" Elber Reble 610 M/ODU XPIC IP-ASI-SDH 微波链路设备存在一项认证绕过漏洞，攻击者可以通过直接且未经授权的方式访问密码管理功能。该问题允许攻击者通过操纵 set_pwd 端点来绕过认证，从而覆盖系统内任何用户的密码。这赋予了攻击者未经授权的管理权限，进而侵入应用的保护区域，导致设备系统安全受到侵害。"

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.

" Elber Reble 610 M/ODU XPIC IP-ASI-SDH 微波链路设备存在未经认证的设备配置和客户端隐藏功能披露漏洞。"

Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.

" Elber ESE DVB-S/S2卫星接收器1.5.x版本存在一个通过直接且未经授权访问密码管理功能导致的认证绕过漏洞。该问题允许攻击者通过操纵set_pwd端点来绕过认证，从而覆盖系统内任何用户的密码。这为攻击者提供了未经授权的管理访问权限，破坏了设备的系统安全。"

Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.

" Elber ESE DVB-S/S2卫星接收器1.5.x版本存在未经身份验证的设备配置和客户端隐藏功能披露漏洞。"

Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.suffers from a bypass vulnerability.

" Elber Wayber 模拟/数字音频 STL 版本 4.00 存在一个认证绕过漏洞，通过直接且未经授权访问密码管理功能。此问题允许攻击者通过操纵 set_pwd 端点来绕过认证，从而覆盖系统内任何用户的密码。这为攻击者提供了未经授权的管理访问权限，破坏了设备的系统安全。换句话说，Elber Wayber 模拟/数字音频 STL 版本 4.00 存在一个认证绕过漏洞。"

Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.

" 埃尔伯韦（Elber Wayber）模拟/数字音频STL版本4.00存在未经认证的设备配置和客户端隐藏功能披露漏洞。"

Debian Linux Security Advisory 5664-1 - Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service.

" Debian Linux安全公告5664-1 - Jetty 9是一款基于Java的Web服务器和servlet引擎。发现远程攻击者可能保留许多HTTP/2连接处于ESTABLISHED状态（未关闭），导致TCP拥堵和空闲。最终，服务器将停止接受来自有效客户端的新连接，可能导致拒绝服务。"

Debian Linux Security Advisory 5665-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.

" Debian Linux安全公告5665-1：在Tomcat servlet和JSP引擎中发现了多个安全漏洞。"

XZ-Utils后门事件过程及启示 https://mp.weixin.qq.com/s/xdzTrYyrlIGpDjHtA-8uow
XZ供应链后门检测方案(CVE-2024-3094) https://blog.threatradar.cn/2024/04/16/XZ%E4%BE%9B%E5%BA%94%E9%93%BE%E5%90%8E%E9%97%A8%E6%A3%80%E6%B5%8B%E6%96%B9%E6%A1%88-CVE-2024-3094/