| title | date | draft | logo |
|---|---|---|---|
Sept 17, 2023 |
2023-09-17 00:00:00 +0545 |
false |
images/infosec/default.png |
{{< toc >}}
Memory corruption flaws were found in the ncurses library, affecting Linux and macOS systems. Threat actors could exploit these vulnerabilities through environment variable poisoning to gain elevated privileges and execute malicious code within a program's context. Microsoft, along with Apple, addressed these flaws in April 2023. The vulnerabilities involved manipulating environment variables like TERMINFO to achieve privilege escalation. They encompassed various issues, including a stack information leak, parameterized string type confusion, off-by-one error, and heap out-of-bounds during TERMINFO database parsing, and denial-of-service with canceled strings. While these vulnerabilities had the potential to allow attackers to take control of a program, exploiting memory corruption vulnerabilities necessitated a multi-stage attack, such as chaining the stack information leak for arbitrary read access with the heap overflow for write access.
Ncurses – Programming Library
https://thehackernews.com/2023/09/microsoft-uncovers-flaws-in-ncurses.html
Microsoft said it worked with Apple on remediating the macOS-specific issues related to these flaws.
CVE-2023-29491
Since June 2023, the Lazarus Group, which has ties to North Korea, has stolen approximately $240 million in cryptocurrencies, a huge increase in its hacking activity. The famed hacker squad is allegedly suspected of stealing $31 million in digital assets from the CoinEx exchange on September 12, 2023, according to numerous reports from Certik, Elliptic, and ZachXBT. The crypto robbery intended for CoinEx is the latest in a succession of recent attacks that also cost $100 million for Atomic Wallet, $37.3 million for CoinsPaid, $60 million for Alphapo, and 41 million for Stake.com.
• coinEx Exchange
https://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html?m=1
• Use hardware wallets or paper wallets to store your cryptocurrency offline. This reduces the risk of online attacks like hacking and phishing. • Enable 2FA wherever possible, especially on cryptocurrency exchange accounts. This adds an extra layer of security.
A significant security vulnerability has been detected in Kubernetes. This flaw has the potential to allow threat actors to execute code with elevated SYSTEM privileges on Windows endpoints within a Kubernetes Cluster. Successful exploitation of this vulnerability relies on having the "apply" privileges within the Kubernetes environment, which grants access to the Kubernetes API. The attack is initiated by uploading a malicious YAML file into the cluster. This particular security issue has been labeled as CVE-2023-3676 and has received a high severity score of 8.8 on the Common Vulnerability Scoring System (CVSS).
• Kubernetes
https://cybersecuritynews.com/kubernetes-command-injection-flaw/
• Organizations should promptly upgrade to the latest version of Kubernetes to mitigate the risk of exploitation
CVE-2023-3676
In a dramatic twist of events, the popular social media giant TikTok has found itself in the crosshairs of regulators once again, facing a jaw-dropping $345 million fine. This colossal penalty comes as the latest chapter in TikTok's ongoing struggle with global regulatory bodies over concerns related to data privacy, security, and algorithmic transparency.
• TikTok's Technology Infrastructure
https://thehackernews.com/2023/09/tiktok-faces-massive-345-million-fine.html
•Independent audits of TikTok's data security and privacy practices might be mandated to ensure strict compliance with industry standards and regulations.
Adobe's September 2023 Patch Tuesday update includes a critical patch for an actively exploited security vulnerability in Acrobat and Reader. This flaw, identified as CVE-2023-26369 and rated 7.8 in severity on the CVSS scale, affects Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020. It is described as an out-of-bounds write vulnerability that could allow attackers to execute malicious code by opening a specially crafted PDF document. Adobe has confirmed limited in-the-wild attacks targeting Adobe Acrobat and Reader using this vulnerability but has not disclosed further details about the attacks or the issue itself.
• Adobe Acrobat Reader
https://thehackernews.com/2023/09/update-adobe-acrobat-and-reader-to.html
• Update Adobe product time to time and avoid using cracked versions