Secjuice Squeeze 73
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Tony Kelly, Andy74, Prasanna, and Mars Groves.
Exploit Development: Swimming In The (Kernel) Pool - Leveraging Pool Vulnerabilities From Low-Integrity Exploits, Part 2
Combining Part 1’s information leak vulnerability with a pool overflow vulnerability to obtain code execution via grooming the kLFH.
Learn more at connormcgarr.github.io
Schneider Electric fixes critical vulnerabilities in EVlink electric vehicle charging stations
Security flaws could allow an attacker to receive free vehicle charges, or lock up the charging station completely.
Read more at portswigger.net
15 Yr-Old Linux Netfilter Bug Let Hackers Bypass All Security Mitigations
Security expert Andy Nguyen has recently detected a 15-Year-Old Linux Netfilter Bug that allows any attackers to bypass all the modern security measures.
Read more at gbhackers.com
Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability
Researcher Uncover Yet Another Unpatched Windows Printer Spooler Vulnerability.
Read more at thehackernews.com
Top CVEs Trending with Cybercriminals
An analysis of criminal forums reveal what publicly known vulnerabilities attackers are most interested in.
Read more at threatpost.com
Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely
Learn more at thehackernews.com
Google Patched Another Actively Exploited Chrome Zero-Day
Alongside this zero-day exploited actively, Google also fixed 7 other vulnerabilities with the release of Chrome 91.0.4472.164. Update now.
Read more at latesthackingnews.com
Researchers Found Zero-Day Bugs In Safari, Chrome, Internet Explorer
These zero-day bugs were exploited in three different campaigns targeting Chrome, Safari (iOS), and Internet Explorer users.
Read more at latesthackingnews.com
New Windows 10 vulnerability allows anyone to get admin privileges
Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files.
Read more at bleepingcomputer.com
Umbraco flags pending security patch for RCE vulnerability in forms package – updated
‘No indication that this vulnerability is being exploited in the wild’
Read more at portswigger.net
Evade Sandboxes With a Single Bit
Unit 42 has discovered a specific single bit (Trap Flag) in the Intel CPU register that can be abused by malware to evade sandbox detection.
Read more at unit42.paloaltonetworks.com
16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers
Hundreds of thousands of HP, Samsung, and Xerox printers are affected by a 16 year-old security issue.
Read more at thehackernews.com
This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection
Researchers warn about a new malware that hides among Windows Defender's exclusions to evade detection by the antivirus program.
Read more at thehackernews.com
Shlayer Malware: Continued Use of Flash Updates
Although Flash Player reached end of life for macOS in 2020, this has not stopped Shlayer operators from continuing to abuse it for malvertising campaigns.
Read more at crowdstrike.com
Vulnerability Exposes MicroLogix PLCs to Remote DoS Attacks
A vulnerability affecting Rockwell Automation’s MicroLogix 1100 controllers can be exploited for remote DoS attacks that cause the device to enter a persistent fault condition.
Read more at securityweek.com
Nasty Linux systemd security bug revealed
Qualsys has found an ugly Linux systemd security hole that can enable any unprivileged user to crash a Linux system. The patch is available, and you should deploy it as soon as possible. (213 kB)
Read more at zdnet.com
Fortinet fixes bug letting unauthenticated hackers run code as root
Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges.
Read more at bleepingcomputer.com
XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems
The XLoader Windows infostealer malware has now been upgraded to attack macOS users.
Read more at thehackernews.com
NPM package steals Chrome passwords on Windows via recovery tool
New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems. Additionally, this malware listens for incoming connections from the attacker's C2 server and provides advanced capabilities, including screen and camera access.
Read more at bleepingcomputer.com
New Windows and Linux Flaws Give Attackers Highest System Privileges
New Linux flaws and an unpatched privilege escalation flaw in Windows could let attackers gain the highest system privileges.
Read more at thehackernews.com
Oracle Releases July 2021 CPU With 342 Security Patches
Oracle on Tuesday announced the availability of a total of 342 new security patches as part of its July 2021 Critical Patch Update (CPU).
Read more at securityweek.com
Atlassian asks customers to patch critical Jira vulnerability
Atlassian is prompting its enterprise customers to patch a critical vulnerability in multiple versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers code execution abilities, due to a missing authentication flaw in Ehcache RMI.
Read more at bleepingcomputer.com
Dell Patches Critical Vulnerabilities in OpenManage Enterprise
Patches released this week by Dell for its OpenManage Enterprise product address multiple critical-severity vulnerabilities.
Read more at https://www.securityweek.com/dell-patches-critical-vulnerabilities-openmanage-enterprise
Popular Wi‑Fi routers still using default passwords making them susceptible to attacks
To mitigate the chances of their Wi-Fi home routers being compromised, users would do well to change the manufacturer’s default access credentials.
Read more at welivesecurity.com
HTA Files Distributed as Fake Chrome Patches for CVE-2021-30554
With new vulnerabilities come new updates and patches. Organizations have complex environments making it difficult to roll out patches quickly and often find themselves in a race to patch systems before threat actors can exploit them. (106 kB)
Read more at https://cofense.com/blog/hta-fake-chrome-patches/
Researchers find new attack vector against Kubernetes clusters via misconfigured Argo Workflows instances
The report notes that other security teams have discovered large-scale cryptocurrency mining attacks against Kubernetes clusters.
Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software
Nasty macOS Malware XCSSET has once again been updated in order to steal sensitive data from a variety of apps, including Chrome and Telegram.
Read more at thehackernews.com
Cyber attack disrupts major South African port operations
A cyber attack has disrupted container operations at the South African port of Cape Town, an email seen by Reuters on Thursday said.
Read more at reuters.com
No cyberattack in sprawling internet outage, Akamai says
A global internet outage on Thursday downed tens of thousands of websites, including those of giant corporations like McDonald’s and Delta Airlines, according to companies that track web statistics. But the company at the center of it says the downtime was not the result of a hack, data breach or other kind of malicious attack. Internet infrastructure company Akamai said it has fixed the issue that it began investigating shortly after noon EST. The specific problem was with Akamai Edge DNS, a service that touts its ability to provide constant Domain Name System availability. “Akamai can confirm this was not a cyberattack against Akamai’s platform,” the company said in a statement.
Read more at cyberscoop.com
Pegasus spyware seller: Blame our customers, not us, for hacking
NSO Group tells BBC News: "The finger-pointing should be at the customer."
Read more at bbc.com
‘If You’re Not A Criminal, Don’t Be Afraid’—NSO CEO On ‘Insane’ Hacking Allegations Facing $1 Billion Spyware Business
The Israeli entrepreneur behind the Pegasus surveillance tool says it is “insane” to link a leak of 50,000 potential spyware targets to his company.
The hard truth about ransomware: we aren’t prepared, it’s a battle with new rules, and it hasn’t…
I’ve talked about ransomware and extortion attacks on organizations for about a decade.
Read more at doublepulsar.com
