Weekly in Security 202241

2022-10-10 to 2022-10-17

3 min read - 466 words

Introduction

Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2022-10-10 to 2022-10-17.

Vulnerabilities

CVE-2022-42889 - Apache Commons RCE

Initially, details were published on seclists.org. This one looks like Log4Shell. However, It does not yet have a logo nor a name, so it’s must not be that bad. Lazytom on Twitter has some additional initial information. Essentially, the StringSubstitutor works with ${} notation for numerous interpolations. This vulnerability can lead to remote code execution.

Remotely exploitable kernel WiFi vulnerabilities

The initial report was posted on lwn.net. In all, the report includes 5 CVEs all affecting the WLAN stack in Linux. Shortly afterwards, a PoC was released on Github. Some of the 5 CVEs can be lead to a remote code execution and are exploitable over the air.

Interesting Reads

Caffeine Phishing-as-a-Service Platform

The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform | Mandiant

Dream Security

A new dream team for information security has emerged. Sebastian “Basit” Kurz, Austria’s ex-chancelor who left his office following crimincal allegations and scandals, will be VP business development. Shalev Hulio, primarily known for his role with the NSO Group. Dream - derives from an abbreviation of Detect, Respond and Management of all aspects of cybersecurity for organizations with industrial installations.

Toyota Data Breach

GitGuardian published an article with details on the Toyota data breach. A subcontractor had published a portion of the T-Connect source code on Github. The repo included a hardcoded access key.

Invisibility Cloak for object detection

This research dated back to 2020. The researcher from University of Maryland Computer Science published their studies on creating adversarial attacks on object detectors. The research paper is available under 10.48550/arXiv.1910.14667.

How Wi-Fi spy drones snooped on financial firm

@Laughing_Mantis published a thread on a drone based attack via Wi-Fi. Incidence reponse started based on suspicious activity on a confluence server. The team discovered two modified DJI drones with Wi-Fi equipment on the roof. Both were basically carrying a tiny computer, a battery pack, a modem and a wifi device.

Similar ideas have already been proposed, e.g., at BlackHat Europe 16.

Tools

RedEye

RedEye is a visual analytic tool supporting Red & Blue Team operations The tool parses logs, such as those from Cobalt Strike, and presents the data in an easily digestible format.

RedEye is a way to digest/ingest Cobalt Strike logs from a penetration test or Red Team engagement that uses Cobalt Strike, make them queryable, and present them in a graphical/timeline format. RedEye can help Red Teams quickly organize thoughts around what happened and when rather than manually pouring through thousands of lines of text.

Havoc

Havoc is a modern and malleable post-exploitation command and control framework, created by @C5pider.