Last Week in Infosec

24. June to 01. July 2022

No week goes by with something new to report on in the infosec world. Let’s take a look at some of the more noteworthy infosec activities that happened this week.

News on Vulnerabilities & Attacks

Users Push for Updates after Splunk Patches Critical Flaws

Splunk, a company that provides data monitoring and search services, has fixed a code execution vulnerability in its Splunk Enterprise deployment server and has reportedly promised to back-port the fix to prior versions, after users have pushed for updates to legacy versions. [1]

Versions previous to 9.0 allow clients to use the server to deploy forwarder bundles to other clients due to a critical vulnerability, CVE-2022-32158.

All the other Universal Forwarder (UF) endpoints in the company might be controlled by an attacker who had gained access to or compromised a single universal forwarder in the environment.

The Daily Swig was told by Nick Heudecker, senior director of market strategy and competitive intelligence at Cribl, that this vulnerability is significant because Splunk users frequently deploy thousands or tens of thousands of UFs throughout their infrastructure.

UnRAR Vulnerability used in Zimbra Hacks

Thanks to a path traversal vulnerability in UnRaR, unauthenticated attackers can escalate privileges and execute arbitrary commands as a Zimbra user. [2]

The Common Vulnerability Scoring System (CVSS) has given the path traversal vulnerability discovered in the Unix versions of UnRAR, the identification number CVE-2022-30333, and a base score of 7.5.

To put things in perspective, over 200,000 enterprises, government agencies, and financial institutions use Zimbra as their email solution. The fact that emails were taken from individual user accounts using a 0-day vulnerability demonstrates the value of a hacked email account to an attacker and the catastrophic effects that such vulnerabilities have on an organization. Passwords might be changed, classified papers could be taken, and organization members could pose as you to compromise more accounts.

This flaw adheres to a typical pattern of flaws whereby changing user input after it has been verified results in bypassing security measures.

Potential Brocade Vulnerabilities in multiple Storage Solutions

Brocade, a networking solutions company, has announced that they have discovered 9 vulnerabilities in their SANnav management application. [3]

Six of the vulnerabilities affect third party tools such as Oracle Java, OpenSSL or NGINX and can allow attackers to manipulate data, decrypt data, or cause a denial of service condition.

The remaining security flaws (CVE-2022-28167, CVE-2022-28168, and CVE-2022-28166) where found internally and there is no proof that they have been exploited in the wild. However, these flaws may impact the storage solutions of several businesses that work with Brocade, such as HPE, NetApp, Dell, Fujitsu, Huawei, IBM, and Lenovo.

As a result, the attacker may have access to sensitive data or even the device itself. Brocade has released a patch for the vulnerability, but it is unclear how many devices are affected.

News Related to Threat Actors & Campaigns

Nine accused members of phishing gang arrested

Nine accused members of a successful phishing gang who allegedly gained 100 million hryvnias ($3.4 million) by attracting locals with the promise of financial support from the EU were recently detained by Ukrainian “cyber-police.” [4] To solve the case, digital professionals collaborated with agents from the Pechersk Police Department and the National Bank of Ukraine (NBU) experts. The nine people detained are suspected of creating and running over 400 phishing websites asking users to enter their bank account and credit card information to apply for EU social welfare payments.

The group would utilize the information once they had it to take over users’ accounts and move their money. The NBU claims that over 5000 victims were duped in this manner, netting the scammers millions of dollars. During the arrests, the police also seized illegally earned money , bank cards, mobile phones, and computer equipment.

👩‍🎓 A good security awareness training program will teach your employees how to spot phishing emails and websites and how to respond if they still fall victim to an attack. It's essential to keep your employees up-to-date on the latest phishing threats and regularly test their knowledge with quizzes and simulations. LastBreach can train your employees and verify their readiness. 

Other News Related to Business, Politics, and Culture

OpenSea email addresses leaked to third-party vendor

The world’s most significant non-fungible token (NFT) marketplace, OpenSea, has discovered that a disgruntled employee at a third-party vendor exchanged the email addresses of its users with an unauthorized outside party.[5]

OpenSea’s head of security, Cory Hardman, cautioned users on June 29th: “If you have shared your email with OpenSea in the past, you should presume you were impacted”., an automated messaging platform used by marketers to compose and deliver emails, push alerts, and SMS messages, was the offender, according to OpenSea.

A Major Hack has Exposed $100 Million in Crypto

The latest significant theft in the decentralized finance industry saw hackers stealing $100 million in cryptocurrencies from the blockchain bridge Horizon. [6]

Users can use Horizon to transfer tokens from the Ethereum network to Binance Smart Chain. According to Harmony, a separate bridge for bitcoin was unaffected by the hack.

The theft adds to a recent flood of negative headlines about cryptocurrency. After experiencing a severe liquidity shortage due to a significant decline in the value of their assets, cryptocurrency lenders Celsius and Babel Finance froze withdrawals. Three Arrows Capital, a troubled cryptocurrency hedge fund, maybe on the verge of defaulting on a $660 million debt from brokerage house Voyager Digital.

That’s it for our summary on infosec stories that made headlines this week. Be sure to stay up to date on the latest news and continue to take precautions to protect your data.

Did we miss any important news last week? Write us on Twitter @HashtagSecurity 🙋‍♂️