πŸ”’
❌
There are new articles available, click to refresh the page.
Today β€” 10 August 2022Security News

CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems

10 August 2022 at 06:59
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 (CVSS score: 7.5), the issue concerns a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a

Microsoft Issues Patches for 121 Flaws, Including Zero-Day Under Active Attack

10 August 2022 at 06:12
As many asΒ 121 new security flawsΒ were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated Critical, 102 are rated Important, one is rated Moderate, and one is rated Low in severity. Two of the issues
Yesterday β€” 9 August 2022Security News

Microsoft Patch Tuesday, August 2022 Edition

9 August 2022 at 23:01

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server β€” including one that was disclosed publicly prior to today β€” and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.

In June, Microsoft patched a vulnerability in MSDT dubbed β€œFollina” that had been used in active attacks for at least three months prior. This latest MSDT bug β€” CVE-2022-34713 β€” is a remote code execution flaw that requires convincing a target to open a booby-trapped file, such as an Office document. Microsoft this month also issued a different patch for another MSDT flaw, tagged as CVE-2022-35743.

The publicly disclosed Exchange flaw is CVE-2022-30134, which is an information disclosure weakness. Microsoft also released fixes for three other Exchange flaws that rated a β€œcritical” label, meaning they could be exploited remotely to compromise the system and with no help from users. Microsoft says addressing some of the Exchange vulnerabilities fixed this month requires administrators to enable Windows Extended protection on Exchange Servers. See Microsoft’s blog post on the Exchange Server updates for more details.

β€œIf your organization runs local exchange servers, this trio of CVEs warrant an urgent patch,” said Kevin Breen, director of cyber threat research for Immerse Labs. β€œExchanges can be treasure troves of information, making them valuable targets for attackers. With CVE-2022-24477, for example, an attacker can gain initial access to a user’s host and could take over the mailboxes for all exchange users, sending and reading emails and documents. For attackers focused on Business Email Compromise this kind of vulnerability can be extremely damaging.”

The other two critical Exchange bugs are tracked as CVE-2022-24516 and CVE-2022-21980. It’s difficult to believe it’s only been a little more than a year since malicious hackers worldwide pounced in a bevy of zero-day Exchange vulnerabilities to remotely compromise the email systems for hundreds of thousands of organizations running Exchange Server locally for email. That lingering catastrophe is reminder enough that critical Exchange bugs deserve immediate attention.

The SANS Internet Storm Centerβ€˜s rundown on Patch Tuesday warns that a critical remote code execution bug in the Windows Point-to-Point Protocol (CVE-2022-30133) could become β€œwormable” β€” a threat capable of spreading across a network without any user interaction.

β€œAnother critical vulnerability worth mentioning is an elevation of privilege affecting Active Directory Domain Services (CVE-2022-34691),” SANS wrote. β€œAccording to the advisory, β€˜An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System.’ A system is vulnerable only if Active Directory Certificate Services is running on the domain. The CVSS for this vulnerability is 8.8.”

Breen highlighted a set of four vulnerabilities in Visual Studio that earned Microsoft’s less-dire β€œimportant” rating but that nevertheless could be vitally important for the security of developer systems.

β€œDevelopers are empowered with access to API keys and deployment pipelines that, if compromised, could be significantly damaging to organizations,” he said. β€œSo it’s no surprise they are often targeted by more advanced attackers. Patches for their tools should not be overlooked. We’re seeing a continued trend of supply-chain compromise too, making it vital that we ensure developers, and their tools, are kept up-to-date with the same rigor we apply to standard updates.”

Greg Wiseman, product manager at Rapid7, pointed to an interesting bug Microsoft patched in Windows Hello, the biometric authentication mechanism for Windows 10.Β  Microsoft notes that the successful exploitation of the weakness requires physical access to the target device, but would allow an attacker to bypass a facial recognition check.

Wiseman said despite the record number of vulnerability fixes from Redmond this month, the numbers are slightly less dire.

β€œ20 CVEs affect their Chromium-based Edge browser and 34 affect Azure Site Recovery (up from 32 CVEs affecting that product last month),” Wiseman wrote. β€œAs usual, OS-level updates will address a lot of these, but note that some extra configuration is required to fully protect Exchange Server this month.”

As it often does on Patch Tuesday, Adobe has also released security updates for many of its products, including Acrobat and Reader, Adobe Commerce and Magento Open Source. More details here.

Please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these updates, please drop a note about it here in the comments.

