InfoSec Weekly

April 17, 2023

Table Of Contents

The critical vulnerability found in Hikvision Storage resulted in exposing video security data.

Description

The vendor named Hikvision has identified a vulnerability, assigned the identifier CVE-2023-28808, that affects certain products used by organizations for video security data storage. This vulnerability relates to access control, and an attacker could potentially exploit it by sending specially crafted messages to the targeted device to gain administrator permissions. However, the attacker would need to have network access to the device to do so. If exploited, the impact of the vulnerability could be significant, as the attacker could potentially delete video recordings, business data, backups, and cause other disruptions to the affected organization. The vendor has taken steps to address the vulnerability and has released patches that address the issue. The patches are included in version 2.3.8-8 for Hybrid SAN and version 1.1.4 for cluster storage devices. The vendor has provided detailed instructions on how to install the updates.

Infected Technology

Hikvision Hybrid SAN/Cluster Storage product

Source

https://www.securityweek.com/critical-vulnerability-in-hikvision-storage-solutions-exposes-video-security-data/

Recommendation

• Implement access control policies. • Limit network access and implement proper access control. • Conduct regular security audits and vulnerability assessments.

CVE ID
  • CVE-2023-28808

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Description

Google has released an emergency update to fix a high-severity vulnerability in the V8 JavaScript engine of its Chrome web browser, which is being actively exploited by attackers. The vulnerability, tracked as CVE-2023-2033, has been classified as a type of confusion issue that could potentially result in heap corruption via a maliciously crafted HTML page. The flaw was reported to Google by Clement Lecigne of Google’s Threat Analysis Group on April 11, 2023. Although Google confirmed the existence of an exploit, it did not provide any further details to prevent further attacks. This is the first zero-day bug addressed by Google since the start of the year.

Infected Technology

Google Chrome

CVE ID
  • CVE-2023-2033
Source

https://thehackernews.com/2023/04/google-releases-urgent-chrome-update-to.html?m=1

Hyundai Experiences Cybersecurity Issues: Breach and App Bugs

Description

Hyundai, the automotive manufacturer, has suffered a data breach affecting an unknown number of French and Italian car owners as well as people who booked test drives. The company has informed those affected by email, stating that the data breach was caused by an unauthorized third party. The data involved included personal contact details, such as addresses and phone numbers, as well as vehicle data, including chassis numbers. While the breach only involved limited information from test drives and some vehicle serial numbers, security experts have suggested it may have originated from a non-core website, as the number of websites and services managed by a global business-like Hyundai is extensive. In addition, security researchers on Twitter have uncovered flaws in Hyundai mobile apps, which could lead to remote attacks, enabling vehicles to be unlocked and started. Ted Miracco, CEO of Approov, said that modern cars are increasingly software-driven, which makes automotive companies more vulnerable to cyberattacks, particularly through mobile apps or devices.

Infected Technology

Hyundai

Source

https://www.infosecurity-magazine.com/news/hyundai-experiences-cybersecurity/

Recommendation

• Investigate the root cause of the breach. • Inform customers and test drivers through a public statement or press release. • Enhance security measures, including implementing multi-factor authentication and conducting regular security audits. • Address vulnerabilities in mobile apps by releasing patches or updates. • Educate employees and customers about cybersecurity best practices.


The Nokoyawa ransomware attacks have made use of a Windows zero-day vulnerability.

Description

Kaspersky reported that cybercriminals have been exploiting a zero-day vulnerability in Windows, specifically a privilege escalation flaw affecting the Common Log File System (CLFS) driver. The vulnerability allows an authenticated attacker to elevate privileges to System and has been used by a cybercrime group to deliver the Nokoyawa ransomware. Microsoft addressed the vulnerability, CVE-2023-28252, in its April 2023 Patch Tuesday updates, and warned that the vulnerability has been exploited in the wild. The CLFS subsystem has been found to have dozens of vulnerabilities over the past five years, with at least three of them being exploited in the wild.

Infected Technology

Windows Common Log File System (CLFS) driver.

CVE ID
  • CVE-2023-28252
Source

https://www.securityweek.com/windows-zero-day-exploited-in-nokoyawa-ransomware-attacks/

Recommendation

• Limit user privileges. • Monitor system logs. • Install the latest security updates.


Severe Android and Novi Survey Vulnerabilities Under Active Exploitation

Description

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation. The first vulnerability, CVE-2023-20963, relates to the Android Framework and has a CVSS score of 7.8. According to CISA, the Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed. Google, in its monthly Android Security Bulletin for March 2023, acknowledged “there are indications that CVE-2023-20963 may be under limited, targeted exploitation.” Pinduoduo, a Chinese e-commerce company, has already used the Android Framework flaw to distribute malware and access users’ data. The second vulnerability added to the KEV catalog relates to an insecure deserialization vulnerability in Novi Survey software. The flaw allows remote attackers to execute code on the server in the context of the service account. The issue, which impacts Novi Survey versions prior to 8.9.43676, was addressed by the Boston-based provider earlier this week on April 10, 2023. It’s currently not known how the flaw is being abused in real-world attacks. To counter the risks posed by the vulnerabilities, Federal Civilian Executive Branch (FCEB) agencies in the U.S. are advised to apply necessary patches by May 4, 2023. CISA’s advice comes after Pinduoduo used the Android Framework flaw to distribute malware and access users’ data. It’s worth noting that Google suspended Pinduoduo’s official app from the Play Store in March after identifying malware in “off-Play versions” of the software. The incident highlights the need for users to exercise caution when downloading apps from untrusted sources.

Infected Technology

Android Framework, Novi Survey

CVE ID
  • CVE-2023-28808
Source

https://thehackernews.com/2023/04/severe-android-and-novi-survey.html

Recommendation
  • Apply patches as soon as possible.


call to action image

Ready to get started?

Don’t let the attacker get the upper hand – protect your services with our expertise. Contact us now and stay ahead of the game.

Contact Us