INFOSEC

Secjuice Squeeze 74

Welcome to the Secjuice Squeeze, a lovingly curated selection of interesting security articles and infosec news that you may have missed.

Abartan Dhakal, Andy74, Tony Kelly, Prasanna, Nishith K, Ross Moore

Aug 1, 2021 • 10 min read

Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Ross Moore, Andy74, Prasanna, Nishith K and Mars Groves.

Critical Jira Flaw in Atlassian Could Lead to RCE

The software-engineering platform is urging users to patch the critical flaw ASAP.

Everyone cites that 'bugs are 100x more expensive to fix in production' research, but the study might not even exist

"Software research is a train wreck," says Hillel Wayne, a Chicago-based software consultant who specialises in formal methods, instancing the received wisdom that bugs are way more expensive to fix once software is deployed.

Neglecting Cybersecurity Isn’t Just Risky. It’s Reckless. | Law.com

Robust protection against cyberthreats is a big investment. Like a spare tire or a smoke detector, better to have and not need it, rather than need and not have it. But chances are, you’re going to need it.

Researchers Flag 7-Years-Old Privilege Escalation Flaw in Linux Kernel (CVE-2021-33909)

A vulnerability (CVE-2021-33909) in the Linux kernel’s filesystem layer that may allow attackers root privileges has been found.

Pre-Auth RCE in ManageEngine OPManager

Vulnerability Summary ManageEngine OpManager is a popular Java-based network monitoring solution used by large companies such as NASA, DHL or Siemens. Among other things, it allows the monitoring of network devices such as routers, webcams, servers, firewalls, and others. In this post we present a critical deserialization vulnerability which allows an unauthenticated attacker to execute arbitrary system commands with root or Administrator privileges. The vulnerability not only affects ManageEngine OpManager but also other products that are based upon OpManager such as ManageEngine NetFlow Analyzer.

Fake Windows 11 installers infecting devices with adware, malware

Windows 11 isn’t yet released, but hackers seem to be too inclined to exploit its release by providing fake, malware-infected downloads and previews of the new operating system. According to Kaspersky’s latest report, there has been a significant rise in the volume of bogus Win 11 installers.

WebContent->EL1 LPE: OOBR in AppleCLCD / IOMobileFrameBuffer

The vulnerability is in a flow called from the external method 83 of AppleCLCD/IOMFB (which is IOMobileFramebufferUserClient::s_displayed_fb_surface).

A new chapter for Google’s Vulnerability Reward Program

A little over 10 years ago, we launched our Vulnerability Rewards Program (VRP). Our goal was to establish a channel for security researchers to report bugs to Google and offer an efficient way for us to thank them for helping make Google, our users, and the Internet a safer place.

Burp Suite Certified Practitioner | Web Security Academy

Take control of your security career - become a Burp Suite Certified Practitioner to demonstrate and prove your web security testing skills.

Olympics Broadcaster Announces His Computer Password on Live TV

In what is, at least so far, the biggest cybersecurity blunder of the Tokyo Olympics, an Italian TV announcer did not realize he was on air when he asked the password for his computer.

Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attack

Apple on Monday patched a zero-day vulnerability in its iOS, iPadOS, and macOS operating systems, only a week after issuing a set of OS updates addressing about three dozen other flaws.

Hiding Malware inside a model of a neural network

Researchers demonstrated how to hide malware inside an image classifier within a neural network in order to bypass the defense solutions. Researchers Zhi Wang, Chaoge Liu, and Xiang Cui presented a technique to deliver malware through neural network models to evade the detection without impacting the performance of the network.

Several Bugs Found in 3 Open-Source Software Used by Several Businesses

Rapid7 discloses vulnerabilities in 3 open source software used by several small and midsized businesses.

Read more at thehackernews.com

Google launches new Bug Hunters vulnerability rewards platform

Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof.

Read more at bleepingcomputer.com

New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email

Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software.

Read more at thehackernews.com

Hackers Turning to 'Exotic' Programming Languages for Malware Development

A growing number of cybercriminals are shifting from conventional programming languages to "exotic" programming languages.

