Cyber Security Weekly Briefing, 26 November – 2 December

Telefónica Tech    2 December, 2022

Urgent update to Chrome to prevent the eighth 0-day of 2022

Google has released an urgent security update for Chrome to prevent exploitation of the eighth 2022 0-day in the browser. The release patches vulnerability CVE-2022-4135, a stack overflow issue.

This type of vulnerability allowed an attacker to execute arbitrary code. Google became aware that the vulnerability was being actively exploited by malicious actors, so it released the patch just days after its Threat Analysis Group team discovered the vulnerability.

The company has declined to provide details of the problem until users have had time to apply the patch to prevent its exploitation from spreading.

Chrome users are advised to update to version 107.0.5304.121/122 for Windows and 107.0.5304.122 for Mac and Linux, which fixes CVE-2022-4135.

More info

* * *

Data of 5.4 million Twitter users exposed

Security researcher Chad Loder posted on Twitter that a database containing 5.4 million entries was currently being shared for free on a forum on the dark web, and that it collected both public (usernames, IDs, followers, location, biography, etc.) and confidential (phone numbers and email addresses) information on users of the social network itself.

After the publication, Twitter suspended Loder’s account, so he shared the information through Mastodon. According to Loder, this database is the same one that was offered for sale in July and was obtained by exploiting a (now patched) vulnerability in Twitter’s API that allowed an attacker to learn the account associated with phone numbers or email addresses.

When the sale of the database came to light, Twitter acknowledged the authenticity of the database.

More info

* * *

Phishing ring that defrauded 12 million euros broken up in Spain

The Spanish National Police has issued a statement reporting the success of an operation that has led to the dismantling of a criminal group that had defrauded a total of almost 300 victims of more than 12 million euros by phishing.

The six people arrested in Madrid and Barcelona have been charged with alleged membership of a criminal organisation, fraud, money laundering and usurpation of civil status.

According to the police statement, the investigation began with the complaint of a Spanish bank for a case of phishing in which it was being impersonated by criminals, who offered through these fake websites financial operations of equities, cryptocurrencies and contracting of financial products to French customers.

The police have not made public the malicious URLs used by the criminal organisation.

More info

* * *

Three vulnerabilities in industrial products from Festo and Codesys

Forescout researchers have discovered three vulnerabilities in industrial automation products from the companies Festo and Codesys. The most critical of the three is vulnerability CVE-2022-3270 which, pending publication at NIST, Forescout has preemptively given a CVSS score of CVSS 9.8.

The flaw lies in Festo PLCs and would allow an unauthenticated attacker to take control of the device or achieve a denial of service (DoS). Vulnerability CVE-2022-4048, which Forescout has scored with a CVSS 7.7, affects Codesys V3 products and is a weak coding issue that would allow an attacker to logically manipulate the product. F

inally, vulnerability CVE-2022-3079, with a CVSS 7.5, allows an unauthenticated attacker to remotely access critical functions of the product website and could allow a denial of service.

At this time, no patches have been released for these vulnerabilities.

More info

* * *

Google’s research on the Heliconia framework

Google’s Threat Analysis Group (TAG) has published the results of an investigation into an exploitation framework targeting already patched vulnerabilities in Chrome, Firefox and Microsoft Defender that could deploy a payload in affected devices, in particular spyware.

Google researchers became aware of this framework through an anonymous submission to its Chrome bug-reporting program.

It contained three bugs, with instructions and a source code file.

  1. “Heliconia Noise” allows deploying an exploit for a Chrome renderer bug followed by a sandbox escape.
  2. “Heliconia Soft” deploys a PDF containing a Windows Defender exploit.
  3. “Heliconia Files” contains a set of Firefox exploits for Windows and Linux.

According to Google, although no active exploitation has been detected, the vulnerabilities were most likely exploited as 0-days before remediation in 2021 and early 2022.

It should also be noted that Google has been able to trace the origin of this exploitation framework Heliconia thanks to the analysis of the source code, being able to link its development to the Barcelona-based company Variston IT, a provider of security solutions, according to the information on its website.

More info