Displaying items by tag: Vulnerability
Attackers are Actively Exploiting Recent Vulnerabilities Found in F5 BIG-IP
This one goes in the “this is why patching is important” file and highlights the need to be able to quickly apply patches for critical flaws found in different devices and software. After the disclosure of a critical vulnerability tracked as CVE-2022-1388 (CVSS 9.8) that was identified in multiple versions of F5’s BIG-IP operating system complete with patches last week. We have already seen researchers develop POC code for it and now hear that attackers are actively exploiting the flaw in the wild.
Unpatched and Unprotected Microsoft SQL Servers Targeted for Cobalt Strike Injection
It seems that there are still some MS SQL servers that are not only exposed to the open internet but are also still using weak passwords. When this is combined with vulnerabilities and the lack of other security controls and monitoring, it allows threat actors to compromise them. This is the case in a recently observed campaign where the attackers are targeting exposed MS SQL servers and injecting Cobalt Strike.
Flaws, they’re not Just for Attackers Anymore as Researchers Find a way to Recover the Master Key for Hive Ransomware
There is an old saying that say, what someone can lock, someone else can unlock. This is usually used regarding attackers getting into a network or compromising protected data. It is not often applied to security researchers unlocking information encrypted by a major ransomware threat group. However, this is exactly what has happened as researchers at Kookmin University in South Korea say they have utilized a flaw in the encryption method used by Hive Ransomware to find a way to unlock it.
Linux has a New Local Privilege Escalation Bug in Snap-Confine
Linux has always had something of a mystique about it. Regardless of the distro (flavor) of Linux there simply certain misconception around Linux that are both entertaining and concerning. One of my all-time favorites was/is that it is a “hacker” OS. This fun little misunderstand was so bad at one point that it was part of a parent’s guide on how to tell if your child is a hacker. Nothing says out of touch like labelling an entire OS line as a “hacker” OS. The other side of the coin is the belief that it is secure out of the box. In simple terms, no OS is secure out of the box, all of them have vulnerabilities including serious ones that allow for complete compromise.
Trickbot Evolves as The Developers Target Customers of Multiple Financial Institutions
Researchers have identified Trickbot in use in campaigns targeting several financial institutions. These groups along with a few tech companies thrown in a predominantly in the US and appear to be using an evolved version of the malware to get in and avoid detection by legacy anti-malware (signature based). It is usually part of a targeted spearphishing campaign where poisoned office documents are either contain links to malicious websites or can contain HTA code to execute a PowerShell command to download the second stage of the malware.
Joint Advisory from the NSA, FBI and CISA Warns of Long-Term Attack by State Actors with Little Detail.
Life would not be the same without new popping up that one state level threat actor or another was attacking and compromising US defense contractors or other businesses linked to US national security and defense. The counties of origin for these actors become a blur over time, although you do see some highlighted depending on current political trends. The two most often bandied about are Russia and China with North Korea getting an honorable mention.
Apache Cassandra Database Manager Patches an RCE Vulnerability
Apache and their open-source tools have gotten a lot of press lately. After the Lgo4Shell vulnerability in their Log4J tool, and the massive response from vendors and security organizations we are now learning that researchers have discovered a remote code execution flaw in the NoSQL database management tool Cassandra. This time, unlike Log4J flaw the disclosure comes with a patch already available for installation.
Google Patches the First Zero-Day in Chrome for 2022
Google has announced the release of a new version of Chrome. The new version comes with fixes for eight vulnerabilities. Once of these vulnerabilities CVE-2022-0609, which is describes as a user-after-free vulnerability is already being exploited in the wild. This has led them to advise users to updated Chrome as soon as possible to avoid compromise. The flaws were found by Google’s own Threat Analysis Group.
CISA Sends “Patch Now” Notice on MS Vulnerability Patched in January
A vulnerability disclosed and patched in January is rearing its ugly head. Identified as CVE-2022-21882, this vulnerability affects Windows 10, 11 and Windows Server. On its own it is a significant threat since is allows for a privilege escalation that can turn into a complete compromise of the targeted device. Not exactly what you want to leave open. The good news is that Microsoft released a patch for it in January.
23 vulnerabilities found in UEFI firmware used across multiple vendors
We first talked about the using the UEFI firmware as an attack vector (At Def Con 22 in 2014). Since that time there have been three identified and disclosed versions of malware that directly targeted this critical subsystem. That would seem to be a relatively small percentage given the time since it was first uncovered, the number of devices that operate using the UEFI firmware subsystem, and the time between then and now. However, this is only ones identified and in most of the identified cases were found because of the method of delivery for the OS payload. This begs the question, are there more out there that just have not been found?