Microsoft Patch Tuesday for August 2022 fixed actively exploited zero-day

9 August 2022 at 21:25

Microsoft Patch Tuesday security updates for August 2022 addressed a zero-day attack remote code execution vulnerability in Windows.

Microsoft Patch Tuesday security updates for August 2022 addressed 118 CVEs in multiple products, including .NET Core, Active Directory Domain Services, Azure Batch Node Agent, Azure Real Time Operating System, Azure Site Recovery, Azure Sphere, Microsoft ATA Port Driver, Microsoft Bluetooth Driver, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Office, Microsoft Office Excel, Microsoft Office Outlook, Microsoft Windows Support Diagnostic Tool (MSDT), Remote Access Service Point-to-Point Tunneling Protocol, Role: Windows Fax Service, Role: Windows Hyper-V, System Center Operations Manager, Visual Studio, Windows Bluetooth Service, Windows Canonical Display Driver, Windows Cloud Files Mini Filter Driver, Windows Defender Credential Guard, Windows Digital Media, Windows Error Reporting, Windows Hello, Windows Internet Information Services, Windows Kerberos, Windows Kernel, Windows Local Security Authority (LSA), Windows Network File System, Windows Partition Management Driver, Windows Point-to-Point Tunneling Protocol, Windows Print Spooler Components, Windows Secure Boot, Windows Secure Socket Tunneling Protocol (SSTP), Windows Storage Spaces Direct, Windows Unified Write Filter, Windows WebBrowser Control, Windows Win32K.

Seventeen vulnerabilities have been rated as critical, the remaining ones are rated Important in severity.

Most of the flaws, 64, are escalation of privilege issues, followed by remote code execution, 31, and 12 information disclosure.

The IT giant addressed a remote code execution vulnerability, tracked as CVE-2022-34713, that resides in the Microsoft Windows Support Diagnostic Tool (MSDT), the flaw has been exploited by threat actors in the wild. An attacker can trigger the flaw by tricking the victims into opening specially crafted files.

Microsoft states that the issue is a variant of the Dogwalk vulnerability that was disclosed in June.

β€œThis bug also allows code execution when MSDT is called using the URL protocol from a calling application, typically Microsoft Word. There is an element of social engineering to this as a threat actor would need to convince a user to click a link or open a document.” reads the description provided by ZDI. β€œIt’s not clear if this vulnerability is the result of a failed patch or something new.”

Three flaws, tracked asΒ CVE-2022-30133,Β CVE-2022-35744, andΒ CVE-2022-34691, addressed by Microsoft with the release of Microsoft Patch Tuesday security updates for August 2022 are rated as critical and received a CVSS score of 9.8.

The first two flaws,Β CVE-2022-30133Β andΒ CVE-2022-35744, areΒ remote code execution issues that affect the Windows Point-to-Point Protocol (PPP), the third one (CVE-2022-34691)Β is a privilege escalation issue in Active Directory Domain Services.

Below is the full list of vulnerabilities fixed by Microsoft:

