Tag Archive for: Wild

Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild

/in


Windows Print Spooler Vulnerability

A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned.

To that end, the agency has added the shortcoming to its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to address the issues by May 10, 2022.

CyberSecurity

Tracked as CVE-2022-22718 (CVSS score: 7.8), the security vulnerability is one among the four privilege escalation flaws in the Print Spooler that Microsoft resolved as part of its Patch Tuesday updates on February 8, 2022.

It’s worth noting that the Redmond-based tech giant has remediated a number of Print Spooler flaws since the critical PrintNightmare remote code execution vulnerability came to light last year, including 15 elevation of privilege vulnerabilities in April 2022.

Also added to the catalog are two other security flaws based on “evidence of active exploitation” –

  • CVE-2018-6882 (CVSS score: 6.1) – Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS)
  • CVE-2019-3568 (CVSS score: 9.8) – WhatsApp VOIP Stack Buffer Overflow Vulnerability

The addition of CVE-2018-6882 comes close on the heels of an advisory released by the Computer Emergency Response Team of Ukraine (CERT-UA) last week, cautioning of phishing attacks targeting government entities with the goal of forwarding victims’ emails to a third-party email address by leveraging the Zimbra vulnerability.

CyberSecurity

CERT-UA attributed the targeted intrusions to a threat cluster tracked as UAC-0097.

In light of real world attacks weaponizing the vulnerabilities, organizations are recommended to reduce their exposure by “prioritizing timely remediation of […] as part of their vulnerability management practice.”

Source…


[the_ad_group id="27628"]

Hey Alexa Go Hack Yourself: Researchers Detail Wild Self-Issued Smart Speaker Hijacks

/in


dot table

Did you ever get an Amazon delivery and not remember placing an order for the item? There are plenty of stories of this all over the internet, and sometimes those boil down to one too many cocktails in your attitude adjustment hour. What if we told you that maybe one of those times it wasn’t related to brain fog or blackouts, but some random person decided to order something for you through your own Amazon Echo device?

That’s what researchers from the University of London’s Royal Holloway, and Catania University in Italy discovered is entirely possible. Through a few different methods of either social engineering or just being nearby an Echo device, Alex can be activated and used fairly easily. Tested on the third generation of the Echo Dot, though believed to be exploitable via fourth gen devices as well, the researchers found that playing audio files with the right wake words will activate the Alexa Voice-enabled device it is playing from. Dubbed “Alexa Versus Alexa” by the researchers, the exploit can be used to order products, make modifications to settings, install skills, and a whole host of other functionality that the Echo device product line allows Amazon Echo Dot owners to take advantage of.

fixed social radio
Diagram Of Alexa Vs Alexa Exploit

An social engineering exploit example would be having someone activate an internet radio station that intentionally utilizes common activation terms. So pre-existing skills, like Echo’s Music and Radio skill, may play one of these stations that then let that device activate itself. Part of the reason this can be a really big problem is that Amazon’s Echo devices typically only validate account activity and actions during the initial setup of the device. Skill installation is a big deal for this because these are small apps that run directly on the device, and with the right malicious code they can potentially be a security threat. That creates a situation where once the vulnerability is activated, the attacker can issue any command that is at the disposal of the Echo device.

Amazon has issued a patch (check your software version here), which you can force by asking the device to ‘check for updates’. However, the issue remains if the attacker is in…

Source…

BabaDeda is out. RATDispenser is out in the wild. Phishng in Farsi. Microsoft bug proofs-of-concept. Apple sues NSO Group.

/in


Attacks, Threats, and Vulnerabilities

New PowerShortShell Stealer Exploits Recent Microsoft MSHTML Vulnerability to Spy on Farsi Speakers (Safebreach) SafeBreach Labs discovered a new Iranian threat actor using a Microsoft MSHTML Remote Code Execution (RCE) exploit for infecting Farsi-speaking victims with a new PowerShell stealer.

The BABADEDA Crypter – an Emerging Crypter targeting the Crypto, NFT, and DeFi communities (Morphisec) Morphisec Labs encountered a new malware called Babadeda targeting cryptocurrency enthusiasts through Discord. We reveal how it can be stopped.

RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild (HP Wolf Security) With a 11% detection rate, RATDispenser appears to be effective at evading security controls and delivering malware.

New JavaScript malware works as a “RAT dispenser” (The Record by Recorded Future) Cybersecurity experts from HP said they discovered a new strain of JavaScript malware that criminals are using as a way to infect systems and then deploy much dangerous remote access trojans (RATs).

PoC Exploit Published for Latest Microsoft Exchange Zero-Day (SecurityWeek) Proof-of-concept exploit code released for code execution flaw affecting on-prem Exchange 2016 and 2019 installations.

Exchange Server admins advised to patch vulnerable machines after POC exploit released for high-severity bug (Computing) Microsoft has described the flaw as having a high impact on data integrity, confidentiality and availability

New Security Shock For Millions Of Windows 10, 11 And Server Users (Forbes) A failed November Patch Tuesday fix could leave millions of Windows 10, Windows 11 and Windows Server users at risk of system takeover.

New Windows zero-day with public exploit lets you become an admin (BleepingComputer) A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server.

Serious Vulnerability Found in Imunify360 Web Server Security Product (SecurityWeek) A vulnerability in the Imunify360 security suite for web servers can be exploited for remote code execution using specially crafted files.

Recent…

Source…

Apple patches iOS vulnerability actively exploited in the wild

/in


Apple patched a zero-day vulnerability in iOS 15.0.2 on Monday that enabled remote code execution with kernel privileges.

The iOS vulnerability, CVE-2021-30883, impacts kernel extension IOMobileFrameBuffer. Apple described the flaw in its security advisory as a memory corruption issue and said it “may have been actively exploited.”

Apple said in the advisory that the newly patched bug impacts “iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).” The post said that the company has received “a report” of exploitation but did not elaborate further.

SearchSecurity asked Apple how widespread the exploitation was, but a spokesperson declined to comment.

Mobile security vendor ZecOps tweeted Tuesday that because the latest iOS vulnerability can be exploited from a browser, it is “perfect” for watering hole attacks.

Saar Amar, a researcher with the Microsoft Security Response Center (MSRC), published a technical blog about the vulnerability on GitHub that provided an overview of the bug and, broadly speaking, how it can be exploited. In the post, he called the vulnerability “great for jailbreaks” due to its accessibility via App Sandbox and showcased a proof of concept.

The origin of the zero-day is not known, and Apple credited the find to an “anonymous researcher.”

CVE-2021-30883 marks the latest flaw in a string of Apple zero-day vulnerabilities this year. More than a dozen such flaws have been exploited in the wild in 2021, several of which have impacted Apple’s WebKit browser engine.

In other vulnerability news, Apple has come under fire in recent weeks for its bug bounty program, which researchers have criticized for communication issues and, in some cases, an alleged lack of acknowledgement. From this frustration, one researcher publicly released three apparent zero-days last month.

Alexander Culafi is a writer, journalist and podcaster based in Boston.

Source…