Posts

Cybersecurity Updates For Week 17 of 2022

New Nimbuspwn Linux vulnerability gives hackers root privileges

A new set of vulnerabilities collectively tracked as Nimbuspwn could let local attackers escalate privileges on Linux systems to deploy malware ranging from backdoors to ransomware.

Read more:
https://www.bleepingcomputer.com/news/security/new-nimbuspwn-linux-vulnerability-gives-hackers-root-privileges/

Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators

On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users.

Read more:
https://thehackernews.com/2022/04/cybercriminals-using-new-malware-loader.html

Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found.

Read More:
https://threatpost.com/java-apps-vulnerable-log4shell/179397/

Other news worth mentioning:

Quantum ransomware seen deployed in rapid network attacks
Over 18.8 million IPs vulnerable to Middlebox TCP reflection DDoS attacks
Cybercriminals Using New Malware Loader ‘Bumblebee’ in the Wild
Synopsys to Acquire White Hat Security in $330M All-Cash Deal
Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers

Cybersecurity Updates For Week 16 of 2022

CVE-2021-3970, CVE-2021-3971, CVE-2021-3972: Lenovo UEFI Firmware Vulnerabilities

Security company ESET discovered 3 new vulnerabilities in the UEFI firmware of Lenovo laptops which affected hundreds of Lenovo models including Lenovo Flex; IdeaPads; Legion; V14, V15, and V17 series; and Yoga laptops.

Read more:
https://securityonline.info/cve-2021-3970-lenovo-uefi-firmware-vulnerabilities/

Hackers Are Getting Caught Exploiting New Bugs More Than Ever

A pair of reports from Mandiant and Google found a spike in exploited zero-day vulnerabilities in 2021. The question is, why?

Read more:
https://www.wired.com/story/zero-day-exploits-vulnerabilities-google-mandiant/

Access Bypass, Data Overwrite Vulnerabilities Patched in Drupal

Drupal on Wednesday announced the release of security updates to resolve a couple vulnerabilities that could lead to access bypass and data overwrite.

Read More:
https://www.securityweek.com/access-bypass-data-overwrite-vulnerabilities-patched-drupal

Other news worth mentioning:

Amazon’s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug
Critical Chipset Bugs Open Millions of Android Devices to Remote Spying
Denonia Malware Shows Evolving Cloud Threats
Oracle Releases 520 New Security Patches With April 2022 CPU
Emotet reestablishes itself at the top of the malware world

Cybersecurity Updates For Week 15 of 2022

Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities

Microsoft’s Patch Tuesday updates for the month of April have addressed a total of 128 security vulnerabilities spanning across its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler, among others.

Read more:
https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html

Menswear Brand Zegna Reveals Ransomware Attack

Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay.

Read more:
https://threatpost.com/menswear-zegna-ransomware/179266/

Critical flaw in Elementor WordPress plugin may affect 500k sites

The authors of the Elementor Website Builder plugin for WordPress have just released version 3.6.3 to address a critical remote code execution flaw that may impact as many as 500,000 websites.

Read More:
https://www.bleepingcomputer.com/news/security/critical-flaw-in-elementor-wordpress-plugin-may-affect-500k-sites/

Other news worth mentioning:

CISA Warns Against Russian Hackers Exploiting a Critical Bug
Black-hat hackers: bad to the bone or just victims of society?
No plain sailing: modern pirates hack superyachts’ cybersecurity
Microsoft Takes Down Domains Used in Cyberattack Against Ukraine
VMware Confirms Workspace One Exploits in the Wild

Cybersecurity Updates For Week 14 of 2022

Cado Discovers Denonia: The First Malware Specifically Targeting Lambda

Cado Labs routinely analyses cloud environments to look for the latest threats. As part of ongoing research, we found the first publicly-known case of malware specifically designed to execute in an AWS Lambda environment.

