Weekly in Security 202247

2022-11-21 to 2022-11-28

2 min read - 244 words

Introduction

Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2022-11-21 to 2022-11-28.

Vulnerabilities

Follow-up to CVE-2022-3602 in OpenSSL

An analysis dives into the details why the recently hyped OpenSSL vulnerability was not discovered via fuzzing. All of the fuzzers from the OpenSSL source tree are also automatically deployed to ClusterFuzz via OSS-Fuzz.

F5 BIG-IP Security Advisory

F5 published security advisory K97843387 for two High severity CVEs.

Interesting Reads

Disrupting a PyPI Software Supply Chain Attack

A researcher analyzed an emerging software supply chain attack on PyPI. Multiple packages lead them to a file on Github. They reported the offending repo and in the meantime were able to follow improvements on the code the attacker pushed to the repo. Subsequently, they opened an issue on the repository “This is malware” together with information about PyPI sources. After a few hours of additional updates the attackers noticed their repo had been burned. Consequently, they pushed a commit deleting all the files from the repo. However, the commit history still contains all the information.

Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice

Proofpoint published an analysis of Nighthawk. They observed campaigns with Nighthawk in September 2022. Nighthawk is the C2 framework released by MDSec in 2021. In the past threat actors heavily utilzed Cobalt Strike, followed by Sliver. As threat actors search for new tools, they will probably also turn to Nighthawk at some point.