Read more at thehackernews.com

UC San Diego Health discloses data breach after phishing attack

UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees' email accounts.

Read more at bleepingcomputer.com

A Controversial Tool Calls Out Thousands of Hackable Websites

PunkSpider is back, and crawling hundreds of millions of sites for vulnerabilities.

Technical Advisory – Sunhillo SureLine Unauthenticated OS Command Injection (CVE-2021-36380)

Technical Advisory - Sunhillo SureLine Unauthenticated OS Command Injection (CVE-2021-36380).

fail2ban - Remote Code Execution - research.securitum.com

This article is about the recently published security advisory for a pretty popular software, fail2ban (CVE-2021-32749). It is about a bug that may lead to Remote Code Execution.

Microsoft warns of credential-stealing NTLM relay attacks against Windows domain controllers

To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller.

How to create a positive and effective cybersecurity environment instead of a shame culture

You can catch more flies with honey than vinegar. Learn some tips to establish a positive reinforcement cybersecurity culture rather than a blame-and-shame game.

Critical Vulnerability Found in Sunhillo Aerial Surveillance Product | SecurityWeek.Com

An unauthenticated OS command injection in the Sunhillo SureLine application could be abused for the execution of commands with root privileges.

Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System

Cisco Talos recently discovered multiple vulnerabilities in the CODESYS Development System.The CODESYS Development System is the IEC 61131-3 programming tool for industrial control and automation technology, available in 32- and 64-bit versions.

Vulnerability Spotlight: Use-after-free vulnerabilities in Foxit PDF Reader

Foxit PDF Reader is one of the most popular PDF document readers currently available. As a complete and feature-rich PDF reader, it supports JavaScript for interactive documents and dynamic forms.TALOS-2021-1294 (CVE-2021-21831), TALOS-2021-1307 (CVE-2021-21870) and TALOS-2021-1336 (CVE-2021-21893) are all use-after-free vulnerabilities that exist in the PDF Reader that could lead to an adversary gaining the ability to execute arbitrary code on the victim machine. An attacker needs to trick a user into opening a specially crafted, malicious PDF to exploit these vulnerabilities.

macOS Malware Steals Account Logins Of Telegram, Chrome, And More

The XCSSET macOS malware scans infected systems for folders containing sensitive details like account logins to hack accounts.

Multiple Web Apps Vulnerable Via Forgot Password Feature

Exploiting the Forgot Password feature lets an adversary conduct DNS cache poisoning attacks against web apps to takeover accounts and more.

Numerous Vulnerabilities Discovered In Telegram Encryption Protocol

While not easy to exploit, the vulnerabilities in Telegram encryption protocol risked the security and integrity. Telegram fixed the bugs.

From Stolen Laptop to Inside the Company Network — Dolos Group

What can you do with a stolen laptop? Can you get access to our internal network? That was the question a client wanted answered recently. Spoiler alert: Yes, yes you can. This post will walk you through how we took a “stolen” corporate laptop and chained several exploits together to get inside the client’s corporate network.

Ransomware Families: 2021 Data to Supplement the Unit 42 Ransomware Threat Report

We discuss the propagation of different ransomware families we observed in the wild in early 2021 and the different types of extortion used.

Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them

Uptycs Threat Research outline how malicious Linux shell scripts are used to cloak attacks and how defenders can detect and mitigate against them.

Finders, cheaters: RCE bug in Moodle e-learning platform could be abused to steal data, manipulate results

A critical security vulnerability in a popular e-learning platform could be abused to allow access to students’ data and test papers – and possibly even manipulate exam results.

Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs

An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "unusual" campaign.

Read more at thehackernews.com

New Android Malware Uses VNC to Spy and Steal Passwords from Victims

A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud.

Read more at thehackernews.com

Top 30 Critical Security Vulnerabilities Most Exploited by Hackers

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to swiftly weaponize publicly disclosed flaws to their advantage.

