Posts

Cybersecurity Updates For Week 13 of 2022

Spring Core on JDK9+ is vulnerable to remote code executio

Spring Core on JDK9+ is vulnerable to remote code execution due to a bypass for CVE-2010-1622. At the time of writing, this vulnerability is unpatched in Spring Framework and there is a public proof-of-concept available. As we have remediation advice for customers (see below), we have elected to share this information publicly.

Read more:
https://www.praetorian.com/blog/spring-core-jdk9-rce/

Microsoft Exchange targeted for IcedID reply-chain hijacking attacks

The distribution of the IcedID malware has seen a spike recently due to a new campaign that hijacks existing email conversation threads and injects malicious payloads that are hard to spot.

Read more:
https://www.bleepingcomputer.com/news/security/microsoft-exchange-targeted-for-icedid-reply-chain-hijacking-attacks/amp/

Critical Sophos Security Bug Allows RCE on Firewalls

Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution.

Read More:
https://threatpost.com/critical-sophos-security-bug-rce-firewalls/179127/

Other news worth mentioning:

Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices
Critical hijacking bugs that took months to patch in Microsoft Azure Defender for IoT
Cybercriminals Fighting Over Cloud Workloads for Cryptomining
New Version of PCI DSS Designed to Tackle Emerging Payment Threats

Cybersecurity Updates For Week 4 of 2022

Apple Fixes Zero-Day Vulnerabilities

The latest versions of iOS / iPadOS (15.3) and macOS (11.6.3, 12.2) released on January 26, 2022, Apple patched several vulnerabilities in the OS presumed exploited in the wild to hack iPhone and Mac devices.

Apple has been working hard to keep their OS secure by fixing these vulnerabilities as soon as they are discovered and making sure that their products are not exploitable to hackers. So please make sure to update all of your devices.

Read more:
macOS: https://support.apple.com/en-us/HT213056
iOS / iPadOS: https://support.apple.com/en-us/HT213056

New local privilege escalation found in PwnKit – CVE-2021-4034

Qualys has discovered a vulnerability in Polkit, which is an application that handles privilege requests. This vulnerability has been named PwnKit (CVE-2021-4034) and it has been found to be in Polkit—once known as PolicyKit.

Even this is a local privilege escalation, meaning that someone would need to have access to your machine in order to exploit this. We still recommend you to update this as soon as possible. By having this vulnerability not patches, it means any other security breach will give the attackers by default root access by abusing the PwnKit vulnerability.

Read more:
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

New Linux Kernel exploit – CVE-2022-0185

The vulnerability affects all Linux kernels and containers.

Linux kernel is the heart of any operating system. It is responsible for managing resources and controlling access to hardware, such as the CPU and memory. Containers are a way to create an isolated environment that runs on top of the Linux kernel. This vulnerability in Linux kernel can be exploited by attackers in order to escape from containers and get full control over the node.

It is therefore advisable to update your Linux kernel as soon as possible.

Read More:
https://sysdig.com/blog/cve-2022-0185-container-escape/

Other news worth mentioning:

105 Million Android Users Targeted by Subscription Fraud Campaign
Attackers Connect Rogue Devices to Organizations’ Network with Stolen Office 365 Credential
Millions of Routers, IoT Devices at Risk as Malware Source Code Surfaces on GitHuB
GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild

iOS 8

Apple has released the latest version of its mobile OS on Wednesday, and in it has fixed over 50 vulnerabilities, many of which are very serious:
Two vulnerabilities allowed a local attacker to escalate privileges and install unverified (likely malicious) applications
A validation issue in the handling of update check responses allowed an attacker with a privileged network position to cause an iOS device to think that it is up to date even when it is not
Two vulnerabilities in CoreGraphics made it possible for a maliciously crafted PDF file to terminate apps or execute arbitrary code
Several vulnerabilities in the IOHIDFamily kernel extension made it posible for a malicious app to read kernel pointers, which can be used to bypass kernel address space layout randomization, or to execute arbitrary code with system privileges (the latter was also made possible by the existence of several IOKit bugs)
A Libnotify bug allowed a malicious application may be able to execute arbitrary code with root privileges
Two Safari vulnerabilities made it possible for attackers and websites to intercept or harvest user credentials
12 WebKit bugs could have been misused by attackers to execute arbitrary code on the device by simply creating a malicious website and tricking users into visiting it.
With iOS 8, Apple has also updated its certificate trust policy and has randomised the MAC address to prevent potential device tracking attacks via passive WiFi scans.