Read more:
https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/

VMware Patches Multiple Vulnerabilities in Workspace ONE, Identity and Lifecycle Manager and vRealize (VMSA-2022-0011)

VMware cautions organizations to patch or mitigate several serious vulnerabilities across multiple products.

Read more:
https://www.tenable.com/blog/vmware-patches-multiple-vulnerabilities-in-workspace-one-vmsa-2022-0011

Microsoft’s New Autopatch Feature to Help Businesses Keep Their Systems Up-to-Date

Microsoft last week announced that it intends to make generally available a feature called Autopatch as part of Windows Enterprise E3 in July 2022.

Read More:
https://thehackernews.com/2022/04/microsofts-new-autopatch-feature-to.html

Other news worth mentioning:

Google Play Bitten by Sharkbot Info-stealer ‘AV Solution’
Adobe Creative Cloud Experience makes it easier to run malware
Linux Systems Are Becoming Bigger Targets
The US is trying to fix medical devices’ big cybersecurity problem

Cybersecurity Updates For Week 13 of 2022

Spring Core on JDK9+ is vulnerable to remote code executio

Spring Core on JDK9+ is vulnerable to remote code execution due to a bypass for CVE-2010-1622. At the time of writing, this vulnerability is unpatched in Spring Framework and there is a public proof-of-concept available. As we have remediation advice for customers (see below), we have elected to share this information publicly.

Read more:
https://www.praetorian.com/blog/spring-core-jdk9-rce/

Microsoft Exchange targeted for IcedID reply-chain hijacking attacks

The distribution of the IcedID malware has seen a spike recently due to a new campaign that hijacks existing email conversation threads and injects malicious payloads that are hard to spot.

Read more:
https://www.bleepingcomputer.com/news/security/microsoft-exchange-targeted-for-icedid-reply-chain-hijacking-attacks/amp/

Critical Sophos Security Bug Allows RCE on Firewalls

Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution.

Read More:
https://threatpost.com/critical-sophos-security-bug-rce-firewalls/179127/

Other news worth mentioning:

Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices
Critical hijacking bugs that took months to patch in Microsoft Azure Defender for IoT
Cybercriminals Fighting Over Cloud Workloads for Cryptomining
New Version of PCI DSS Designed to Tackle Emerging Payment Threats

Cybersecurity Updates For Week 12 of 2022

Okta’s Investigation of the January 2022 Compromise

On March 22, 2022, nearly 24 hours ago, a number of screenshots were published online that were taken from a computer used by one of Okta’s third-party customer support engineers.

Read more:
https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/

Microsoft confirms Lapsus$ breach after hackers publish Bing, Cortana source code

Microsoft has confirmed that it was breached by the Lapsus$ hacking group.

Read more:
https://techcrunch.com/2022/03/23/microsoft-lapsus-hack-source-code/

North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms

Google’s Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser.

Read More:
https://thehackernews.com/2022/03/north-korean-hackers-exploited-chrome.html

Other news worth mentioning:

7 Suspected Members of LAPSUS$ Hacker Gang, Aged 16 to 21, Arrested in U.K.
FBI: Cybercrime Victims Suffered Losses of Over $6.9B in 2021
Feds Allege Destructive Russian Hackers Targeted US Refineries
Western Digital My Cloud OS update fixes critical vulnerability

Cybersecurity Updates For Week 11 of 2022

High-Severity DoS Vulnerability Patched in OpenSSL

OpenSSL updates announced on Tuesday patch a high-severity denial-of-service (DoS) vulnerability related to certificate parsing.

Read more:
https://www.securityweek.com/high-severity-dos-vulnerability-patched-openssl

CISOs face ‘perfect storm’ of ransomware and state-supported cybercrime

With not just ransomware gangs raiding network after network, but nation states consciously turning a blind eye to it, today’s chief information security officers are caught in a “perfect storm.

