Site icon Virus Removal Guides

Cyber Security Weekly Recap (09-15 Jan.)

Cyber Security 09 15 Jan 1024x635

Kubernetes Clusters Affected by the Kinsing Cryptomalware

The malicious actor who runs the Kinsing cryptojacking operation has been seen leveraging misconfigured and unprotected PostgreSQL servers in an attempt to get early access to Kubernetes environments. According to Microsoft, a significant number of clusters have been attacked in this way.

Details have emerged that the attacker is targeting servers running versions of PHPUnit, Liferay, WebLogic, and WordPress that are vulnerable to remote code execution with the idea of running malicious payloads on them.

Kinsing has attacked containerized environments in the past, by dropping bitcoin mining software through newly discovered bugs and misconfigured open Docker daemon API ports.

Numerous API Flaws Have Been Found in 16 of the World’s Largest Automakers

A number of vulnerabilities that may be used to track, unlock, and start automobiles, have been found to impact millions of vehicles across 16 car brands. If exploited, the flaws might have serious consequences for the privacy of car owners.

The software from Reviver, SiriusXM, and Spireon, as well as the automobile application programming interfaces (APIs) for Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, and Toyota, all have been found to have security flaws that could be targeted by hackers.

Some of the detected vulnerabilities might expose sensitive user data and corporate networks, while others could be used remotely to run arbitrary code.

According to the information that is available, the most severe vulnerability is related to Spireon’s telematics technology and could be used to get full administrator access, allowing an attacker to remotely upgrade device firmware and give arbitrary instructions to around 15.5 million cars.

Some of the vulnerabilities found in Mercedes-Benz might be used to provide access to internal apps through a poorly designed single sign-on (SSO) authentication method, while others could allow user account takeover and exposure of sensitive data.

Vulnerabilities found in the other car brands mentioned above might be exploited to provide unauthorized access to sensitive customer information, dealer portals, real-time GPS car tracking, license plate management for all Reviver customers, and even the ability to mark a vehicle as stolen.

After responsible disclosure, all of the security flaws have been addressed with patches, released by their individual manufacturers. 

Security researchers unite under the opinion that the findings are disturbing and highlight the need for a multilayered defensive approach to stopping future security flaws and possible attacks.

A Major Vulnerability in the “jsonwebtoken” Library, which is Used by Over 22,000 Projects, Was Recently Identified.

According to a study published by Palo Alto Networks Unit 42 researcher Artur Oleyarsh, the open-source jsonwebtoken (JWT) library has a critical security hole that, if abused, might allow remote code execution on the victim’s server. 

The flaw, identified as CVE-2022-23529 (CVSS score: 7.6), affects all versions of the library prior to version 8.5.1, and was fixed with the release of version 9.0.0 on December 21, 2022.

Security professionals are alarming that hackers have gotten considerably more skilled at exploiting newly disclosed vulnerabilities, greatly reducing the window of time between the delivery of a patch and the availability of an exploit.

Security Flaw in Chromium Browsers Putting Private Information at Risk

According to Imperva researcher Ron Masas, a previously unknown flaw in Google Chrome and other Chromium-based browsers, which stems from the browser’s interaction with symlinks while processing files and directories, could allow the theft of sensitive information.

As per the details that have been revealed, the vulnerability, known as SymStealer, is rooted in the misuse of symbolic link (symlink) following. It allows an attacker to circumvent a program’s normal protections against accessing unauthorized files and could be exploited to siphon files containing confidential information.

Fixes for the medium-severity flaw, tracked as (CVE-2022-3656), were provided by Google in October and November 2022 with versions 107 and 108.

Critical Control Web Panel RCE Vulnerability Is Being Actively Exploited By Hackers

Attackers are trying to take advantage of a newly fixed critical vulnerability in Control Web Panel (CWP), which lets remote code execution (RCE) happen on vulnerable systems with elevated privileges and without authentication.

This vulnerability, which has the CVE-2022-44877 identificator and a score of 9.8, affects all previous releases of the software product up to version 0.9.8.1147 and was fixed on October 25, 2022.

A report by NIST reveals that the vulnerability enables remote attackers to execute arbitrary OS commands through shell metacharacters in the login parameter.

According to the Shadowserver Foundation and GreyNoise, the flaw was exploited for the first time on January 6, 2023.

Control Web Panel, previously known as CentOS Web Panel, is a common server management tool for commercial Linux servers.

With exploits already being used in the wild, it’s important for users who rely on the program to update to the latest version.

Exit mobile version