Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2022-11-21 to 2022-11-28.
An analysis dives into the details why the recently hyped OpenSSL vulnerability was not discovered via fuzzing. All of the fuzzers from the OpenSSL source tree are also automatically deployed to ClusterFuzz via OSS-Fuzz.
F5 published security advisory K97843387 for two High severity CVEs.
A researcher analyzed an emerging software supply chain attack on PyPI. Multiple packages lead them to a file on Github. They reported the offending repo and in the meantime were able to follow improvements on the code the attacker pushed to the repo. Subsequently, they opened an issue on the repository “This is malware” together with information about PyPI sources. After a few hours of additional updates the attackers noticed their repo had been burned. Consequently, they pushed a commit deleting all the files from the repo. However, the commit history still contains all the information.
Proofpoint published an analysis of Nighthawk. They observed campaigns with Nighthawk in September 2022. Nighthawk is the C2 framework released by MDSec in 2021. In the past threat actors heavily utilzed Cobalt Strike, followed by Sliver. As threat actors search for new tools, they will probably also turn to Nighthawk at some point.