CVE Title Severity CVSS Public Exploited Type
CVE-2022-34713 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Important 7.8 Yes Yes RCE
CVE-2022-30134 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.6 Yes No EoP
CVE-2022-30133 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2022-35744 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2022-34691 Active Directory Domain Services Elevation of Privilege Vulnerability Critical 8.8 No No EoP
CVE-2022-33646 Azure Batch Node Agent Remote Code Execution Vulnerability Critical 7 No No RCE
CVE-2022-21980 Microsoft Exchange Server Elevation of Privilege Vulnerability Critical 8 No No EoP
CVE-2022-24477 Microsoft Exchange Server Elevation of Privilege Vulnerability Critical 8 No No EoP
CVE-2022-24516 Microsoft Exchange Server Elevation of Privilege Vulnerability Critical 8 No No EoP
CVE-2022-35752 RAS Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-35753 RAS Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-35804 SMB Client and Server Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2022-34696 Windows Hyper-V Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2022-34702 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-34714 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-35745 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-35766 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-35767 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-35794 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-34716 .NET Spoofing Vulnerability Important 5.9 No No Spoofing
CVE-2022-34685 Azure RTOS GUIX Studio Information Disclosure Vulnerability Important 7.8 No No Info
CVE-2022-34686 Azure RTOS GUIX Studio Information Disclosure Vulnerability Important 7.8 No No Info
CVE-2022-30175 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-30176 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-34687 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-35773 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-35779 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-35806 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-35776 Azure Site Recovery Denial of Service Vulnerability Important 6.2 No No DoS
CVE-2022-35802 Azure Site Recovery Elevation of Privilege Vulnerability Important 8.1 No No EoP
CVE-2022-35775 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35780 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35781 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35782 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35784 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35785 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35786 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35788 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35789 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35790 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35791 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35799 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35801 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35807 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35808 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35809 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35810 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35811 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35813 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35814 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35815 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35816 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35817 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35818 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35819 Azure Site Recovery Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2022-35774 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-35787 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-35800 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.9 No No EoP
CVE-2022-35783 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.4 No No EoP
CVE-2022-35812 Azure Site Recovery Elevation of Privilege Vulnerability Important 4.4 No No EoP
CVE-2022-35824 Azure Site Recovery Remote Code Execution Vulnerability Important Unknown No No RCE
CVE-2022-35772 Azure Site Recovery Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2022-35821 Azure Sphere Information Disclosure Vulnerability Important 4.4 No No Info
CVE-2022-34301 * CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass Important N/A No No SFB
CVE-2022-34302 * CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass Important N/A No No SFB
CVE-2022-34303 * CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass Important N/A No No SFB
CVE-2022-35748 HTTP.sys Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-35760 Microsoft ATA Port Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-33649 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Important 9.6 No No SFB
CVE-2022-33648 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-33631 Microsoft Excel Security Feature Bypass Vulnerability Important 7.3 No No SFB
CVE-2022-34692 Microsoft Exchange Information Disclosure Vulnerability Important 5.3 No No Info
CVE-2022-21979 Microsoft Exchange Information Disclosure Vulnerability Important 4.8 No No Info
CVE-2022-34717 Microsoft Office Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-35742 Microsoft Outlook Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-35743 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-35762 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35763 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35764 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35765 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35792 Storage Spaces Direct Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-33640 System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35754 Unified Write Filter Elevation of Privilege Vulnerability Important 6.7 No No EoP
CVE-2022-35777 Visual Studio Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-35825 Visual Studio Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-35826 Visual Studio Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-35827 Visual Studio Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-35750 Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35820 Windows Bluetooth Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-30144 Windows Bluetooth Service Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-35757 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.3 No No EoP
CVE-2022-34705 Windows Defender Credential Guard Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35771 Windows Defender Credential Guard Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-34704 Windows Defender Credential Guard Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-34710 Windows Defender Credential Guard Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-34712 Windows Defender Credential Guard Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-34709 Windows Defender Credential Guard Security Feature Bypass Vulnerability Important 6 No No SFB
CVE-2022-35746 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35749 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35795 Windows Error Reporting Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-34690 Windows Fax Service Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2022-35797 Windows Hello Security Feature Bypass Vulnerability Important 6.1 No No SFB
CVE-2022-35751 Windows Hyper-V Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35756 Windows Kerberos Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35761 Windows Kernel Elevation of Privilege Vulnerability Important 8.4 No No EoP
CVE-2022-34707 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35768 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-34708 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-35758 Windows Kernel Memory Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-30197 Windows Kernel Security Feature Bypass Important 7.8 No No SFB
CVE-2022-35759 Windows Local Security Authority (LSA) Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2022-34706 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-34715 Windows Network File System Remote Code Execution Vulnerability Important 9.8 No No RCE
CVE-2022-33670 Windows Partition Management Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-34703 Windows Partition Management Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-35769 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-35747 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability Important 5.9 No No DoS
CVE-2022-35755 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.3 No No EoP
CVE-2022-35793 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.3 No No EoP
CVE-2022-34701 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability Important 5.3 No No DoS
CVE-2022-30194 Windows WebBrowser Control Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2022-34699 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-33636 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Moderate 8.3 No No RCE
CVE-2022-35796 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Low 7.5 No No EoP
CVE-2022-2603 * Chromium: CVE-2022-2603 Use after free in Omnibox High N/A No No RCE
CVE-2022-2604 * Chromium: CVE-2022-2604 Use after free in Safe Browsing High N/A No No RCE
CVE-2022-2605 * Chromium: CVE-2022-2605 Out of bounds read in Dawn High N/A No No RCE
CVE-2022-2606 * Chromium: CVE-2022-2606 Use after free in Managed devices API High N/A No No RCE
CVE-2022-2610 * Chromium: CVE-2022-2610 Insufficient policy enforcement in Background Fetch Medium N/A No No SFB
CVE-2022-2611 * Chromium: CVE-2022-2611 Inappropriate implementation in Fullscreen API Medium N/A No No N/A
CVE-2022-2612 * Chromium: CVE-2022-2612 Side-channel information leakage in Keyboard input Medium N/A No No Info
CVE-2022-2614 * Chromium: CVE-2022-2614 Use after free in Sign-In Flow Medium N/A No No RCE
CVE-2022-2615 * Chromium: CVE-2022-2615 Insufficient policy enforcement in Cookies Medium N/A No No SFB
CVE-2022-2616 * Chromium: CVE-2022-2616 Inappropriate implementation in Extensions API Medium N/A No No N/A
CVE-2022-2617 * Chromium: CVE-2022-2617 Use after free in Extensions API Medium N/A No No RCE
CVE-2022-2618 * Chromium: CVE-2022-2618 Insufficient validation of untrusted input in Internals Medium N/A No No Spoofing
CVE-2022-2619 * Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings Medium N/A No No Spoofing
CVE-2022-2621 * Chromium: CVE-2022-2621 Use after free in Extensions Medium N/A No No RCE
CVE-2022-2622 * Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing Medium N/A No No Spoofing
CVE-2022-2623 * Chromium: CVE-2022-2623 Use after free in Offline Medium N/A No No RCE
CVE-2022-2624 * Chromium: CVE-2022-2624 Heap buffer overflow in PDF Medium N/A No No RCE

