Security Vulnerability Weekly 22/08/22 - Apple Vulnerability, Android Bugdrop Vulnerability, Wordpress, CISA, and recent Hacks to Mailchimp and Twilio
?? Francesco ?? Cipollone
Reduce risk - focus on vulnerabilities that matter - Contextual ASPM - CEO & Founder - Phoenix security - ??♂? Runner - ?? Application Security Cloud Security | 40 under 40 | CSA UK Board | CSCP Podcast Host
Article Extract of: https://appsecphoenix.com/security-vulnerability-weekly-22-08-22/
Previous Issues of vulnerability Weekly
This week we deep dive into Apple Vulnerability,?CISA new vulnerability for September, Bugdrop new android vulnerabilities, recent hacks to twilio exposing digital ocaean clients and Mailchimp hack
Appsec
WordPress Hacked by fake Cloudflare
WordPress sites are being hacked to display fake Cloudflare DDoS protection pages to distribute NetSupport RAT and the RaccoonStealer password-stealing Trojan.
DDoS is a distributed denial of service, a technique used to bring down a website utilizing a sheer amount of traffic.
A report by Sucuri, details the actors are hacking poorly protected WordPress sites to add a heavily obfuscated JavaScript payload that displays a fake Cloudflare protection DDoS screen.
Fake DDoS protection screen (Sucuri)
Clicking on the link results in a download of files?
When a user opens the security_install.iso, they will see a file called security_install.exe, which is a Windows shortcut that runs a PowerShell command from the debug.txt file.
How to protect
Admins should check the theme files of their WordPress sites, as according to Sucuri, this is the most common infection point in this campaign.
Malicious code found in jquery.min.js (Sucuri)
领英推荐
Additionally, it is advisable to employ file integrity monitoring systems to catch those JS injections as they happen and prevent your site from being a RAT distribution point.
CISA adds 7 vulnerabilities to the list of threats actively exploited by hackers?
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of bugs actively exploited by hackers, with the new flaws disclosed by Apple. Microsoft, SAP, and Google.
The seven vulnerabilities added on the 18 August, with CISA requiring all of them to be patched by September 8th, 2022.
Apple released macOS and iOS/iPadOS security updates on Wednesday for the CVE-2022-32893 and CVE-2022-32894 vulnerabilities, explaining that they could be exploited to perform code execution on vulnerable devices (see below for details)?
INFRA/Network
Apple Zero Day Vulnerability takes internet by storm
Apple is again in the eye of the storm, with two zero-day now patched. Apple has released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities.
The two zero day enables remote exploitation and access to the camera, microphone and executes code with the highest privileges.
The vulnerability might be actively exploited as Apple said in the recent release. We covered the other set of vulnerabilities in the previous version of Security Vulnerability of the Week 08/08/22?
The list of issues is below -
Those are added to the existing:
Both the vulnerabilities have been fixed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1
Apple on Thursday released a security update for Safari web browser (version 15.6.1) for macOS Big Sur and Catalina to patch the WebKit vulnerability fixed in macOS Monterey.
M.Sc | Security Engineer
2 年Thank you for insight ?? Francesco ?? Cipollone, you are killing it ??