Written by
Team Nucleus
Content
Written on
14th October, 2022
SHARE ARTICLE
Microsoft Releases October 2022 Updates – 84 flaws fixed
Microsoft has released updates to address 39 privilege escalation, 2 security bypass, 20 RCE, 11 information disclosure, 8 DoS, and 4 spoofing vulnerabilities, 13 of which are rated as critical. Fixes include two publicly disclosed zero days, one of which is being actively exploited with no previous official fix available (CVE-2022-41033) which allows escalation to SYSTEM level privileges if successfully exploited. It’s worth noting that patches for the two actively exploited Exchange vulnerabilities we discussed last week (CVE-2022-41040 and CVE-2022-41082) have not yet been released. Latest mitigations released by Microsoft are available here.
Critical Vulnerability Discovered in vm2 Sandbox
Vm2 is an incredibly popular JavaScript based sandbox application with around 17 million downloads per month. Sandboxes are generally used to test software or forms of malware in a safe environment, as to not damage a key system or possibly a network. This vulnerability, tracked as CVE-2022-36067, is a critical flaw with the highest score of 10/10 on the National Vulnerability Database and allows for ‘vm escape’, an exploit that allows an attacker to break out of the virtual environment and execute code on the main system. This can lead to lateral movement across the rest of the network. This vulnerability was patched in August 2022, with GitHub releasing an advisory at the end of September for users to patch it as soon as possible. With 17 million new downloads a month, it’s very important that the latest version (3.9.11 or higher) is immediately installed as this removes the vulnerability.
Caffeine – The phishing-as-a-service platform
Researchers at Mandiant have been investigating a phishing-as-a-service platform called Caffeine, which provides malicious actors with all the tools necessary for a phishing campaign. The uniqueness of this platform is that just about anyone with an email can sign up to this service which is very uncommon for this type of service. Caffeine is generally low cost and provides potential threat actors with self-service mechanisms to craft customised phishing kits, dynamically generate URLs for malicious payloads, manage intermediary redirect pages, and track campaign email activity. This service has made it even easier for unskilled threat actors to harvest data, cause denial of services and penetrate secure networks without needing to know that much about phishing at all. Phishing is routinely the most common threat vector for businesses year on year and it is crucial to have phishing awareness training as part of an effective cyber security strategy.
Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys
Claroty have released a report in which they detail multiple vulnerabilities found in Siemens SIMATIC programmable logical controller (PLC). This vulnerability has the ability to allow the attacker read and write privileges as well as stealing cryptographical keys. There are multiple versions that have been affected that can be found in the documentation for CVE-2022-38465. PLC’s can largely be found in industrial settings and power the vast majority of assembly lines, machines and robotic devices. If the PLC is compromised, then this can cause costly denial of service attacks and possibly affect the health and safety for employees. Siemens is recommending customers to use legacy PG/PC and HMI communications only in trusted network environments and secure access to TIA Portal and CPU to prevent unauthorized connections.