Cyber Security Weekly Briefing 22–29 April

Telefónica Tech    29 April, 2022
Computer. Photo: Unsplash

New malicious RedLine distribution campaign

Researchers at BitDefender have published a report on a new RedLine malware distribution campaign. According to the analysts, malicious actors are using the RIG Exploit Kit for distribution, which exploits a vulnerability in Internet Explorer that causes memory corruption when the victim accesses a specially crafted website. This flaw, identified as CVE-2021-26411 with a CVSSv3 of 7.8, was patched by Microsoft in March 2021.

Following exploitation of the vulnerability, the kit then distributes RedLine by placing a JavaScript file in a temporary directory, which in turn downloads a second RC4-encrypted payload, generating the final infection process on the victim’s computer. According to The Record, Bogdan Botezatu, director of research at Bitdefender, said that in April they identified a total of 10,000 RedLine attacks around the world with their solutions alone, which shows the widespread use of this malware in cybersecurity incidents.

Read more:

​Privilege escalation in Windows Active Directory

Security firm SOCPRIME has published an article stating that security researchers have revealed a flaw in Windows Active Directory (AD) in environments where the default settings are used. This flaw, which could allow a user with access to add machines to the domain without the need for administrator privileges, could lead to privilege escalation on the vulnerable system. This bug, for which a proof of concept exists, could be exploited using the KrbRelayUp tool.

A possible mitigation would require changing the default configuration and removing authenticated users from the default domain controller policy. More details on mitigating the vulnerability can be found in Mor Davidovich’s research repository.

Nimbuspwn: Privilege escalation vulnerabilities in Linux

Microsoft researchers have identified two new vulnerabilities, called Nimbuspwn, that could allow an attacker to escalate privileges to root on vulnerable Linux systems.

The flaws have been identified as CVE-2022-29799 and CVE-2022-29800, and are found in the networkd-dispatcher component, whose function is to make changes to the state of the network interface.

According to the researchers, the chained exploitation of these vulnerabilities would allow malicious actors to achieve root privileges, giving the possibility, at later stages, to deploy payloads, backdoors, distribute malware and/or perform other malicious actions through arbitrary code execution.

It should be noted that Clayton Craft, administrator of the networkd-dispatcher component, has implemented the corresponding fixes and users are advised to update their instances to prevent possible attacks.

Read more:

Leave a Reply

Your email address will not be published.