Rewterz Threat Advisory – Node.js loadyaml module security bypass

Rewterz Threat Alert – IPStorm Introduces a Malware Variant for Linux

October 2, 2020

Rewterz Threat Advisory – CVE-2020-25641 – Linux Kernel biovec usage denial of service

October 5, 2020

Rewterz Threat Advisory – Node.js loadyaml module security bypass

Severity

High

Analysis summary

Node.js loadyaml module could allow a remote attacker to bypass security restrictions, caused by containing malicious code as a preinstall script. By persuading a victim to install a specially-crafted application, an attacker could exploit this vulnerability to writes a public comment, including IP and IP-based geolocation, home directory name, and local username on GitHub.

Impact

Security bypass

Affected Vendors

NodeJs

Affected Products

Node.js loadyaml

Remediation

Refer to vendor advisory for the complete list of affected products and respective patches.

https://www.npmjs.com/advisories/1563

Rewterz Threat Alert – IPStorm Introduces a Malware Variant for Linux

Rewterz Threat Advisory – CVE-2020-25641 – Linux Kernel biovec usage denial of service

Rewterz Threat Advisory – Node.js loadyaml module security bypass

Severity

Analysis summary

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan