Researcher Publishes PoC Exploit for Privilege Escalation Flaw (CVE-2023-0179) in Linux Kernel

From securityonline.info

A proof-of-concept (PoC) local privilege escalation (LPE) exploit for the vulnerability tracked as CVE-2023-0179 (CVSS score: 7.8) has been detailed by the security researcher TurtleARM.The flaw has been described as a stack-based buffer overflow in the Netfilter subsystem. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root. The flaw affects all Linux versions from 5.5 to 6.2-rc3.

Read more…

ProxyNotShell, OWASSRF, TabShell: Patch Your Microsoft Exchange Servers Now

From tenable.com

Several flaws in Microsoft Exchange Server disclosed over the last two years continue to be valuable exploits for attackers as part of ransomware and targeted attacks against organizations that have yet to patch their systems. Patching the flaws outlined below is strongly recommended.

Background

Over the last few years, threat actors from all walks of life have begun to favor a class of exploits found in Microsoft Exchange Server, a popular mail server used by tens of thousands of organizations around the world.

This shift began following the disclosure of ProxyLogon (CVE-2021-26855) and related vulnerabilities (CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) in March 2021. These vulnerabilities were originally exploited in the wild as zero days by a state-sponsored threat actor known as HAFNIUM.

In August 2021, following the disclosure of another set of Exchange Server vulnerabilities, dubbed ProxyShell, attackers actively searched for vulnerable Exchange Server instances to target. Both ProxyLogon and ProxyShell continue to be exploited over a year after they were disclosed and patched.

Read more…

Vulnerability Summary for the Week of January 23, 2023

From cisa.gov

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

Read more…

What SOCs Need to Know About Water Dybbuk, A BEC Actor Using Open-Source Toolkits

From trendmicro.com

BEC or Business Email Compromise is a significant problem for businesses around the world. According to the Federal Bureau of Investigation (FBI), BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. This amount accounts for a large share of the US$6.9 billion that Americans lost to the combination of ransomware, BEC, and financial scams, based on the FBI report. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail Transfer Protocol (SMTP) services like SendGrid to send emails designed to bypass the filters from email service providers and security services that protect emails. By using these genuine services (but with stolen accounts), scammers can legitimize their emails. These schemes, when combined with cybercrime and open-source tools, often lead to BEC campaigns that are highly effective and successful for the scammers. 

Read more…

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

From thehackernews.com

F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution.

The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP –

  • 13.1.5
  • 14.1.4.6 – 14.1.5
  • 15.1.5.1 – 15.1.8
  • 16.1.2.2 – 16.1.3, and
  • 17.0.0

Read more…

Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability

From thehackernews.com

Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances.

The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been described as a case of broken authentication with low attack complexity.

Read more…

GitHub Breach – Hackers Stole Code Signing Certificates From Repositories

From gbhackers.com

GitHub announced that it suffered a security breach in which unauthorized individuals obtained access to specific development and release planning repositories and stole encrypted code-signing certificates for the Desktop and Atom applications.

Hence, in order to avoid any potential misunderstandings, the company has made the decision to revoke the certificates exposed to public scrutiny.

There will be a limitation to the functionality of GitHub Desktop for Mac and Atom when these certificates are revoked.

Read more…