Vulnerability Weekly 22/9/22 Uber Hack GTA6 Hack Windows 64 patches and zero day, Linux Malware

This week in Vulnerability Weekly

Full Details: https://appsecphoenix.com/svw-12-09-2...

This week we deep dive into Linux Malware, Windows patched 64 vuln with zero-day, Uber Hack Timeline, GTA 6/Rockstar Hack

Linux variant of a backdoor known as SideWalk was used to target Hong Kong university.

Slovak cybersecurity firm ESET detected the malware in the university’s network and attributed the backdoor to a nation-state actor dubbed SparklingGoblin. The unnamed university was already targeted by the group in May 2020 during the student protests.

----

The group behind the Mitel hack and Lornenz has been exploiting a patched critical flaw in Mitel MiVoice COnnector.

The operators behind the Lornenz ransomware operation have been exploiting a now-patched critical security flaw in Mitel MiVoice Connect to obtain a foothold into target environments for follow-on malicious activities.

----
The malware has been targeting the gaming community for the one that searches a quick win. Gamers looking for cheats on YouTube are being targeted with links to rogue password-protected archive files. Once opened, the malware launch a crypto miner.
---
Attackers have been exploiting CVE-2022-37969 (CVSS score: 7.8) a vulnerability affecting the Windows Common Log File System (CLFS) Driver. The vulnerability, a privilege escalation, could be leveraged by an adversary to gain SYSTEM privileges on an already compromised asset.
Vulnerability EPSS Score: 0.01178 and low usage (4.5% of activity in monitored Honeynet)
Currently, the vulnerability sits at 10-25K; before, it was around 50-100K while unpatched.

---

An early version of GTA6 and gameplay videos have been leaked by a hacker that claims to have stolen GTA5 and GTA 6 source code

---
Attack and pretended to be Uber IT support to convince the employee to accept the MFA request.

After that attempt, there was no knowledge of how he gained access to credentials.

This social engineering tactic has become very popular in recent attacks against well-known companies, including Twitter, MailChimp, Robinhood, and Okta.
The hacker progressed accessing VPN credentials (no known path on how he got them).

The VPN access was protected by MFA, and the threat actor managed to authorize an authentication request from one user pretending to be IT support.

In organizations big like Uber MFA fatigue and authentication fatigue can get those processes often overlooked.

#cyber #cybersecurity #app #appsec #cloud #vulnerabilities #priorities #assessment #automation #orchestration #applicaitonsecurity #appsecprogramme #vulnerabilities #vulnerabilityscan #vulnerabilitymanagement