One of the highlights of the week is the Pwn2Own competition. Participants have hacked many well-known applications. As for the rest of the news: as always, update your Cisco devices and Facebook, as usual, takes care of our privacy.
Welcome to the post! Don’t forget to check out Vulners team documentation reborn and write your feedback;)
- Vulnerabilities: VMware security products, Cisco EoL, Google;
- Tools: Kubesploit, GoTestWaf, Apple persistence tool;
- News: Facebook “data leak”, malware in Google play, Pwn2Own competitions and 72 hours to your update;
- Research: Have I Been Zucked? Microsoft research. Not a lot of bright stuff this week.
Feedback -> here
VMware has fixed several critical issues within Carbon Black Cloud Workload and VMware vRealize Operations (vROps).
The vulnerability in Carbon Black Cloud Workload was identified as CVE-2021-21982. It allows attackers to bypass authentication by manipulating the URL in the interface.
Two vulnerabilities were also identified in VMware vRealize Operations (vROps), a solution for monitoring, optimizing and troubleshooting virtual infrastructure performance:
- Vulnerability in the vROps API with the identifier CVE-2021-21975 is of the SSRF vulnerability type, which means it allows server-side request forgery. With its help any unauthorized intruder can steal administrator credentials and gain access to the application with maximum privileges, allowing to modify the application configuration and intercept any data in it.
- Administrator privileges allow to exploit the second vulnerability, CVE-2021-21983 (arbitrary file download), which will allow to execute any commands on the server
To fix the vulnerabilities, you should follow the recommendations in the VMware notice.
Cisco System, one of the largest manufacturers of networking equipment, has no plans to address a critical security vulnerability that affects multiple business router models. Instead, Cisco urged users to simply swap out their old vulnerable device for a new one.
CVE-2021-1459 is relevant for RV110W VPN firewall, RV130, RV130W and RV215W Small Business routers. When exploited, unauthenticated cybercriminals can remotely execute arbitrary code on a vulnerable device.
Google commented on April 1 and 5 Android security updates. It turned out that, among other patches, the critical CVE-2021-0430 vulnerability was closed, thanks to which a hacker could achieve code execution in a privileged process using a specially created file.
🔥🔥 A new post-exploitation framework for Kubernetes: Kubesploit 🔥🔥
Gotestwaf – An open-source Go project to test different web application firewalls (WAF) for detection logic and bypasses.
Scylla is an OSINT tool developed in Python 3.6. Scylla lets users perform advanced searches on Instagram & Twitter accounts, websites/webservers, phone numbers, and names. Scylla also allows users to find all social media profiles (main platforms) assigned to a certain username
PoisonApple: Command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cyber threat emulation purposes.
On the cybercriminal forum, the data of 533 million Facebook users were found. The following are publicly available: full usernames, their Facebook IDs, phone numbers, location information, email addresses, gender, occupation, country and city of residence, date of account creation, etc. Most of the victims are in the USA (32 million), Great Britain (10 million) and Russia (10 million).
Check Point discovered FlixOnline, an app that pretended to be a Netflix app, on the official Google store. It turned out that if a user granted certain rights to the malware, it would automatically reply to the victim’s WhatsApp messages. FlixOnline inserted a phishing link in its messages. The fake Netflix was removed from the Google Play Store, but it was downloaded 500 times in two months.
The biggest hacker competition, the spring Pwn2Own 2021, is over. This time it ended in a three-way draw between Team Devcore and OV, as well as the duo of IS experts Daan Koeper and Thijs Alkemade of Computest. In total, Pwn2Own participants earned $1,210,000 over the three days.
SAP together with Onapsis have released a new report on current cyber threats to users of the German manufacturer’s software. On average, you have 72 hours to safely update your software and hardware, and then attackers begin to act. We believe this time can be used as a guideline in local update policies
Phishing Trends With PDF Files in 2020: 5 Approaches Attackers Use: https://unit42.paloaltonetworks.com/phishing-trends-with-pdf-files
Have I Been Zucked? Two British students put together a site to search the leaked Facebook dataset. https://haveibeenzucked.com
Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting – Microsoft Security https://www.microsoft.com/security/blog/2021/04/01/automating-threat-actor-tracking-understanding-attacker-behavior-for-intelligence-and-contextual-alerting
Gamifying machine learning for stronger security and AI models – Microsoft Security https://www.microsoft.com/security/blog/2021/04/08/gamifying-machine-learning-for-stronger-security-and-ai-models
Detecting process injection with ETW: https://blog.redbluepurple.io/windows-security-research/kernel-tracing-injection-detection