All of us at Tripwire’s Vulnerability Discovery and Research (VERT) team are always on the lookout for interesting stories and developments in the world of information security. Here’s what cyber security news blew our minds for the week of September 5thousand2022. I have also included some comments on these stories.
Critical RCE Vulnerability Affects Zyxel NAS Devices – Firmware Patch Released
Networking equipment maker Zyxel has released patches for a critical security flaw affecting its network attached storage (NAS) devices, it says Hacker news. Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue is related to a “format string vulnerability” affecting the NAS326, NAS540, and NAS542 models.
Zyxel NAS devices are exposed to a format string vulnerability. An attacker could execute code after successfully exploiting this vulnerability. To exploit this issue, an attacker would need to create a specially crafted UDP packet.
Affected versions:
NAS326 (V5.21(AAZF.11)C0 and earlier)
NAS540 (V5.21(AATB.8)C0 and earlier), and
NAS542 (V5.21(ABAG.8)C0 and earlier)
HP has issued a security advisory alerting users to a newly discovered vulnerability in the HP Support Assistant software tool that comes preinstalled on all HP laptops and desktops. A beeping computer reports.
HP Support Assistant is exposed to an elevation of privilege vulnerability. This vulnerability exists because HP Support Assistant is vulnerable to a DLL exploit that is caused by running the HP Performance Tune-up program in Support Assistant. HP recommends updating to the latest version of the software available from the Microsoft Store.
The new version of SharkBot has once again passed Google Play’s tests
Experts have noticed an upgraded version of the SharkBot malware that has been uploaded to the official Google Play Store. Fox IT researchers have discovered an upgraded version of the SharkBot dropper, which has been uploaded to the official Google Play store, reports Security matters.
It has been discovered that an updated version of the Sharkbot dropper has been uploaded to the Google Play Store. The updated version of Sharkbot asks users to install the malware as a fake update. Mister Phone Cleaner and Kylhavy Mobile Security are known to use a new version of the Sharkbot dropper. This version of the Sharkbot dropper uses user interaction instead of asking for access permissions. To install Sharkbot, the dropper requests the APK from the management server and prompts the user to install the APK, convincing the user that it is an update. Once installed, Sharkbot steals the valid session cookie and sends it to the management server.
Experts warn of attacks that use a zero-day in the BackupBuddy WordPress plugin
Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers have warned. Security matters notes that the plugin allows you to store backup files in a variety of locations, including Google Drive, OneDrive, and AWS.
The BackupBuddy plugin for WordPress is exposed to a remote access vulnerability. If this vulnerability is successfully exploited, an attacker could download arbitrary files. There are about 140,000 active installations of this plugin. This plugin allows you to create backup copies of your WordPress installation. This vulnerability was fixed in version 8.7.5 and later.
Stay connected with Tripwire VERT
Want more information from Tripwire VERT before our next cybersecurity news roundup comes out? Subscribe to our newsletter here.
