InfoSec Weekly
Sept 17, 2023
Table Of Contents
Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems
Description
Memory corruption flaws were found in the ncurses library, affecting Linux and macOS systems. Threat actors could exploit these vulnerabilities through environment variable poisoning to gain elevated privileges and execute malicious code within a program’s context. Microsoft, along with Apple, addressed these flaws in April 2023. The vulnerabilities involved manipulating environment variables like TERMINFO to achieve privilege escalation. They encompassed various issues, including a stack information leak, parameterized string type confusion, off-by-one error, and heap out-of-bounds during TERMINFO database parsing, and denial-of-service with canceled strings. While these vulnerabilities had the potential to allow attackers to take control of a program, exploiting memory corruption vulnerabilities necessitated a multi-stage attack, such as chaining the stack information leak for arbitrary read access with the heap overflow for write access.
Infected Technology
Ncurses – Programming Library
Source
https://thehackernews.com/2023/09/microsoft-uncovers-flaws-in-ncurses.html
Recommendation
Microsoft said it worked with Apple on remediating the macOS-specific issues related to these flaws.
CVE ID
CVE-2023-29491
North Korea’s Lazarus Group Suspected in $31 Million CoinEx Heist
Description
Since June 2023, the Lazarus Group, which has ties to North Korea, has stolen approximately $240 million in cryptocurrencies, a huge increase in its hacking activity. The famed hacker squad is allegedly suspected of stealing $31 million in digital assets from the CoinEx exchange on September 12, 2023, according to numerous reports from Certik, Elliptic, and ZachXBT. The crypto robbery intended for CoinEx is the latest in a succession of recent attacks that also cost $100 million for Atomic Wallet, $37.3 million for CoinsPaid, $60 million for Alphapo, and 41 million for Stake.com.
Infected Technology
• coinEx Exchange
Source
https://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html?m=1
Recommendation
• Use hardware wallets or paper wallets to store your cryptocurrency offline. This reduces the risk of online attacks like hacking and phishing. • Enable 2FA wherever possible, especially on cryptocurrency exchange accounts. This adds an extra layer of security.
Kubernetes Vulnerability Allows Remote Code Execution
Description
A significant security vulnerability has been detected in Kubernetes. This flaw has the potential to allow threat actors to execute code with elevated SYSTEM privileges on Windows endpoints within a Kubernetes Cluster. Successful exploitation of this vulnerability relies on having the “apply” privileges within the Kubernetes environment, which grants access to the Kubernetes API. The attack is initiated by uploading a malicious YAML file into the cluster. This particular security issue has been labeled as CVE-2023-3676 and has received a high severity score of 8.8 on the Common Vulnerability Scoring System (CVSS).
Infected Technology
• Kubernetes
Source
https://cybersecuritynews.com/kubernetes-command-injection-flaw/
Recommendation
• Organizations should promptly upgrade to the latest version of Kubernetes to mitigate the risk of exploitation
CVE ID
CVE-2023-3676
TikTok Hit with Staggering $345 Million Fine: The Latest in Its Ongoing Battle with Regulators
Description
In a dramatic twist of events, the popular social media giant TikTok has found itself in the crosshairs of regulators once again, facing a jaw-dropping $345 million fine. This colossal penalty comes as the latest chapter in TikTok’s ongoing struggle with global regulatory bodies over concerns related to data privacy, security, and algorithmic transparency.
Infected Technology
• TikTok’s Technology Infrastructure
Source
https://thehackernews.com/2023/09/tiktok-faces-massive-345-million-fine.html
Recommendation
•Independent audits of TikTok’s data security and privacy practices might be mandated to ensure strict compliance with industry standards and regulations.
Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability
Description
Adobe’s September 2023 Patch Tuesday update includes a critical patch for an actively exploited security vulnerability in Acrobat and Reader. This flaw, identified as CVE-2023-26369 and rated 7.8 in severity on the CVSS scale, affects Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020. It is described as an out-of-bounds write vulnerability that could allow attackers to execute malicious code by opening a specially crafted PDF document. Adobe has confirmed limited in-the-wild attacks targeting Adobe Acrobat and Reader using this vulnerability but has not disclosed further details about the attacks or the issue itself.
Infected Technology
• Adobe Acrobat Reader
Source
https://thehackernews.com/2023/09/update-adobe-acrobat-and-reader-to.html
Recommendation
• Update Adobe product time to time and avoid using cracked versions
Ready to get started?
Don’t let the attacker get the upper hand – protect your services with our expertise. Contact us now and stay ahead of the game.
Contact Us