cRyPtHoN™ INFOSEC (EN)

2022-05-22 19:27:53 WordPress theme Jupiter patches critical privilege escalation flaw.

Users urged to update systems amid reports of active exploitation

A critical vulnerability present among 90,000-plus active installations of the Jupiter WordPress theme allows for the takeover of target websites.

Although attackers must be authenticated to exploit the privilege escalation flaw, which has a CVSS score of 9.9, they only need to do so as a subscriber or customer. For websites that allow users to self-register, this offers little protection against potential attacks.

The bug, along with another, high severity vulnerability and a trio of medium severity flaws, has been patched by the theme’s developer, ArtBees, according to a blog post published on Wednesday (May 18) by Wordfence.

https://portswigger.net/daily-swig/wordpress-theme-jupiter-patches-critical-privilege-escalation-flaw

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-22 19:25:02 North Korea-linked Lazarus APT uses Log4J to target VMware servers.

North Korea-linked Lazarus APT is exploiting the Log4J remote code execution (RCE) in attacks aimed at VMware Horizon servers.

North Korea-linked group Lazarus is exploiting the Log4J RCE vulnerability (CVE-2021-44228) to compromise VMware Horizon servers.

Multiple threat actors are exploiting this flaw since January, in January VMware urged customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks.

Researchers from the Ahnlab ASEC analysis team reported that since April 2022 the Lazarus APT has been exploiting the RCE in attacks against VMware Horizon installs exposed online.

https://securityaffairs.co/wordpress/131483/apt/lazarus-apt-log4j-vmware-servers.html

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-22 19:20:43 Pwn2Own 2022: Windows 11, Ubuntu, Firefox, Safari, Tesla and more hacked.

The hacking event Pwn2Own took place from May 18 to May 20 of 2022. This year, security researchers managed to hack Windows 11 and Ubuntu, Firefox, Safari, Microsoft Teams, a Tesla and other targets successfully during the three days of the event.

Pwn2Own is a yearly event that brings together security researchers from all over the world. On the 15th anniversary of the event, 17 security researchers attempted to exploit 21 targets across multiple categories.

On day 1 of the event, researchers managed to hack Microsoft Teams, Oracle VirtualBox, Mozilla Firefox, Microsoft Windows 11, Apple Safari, and Ubuntu Desktop. Microsoft Teams and Ubuntu Desktop were hacked successfully multiple teams during the day.

https://www.ghacks.net/2022/05/21/pwn2own-2022-windows-11-ubuntu-firefox-safari-tesla-and-more-hacked/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-22 19:14:40 Galleon NTS-6002-GPS Command Injection vulnerability.

Galleon Systems’ GPS NTP time server had a command injection vulnerability in the firmware of their NTS GPS device which could allow total control of the device through the web management interface.

A vulnerability was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 #4. A low privilege authenticated attacker can perform command injection as the root user, by supplying shell metacharacters to forms on the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address).

https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-22 19:09:40 Google: Predator spyware infected Android devices using zero-days.

Google's Threat Analysis Group (TAG) says that state-backed threat actors used five zero-day vulnerabilities to install Predator spyware developed by commercial surveillance developer Cytrox.

In these attacks, part of three campaigns that started between August and October 2021, the attackers used zero-day exploits targeting Chrome and the Android OS to install Predator spyware implants on fully up-to-date Android devices.

"We assess with high confidence that these exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different government-backed actors who used them in at least the three campaigns discussed below," said Google TAG members Clement Lecigne and Christian Resell.

https://www.bleepingcomputer.com/news/security/google-predator-spyware-infected-android-devices-using-zero-days/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-22 19:02:39 Breach exposed data of half-million Chicago students, staff.

CHICAGO (AP) — The personal information of more than half a million Chicago Public Schools students and staff was compromised in a ransomware attack last December, but the vendor didn’t report it to the district until last month, officials said.

The data breach occurred Dec. 1 and technology vendor Battelle for Kids notified CPS April on 26, the district said Friday. A server used to store student and staff information was breached and four years’ worth of records were accessed, CPS said.

https://apnews.com/article/technology-chicago-education-data-privacy-4013e749b2d1cd57604b3e5e1db7f30e

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-22 18:47:08 Deepfake attacks can easily trick live facial recognition systems online.

Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

https://www.theregister.com/2022/05/22/ai_in_brief/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-22 18:27:31 Nikkei Says Customer Data Likely Impacted in Ransomware Attack.

Asian media giant Nikkei has disclosed a ransomware attack that might have impacted customer data.

Based in Tokyo, Nikkei, Inc. is a media company specialized in business, financial, and industry news, and which owns Financial Times and The Nikkei. With a daily circulation of over 3 million, The Nikkei is the world's largest financial newspaper.

On Thursday, Nikkei announced that a server at its headquarters in Singapore was infected with ransomware last week.

“Unauthorized access to the server was first detected on May 13, prompting an internal probe. Nikkei Group Asia immediately shut down the affected server and took other measures to minimize the impact,” the media giant said.

https://www.securityweek.com/nikkei-says-customer-data-likely-impacted-ransomware-attack

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-19 12:29:34 Popular websites leaking user email data to web tracking domains.

Data harvested without consent and before forms are submitted in many cases, researchers claim

Email addresses typed into online forms are often handed over to web trackers before being submitted and without user consent, a systematic study by computer scientists has discovered.

Email addresses – or identifiers derived from them – are apparently being used by data brokers and advertisers for cross-site and cross-platform identification of computer users.

As part of an investigation into how data from online forms is used for tracking, a team of four computer scientists measured the extent of email and password collection prior to form submission by analyzing the top 100,000 websites.

https://portswigger.net/daily-swig/popular-websites-leaking-user-email-data-to-web-tracking-domains

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment

2022-05-19 12:18:29 Skiff Mail is a new end-to-end encrypted email service, but should you use it?

Skiff Mail has been launched to the public, it is a new end-to-end encrypted email service provider. The company says that it focuses on protecting the privacy of its users.

The service is Web3 native, you can visit this page to sign up for a free personal account.

Though Skiff Mail's blog post says that users get 10GB of free cloud storage space for signing up for a personal account, the Pricing page which you can access from the settings shows that you only have 1GB of space. Email isn't the only thing that Skiff can do, you can save notes in Markdown format, code blocks, edit and create documents too.

https://www.ghacks.net/2022/05/18/skiff-mail-end-to-end-encrypted-email-privacy-policy/

@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv Open / Comment