Secjuice Squeeze 74
Welcome to the Secjuice Squeeze, a lovingly curated selection of interesting security articles and infosec news that you may have missed.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Ross Moore, Andy74, Prasanna, Nishith K and Mars Groves.
Critical Jira Flaw in Atlassian Could Lead to RCE
The software-engineering platform is urging users to patch the critical flaw ASAP.
Read more at threatpost.com
Everyone cites that 'bugs are 100x more expensive to fix in production' research, but the study might not even exist
"Software research is a train wreck," says Hillel Wayne, a Chicago-based software consultant who specialises in formal methods, instancing the received wisdom that bugs are way more expensive to fix once software is deployed.
Read more at theregister.com
Neglecting Cybersecurity Isn’t Just Risky. It’s Reckless. | Law.com
Robust protection against cyberthreats is a big investment. Like a spare tire or a smoke detector, better to have and not need it, rather than need and not have it. But chances are, you’re going to need it.
Read more at law.com
Researchers Flag 7-Years-Old Privilege Escalation Flaw in Linux Kernel (CVE-2021-33909)
A vulnerability (CVE-2021-33909) in the Linux kernel’s filesystem layer that may allow attackers root privileges has been found.
Read more at linuxtoday.com
Pre-Auth RCE in ManageEngine OPManager
Vulnerability Summary ManageEngine OpManager is a popular Java-based network monitoring solution used by large companies such as NASA, DHL or Siemens. Among other things, it allows the monitoring of network devices such as routers, webcams, servers, firewalls, and others. In this post we present a critical deserialization vulnerability which allows an unauthenticated attacker to execute arbitrary system commands with root or Administrator privileges. The vulnerability not only affects ManageEngine OpManager but also other products that are based upon OpManager such as ManageEngine NetFlow Analyzer.
Read more at haxolot.com
Fake Windows 11 installers infecting devices with adware, malware
Windows 11 isn’t yet released, but hackers seem to be too inclined to exploit its release by providing fake, malware-infected downloads and previews of the new operating system. According to Kaspersky’s latest report, there has been a significant rise in the volume of bogus Win 11 installers.
Read more at hackread.com
WebContent->EL1 LPE: OOBR in AppleCLCD / IOMobileFrameBuffer
The vulnerability is in a flow called from the external method 83 of AppleCLCD/IOMFB (which is IOMobileFramebufferUserClient::s_displayed_fb_surface).
Read more at saaramar.github.io
A new chapter for Google’s Vulnerability Reward Program
A little over 10 years ago, we launched our Vulnerability Rewards Program (VRP). Our goal was to establish a channel for security researchers to report bugs to Google and offer an efficient way for us to thank them for helping make Google, our users, and the Internet a safer place.
Read more at googleblog.com
Burp Suite Certified Practitioner | Web Security Academy
Take control of your security career - become a Burp Suite Certified Practitioner to demonstrate and prove your web security testing skills.
Read more at portswigger.net
Olympics Broadcaster Announces His Computer Password on Live TV
In what is, at least so far, the biggest cybersecurity blunder of the Tokyo Olympics, an Italian TV announcer did not realize he was on air when he asked the password for his computer.
Read more at vice.com
Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attack
Apple on Monday patched a zero-day vulnerability in its iOS, iPadOS, and macOS operating systems, only a week after issuing a set of OS updates addressing about three dozen other flaws.
Read more at theregister.com
Hiding Malware inside a model of a neural network
Researchers demonstrated how to hide malware inside an image classifier within a neural network in order to bypass the defense solutions. Researchers Zhi Wang, Chaoge Liu, and Xiang Cui presented a technique to deliver malware through neural network models to evade the detection without impacting the performance of the network.
Read more at securityaffairs.co
Several Bugs Found in 3 Open-Source Software Used by Several Businesses
Rapid7 discloses vulnerabilities in 3 open source software used by several small and midsized businesses.
Read more at thehackernews.com
Google launches new Bug Hunters vulnerability rewards platform
Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof.
Read more at bleepingcomputer.com
New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email
Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software.
Read more at thehackernews.com
Hackers Turning to 'Exotic' Programming Languages for Malware Development
A growing number of cybercriminals are shifting from conventional programming languages to "exotic" programming languages.
Read more at thehackernews.com
UC San Diego Health discloses data breach after phishing attack
UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees' email accounts.
