Cisco and Fortinet release security patches for multiple products
On Wednesday, Cisco released patches for 10 security vulnerabilities across various products. One of these flaws, rated critically severe at 9.0, could potentially be exploited for absolute path traversal attacks. Identified as CVE-2022-20812 and CVE-2022-20813, these vulnerabilities impact Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). According to Cisco’s advisory, they could enable a remote attacker to overwrite arbitrary files or carry out null byte poisoning attacks on affected devices. In a related development, Fortinet addressed four high-severity vulnerabilities affecting FortiAnalyzer, FortiClient, FortiDeceptor, and FortiNAC. Successful exploitation of these vulnerabilities might allow an authenticated attacker to execute arbitrary code, retrieve and delete files, access MySQL databases, or even enable a local unprivileged actor to escalate to SYSTEM permissions.
Canada’s RCMP have been using powerful malware to snoop on people’s communications
Canada’s federal police force has revealed its utilization of surveillance software to penetrate mobile devices and gather information, including activating the camera and microphone of a suspect’s phone or laptop remotely. The Royal Canadian Mounted Police (RCMP) asserts that it resorts to such measures solely in the gravest of circumstances, resorting to them only when less intrusive methods prove unsuccessful. However, until now, the RCMP had not disclosed its capability to employ malicious software for hacking phones and other devices, despite having utilized such tools for several years. According to the RCMP, between 2018 and 2020, this technology was deployed in 10 investigations. In its documentation, the police force emphasizes the necessity for using spyware due to the diminished effectiveness of traditional wiretaps.
(Politico)
Online programming IDEs can be used to launch remote cyberattacks
Security experts caution that cybercriminals can exploit online programming education platforms to initiate cyber assaults, pilfer data, and scout for vulnerable systems, all through a web browser. One such platform, DataCamp, serves as a prime example, enabling threat actors to construct malicious tools, host or disseminate malware, and establish connections to external services. With nearly 10 million users, DataCamp offers integrated development environments (IDEs) catering to individuals keen on mastering data science across various programming languages and technologies like R, Python, Shell, Excel, Git, and SQL. Through its IDE, users can import Python libraries, download and compile repositories, and subsequently execute compiled programs—effectively providing everything a determined threat actor requires to launch a remote attack directly from within the DataCamp platform.
QNAP warns of new Checkmate ransomware targeting NAS devices
The NAS provider QNAP has issued a cautionary notice to its customers, urging them to fortify their devices against potential assaults employing Checkmate ransomware for data encryption. QNAP specifies that the attacks are targeted at QNAP devices accessible via the internet, particularly those with the SMB service enabled, coupled with accounts featuring easily penetrable weak passwords vulnerable to brute-force attacks. According to QNAP’s preliminary investigation, Checkmate infiltrates systems through SMB services exposed to the internet and utilizes a dictionary attack method to breach accounts with feeble passwords. Checkmate, a newly discovered strain of ransomware, emerged in attacks as early as May 28th.
Thanks to today’s episode sponsor, Votiro
North Korean hackers taking aim at health care with Maui ransomware
An advisory jointly issued by the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and the Treasury Department has highlighted the use of a ransomware variant known as “Maui” in targeted attacks against healthcare and public health institutions. According to an analysis by cybersecurity firm Stairwell, Maui stands apart from conventional ransomware-as-a-service (RaaS) models, notably lacking certain RaaS features like an integrated ransom note or automated mechanisms for transmitting encryption keys to attackers. Instead, Stairwell suggests that Maui is operated manually, with operators selecting specific files for encryption upon execution.
OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE
Developers behind the OpenSSL project have resolved a significant heap memory corruption flaw, identified as CVE-2022-2274, impacting the widely used library. This vulnerability perturbs the RSA implementation with 2048-bit private keys on certain systems, leading to memory corruption during computational processes. Exploitation of this flaw by a remote attacker could result in code execution on the affected machine while the computation is underway. The vulnerability was introduced in OpenSSL version 3.0.4, which was released on June 21, 2022.
Hack allows drone takeover via ‘ExpressLRS’ protocol
A vulnerability in the radio control system used for drones permits remote hijacking due to a flaw in the binding mechanism between the transmitter and receiver. According to a recent technical advisory released by NCCGroup, the exploit can be executed with minimal effort, exploiting the “highly optimized over-the-air packet structure” of the widely-used ExpressLRS protocol, providing simultaneous benefits in range and latency. The vulnerability arises from the transmission of link data within over-the-air packets, enabling a malicious third party to intercept the connection between the drone operator and the drone itself. By monitoring traffic between an ExpressLRS transmitter and receiver, an attacker could seize control of the communication, potentially leading to complete control over the targeted drone. Such a compromise could result in severe control issues, potentially causing a crash if the drone is airborne at the time of exploitation.
Virtual-world tech company owner arrested over alleged $45m investment fraud scheme
The proprietor of numerous metaverse enterprises has been apprehended for purported involvement in an investment fraud scheme that swindled over $45 million from more than 10,000 victims. Recently, the US Department of Justice (DoJ) announced the arrest of Neil Chandran, a resident of Las Vegas, on charges of fraud. Chandran, aged 50, is the owner of companies operating under the “ViRSE” umbrella, which includes Free Vi Lab, Studio Vi, ViDelivery, and ViMarket. These companies developed technologies for virtual worlds, including their own cryptocurrency, intended for utilization within their respective metaverse platforms. ViRSE describes itself as “the virtual universe of people, places, and content accessible from any internet-enabled device on this planet.”
(ZDNet)