If you can, it’s a good idea to update to iOS 8, because all these bugs remain unpatched in all earlier version of the OS.

More information:
http://www.net-security.org/secworld.php?id=17378
http://support.apple.com/kb/HT6441

iOS 7.1 Update

Apple released an update to their iOS, 7.1.
This update contains a lot of security updates, so it’s recommended to update your devices as soon as possible.

More information:
http://support.apple.com/kb/HT6162

Apple security updates

Apple have released multiple critical security updates for iOS, OS X, Safari and Quicktime. These updates fixes critical issues with SSL traffic, so make sure you update as soon as possible.
The updates will push your iOS devices to 7.0.6, your OS X to 10.9.2, your Quicktime to 7.7.5 and Safari to 7.0.2 (included in the 10.9.2 version of OS X).

More information:
http://support.apple.com/kb/HT6150
http://support.apple.com/kb/HT6151
http://support.apple.com/kb/HT6145
http://support.apple.com/kb/HT6147

BF-SIRT Newsletter 2013-43

Anyone using Apple products needs to be sure to apply the latest updates that are now available, as per Apple security updates.
If you are using Cisco ASA for VPN then you can have a look at our post about that here.
WordPress also updated their software to 3.7, and it’s recommended to apply this.

Top 5 Security links
Group Leveraging Cutwail Spam Botnet Opts For “Magnitude” Over BlackHole Exploit
Hacker Group Claims To Have Looted $100k Via SQL Injection Attack
Doctors Disabled Wireless In Dick Cheney’s Pacemaker To Thwart Hacking
Dropbox Users Hit With Zeus Phishing Trojan
Cisco Says Controversial NIST Crypto ‘Not Invoked’ In Products

Top 5 Business Intelligence links
Universities Schooled By Malware
DARPA Slaps $2m On The Bar For The ULTIMATE Security Bug KILLER
Google Launches Project Shield To Defend Sites Against DDoS Attacks
UN Nuclear Regulator Infected With Malware
India Tops APAC Ransomware Table With $4 BILLION Losses

BF-SIRT Posts
WordPress 3.7 “Basie”
Cisco ASA VPN Denial of Service Vulnerability
Apple security updates

Apple security updates

Apple have released security updates for the following applications:
iTunes 11.1.2
Apple Remote Desktop 3.7
Apple Remote Desktop 3.5.4
Keynote 6.0
Safari 6.1

They have also released the following Operating System updates.
OS X Mavericks v10.9
OS X Server 3.0
iOS 7.0.3

These updates fixes more than a hundred security vulnerabilities, with many being labeled as critical, and it’s highly recommended to apply them as soon as possible!

iOS 7.0.2 – fixes lock screenvulnerability

iOS 7.0.2 is now available and addresses the following:

Passcode Lock
Available for: iPhone 4 and later
Impact: A person with physical access to the device may be able to
make calls to any number
Description: A NULL dereference existed in the lock screen which
would cause it to restart if the emergency call button was tapped
repeatedly. While the lock screen was restarting, the call dialer
could not get the lock screen state and assumed the device was
unlocked, and so allowed non-emergency numbers to be dialed. This
issue was addressed by avoiding the NULL dereference.
CVE-ID
CVE-2013-5160 : Karam Daoud of PART – Marketing & Business
Development, Andrew Chung, Mariusz Rysz

Passcode Lock
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
see recently used apps, see, edit, and share photos
Description: The list of apps you opened could be accessed during
some transitions while the device was locked, and the Camera app
could be opened while the device was locked.
CVE-ID
CVE-2013-5161 : videosdebarraquito

This update is available through iTunes and Software Update on your iOS device.

Apple Security Updates for OS X Mountain Lion and Safari

APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update
2013-004

OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available, and it’s recommended to update as soon as possible!
This update solves multiple critical security issues such as cross-site scripting, Denial of Service and Arbitrary code execution for multiple applications.

More information: http://support.apple.com/kb/HT1222

Apple Security Update 2013-003

Apple have released security update 2013-003 for OS X.
This update fixes three issues with QuickTime where playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.

More information: http://support.apple.com/kb/HT5806