Read more at bleepingcomputer.com
A Controversial Tool Calls Out Thousands of Hackable Websites
PunkSpider is back, and crawling hundreds of millions of sites for vulnerabilities.
Read more at wired.com
Technical Advisory – Sunhillo SureLine Unauthenticated OS Command Injection (CVE-2021-36380)
Technical Advisory - Sunhillo SureLine Unauthenticated OS Command Injection (CVE-2021-36380).
Read more at research.nccgroup.com
fail2ban - Remote Code Execution - research.securitum.com
This article is about the recently published security advisory for a pretty popular software, fail2ban (CVE-2021-32749). It is about a bug that may lead to Remote Code Execution.
Read more at research.securitum.com
Microsoft warns of credential-stealing NTLM relay attacks against Windows domain controllers
To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller.
Read more at techrepublic.com
How to create a positive and effective cybersecurity environment instead of a shame culture
You can catch more flies with honey than vinegar. Learn some tips to establish a positive reinforcement cybersecurity culture rather than a blame-and-shame game.
Read more at techrepublic.com
Critical Vulnerability Found in Sunhillo Aerial Surveillance Product | SecurityWeek.Com
An unauthenticated OS command injection in the Sunhillo SureLine application could be abused for the execution of commands with root privileges.
Read more at securityweek.com
Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System
Cisco Talos recently discovered multiple vulnerabilities in the CODESYS Development System.The CODESYS Development System is the IEC 61131-3 programming tool for industrial control and automation technology, available in 32- and 64-bit versions.
Read more at talosintelligence.com
Vulnerability Spotlight: Use-after-free vulnerabilities in Foxit PDF Reader
Foxit PDF Reader is one of the most popular PDF document readers currently available. As a complete and feature-rich PDF reader, it supports JavaScript for interactive documents and dynamic forms.TALOS-2021-1294 (CVE-2021-21831), TALOS-2021-1307 (CVE-2021-21870) and TALOS-2021-1336 (CVE-2021-21893) are all use-after-free vulnerabilities that exist in the PDF Reader that could lead to an adversary gaining the ability to execute arbitrary code on the victim machine. An attacker needs to trick a user into opening a specially crafted, malicious PDF to exploit these vulnerabilities.
Read more at talosintelligence.com
macOS Malware Steals Account Logins Of Telegram, Chrome, And More
The XCSSET macOS malware scans infected systems for folders containing sensitive details like account logins to hack accounts.
Read more at latesthackingnews.com
Multiple Web Apps Vulnerable Via Forgot Password Feature
Exploiting the Forgot Password feature lets an adversary conduct DNS cache poisoning attacks against web apps to takeover accounts and more.
Read more at latesthackingnews.com
Numerous Vulnerabilities Discovered In Telegram Encryption Protocol
While not easy to exploit, the vulnerabilities in Telegram encryption protocol risked the security and integrity. Telegram fixed the bugs.
Read more at latesthackingnews.com
From Stolen Laptop to Inside the Company Network — Dolos Group
What can you do with a stolen laptop? Can you get access to our internal network? That was the question a client wanted answered recently. Spoiler alert: Yes, yes you can. This post will walk you through how we took a “stolen” corporate laptop and chained several exploits together to get inside the client’s corporate network.
Read more at dolosgroup.io
Ransomware Families: 2021 Data to Supplement the Unit 42 Ransomware Threat Report
We discuss the propagation of different ransomware families we observed in the wild in early 2021 and the different types of extortion used.
Read more at paloaltonetworks.com
Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them
Uptycs Threat Research outline how malicious Linux shell scripts are used to cloak attacks and how defenders can detect and mitigate against them.
Read more at threatpost.com
Finders, cheaters: RCE bug in Moodle e-learning platform could be abused to steal data, manipulate results
A critical security vulnerability in a popular e-learning platform could be abused to allow access to students’ data and test papers – and possibly even manipulate exam results.
Read more at portswigger.net
Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs
An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "unusual" campaign.
Read more at thehackernews.com
New Android Malware Uses VNC to Spy and Steal Passwords from Victims
A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud.
Read more at thehackernews.com
Top 30 Critical Security Vulnerabilities Most Exploited by Hackers
Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to swiftly weaponize publicly disclosed flaws to their advantage.
