Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2022-08-29 to 2022-09-05.
This week GitLab published another Critical Security Release. Once again, a Remote Command Execution via GitHub import was part of the update. The respective CVE-2022-2992 has a CVSSv3 score of 9.9. The previous Critical Security Release from 2022-08-22 also listed a astonishing similar vulnerability CVE-2022-2884. The only difference seems to the be reporter.
The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) released Securing the Software Supply Chain for Developers. After examining the events that led up the SolarWinds attack, it was clear that investment was needed in creating a set of best practices that focused on the needs of the software developer. Securing the Software Supply Chain for Developers was created to help developers achieve security through industry and government-evaluated recommendations. This guidance consolidates valuable resources already published for developers to put to use.
The investigation was by Huntress published 2021-08-17. A user’s startup folder contained a suspicious file called “sysmon.lnk” which, upon investigation, was found to be executing a malicious Python script that injected a remote access Trojan (RAT) onto the system. The payload consisted of six consecutive payloads and included new offensive tooling. The analysis required custom scripts for de-obfuscation for the different stages. After extracting configuration from the RAT the deducted indicators of compromise (IOCs) showed 0 detections on VirusTotal (as of June 2021).
The 3rd Annual Binary Golf Grand Prix (BGGP3) was running from 2022-06-17 to 2022-09-02. The goal of is to find the smallest file which will crash a specific program. An overview of the 2020 and 2021 entries is available in netspooky/BGGP. This year’s results will be made public in the coming days, also via @binarygolf.