Read more at thehackernews.com

The Top 5 Zero-Day Attacks of the 21st Century

Zero-Day attacks in Cybersecurity have become weapons of choice at the hands of bad actors over the past several years. But what does this term mean and how has this tactic evolved to become such a prevalent threat?

Amazon hit by record $887 million EU privacy fine - WISH-TV | Indianapolis News | Indiana Weather | Indiana Traffic

(CNN) — Amazon faces a record-breaking €746 million (roughly $887 million) fine after a European Union data privacy regulator said the e-commerce giant had violated the bloc’s signature privacy law, known as GDPR, in an advertising-related decision.

Serious Vulnerabilities Found in Firmware Used by Many IP Camera Vendors | SecurityWeek.Com

IP cameras from a dozen vendors are exposed to remote attacks due to serious vulnerabilities found in the firmware they all use.

CISA Announces New Vulnerability Disclosure Policy (VDP) Platform | CISA

Last fall, we issued the final version of Binding Operational Directive (BOD 20-01), which was issued in support of the Office of Management and Budget M-20-32, “Improving Vulnerability Identification, Management, and Remediation”. This Directive reflects CISA’s commitment to strengthening cybersecurity and resilience for federal civilian agencies by requiring agencies to establish policies enabling the public to contribute and report vulnerability disclosures. Recognizing that policies alone are not sufficient, we also announced plans to launch a vulnerability disclosure platform service in the near future. Today, the future arrived.

Criminals are using call centers to spread ransomware in a crafty scheme - CyberScoop

An ongoing ransomware campaign that employs phony call centers to trick victims into downloading malware may be more dangerous than previously thought, Microsoft researchers say. Because the malware isn’t in a link or document within the email itself, the scam helps attackers bypass some phishing and malware detecting services, Microsoft researchers noted in a report Thursday. When the company first examined it in May, the scheme features attackers posing as subscription service providers who lure victims onto the phone to cancel a non-existent subscription. Once there, the call center worker guides them to download malware onto their computer. Researchers now say that the malware not only allows hackers a one-time backdoor into the device, as previously thought, but to also remotely control the affected system.

Security Researchers Issue New Windows 11 Warning

Microsoft has finally announced that Windows 11 is now available as a beta version for the first time. Previously, it was only officially available as a relatively buggy developer build from the Windows Insider Program Dev channel. Not that this has prevented it from being an incredibly popular download: Microsoft's CEO, Satya Nadella, has said, "more people have downloaded our early builds than any other Windows release or update in the history of our insider program." With the release of the Windows 11 beta, that popularity looks set to reach new heights. However, there is a downside. That appetite for getting a pre-launch look at the latest Windows operating system release has prompted security researchers at Kaspersky to issue a vital security warning.

Bypassing Windows 10 UAC with mock folders and DLL hijacking

A new technique uses a simplified process of DLL hijacking and mock directories to bypass Windows 10's UAC security feature and run elevated commands without alerting a user.

Read more at bleepingcomputer.com

Public print server gives anyone Windows admin privileges

A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a computer by installing a print driver.

Read more at bleepingcomputer.com

Why remote working leaves us vulnerable to cyber-attacks

A cyber-crime group known as REvil took meticulous care when picking the timing for its most recent attack - US Independence Day, 4 July. They knew many IT specialists and cyber-security experts would be on leave, enjoying a long weekend off work. Before long, more than 1,000 companies in the US, and at least 17 other countries, were under attack from hackers.

‘Death Kitty’ Ransomware Linked to South African Port Attack

South Africa’s port and rail company appears to have been targeted with a strain of ransomware that cybersecurity experts have linked to a series of high-profile data breaches likely carried out by crime gangs from Eastern Europe and Russia.

Hackers used never-before-seen wiper in recent attack on Iranian train system | ZDNet

SentinelOne analysts were able to recreate the July 9 attack and identify the threat actor behind it.

Biden: If U.S. has 'real shooting war' it could be result of cyber attacks

President Joe Biden on Tuesday warned that if the United States ended up in a "real shooting war" with a "major power" it could be the result of a significant cyber attack on the country, highlighting what Washington sees as growing threats posed by Russia and China.