DecryptedTech

Wednesday06 July 2022

Displaying items by tag: Vulnerability

This one goes in the “this is why patching is important” file and highlights the need to be able to quickly apply patches for critical flaws found in different devices and software. After the disclosure of a critical vulnerability tracked as CVE-2022-1388 (CVSS 9.8) that was identified in multiple versions of F5’s BIG-IP operating system complete with patches last week. We have already seen researchers develop POC code for it and now hear that attackers are actively exploiting the flaw in the wild.

Published in Security Talk

It seems that there are still some MS SQL servers that are not only exposed to the open internet but are also still using weak passwords. When this is combined with vulnerabilities and the lack of other security controls and monitoring, it allows threat actors to compromise them. This is the case in a recently observed campaign where the attackers are targeting exposed MS SQL servers and injecting Cobalt Strike.

Published in Security Talk

There is an old saying that say, what someone can lock, someone else can unlock. This is usually used regarding attackers getting into a network or compromising protected data. It is not often applied to security researchers unlocking information encrypted by a major ransomware threat group. However, this is exactly what has happened as researchers at Kookmin University in South Korea say they have utilized a flaw in the encryption method used by Hive Ransomware to find a way to unlock it.

Published in Security Talk

Linux has always had something of a mystique about it. Regardless of the distro (flavor) of Linux there simply certain misconception around Linux that are both entertaining and concerning. One of my all-time favorites was/is that it is a “hacker” OS. This fun little misunderstand was so bad at one point that it was part of a parent’s guide on how to tell if your child is a hacker. Nothing says out of touch like labelling an entire OS line as a “hacker” OS. The other side of the coin is the belief that it is secure out of the box. In simple terms, no OS is secure out of the box, all of them have vulnerabilities including serious ones that allow for complete compromise.

Published in Security Talk

Researchers have identified Trickbot in use in campaigns targeting several financial institutions. These groups along with a few tech companies thrown in a predominantly in the US and appear to be using an evolved version of the malware to get in and avoid detection by legacy anti-malware (signature based). It is usually part of a targeted spearphishing campaign where poisoned office documents are either contain links to malicious websites or can contain HTA code to execute a PowerShell command to download the second stage of the malware.

Published in Security Talk

Life would not be the same without new popping up that one state level threat actor or another was attacking and compromising US defense contractors or other businesses linked to US national security and defense. The counties of origin for these actors become a blur over time, although you do see some highlighted depending on current political trends. The two most often bandied about are Russia and China with North Korea getting an honorable mention.

Published in Security Talk

Apache and their open-source tools have gotten a lot of press lately. After the Lgo4Shell vulnerability in their Log4J tool, and the massive response from vendors and security organizations we are now learning that researchers have discovered a remote code execution flaw in the NoSQL database management tool Cassandra. This time, unlike Log4J flaw the disclosure comes with a patch already available for installation.

Published in Security Talk

Google has announced the release of a new version of Chrome. The new version comes with fixes for eight vulnerabilities. Once of these vulnerabilities CVE-2022-0609, which is describes as a user-after-free vulnerability is already being exploited in the wild. This has led them to advise users to updated Chrome as soon as possible to avoid compromise. The flaws were found by Google’s own Threat Analysis Group.

Published in Security Talk

A vulnerability disclosed and patched in January is rearing its ugly head. Identified as CVE-2022-21882, this vulnerability affects Windows 10, 11 and Windows Server. On its own it is a significant threat since is allows for a privilege escalation that can turn into a complete compromise of the targeted device. Not exactly what you want to leave open. The good news is that Microsoft released a patch for it in January.

Published in Security Talk

We first talked about the using the UEFI firmware as an attack vector (At Def Con 22 in 2014). Since that time there have been three identified and disclosed versions of malware that directly targeted this critical subsystem. That would seem to be a relatively small percentage given the time since it was first uncovered, the number of devices that operate using the UEFI firmware subsystem, and the time between then and now. However, this is only ones identified and in most of the identified cases were found because of the method of delivery for the OS payload. This begs the question, are there more out there that just have not been found?

Published in Security Talk
Page 1 of 2