Follow me on Twitter: @securityaffairs and Facebook

PierluigiΒ Paganini

(SecurityAffairs – hacking, Microsoft Patch Tuesday)

The post Microsoft Patch Tuesday for August 2022 fixed actively exploited zero-day appeared first on Security Affairs.

Experts linked Maui ransomware to North Korean Andariel APT

9 August 2022 at 17:04

Cybersecurity researchers from Kaspersky linked the Maui ransomware to the North Korea-backed Andariel APT group.

Kaspersky linked with medium confidence the Maui ransomware operation to the North Korea-backed APT group Andariel, which is considered a division of the Lazarus APTΒ Group,Β 

North Korean nation-state actors used Maui ransomware to encrypt servers providing healthcare services, including electronic health records services, diagnostics services, imaging services, and intranet services.

Kaspersky experts noticed that approximately ten hours prior to deploying Maui ransomware to the initial target system, the threat actors deployed a variant of the well-known DTrack malware to the target preceded by 3proxy months earlier.Β Both malicious codes are recognized as part of Andariel’s arsenal.

Kaspersky experts discovered that the DTrack variant employed in the attacks against the Japanese, Russian, Indian, and Vietnamese companies has a code similarity of 84% to samples used in cyberespionage campaigns attributed to the Andariel APT.

The AndarielΒ APT (aka Stonefly) has been active since at least 2015, it was involved in several attacks attributed to the North Korean government.

The researchers speculate the threat actor is rather opportunistic and could potentially target any company around the world with good financial standing and with vulnerable Internet-exposed web services.

maui ransomware Andariel _Deploys_DTrack_and_Maui_Ransomware_02-1024x482

β€œBased on the modus operandi of this attack, we conclude that the actor’s TTPs behind the Maui ransomware incident is remarkably similar to past Andariel/Stonefly/Silent Chollima activity:

  • Using legitimate proxy and tunneling tools after initial infection or deploying them to maintain access, and using Powershell scripts and Bitsadmin to download additional malware;
  • Using exploits to target known but unpatched vulnerable public services, such as WebLogic and HFS;
  • Exclusively deploying DTrack, also known as Preft;
  • Dwell time within target networks can last for months prior to activity;
  • Deploying ransomware on a global scale, demonstrating ongoing financial motivations and scale of interestβ€œ

In April 2020, the U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation released aΒ joint advisoryΒ that is warning organizations worldwide about the β€˜significant cyber threat’ posed by the North Korean nation-state actors to the global banking and financial institutions.

At the time, the U.S. government also offered a monetary reward of up to $5 million to anyone who can provide β€˜information about the activities carried out by North Korea-linked APT groups. The authorities will also pay for information about past hacking campaigns.

In July, the U.S. State Department increased the rewards to $10 million.

People that have information on any individuals associated with the North Korea-linked APT groups (such asΒ Andariel,Β APT38,Β Bluenoroff, Guardians of Peace,Β Kimsuky, orΒ Lazarus Group) and who are involved in targeting U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act, may be eligible for a reward.

Follow me on Twitter: @securityaffairs and Facebook

PierluigiΒ Paganini

(SecurityAffairs – hacking, Maui ransomware)

The post Experts linked Maui ransomware to North Korean Andariel APT appeared first on Security Affairs.

  • There are no more articles
❌