AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/25/2022

Hundreds of HP printer models vulnerable to remote code execution

HP has published security advisories for three critical-severity vulnerabilities affecting hundreds of its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models. The first security bulletin warns about about a buffer overflow flaw that could lead to remote code execution on the affected machine. Tracked as CVE-2022-3942, the security issue was reported by Trend Micro’s Zero Day Initiative team. Although it comes with a severity score of 8.4 (high), as calculated with the Common Vulnerability Scoring System (CVSS), HP lists the bug’s severity as critical.

 

DEADBOLT – the ransomware that goes straight for your backups

In January 2021, reports surfaced of a backup-busting ransomware strain called Deadbolt, apparently aimed at small businesses, hobbyists and serious home users. As far as we can see, Deadbolt deliberately chose a deadly niche in which to operate: users who needed backups and were well-informed enough to make them, but who didn’t have the time or funds to give their backup routine the attention it really deserved. Many ransomware attacks unfold with cybercriminals breaking into your network, mapping out all your computers, scrambling all the files on all of them in unison, and then changing everyone’s wallpaper to show a blackmail demand along the lines of, “Pay us $BIGVAL and we’ll send you a decryption key to unlock everything.” For large networks, this attack technique has, sadly, helped numerous audacious criminals to extort hundreds of millions of dollars out of organisations that simply didn’t have any other way to get their business back on track. Deadbolt, however, ignores the desktops and laptops on your network, instead finding and attacking vulnerable network-attached storage (NAS) devices directly over the internet.

 

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal

A 16-year-old from Oxford has been accused of being one of the leaders of cyber-crime gang Lapsus$. The teenager, who is alleged to have amassed a $14m (£10.6m) fortune from hacking, has been named by rival hackers and researchers. City of London Police say they have arrested seven teenagers in relation to the gang but will not say if he is one. The boy’s father told the BBC his family was concerned and was trying to keep him away from his computers. Under his online moniker “White” or “Breachbase” the teenager, who has autism, is said to be behind the prolific Lapsus$ hacker crew, which is believed to be based in South America. Lapsus$ is relatively new but has become one of the most talked about and feared hacker cyber-crime gangs, after successfully breaching major firms like Microsoft and then bragging about it online.

 

Honda bug lets a hacker unlock and start your car via replay attack

Researchers have disclosed a ‘replay attack’ vulnerability affecting select Honda and Acura car models, that allows a nearby hacker to unlock your car and even start its engine from a short distance. The attack consists of a threat actor capturing the RF signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system. The vulnerability, according to researchers, remains largely unfixed in older models. But Honda owners may be able to take some action to protect themselves against this attack. This week, multiple researchers disclosed a vulnerability that can be used by a nearby attacker to unlock some Honda and Acura car models, and start their engines wirelessly.

 

New EU law could require iMessage and WhatsApp to work with other, smaller platforms

The EU’s newly agreed-upon Digital Markets Act could require messaging app developers to make their apps work together if it ends up coming into force in October as expected. In the EU’s press release, it says that lawmakers agreed that the “gatekeeper” companies behind WhatsApp, Facebook Messenger, or iMessage would have to make their apps “interoperable” with smaller messaging platforms at the developers’ request. Here’s the relevant part of the EU’s statement: During a close to 8-hour long trilogue (three-way talks between Parliament, Council and Commission), EU lawmakers agreed that the largest messaging services (such as Whatsapp, Facebook Messenger or iMessage) will have to open up and interoperate with smaller messaging platforms, if they so request. Users of small or big platforms would then be able to exchange messages, send files or make video calls across messaging apps, thus giving them more choice. As regards interoperability obligation for social networks, co-legislators agreed that such interoperability provisions will be assessed in the future.

 

VMware fixes command injection, file upload flaws in Carbon Black security tool

VMware has patched two security flaws, an OS command injection vulnerability and a file upload hole, in its Carbon Black App Control security product running on Windows. Both bugs are rated 9.1 out of 10 in terms of CVSS severity. They can be exploited to execute arbitrary commands on the Windows host, such as commands to deploy malware, exfiltrate data, or explore the rest of the network. In both cases, an attacker needs to be logged in as an administrator or highly privileged user, which means exploitation is limited to rogue insiders and hijacked admin accounts. On the other hand, exploitation means a bad situation is about to get a lot worse. Given the rise of insider threats, and compromised administrator access, patching this to limit scope of even trusted accounts isn’t such a bad idea.

Related Posts