Weekly Cyber Reports

This Week in Cyber 6th December 2022

Latest news & views from our Cyber Analysts

Written by

Team Nucleus

Content
Written on

5th December, 2022

SHARE ARTICLE


High Severity Vulnerability Discovered in Google Chrome

On Thursday 24th November, Google released software updates for its 8th zero-day vulnerability this year in the Chrome browser. The vulnerability, which is listed as 'High Severity', is tracked as CVE-2022-4135 and is triggered by a heap buffer overflow, which in turn allows remote attackers to potentially perform a sandbox / vm escape and execute arbitrary code. There aren't too many details at the moment, but it is suspected that this has been exploited in the wild. Its thoroughly recommended that users update to at least version 107.0.5304.121 to mitigate the issue. Users of other Chromium based browsers, for example: Microsoft Edge and Opera, are also advised to update as soon as a fix becomes available.


Oracle Fusion Middleware Critical Vulnerability Added to Actively Exploited List

On Monday 28th November, The US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw with a CVSS rating of 9.8/10 relating to Oracle Access Manager, to its list of actively exploited vulnerabilities (Known Exploited Vulnerabilities Catalogue). The vulnerability, which allows for remote code execution, leads to unauthenticated access to the Oracle Access Manager via HTTP and can end up with the complete compromise of the Access Manager instances, which in turn can lead to attackers editing users and creating new users with all privileges, or execute code directly onto the victim system. Initially disclosed in January 2022, this vulnerability is tracked as CVE-2021-35587 and affects versions 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0.


French Energy Provider Fined €600,000 for Storing Users’ Passwords with Outdated Algorithm

The French energy provider ‘Électricité de France’ have been fined after being audited by the Commission nationale de l'informatique et des libertés (CNIL). They were found storing passwords for over 25,000 accounts using the MD5 algorithm. Although the passwords have been encrypted, the MD5 algorithm has been considered broken since 2008 due to collision attacks. Moreover, the energy provider had also not added any salt to the hashes associated with 2.4 million accounts. Salting is the technique of adding characters to the hash to make the hash harder to reverse and is a standard practice within cyber security. The energy provider was fined due to breaching GDPR regulations however the CNIL stated ‘The amount of the fine was decided considering the breaches observed and the cooperation by the company and all the measures it has taken during the proceedings to reach compliance with all alleged breaches’.


New Critical Vulnerability Affecting Quarkus Java Framework

A critical remote code execution vulnerability has been disclosed in the Quarkus Java framework with a CVSS score of 9.8. The method of delivery is a combination of spearfishing and a specially crafted HTML page. The vulnerability requires the users who are using the Quark Java framework to visit a page which is embedded with malicious JavaScript code. This will allow the attacker to gain full access to the developer mode in Java without needing to escalate privileges in any way. The attacker will then have access to monitoring applications, changing the configurations and migrating databases. Users have been recommended to upgrade to version 2.14.2 Final and 2.13.5 Final to safeguard against the flaw.

 

NUCLEUS

Recommended Posts

Subscribe to Nucleus blog updates.

Subscribe to our newsletter and stay updated.

Subscribe to Nucleus