Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2023-02-06 to 2023-02-13.
The double-free vulnerability was introduced in July 2022 and was reported in January 2023. JFrog Security Research team published a detailed analysis for the vulnerability. Qualys Threat Research Unit created a demonstration of the vulnerability with the technical details published on seclists. While the double-free vulnerability in OpenSSH version 9.1 may raise concerns, it is essential to note that exploiting this issue is no simple task
Avast discovered that the massively popular Dota 2 video game was using a V8 Javasccript engine from 2018. During their research they also discovered malicious content exploiting CVE-2021-38003 in V8 by a single author. At first they discoverd a test, which contained a lot of debug statements and was presumably used to develop a working exploit. The blog article contains a detailed summary.
Phishing is nevertheless still active and kicking
This blog post by SSE provides an insight in techniques and procedures for phishing in 2023.
Visual Studio Code provides a Remote Development feature. PfiatDe did a test and verified this would serve as a valid and stealthy C2 channel.
Little Bobby Tables has grown up, and now he’s playing with graphs. The article provides an overview of the different attacks observed on graph databases.
A security researcher at Cyberark received a SMSishing message. As expected, the researcher started to track down the origin of the attack. Based on an insecure server configuration he was able to infiltrate the telegram channels for the phishing campaign. The whole story is described here
Picus published an article some time ago with a summary overview of T1486.
The OpenSSF engaged Trail of Bits to review the security of cURL. The audit report and the threat model are already published. The blog article describes a bit the process of fuzzing argv.
Symantec published an article on the Frebniis malware. The new technique involves injecting malicious code into the memory of a DLL file (iisfreb.dll) related to an IIS feature used to troubleshoot and analyze failed web page requests. The Frebniis malicious injected code parses all received HTTP POST requests for /logon.aspx or /default.aspx along with a parameter password set to ‘7ux4398!’. If the password matches, Frebniis decrypts and executes a section of the injected code, which is .NET executable code consisting of the main backdoor functionality. No executables are saved to disk in this process, keeping the backdoor completely stealthy.
AI generated images have come a long way with the recent hype. However, it seems to have problems with generating humand hands, see 1, 2. Turning this problem around, could wearing a fake finger like FINGERring result in regular footage looking like AI generate footage?
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
The tool was created by Matt Keeley of Bishop Fox and featured in their blog and webcast.
The SpecterOps project management and reporting engine