![]() ![]() ![]() CVE-2023-3079 is a type confusion bug in the Chrome JavaScript engine. This issue, CVE-2022-22706, seems to have only been used against Samsung phones, but it’s good to see the fix finally land in Android proper.Īnd on the browser side, Google security teams have also been busy, fixing a zero-day in Google Chrome. Google has fixed a bug in the Android Mali GPU driver that has been under active exploitation. Not to give away the punchline, but storing a password hash is less great when using the wrong hashing function, and when the hash itself can be used as a password. Speaking of passwords, RedTeam Pentesting found a password handling flaw in the STARCACE PBX, and used the opportunity to give a general lesson is proper password handling. The big news here is that LastPass has finally pushed everyone to 600,000 iterations of PBKDF2, the hashing function used to make password cracking much more challenging. If you have hung on to LastPass, you may have noticed something odd this week, when we were all logged out of our LastPass accounts with an update. Though with a sophisticated campaign, it’s quite possible that other exploits are in use for other targets. It’s a 0-click exploit, but has only been observed infecting iOS 15.7 and older devices. The infection vector for this exact malware seems to be CVE-2022-46690, triggered with an iMessage attachment. What’s particularly interesting is that network logs showed individual devices being reinfected. This appears to be a non-persistent infection, where a reboot does away with the malware. Once they knew what to look for, signs of this malware kit could be detected way back in 2019. This malware was detected via suspicious network traffic originating from iPhones, and appears to be a full blown APT toolkit. Researchers at Kaspersky found indicators of something new infecting iOS devices. Microsoft Threat Intelligence June 5, 2023 The threat actor has used similar vulnerabilities in the past to steal data & extort victims. Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. I told you Microsoft’s new threat actor names would be hilarious. It looks like the attacker behind the active exploitation is the ransomware group Clop, also tracked by Microsoft as Lace Tempest. Researchers at Huntress have pieced together what the attack actually looks like. The flaw was patched on the 31st, but several large business and government targets have been hit by attacks. The initial flaw is SQL injection, and when combined with other weaknesses, allows for full compromise of the MOVEit system. The MOVEit file transfer system is actively being exploited by a zero-day that first showed up on May 27. If it’s too late and you’ve recently scratched that voxel itch, it might be worth it to take a quick look for Indicators of Compromise (IoCs). ![]() This helps tremendously, but the safe move is to avoid downloading anything Minecraft related for a couple days, while the whole toolchain is inspected. Things have developed rapidly, and the malware fingerprints has been added to Windows Defender among other scanners. It was first noticed on June 1, and investigation was started, but the story didn’t become public until the 7th. jar files actually goes all the way back to mid-April, so it may take a while to discover all the places this malware has spread. It looks like the first of the malicious. Once the malware hit a popular developer, it began to really take off. This managed to hide the trapped files from view on the web interface, while still leaving them exposed when grabbed by the API. Once that information was exfiltrated from the LPS developer, the attacker seems to have taken manual actions, using the purloined permissions to upload similarly infected mod files, and then marking them archived. It also grabs credentials, cookies, cryptocurrency addresses, and the clipboard contents. The virus, now named fractureiser, installs itself into every other Minecraft-related. Where this gets ugly is in how much damage that one infection caused. After the test didn’t pan out, he removed the mod, but the malicious code had already run. Those mods looked interesting enough, that a developer for Luna Pixel Studios (LPS) downloaded one of them to test-run. It looks like things started when a handful of burner accounts uploaded malicious mods to Curseforge and Bukkit. Modded Minecraft is having a security moment, to match what we’ve seen in the Python and JavaScript repositories over the last few months. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |