Weekly in Security 202231

Introduction

Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2022-08-01 to 2022-08-08.

Technical Reads

CVE-2022-30333 - File Write vulnerability in unrar

Bypassing the symbolic link validation

• Unrar Path Traversal Vulnerability affects Zimbra Mail

BumbleBee Malware

@TheDFIRReport created a really nice overview of the BumbleBee malware campaign. Especially, the visual timeline provides an excellent overview of the utilized techniques. Google Threat Analysis Group provided a report on BumbleBee in March 2022.

• BumbleBee Roasts Its Way to Domain Admin – The DFIR Report
• Exposing initial access broker with ties to Conti
• Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware

Chinese C2 Framework

• Chinese hackers use new Cobalt Strike-like attack framework

Github cloned repos

• 35,000 code repos not hacked—but clones flood GitHub to serve malware

Tools

Pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments. Pacu (named after a type of Piranha in the Amazon) is a comprehensive AWS security-testing toolkit designed for offensive security practitioners.

• Pacu: The Open Source AWS Exploitation Framework - Rhino Security Labs
• RhinoSecurityLabs/pacu
• PACU Spencer Gietzen

Leonidas

Automated Attack Simulation in the Cloud, complete with detection use cases.

• FSecureLABS/leonidas