We’re back! And while the column took a week off for Thanksgiving, the security world didn’t. The most pressing news is an issue in Owncloud, that is already under active exploitation.
The problem is a library that can be convinced to call phpinfo() and include the results in the page response. That function reveals a lot of information about the system Owncloud is running on, including environment variables. In something like a Docker deployment, those environment variables may contain system secrets like admin username and password among others.
Now, there is a bit of a wrinkle here. There is a public exploit, and according to research done by Greynoise Labs, that exploit does not actually work against default installs. This seems to describe the active exploitation attempts, but the researcher that originally found the issue has stated that there is a non-public exploit that does work on default installs. Stay tuned for this other shoe to drop, and update your Owncloud installs if you have them.
I'm talking about a "real" exploit, which is to my knowledge not public yet. The one you linked won't work.
— Charles Fol (@cfreal_) November 30, 2023
If we consider a chip manufacturer, who makes chips that get included in loads of devices, what’s the worst case security scenario? How about a skilled attacker in the corporate network for over two years before detection? That’s t ..
Support the originator by clicking the read the rest link below.