CySec News
GitLab has issued a security update to address a critical vulnerability that could lead to remote code execution (RCE). The vulnerability could allow an authenticated user to achieve remote code execution via the ‘Import from GitHub API’ endpoint, an advisory from GitLab reads. Tracked as CVE-2022-2884, the security issue is present in GitLab Community Edition (CE) and Enterprise Edition (EE) versions 11.3.4 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1.
Reference: https://portswigger.net/daily-swig/gitlab-patches-critical-remote-code-execution-bug
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2022-0028 (CVSS score: 8.6), is a URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to carry out reflected and amplified TCP denial-of-service (DoS) attacks.
Reference: https://thehackernews.com/2022/08/cisa-warns-of-active-exploitation-of.html
Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps.
Reference: https://thehackernews.com/2022/08/researchers-find-counterfeit-phones.html
Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is “as nasty as Dirty Pipe.” Dubbed DirtyCred by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw (CVE-2022-2588) to escalate privileges to the maximum level.
Reference: https://thehackernews.com/2022/08/as-nasty-as-dirty-pipe-8-year-old-linux.html
More than 200 malicious packages have been discovered infiltrating the PyPI and npm open source registries this week. These packages are largely typosquats of widely used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers.
Reference: https://www.bleepingcomputer.com/news/security/241-npm-and-pypi-packages-caught-dropping-linux-cryptominers/
Windows servers and workstations at dozens of organizations started to crash earlier today because of an issue caused by certain versions of VMware’s Carbon Black endpoint security solution.
Reference: https://www.bleepingcomputer.com/news/security/vmware-carbon-black-causing-bsod-crashes-on-windows/
WordPress sites are being hacked to display fake Cloudflare DDoS protection pages to distribute malware that installs the NetSupport RAT and the RaccoonStealer password-stealing Trojan.
Reference: https://www.bleepingcomputer.com/news/security/wordpress-sites-hacked-with-fake-cloudflare-ddos-alerts-pushing-malware/
Microsoft has released Sysmon 14 with a new ‘FileBlockExecutable’ option that lets you block the creation of malicious executables, such as EXE, DLL, and SYS files, for better protection against malware.
Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-sysmon-can-now-block-malicious-exes-from-being-created/
DarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It typically delivers popular information stealers and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine. While it appears to primarily deliver commodity malware, Secureworks® Counter Threat Unit™ (CTU) researchers identified DarkTortilla samples delivering targeted payloads such as Cobalt Strike and Metasploit. It can also deliver “addon packages” such as additional malicious payloads, benign decoy documents, and executables. It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging.
Reference: https://otx.alienvault.com/pulse/6304f0ff85acf796fe08ef9c
LockBit 3.0 aka “LockBit Black”, noted in June of this year has coincided with a large increase of victims being published to the LockBit leak site, indicating that the past few months has heralded a period of intense activity for the LockBit collective.
Reference: https://otx.alienvault.com/pulse/630496070829b833c5cccc36
CVE’s of the Week
Cisco
| CVE-2022-20914 |
| CVE-2022-20869 |
| CVE-2022-20852 |
| CVE-2022-20820 |
| CVE-2022-20816 |
| CVE-2022-20713 |
Dell
| CVE-2022-34365 |
| CVE-2022-33931 |
| CVE-2022-33930 |
| CVE-2022-33929 |
| CVE-2022-33928 |
| CVE-2022-33927 |
| CVE-2022-33926 |
| CVE-2022-33925 |
| CVE-2022-33924 |
| CVE-2022-29090 |
Fortinet
| CVE-2022-27484 |
| CVE-2022-23442 |
| CVE-2022-22299 |
Microsoft
VMWare
| CVE-2022-31675 |
| CVE-2022-31674 |
| CVE-2022-31673 |
| CVE-2022-31672 |
| CVE-2022-22983 |
