This post covers 2022-11-21 to 2022-11-28.
Vulnerabilities#
Follow-up to CVE-2022-3602 in OpenSSL#
An analysis dives into the details why the recently hyped OpenSSL vulnerability was not discovered via fuzzing. All of the fuzzers from the OpenSSL source tree are also automatically deployed to ClusterFuzz via OSS-Fuzz.
F5 BIG-IP Security Advisory#
F5 published security advisory K97843387 for two High severity CVEs.
Interesting Reads#
Disrupting a PyPI Software Supply Chain Attack#
A researcher analyzed an emerging software supply chain attack on PyPI. Multiple packages lead them to a file on Github. They reported the offending repo and in the meantime were able to follow improvements on the code the attacker pushed to the repo. Subsequently, they opened an issue on the repository “This is malware” together with information about PyPI sources. After a few hours of additional updates the attackers noticed their repo had been burned. Consequently, they pushed a commit deleting all the files from the repo. However, the commit history still contains all the information.
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice#
Proofpoint published an analysis of Nighthawk. They observed campaigns with Nighthawk in September 2022. Nighthawk is the C2 framework released by MDSec in 2021. In the past threat actors heavily utilzed Cobalt Strike, followed by Sliver. As threat actors search for new tools, they will probably also turn to Nighthawk at some point.