AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/19/2022

CVE-2022-42889: Keep Calm and Stop Saying “4Shell” 

A previous version of this blog indicated that five JDK versions (JDK 15+) were not impacted due to the exclusion of the Nashorn JavaScript engine. However, an updated PoC came out that uses the JEXL engine as an exploit path. If JEXL is present, the code executes successfully, so this issue can be exploited on any JDK where a relevant engine can be leveraged. CVE-2022-42889, which some have begun calling “Text4Shell,” is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input. The vulnerability was announced on October 13, 2022 on the Apache dev list and originally reported by Alvaro Munoz. CVE-2022-42889 arises from insecure implementation of Commons Text’s variable interpolation functionality—more specifically, some default lookup strings could potentially accept untrusted input from remote attackers, such as DNS requests, URLs, or inline scripts. 

 

German cyber chief suspended following allegation he associated with Russian intelligence 

The head of Germany’s federal cybersecurity office has been suspended, a spokesperson confirmed on Tuesday, following accusations that he had associated with a business connected to the Russian intelligence services. Arne Schönbohm, who has been president of the Federal Office for Information Security (BSI) since 2016, has been under scrutiny since the allegations were raised in a late night satirical television show called ZDF Magazine Royale. The head of Germany’s Interior Ministry, Nancy Faeser, has prohibited him from “conducting official business as President of the BSI with immediate effect” a spokesperson told The Record. 

 

Venus Ransomware targets publicly exposed Remote Desktop services 

Threat actors behind the relatively new Venus Ransomware are hacking into publicly-exposed Remote Desktop services to encrypt Windows devices. Venus Ransomware appears to have begun operating in the middle of August 2022 and has since encrypted victims worldwide. However, there was another ransomware using the same encrypted file extension since 2021, but it is unclear if they are related. BleepingComputer first learned of the ransomware from MalwareHunterTeam, who was contacted by security analyst linuxct looking for information on it. 

 

Police tricked a ransomware gang into handing over its decryption keys. Here’s how they did it 

Police tricked a ransomware gang into handing over decryption keys, providing victims with the ability to unlock their encrypted data for free.  Working alongside cybersecurity company Responders.NU, the Dutch National Police obtained 150 decryption keys from ransomware group Deadbolt.  With the decryption keys now in the hands of law enforcement, some victims of Deadbolt ransomware attacks can retrieve encrypted files and servers without the need to pay cyber-criminal extortionists. According to the Dutch Police, Deadbolt ransomware attacks focus on networked-attached-storage (NAS) and have encrypted more than 20,000 QNAP and Asustor devices around the world, with at least a thousand of those in the Netherlands.  

 

Digital Natives Are Undermining Corporate Security – Report 

Millennial and Gen Z employees are far more likely than their older colleagues to disregard security best practices, marking them out as a potentially serious insider threat, according to EY. The global consulting giant polled 1000 US employees about their cybersecurity awareness and practices to compile its 2022 EY Human Risk in Cybersecurity SurveyIt found that three-quarters (76%) of respondents across all generations now consider themselves knowledgeable about cybersecurity. However, so-called “digital natives” were more likely to engage in risky behavior. Around half (48%) of Gen Z and two-fifths (39%) of millennial respondents admitted taking cybersecurity protection on their personal devices more seriously than on their work devices. 

Related Posts