Dec 08 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s your fellow jedi rebel in the ongoing fight against the cybercrime Empire ⚫✨⚔️????????
It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!
It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.
Congrats, the cybercriminals are no match… for your patch! ????????????
Check out these freshly hatched patches ????????????
???? Atlassian Shields Up! ????️ Unleashes Fixes for Four Critical Vulnerabilities Threatening Code Execution! ????
Atlassian has just rolled out crucial software fixes to tackle four high-risk vulnerabilities in its products, posing a potential threat of remote code execution. ????
The vulnerabilities (or bugs ????????????) include:
???? CVE-2022-1471 (CVSS 9.8): SnakeYAML library deserialization flaw affecting multiple products.
???? CVE-2023-22522 (CVSS 9.0): Confluence Data Center and Server facing a remote code execution risk.
???? CVE-2023-22523 (CVSS 9.8): Assets Discovery for Jira Service Management Cloud, Server, and Data Center with remote code execution vulnerability.
???? CVE-2023-22524 (CVSS 9.6): Atlassian Companion app for macOS at risk of remote code execution.
???????? Specifically, CVE-2023-22522 allows an authenticated attacker to inject unsafe input into a Confluence page, enabling code execution. The Assets Discovery flaw facilitates privileged remote code execution, while CVE-2023-22524 could permit code execution by bypassing Atlassian Companion's protections.
???? With Atlassian products increasingly targeted, it's crucial to act swiftly! ???? Users are strongly advised to update affected installations promptly to the latest patched versions to safeguard against potential exploits.
Stay secure, stay updated! ????????️ You know the drill ????
Now, on to today’s hottest cybersecurity stories:
????️ Qualcomm announces details of exploited chip vulnerabilities ????
???? Sierra Wireless routers: flaws affecting TinyXML, OpenNDS ????
???? Browsers BEWARE! Watch out for malicious browser extensions ????
Chipmaker Qualcomm has revealed critical insights into three high-severity security flaws, subject to "limited, targeted exploitation" in October 2023. The vulnerabilities include:
???? CVE-2023-33063 (CVSS 7.8): Memory corruption in DSP Services during a remote call from HLOS to DSP.
???? CVE-2023-33106 (CVSS 8.4): Memory corruption in Graphics when submitting a large list of sync points in an AUX command.
???? CVE-2023-33107 (CVSS 8.4): Memory corruption in Graphics Linux while assigning shared virtual memory during an IOCTL call.
????️♂️Unveiling the Exploits
Google's Threat Analysis Group and Project Zero brought these flaws to light, reporting limited, targeted exploitation. Luckyrb, the Google Android Security team, and TAG researchers Benoît Sevens and Jann Horn played key roles in disclosing these vulnerabilities.
⏰ Security Response and Urgency
Prompt action is vital! The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these bugs to its Known Exploited Vulnerabilities (KEV) catalogue, urging federal agencies to apply patches by December 26, 2023.
????️ Stay Secure, Act Swiftly
While details about weaponization and attackers remain elusive, Qualcomm emphasises the importance of swift patch application to bolster security defences. ????
We explain the latest business, finance, and tech news with visuals and data. ????
All in one free newsletter that takes < 5 minutes to read. ????
Save time and become more informed today.????
A staggering 21 security flaws, collectively known as Sierra:21, have been unearthed in Sierra Wireless AirLink cellular routers and open-source components like TinyXML and OpenNDS. ????
Forescout Vedere Labs warns that these vulnerabilities jeopardise over 86,000 devices across vital sectors worldwide, including energy, healthcare, retail, and emergency services.
???? Potential Threats
The flaws could lead to severe consequences, allowing attackers to steal credentials, inject malicious code, persist on devices, and serve as a gateway into critical networks.
One critical, nine high, and 11 medium severity vulnerabilities have been identified, encompassing risks like remote code execution, cross-site scripting, denial-of-service, unauthorised access, and authentication bypass.
⚙️ Weaponization and Fixes
Exploiting these vulnerabilities could facilitate botnet malware for automatic propagation, communication with command-and-control servers, and launching DDoS attacks. Fixes are available in ALEOS 4.17.0 (or ALEOS 4.9.9) and OpenNDS 10.1.3.
Notably, TinyXML, no longer actively maintained, requires downstream attention from affected vendors.
???? Urgent Action Required ⚠️⚠️⚠️
Forescout emphasises the criticality of immediate action, highlighting the potential for full control of OT/IoT routers in critical infrastructure.
State-sponsored actors and cybercriminals may exploit these vulnerabilities for various malicious purposes, posing a significant threat to communities.
????️ Stay vigilant and implement the necessary updates promptly! ????????????
Our new segment where we pick out some cool sites we like, reply to the mail and let us know what you think.
???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)
???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)
???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ⚾???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)
Adversaries are targeting browsers, with browser extensions emerging as a prime attack vector. ???? Recent incidents like DataSpii and Nigelthorn underscore the threat, exposing vulnerabilities in widely adopted extensions across critical sectors.
???? Permissions and Exploits ????️♂️
The root issue lies in excessive and poorly granulated permissions granted to extensions, leaving users vulnerable to privacy breaches and security compromises. LayerX's report, "Unveiling the Threat of Malicious Browser Extensions," delves deep into the malicious extensions landscape.
???? Types of Malicious Extensions ????
???? Initially Malicious Extensions: ???? Purposefully created by attackers, uploaded to web stores, or hosted on the attacker's infrastructure.
???? Compromised Extensions: ???? Initially legitimate extensions directly purchased or compromised by attackers for malicious activities.
???? Risky Extensions: ???? Legitimate extensions with excessive permissions that pose a security risk.
???? How Extensions Get Installed: Security Considerations ⚙️
???? Admin Installation: ????️ Extensions centrally distributed by network administrators, raising questions about necessity and security impact within the corporate network.
???? Normal Installation: ???? Users download from official browser stores, offering flexibility but requiring assessment of associated security risks.
???? Developer Installation: ????️ Extensions loaded from employees' local computers, bypassing usual vetting processes.
???? Sideload Installation: ???? Third-party applications installing extensions, the least secure option easily exploited by adversaries.
???? Identifying Potential Threats ????
???? Missing Developer's Contact Information: ???? Lack of accountability raises concerns.
⏳ Outdated Extensions: ???? Potential security risks and compatibility issues.
???? Lack of Privacy Policy: ???? Transparency about data practices is crucial.
???? User Ratings and Support: ⭐ Insights into extension quality and user satisfaction.
???? Official Website Presence: ???? Additional information and resources.
???? Availability in Official Stores: ????️ Some level of vetting and security checks.
???? Uncommon Installation Methods: ⚠️ Caution with side-loading or developer mode.
???? Free Promotions with Hidden Motives: ????️ Suspicion about hidden motives behind free offerings.
???? Mitigation Strategies ????
The report offers crucial insights into permissions, attack vectors, and mitigation methods. Cybersecurity demands vigilance! ????️
???? Download the Report Here: Unveiling the Threat of Malicious Browser Extensions
Stay informed, stay secure! ???????????? Until next time, cyber squad! Peace and love ☮️????✌️
????️ Extra, Extra! Read all about it! ????️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.
Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think.
So long and thanks for reading all the phish!
???? CACTUS ransomware exploits flaws in Qlik Sense ????