Read more at thehackernews.com
The Top 5 Zero-Day Attacks of the 21st Century
Zero-Day attacks in Cybersecurity have become weapons of choice at the hands of bad actors over the past several years. But what does this term mean and how has this tactic evolved to become such a prevalent threat?
Read more at securityboulevard.com
Amazon hit by record $887 million EU privacy fine - WISH-TV | Indianapolis News | Indiana Weather | Indiana Traffic
(CNN) — Amazon faces a record-breaking €746 million (roughly $887 million) fine after a European Union data privacy regulator said the e-commerce giant had violated the bloc’s signature privacy law, known as GDPR, in an advertising-related decision.
Read more at wishtv.com
Serious Vulnerabilities Found in Firmware Used by Many IP Camera Vendors | SecurityWeek.Com
IP cameras from a dozen vendors are exposed to remote attacks due to serious vulnerabilities found in the firmware they all use.
Read more at securityweek.com
CISA Announces New Vulnerability Disclosure Policy (VDP) Platform | CISA
Last fall, we issued the final version of Binding Operational Directive (BOD 20-01), which was issued in support of the Office of Management and Budget M-20-32, “Improving Vulnerability Identification, Management, and Remediation”. This Directive reflects CISA’s commitment to strengthening cybersecurity and resilience for federal civilian agencies by requiring agencies to establish policies enabling the public to contribute and report vulnerability disclosures. Recognizing that policies alone are not sufficient, we also announced plans to launch a vulnerability disclosure platform service in the near future. Today, the future arrived.
Read more at cisa.gov
Criminals are using call centers to spread ransomware in a crafty scheme - CyberScoop
An ongoing ransomware campaign that employs phony call centers to trick victims into downloading malware may be more dangerous than previously thought, Microsoft researchers say. Because the malware isn’t in a link or document within the email itself, the scam helps attackers bypass some phishing and malware detecting services, Microsoft researchers noted in a report Thursday. When the company first examined it in May, the scheme features attackers posing as subscription service providers who lure victims onto the phone to cancel a non-existent subscription. Once there, the call center worker guides them to download malware onto their computer. Researchers now say that the malware not only allows hackers a one-time backdoor into the device, as previously thought, but to also remotely control the affected system.
Read more at cyperscoop.com
Security Researchers Issue New Windows 11 Warning
Microsoft has finally announced that Windows 11 is now available as a beta version for the first time. Previously, it was only officially available as a relatively buggy developer build from the Windows Insider Program Dev channel. Not that this has prevented it from being an incredibly popular download: Microsoft's CEO, Satya Nadella, has said, "more people have downloaded our early builds than any other Windows release or update in the history of our insider program." With the release of the Windows 11 beta, that popularity looks set to reach new heights. However, there is a downside. That appetite for getting a pre-launch look at the latest Windows operating system release has prompted security researchers at Kaspersky to issue a vital security warning.
Read more at forbes.com
Bypassing Windows 10 UAC with mock folders and DLL hijacking
A new technique uses a simplified process of DLL hijacking and mock directories to bypass Windows 10's UAC security feature and run elevated commands without alerting a user.
Read more at bleepingcomputer.com
Public print server gives anyone Windows admin privileges
A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a computer by installing a print driver.
Read more at bleepingcomputer.com
Why remote working leaves us vulnerable to cyber-attacks
A cyber-crime group known as REvil took meticulous care when picking the timing for its most recent attack - US Independence Day, 4 July. They knew many IT specialists and cyber-security experts would be on leave, enjoying a long weekend off work. Before long, more than 1,000 companies in the US, and at least 17 other countries, were under attack from hackers.
Read more at bbc.com
‘Death Kitty’ Ransomware Linked to South African Port Attack
South Africa’s port and rail company appears to have been targeted with a strain of ransomware that cybersecurity experts have linked to a series of high-profile data breaches likely carried out by crime gangs from Eastern Europe and Russia.
Read more at bloomberg.com
Hackers used never-before-seen wiper in recent attack on Iranian train system | ZDNet
SentinelOne analysts were able to recreate the July 9 attack and identify the threat actor behind it.
Read more at zdnet.com
Biden: If U.S. has 'real shooting war' it could be result of cyber attacks
President Joe Biden on Tuesday warned that if the United States ended up in a "real shooting war" with a "major power" it could be the result of a significant cyber attack on the country, highlighting what Washington sees as growing threats posed by Russia and China.
Read more at reuters.com