Read more:
https://www.theregister.com/2022/03/18/ciso_security_storm/

Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure

The Russian invasion of Ukraine has coincided with the jamming of airplane navigation systems and hacks on the SATCOM networks that empower critical infrastructure.

Read More:
https://threatpost.com/agencies-satellite-hacks-gps-jamming-airplanes-critical-infrastructure/178993/

Other news worth mentioning:

Random number generator enhancements for Linux 5.17 and 5.18
Blockchain blocks identity theft
Leaked Ransomware Docs Show Conti Helping Putin From the Shadows
Meta fined €17 million by Irish regulator for GDPR violations

Cybersecurity Updates For Week 10 of 2022

Intel and Arm CPUs have a major security flaw

A new Spectre class speculative execution vulnerability, called Branch History Injection (BHI) or Spectre-BHB, was jointly disclosed on Tuesday by VUSec security research group and Intel.

Read more:
https://www.techspot.com/news/93706-arm-intel-cpus-vulnerable-new-spectre-style-attack.html

Microsoft tests new cloud-based Microsoft Defender for home users

Microsoft has announced that the company’s new cloud-based Microsoft Defender security solution has entered preview for home customers in the United States.

Read more:
https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-new-cloud-based-microsoft-defender-for-home-users/

Mozilla fixes Firefox zero-days exploited in the wild (CVE-2022-26485, CVE-2022-26486)

Mozilla has released an out-of-band security update for Firefox, Firefox Focus, and Thunderbird, fixing two critical vulnerabilities (CVE-2022-26485, CVE-2022-26486) exploited by attackers in the wild.

Read More:
https://www.helpnetsecurity.com/2022/03/07/cve-2022-26485-cve-2022-26486/

Other news worth mentioning:

New Linux bug gives root on all major distros, exploit released
CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday
Computer science professor takes a ‘hands-on’ approach to smartphone security

Cybersecurity Updates For Week 5 of 2022

Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution – CVE-2022-44142

All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.

Read more:
https://www.samba.org/samba/security/CVE-2021-44142.html

Libexpat CVE-2022-23852 & CVE-2022-23990

Two vulnerabilities have been found in Libexpat, this is a well known used XML parser in devices such as loadbalancers.
So make sure to double check if your vendor is affected and has updated.

Read more:
https://github.com/libexpat/libexpat/blob/master/expat/Changes

Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series, make sure to read the security advisory from ciso and update as soon as possible.

Read More:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Other news worth mentioning:

Google Patches 27 Vulnerabilities With Release of Chrome 98
MICROSOFT ONEDRIVE FOR MACOS LOCAL PRIVILEGE ESCALATION
Critical Flaw Impacts WordPress Plugin With 1 Million Installations
Linux kernel patches “performance can be harmful” bug in video driver

Zoom continues to face security issues

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT)

Zoom has become very popular as people are working from home and unable to travel, but faced backlash after multiple security vulnerabilities was discovered earlier this year. Now Cisco Talos discovered two more security vulnerabilities that could lead to remote code execution. One of the bugs was in zooms giphy animated gif code that could lead to path traversal and arbitrary file write, and the other one was in Zooms message processing code where a specially crafted message could lead to arbitrary code execution. Both vulnerabilities was disclosed to Zoom and a patch was released
before Talos publicly released the information. Just another reminder to keep software up to date.

Zoom also announced that they will no longer offer end-to-end encryption to its free user but offer it as part of its premium feature for paid customers. The move has been criticized by security experts, especially in lieu of all the recent security vulnerabilities discovered in their platform. Eric Yuan, Zooms CEO claim that the move is to work together with FBI and local law enforcement in case someone use Zoom for a bad purpose

Top 5 Security links:

NATO Condemns Cyber-Attacks

Fraudulent iOS VPN Apps Attempt to Scam Users

Hackers Compromise Cisco Servers Via SaltStack Flaws

Malware Campaign Hides in Resumes and Medical Leave Forms

Zero-day in Sign in with Apple