Select Page
Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online

Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks.

News of in the wild exploitation comes on the heels of a proof-of-concept exploit code that surfaced online earlier this week by reverse-engineering the Java software patch in BIG-IP. The mass scans are said to have spiked since March 18.

The flaws affect BIG-IP versions 11.6 or 12.x and newer, with a critical remote code execution (CVE-2021-22986) also impacting BIG-IQ versions 6.x and 7.x. CVE-2021-22986 (CVSS score: 9.8) is notable for the fact that it’s an unauthenticated, remote command execution vulnerability affecting the iControl REST interface, allowing an attacker to execute arbitrary system commands, create or delete files, and disable services without the need for any authentication.

Successful exploitation of these vulnerabilities could lead to a full compromise of susceptible systems, including the possibility of remote code execution as well as trigger a buffer overflow, leading to a denial of service (DoS) attack.

 

images from Hacker News

Tesla Ransomware Hacker Pleads Guilty; Swiss Hacktivist Charged for Fraud

Tesla Ransomware Hacker Pleads Guilty; Swiss Hacktivist Charged for Fraud

The U.S. Department of Justice yesterday announced updates on two separate cases involving cyberattacks—a Swiss hacktivist and a Russian hacker who planned to plant malware in the Tesla company.

A Swiss hacker who was involved in the intrusion of cloud-based surveillance firm Verkada and exposed camera footage from its customers was charged by the U.S. Department of Justice (DoJ) on Thursday with conspiracy, wire fraud, and identity theft.

Till Kottmann (aka “deletescape” and “tillie crimew”), 21, of Lucerne, Switzerland, and their co-conspirators were accused of hacking dozens of companies and government agencies since 2019 by targeting their “git” and other source code repositories and posting the proprietary data of more than 100 entities on a website called git[.]rip, according to the indictment.

Kottmann is alleged to have cloned the source code and other confidential files containing hard-coded administrative credentials and access keys, using them to infiltrate the internal infrastructure of victims further and copy additional records and intellectual property. Additionally, the prosecutors said the U.S. Federal Bureau of Investigation (FBI) seized the domain that was used to publish hacked data online.

The defendant’s long list of victims includes Nissan, Intel, Mercedes-Benz, and many others, including the Verkada breach that happened earlier this month, thereby gaining access to more than 150,000 of the company’s cameras installed in various locations ranging from Tesla warehouses to gyms, psychiatric hospitals, and health clinics.

images from Hacker News

Hackers Infecting Apple App Developers With Trojanized Xcode Projects

Hackers Infecting Apple App Developers With Trojanized Xcode Projects

Cybersecurity researchers on Thursday disclosed a new attack wherein threat actors are leveraging Xcode as an attack vector to compromise Apple platform developers with a backdoor, adding to a growing trend that involves targeting developers and researchers with malicious attacks.

Dubbed “XcodeSpy,” the trojanised Xcode project is a tainted version of a legitimate, open-source project available on GitHub called TabBarInteraction that’s used by developers to animate iOS tab bars based on user interaction.

“XcodeSpy is a malicious Xcode project that installs a custom variant of the EggShell backdoor on the developer’s macOS computer along with a persistence mechanism,” SentinelOne researchers said.

Xcode is Apple’s integrated development environment (IDE) for macOS, used to develop software for macOS, iOS, iPadOS, watchOS, and tvOS.

Earlier this year, Google’s Threat Analysis group uncovered a North Korean campaign aimed at security researchers and exploit developers, which entailed the sharing of a Visual Studio project designed to load a malicious DLL on Windows systems.

images from Hacker News

New Zoom Screen-Sharing Bug Lets Other Users Access Restricted Apps

New Zoom Screen-Sharing Bug Lets Other Users Access Restricted Apps

A newly discovered glitch in Zoom’s screen sharing feature can accidentally leak sensitive information to other attendees in a call, according to the latest findings.

Tracked as CVE-2021-28133, the unpatched security vulnerability makes it possible to reveal contents of applications that are not shared, but only briefly, thereby making it harder to exploit it in the wild.

It’s worth pointing out that the screen sharing functionality in Zoom lets users share an entire desktop or phone screen, or limit sharing to one or more specific applications, or a portion of a screen. The issue stems from the fact that a second application that’s overlayed on top of an already shared application can reveal its contents for a short period of time.

“When a Zoom user shares a specific application window via the ‘share screen’ functionality, other meeting participants can briefly see contents of other application windows which were not explicitly shared,” SySS researchers Michael Strametz and Matthias Deeg noted. “The contents of not shared application windows can, for instance, be seen for a short period of time by other users when those windows overlay the shared application window and get into focus.”

images from Hacker News

Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites

Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites

A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution (RCE) without the need for prior access to a privileged account.

The flaws, which were discovered by independent security researchers Simon Scannell and Carl Smith, were reported to the MyBB Team on February 22, following which it released an update (version 1.8.26) on March 10 addressing the issues.

MyBB, formerly MyBBoard and originally MyBulletinBoard, is free and open-source forum software developed using PHP and MySQL. According to internet assets search engine Spyse, there are at least 2,100 potentially vulnerable domains that have MyBB installed.

According to the researchers, the first issue — a nested auto URL persistent XSS vulnerability (CVE-2021-27889) — stems from how MyBB parses messages containing URLs during the rendering process, thus enabling any unprivileged forum user to embed stored XSS payloads into threads, posts, and even private messages.

“The vulnerability can be exploited with minimal user interaction by saving a maliciously crafted MyCode message on the server (e.g. as a post or Private Message) and pointing a victim to a page where the content is parsed,” MyBB said in an advisory.

images from Hacker News