Tag Archive for: Vulnerability

Google OAuth secrets exposed as account-hijacking MultiLogin vulnerability discovered

/in


Facepalm: OAuth is an open standard designed to share account information with third-party services, providing users with a simple way to access apps and websites. Google, one of the companies offering OAuth authentication to its users, is seemingly hiding some dangerous “secrets” in the protocol.

A malware developer was recently able to discover one of Google’s OAuth secrets, a previously unknown feature named “MultiLogin” that is responsible for synchronizing Google accounts across different services. MultiLogin accepts a vector of account ID and auth-login tokens, using such data for managing simultaneous sessions or seamlessly switching between user profiles.

MultiLogin is a Chromium feature that can be abused to compromise a user’s Google account. The “bug” was unveiled by a malware developer known as PRISMA in October 2023. The cyber-criminal shared details about a critical exploit designed to generate persistent cookies for “continuous” access to Google services, even after a user’s password reset.

The exploit was first revealed on PRISMA’s Telegram channel, and it was soon adapted by various malware groups as a new, potent tool to steal access credentials on users’ PCs. As highlighted by CloudSEK analysts, the 0-day exploit provided two key features for infostealer creators: session persistence, and valid cookie generation.

Cyber-criminals quickly adapted the new exploit, integrating even more advanced features to bypass Google’s security restrictions for token regeneration. Recent infostealer malware can infect a user’s PC, scan the machine for Chromium session cookies, then exfiltrate and send the data to remote servers controlled by cyber-criminals.

Thanks to MultiLogin, the stolen tokens can be used to log in with an OAuth identity even if the user changes their Google password. The exploit can be countered by completely logging out from the Google account, invalidating the session tokens and thus preventing further exploitation.

CloudSEK said that the MultiLogin exploit underscores the “complexity and stealth” of modern security threats. Google confirmed the session-stealing attack, saying that such kind of malware is not new. The company routinely upgrades its…

Source…

Alert: New Chrome Zero-Day Vulnerability Being Exploited

/in


Google, in light of recent events, has launched a critical update for a high-severity Chrome zero-day vulnerability. As per recent reports, Google claims that the vulnerability has been actively exploited. It’s worth noting that the vulnerability pertains to the WebRTC framework and, when exploited, can lead to program crashes or arbitrary code execution. Given its severity, it has raised significant online security risks

In this article, we’ll dive into details of the vulnerability and the countermeasures Google has implemented to keep the vulnerability from being exploited further.

 

Chrome Zero-Day Vulnerability Discovered


As of now, Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group (TAG) are the two personnel credited with discovering the vulnerability. However, details of any other security defects resulting in Google Chrome exploits have not been released till now, as it prevents further exploits. Despite this, Google has acknowledged that:

“An exploit for CVE-2023-7024 exists in the wild.”

The Chrome zero-day vulnerability, identified as CVE-2023-7024, is being described as a heap-based buffer overflow bug in the WebRTC framework. Those concerned about their internet browser safety and online security posture must know buffer overflows can be used for the execution of arbitrary code outside of the program’s implicit security policy. 

They can also be used to write function pointers pertaining to the attacker’s code. In cases where the exploit leads to arbitrary code execution, additional web browser security services can be subverted by the attacker. It’s worth mentioning that such browser vulnerabilities raise significant concerns pertaining to online security risks.

Google Chrome has widespread usage across multiple platforms and is often used by high-value targets. Such circumstances make exploiting the Chrome zero-day vulnerability a feasible option for threat actors, as it can be used to expand the attack surface once initial access has been acquired. 


Chrome Security Updates


As far as countermeasures for the vulnerability are concerned, Google has stated that: “Access to bug details and links may be kept restricted until…

Source…

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

/in


InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Pierluigi Paganini
December 17, 2023

The Mirai-based botnet InfectedSlurs was spotted targeting QNAP VioStor NVR (Network Video Recorder) devices.

In November, Akamai warned of a new Mirai-based DDoS botnet, named InfectedSlurs, actively exploiting two zero-day vulnerabilities to infect routers and video recorder (NVR) devices.

The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022. The experts reported the two vulnerabilities to the respective vendors, but they plan to release the fixes in December 2023.

At the time, the company did not reveal the names of the impacted vendors, the researchers determined that the bot also used default admin credentials to install the Mirai variants.

A close look at the ongoing campaign revealed that the bot also targets wireless LAN routers built for hotels and residential applications.

On December 6, The Akamai Security Intelligence Response Team (SIRT) published the first update to the InfectedSlurs advisory series. The security firm revealed that threat actors were exploiting a vulnerability, tracked as CVE-2023-49897 (CVSS score 8.0) that impacted several routers, including Future X Communications (FXC) AE1021 and AE1021PE wall routers, running firmware versions 2.0.9 and earlier.

The Akamai SIRT this week published an additional update after one of the affected vendors, QNAP, released advisory information and guidance. 

The experts reported that the InfectedSlurs botnet is exploiting a remote code execution (RCE) vulnerability, tracked as CVE-2023-47565 (CVSS score 8.0), in QNAP VioStor NVR (Network Video Recorder) devices.

The vulnerability affects VioStor NVR Versions 5.0.0 and earlier (5.0.0 released June 21, 2014).

“QNAP considers these devices discontinued for support; however, the vendor recommends upgrading VioStor firmware on existing devices to the latest available version. This issue had previously been patched, although it was never publicly reported/disclosed.” reads the advisory published by Akamai.

The Akamai SIRT discovered that the bot was running an exploit targeting QNAP VioStor NVR devices…

Source…

Xfinity Comes Clean On Citrix ‘Vulnerability’ and Cyber Attack

/in


With the Netflix film “Leave The World Behind” getting lots of attention for its central themes of cyber vulnerability and hacking possibilities that could cripple a nation, the subject of internet security is as important as ever.

For Comcast‘s Xfinity MVPD, it is now sharing details of a “data security incident” that transpired two months ago. And, it involves Citrix.

Source…