Week 30, July 24-30, 2023
Week 30, July 24-30, 2023. Cybersecurity Weekly Updates.
This week in the world of cybersecurity:
Critical Zero-Days in Atera Windows Installers have surfaced, creating a risk of Privilege Escalation Attacks. In these circumstances, unauthorized users could potentially gain elevated system access, posing a significant threat to both data and system security. Google is strengthening its security by introducing End-to-End Encryption with MLS Protocol in Google Messages. This measure enhances data privacy by ensuring that messages can be read only by the sender and receiver. Linux systems have been hit by a new OpenSSH Vulnerability which exposes them to Remote Command Injection. Additionally, a major concern has arisen with a Security Flaw in Metabase BI Software, a widely used open-source business intelligence tool. A MikroTik RouterOS Vulnerability has exposed over half a million devices to potential hacking risks.
Common Vulnerabilities and Exposures (CVEs)
This section highlights some CVEs with CVSS score classified as critical.
CVE-2023-37266
CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can’t, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.
CVE-2022-47758
Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.
CVE-2023-2003
Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device’s data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device.
CVE-2023-38199
coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not block multiple Content-Type headers, which might allow attackers to bypass a WAF with a crafted payload, aka “Content-Type confusion.” This occurs when the web application relies on only the last Content-Type header.
Recent Tools and Techniques
These are some of the recent tools and techniques in the cyber-security sphere that have captured my attention.
Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux.
A tool for lateral movement using DCOM and DLL Hijacking
The Network Assessment Tool is a Python-based solution capable of analyzing network traffic from .pcap files to detect a variety of suspicious activities and cyber threats. The tool is specifically designed to identify a broad range of potential attacks such as DNS Tunneling, SSH Tunneling, TCP Session Hijacking, SMB Attack, SMTP or DNS Attack, IPv6 Fragmentation Attack, TCP RST Attack, SYN Flood Attack, UDP Flood Attack, and the Slowloris Attack. Additionally, it can detect packets containing certain suspicious keywords such as “password”, “login”, “admin”, and more. Upon identifying any suspicious activity, the tool promptly alerts users via console notifications.
DNS Reaper is a sub-domain takeover tool, distinguished by its exceptional accuracy, speed, and extensive collection of takeover signatures. With the ability to scan approximately 50 subdomains per second, each evaluated against over 50 takeover signatures, it facilitates comprehensive DNS estate scans in less than 10 seconds for most organizations. DNS Reaper specifically identifies if a domain has a broken cname record that could potentially be taken over through domain cname registration. The tool offers versatility, catering to the needs of both attackers/bug hunters and defenders. Users can execute the tool by providing a list of domains in a file or specifying a single domain on the command line. Upon scanning, DNS Reaper generates a CSV file with the results. As a defender, you can use DNS Reaper to fetch and assess your DNS records, conveniently connecting to your DNS provider to retrieve all records and subsequently test them. DNS Reaper supports AWS Route53, Cloudflare, and Azure, and offers guidelines for adding your own provider. For DevSecOps professionals, DNS Reaper can also be incorporated into pipelines, evaluating a list of intended provision domains and preemptively identifying potential takeovers.
wsrepl is an interactive websocket Read-Eval-Print Loop (REPL) designed with penetration testing in mind. The tool provides a user-friendly interface to both observe incoming websocket messages and send new ones, effectively establishing a platform for automating such communication. It stands out with its unique features like the ability to interactively send and receive websocket messages, customize headers, and handle ping/pong messages, amongst other parameters. wsrepl also adeptly handles SSL verification and reconnections. The tool offers plug-in support for automating complex interaction scenarios, ensuring that all communication is logged, and maintaining a comprehensive message history. Another key feature is its support for curl command-line arguments, which significantly eases the onboarding process from Developer Tools or Burp Suite, enabling the use of the ‘Copy as Curl’ menu and replacing curl with wsrepl.
That’s a wrap on this week’s edition of the Cyber-Security Update. Remember, the cyber-security landscape is ever-changing, and staying informed is your primary defense. Hopefully, the insights and information shared today will assist in navigating this complex domain and in strengthening defenses against potential threats. Stay vigilant, stay informed, and look forward to more insights into the world of cyber-security in next week’s edition.
To stay in sync with the weekly cyber-security roundups, remember to subscribe to the newsletter and follow on social media platforms. If there are any questions or specific topics you’d like to see covered, don’t hesitate to get in touch.