| title | date | draft | logo |
|---|---|---|---|
August 07, 2023 |
2023-08-07 00:00:00 +0545 |
false |
images/infosec/default.png |
{{< toc >}}
Cybersecurity researchers have recently identified a significant security flaw in the PaperCut print management software for Windows, tracked as CVE-2023-39143. This vulnerability is rated as high severity, with a CVSS score of 8.4, indicating its potential impact.The flaw affects versions of PaperCut NG/MF prior to version 22.1.3. It has been classified as a combination of a path traversal and file upload vulnerability. This means that attackers can manipulate file paths to gain unauthorized access to files and directories and upload arbitrary files to the PaperCut MF/NG application server.The most concerning aspect of CVE-2023-39143 is that unauthenticated attackers can exploit it. They do not need any prior privileges or user interaction to potentially read, delete, and upload files to the server. In certain configurations, this vulnerability could lead to remote code execution, enabling attackers to run their malicious code on the affected server. The severity of this flaw is heightened by the fact that the "external device integration" setting, which is enabled by default in some PaperCut installations, can exacerbate the attack surface.It's essential to note that this vulnerability is distinct from a previous one (CVE-2023-27350) discovered in the same software. Unlike its predecessor, CVE-2023-39143 does not require attackers to have any prior privileges and is more complex to exploit. Attackers need to chain multiple issues together to compromise a server successfully.
PaperCut
https://thehackernews.com/2023/08/researchers-uncover-new-high-severity.html
• Keep the papercut upto date
CVE-2023-39143
A critical vulnerability (CVE-2023-35082):(bypass vulnerability) previously a zero-day vulnerability, has been identified in Ivanti's MobileIron Core 11.2 version, potentially allowing unauthorized access to restricted functions. MobileIron Core, a product by Ivanti, enables secure management of mobile devices, applications, and content, combining MDM, MAM, and MCM capabilities. MobileIron Core 11.2 is no longer supported as of March 15, 2022 so no new patches were released for the vulnerability but a recommendation to upgrade to the latest version was issued.
Ivanti's MobileIron Core 11.2 version. Source https://cybersecuritynews.com/ivanti-mobileiron-api-access-flaw/ Recommendation • Upgrade to the latest version of Ivanti Endpoint Manager Mobile (EPMM). • Practice regular software version tracking, make timely upgrades, remain vigilant and take precautions against potential threats.
CVE-2023-35082
A new variant of the Rilide stealer, a malicious browser extension identified in April 2023 by Trustwave SpiderLabs, is reported to be targeting enterprise employees and crypto wallets. This version effectively evades the restrictions imposed by Google Chrome's Extensions manifest V3, enabling it to execute in-line JavaScript code. The malware primarily focuses on pilfering credentials from bank accounts in Australia and the UK, while also capturing screenshots and transmitting the stolen data through a Telegram channel. The enhanced Rilide variant boasts capabilities such as disabling browser extensions, gathering browsing history and cookies, conducting on-demand screenshots, injecting malicious scripts for cryptocurrency theft, and masquerading as a Palo Alto GlobalProtect VPN extension on the Chrome Web Store. It also integrates CursedChrome for authenticated web browsing as the victim. Perpetrators have leveraged Twitter campaigns related to NFTs to entice users into sharing their information, employing dedicated Discord servers and websites to distribute the malware. Trustwave SpiderLabs has published a comprehensive report detailing the attack vector and methods, along with a list of compromise indicators for security personnel's reference.
https://cybersecuritynews.com/rilide-stealer-malware/
Different browsers
• Browser extension management • Multifactor Authentication MFA and least privilege.
A sophisticated Facebook phishing campaign exploits a zero-day flaw in Salesforce's email services, enabling targeted attacks with the company's domain. Emails appear as Meta notifications from "@salesforce.com" addresses, urging recipients to click on a link due to "investigation" claims. The link directs to a rogue page aiming to steal account credentials and 2FA codes. The phishing kit is hosted on the deprecated Facebook apps platform, making it hard to detect. The attackers manipulate Salesforce's email validation by configuring an Email-to-Case routing, allowing verification via a controlled address link. Salesforce patched the flaw on July 28, 2023. Such attacks highlight the trend of using legitimate services for malicious purposes.
Salesforce Email Services
https://thehackernews.com/2023/08/phishers-exploit-salesforces-email.html
#####Recommendation · Use advanced detection tools. · Strengthen cloud security practices.
Cybersecurity researchers discovered an actively exploited vulnerability, CVE-2023-35082, in some versions of Ivanti Endpoint Manager Mobile (EPMM). This flaw allows unauthenticated attackers to access the API in older unsupported versions of MobileIron Core (11.2 and below). If exploited, it could potentially give unauthorized remote access to users' personally identifiable information and allow limited changes to the server. The vulnerability was fixed in MobileIron Core 11.3 but had not been flagged previously as a security flaw. Rapid7 found that CVE-2023-35082 and CVE-2023-35078 share the same origin, and they can be combined to allow an attacker to write malicious web shell files and execute them on the appliance. It's recommended for users to update to the latest supported version to secure against potential threats. Two other security flaws, CVE-2023-35078 and CVE-2023-35081, impacting Ivanti EPMM were also recently patched.
https://thehackernews.com/2023/08/researchers-discover-bypass-for.html
Systems running of Ivanti EPMM and MobileIron Core.
• Regularly perform security audits and vulnerability assessments to identify potential weaknesses in the software. • Apply Patches: Ensure that all available security patches and updates for Ivanti EPMM are applied promptly. This includes fixing the other two recently patched vulnerabilities (CVE-2023-35078 and CVE-2023-35081) to prevent unauthorized access and path traversal attacks
CVE-2023-35082