Attack vectors multiply as threat actors explore new ways into systems and to access data.
If you develop solutions that leverage Bluetooth Low Energy (BLE), look into research by NCC Group. Sultan Qasim Khan, principal security consultant and researcher, has conducted the world’s first link layer relay attack on BLE. The hack tricked devices into thinking the owner was nearby and conceivably could enable attacks from anywhere in the world. Moreover, the hack is possible even when a vendor has incorporated encryption and latency bounding.
CVE-2022-30190 allows actors to hijack IT environments through endpoints running Windows or MS Office. A remote code execution vulnerability in Microsoft Support Diagnostic Tool (MSDT) can allow a hacker to run arbitrary code with privileges of the calling application. This enables the hacker to install programs, view, change or delete data, or create new user accounts.
This vulnerability affects 41 products, including Windows 7 to 11, Server 2008 to 2022, and Office, Office 2016, 2021, and 2022. Microsoft issued a patch on June 14, 2022, along with patches for more than 50 other vulnerabilities and issues.
Dirk Schrader, resident CISO (EMEA) and VP of security research at Netwrix, suggests that to increase security:
He adds, “The similarities with Log4shell, which made headlines in December 2021, are striking. Same as it, this vulnerability is about using an application’s ability to remotely call for a resource using the URI scheme and not having safeguards in place. We can expect APT groups and cyber crooks to specifically look for more of these as they seem to offer an easy way in.”
Cybersecurity firm CrowdStrike traced a ransomware attack attempt to a Mitel VoIP appliance, resulting in the creation of CVE-2022-29499. Attackers used a novel remote code execution exploit to gain access and used anti-forensic techniques on the VoIP device to try to hide their activity. The zero-day exploit was patched.
CISA issued an alert on June 23, 2022, warning that threat actors, including state-sponsored actors, continue to exploit CVE-2021-44228 (Log4Shell) in VMWare Horizon and Unified Access Gateway (UAG) servers. The vulnerability has been an issue since December 2021 when threat actors have exploited unpatched systems.
The WebView2-Cookie-Stealer is enabling hackers to steal a victim’s authentication cookies so they can bypass multifactor authentication (MFA) and log into accounts with stolen credentials. Bleeping Computer explains that the attack includes using a WebView2 executable that opens a website login form inside the application. Using WebView2, a hacker can access cookies and inject JavaScript that logs keystrokes, steals authentication cookies, and send them to a remote server.
Cybersecurity researcher mr.dox told Bleeping Computer that the attack requires social engineering – the attacker has to convince a user to download and run the malicious application.
For more security updates and insights, visit DevPro Journal’s Security resources page.
Jay McCall is an editor and journalist with 20 years of writing experience for B2B IT solution providers. Jay is co-founder of XaaS Journal and DevPro Journal.