Posts

Cybersecurity Updates For Week 17 of 2022

New Nimbuspwn Linux vulnerability gives hackers root privileges

A new set of vulnerabilities collectively tracked as Nimbuspwn could let local attackers escalate privileges on Linux systems to deploy malware ranging from backdoors to ransomware.

Read more:
https://www.bleepingcomputer.com/news/security/new-nimbuspwn-linux-vulnerability-gives-hackers-root-privileges/

Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators

On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users.

Read more:
https://thehackernews.com/2022/04/cybercriminals-using-new-malware-loader.html

Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found.

Read More:
https://threatpost.com/java-apps-vulnerable-log4shell/179397/

Other news worth mentioning:

Quantum ransomware seen deployed in rapid network attacks
Over 18.8 million IPs vulnerable to Middlebox TCP reflection DDoS attacks
Cybercriminals Using New Malware Loader ‘Bumblebee’ in the Wild
Synopsys to Acquire White Hat Security in $330M All-Cash Deal
Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers

Cybersecurity Updates For Week 14 of 2022

Cado Discovers Denonia: The First Malware Specifically Targeting Lambda

Cado Labs routinely analyses cloud environments to look for the latest threats. As part of ongoing research, we found the first publicly-known case of malware specifically designed to execute in an AWS Lambda environment.

Read more:
https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/

VMware Patches Multiple Vulnerabilities in Workspace ONE, Identity and Lifecycle Manager and vRealize (VMSA-2022-0011)

VMware cautions organizations to patch or mitigate several serious vulnerabilities across multiple products.

Read more:
https://www.tenable.com/blog/vmware-patches-multiple-vulnerabilities-in-workspace-one-vmsa-2022-0011

Microsoft’s New Autopatch Feature to Help Businesses Keep Their Systems Up-to-Date

Microsoft last week announced that it intends to make generally available a feature called Autopatch as part of Windows Enterprise E3 in July 2022.

Read More:
https://thehackernews.com/2022/04/microsofts-new-autopatch-feature-to.html

Other news worth mentioning:

Google Play Bitten by Sharkbot Info-stealer ‘AV Solution’
Adobe Creative Cloud Experience makes it easier to run malware
Linux Systems Are Becoming Bigger Targets
The US is trying to fix medical devices’ big cybersecurity problem

Cybersecurity Updates For Week 11 of 2022

High-Severity DoS Vulnerability Patched in OpenSSL

OpenSSL updates announced on Tuesday patch a high-severity denial-of-service (DoS) vulnerability related to certificate parsing.

Read more:
https://www.securityweek.com/high-severity-dos-vulnerability-patched-openssl

CISOs face ‘perfect storm’ of ransomware and state-supported cybercrime

With not just ransomware gangs raiding network after network, but nation states consciously turning a blind eye to it, today’s chief information security officers are caught in a “perfect storm.

Read more:
https://www.theregister.com/2022/03/18/ciso_security_storm/

Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure

The Russian invasion of Ukraine has coincided with the jamming of airplane navigation systems and hacks on the SATCOM networks that empower critical infrastructure.

Read More:
https://threatpost.com/agencies-satellite-hacks-gps-jamming-airplanes-critical-infrastructure/178993/

Other news worth mentioning:

Random number generator enhancements for Linux 5.17 and 5.18
Blockchain blocks identity theft
Leaked Ransomware Docs Show Conti Helping Putin From the Shadows
Meta fined €17 million by Irish regulator for GDPR violations

Cybersecurity Updates For Week 10 of 2022

Intel and Arm CPUs have a major security flaw

A new Spectre class speculative execution vulnerability, called Branch History Injection (BHI) or Spectre-BHB, was jointly disclosed on Tuesday by VUSec security research group and Intel.

Read more:
https://www.techspot.com/news/93706-arm-intel-cpus-vulnerable-new-spectre-style-attack.html

Microsoft tests new cloud-based Microsoft Defender for home users

Microsoft has announced that the company’s new cloud-based Microsoft Defender security solution has entered preview for home customers in the United States.

Read more:
https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-new-cloud-based-microsoft-defender-for-home-users/

Mozilla fixes Firefox zero-days exploited in the wild (CVE-2022-26485, CVE-2022-26486)

Mozilla has released an out-of-band security update for Firefox, Firefox Focus, and Thunderbird, fixing two critical vulnerabilities (CVE-2022-26485, CVE-2022-26486) exploited by attackers in the wild.

Read More:
https://www.helpnetsecurity.com/2022/03/07/cve-2022-26485-cve-2022-26486/

Other news worth mentioning:

New Linux bug gives root on all major distros, exploit released
CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday
Computer science professor takes a ‘hands-on’ approach to smartphone security

Cybersecurity Updates For Week 4 of 2022

Apple Fixes Zero-Day Vulnerabilities

The latest versions of iOS / iPadOS (15.3) and macOS (11.6.3, 12.2) released on January 26, 2022, Apple patched several vulnerabilities in the OS presumed exploited in the wild to hack iPhone and Mac devices.

Apple has been working hard to keep their OS secure by fixing these vulnerabilities as soon as they are discovered and making sure that their products are not exploitable to hackers. So please make sure to update all of your devices.

Read more:
macOS: https://support.apple.com/en-us/HT213056
iOS / iPadOS: https://support.apple.com/en-us/HT213056

New local privilege escalation found in PwnKit – CVE-2021-4034

Qualys has discovered a vulnerability in Polkit, which is an application that handles privilege requests. This vulnerability has been named PwnKit (CVE-2021-4034) and it has been found to be in Polkit—once known as PolicyKit.

Even this is a local privilege escalation, meaning that someone would need to have access to your machine in order to exploit this. We still recommend you to update this as soon as possible. By having this vulnerability not patches, it means any other security breach will give the attackers by default root access by abusing the PwnKit vulnerability.

Read more:
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

New Linux Kernel exploit – CVE-2022-0185

The vulnerability affects all Linux kernels and containers.

Linux kernel is the heart of any operating system. It is responsible for managing resources and controlling access to hardware, such as the CPU and memory. Containers are a way to create an isolated environment that runs on top of the Linux kernel. This vulnerability in Linux kernel can be exploited by attackers in order to escape from containers and get full control over the node.

It is therefore advisable to update your Linux kernel as soon as possible.

Read More:
https://sysdig.com/blog/cve-2022-0185-container-escape/

Other news worth mentioning:

105 Million Android Users Targeted by Subscription Fraud Campaign
Attackers Connect Rogue Devices to Organizations’ Network with Stolen Office 365 Credential
Millions of Routers, IoT Devices at Risk as Malware Source Code Surfaces on GitHuB
GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild

Local privilege escalation vulnerability in Linux

Published: 2021-06-11
CVE-2021-3560

“A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process.” The error is not handled correctly and the request is granted access.

As this vulnerability is very easy to exploit patching should be done as soon as possible.

Internally this is being tracked in BF-VLN-2292713 with the highest priority.