All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of September 5th, 2022. I’ve also included some comments on these stories.
Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released
Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices, notes The Hacker News. Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models.
Zyxel NAS devices are subject to a format string vulnerability. An attacker could execute code upon successful exploitation of this vulnerability. To exploit this issue an attacker would have to craft a specially crafted UDP packet.
NAS326 (V5.21(AAZF.11)C0 and earlier)
NAS540 (V5.21(AATB.8)C0 and earlier), and
NAS542 (V5.21(ABAG.8)C0 and earlier)
HP fixes severe bug in pre-installed Support Assistant tool
HP issued a security advisory alerting users about a newly discovered vulnerability in HP Support Assistant, a software tool that comes pre-installed on all HP laptops and desktop computers, Bleeping Computer reports.
HP Support Assistant is subject to a privilege escalation vulnerability. This vulnerability exists because HP Support Assistant is vulnerable to a DLL hijacking flaw that is triggered by launching the HP Performance Tune-up app within the Support Assistant application. HP recommends upgrading to the latest version of the software that is present in the Microsoft Store.
A new SharkBot variant bypassed Google Play checks again
Experts spotted an upgraded version of the SharkBot malware that was uploaded to the official Google Play Store. Fox IT researchers spotted an upgraded version of a SharkBot dropper that was uploaded to the official Google Play Store, reports Security Affairs.
An updated version of the Sharkbot dropper was found to have been uploaded to the Google Play Store. The updated version of Sharkbot asks users to install malware as a fake update. Mister Phone Cleaner and Kylhavy Mobile Security have been known to use the new version of the Sharkbot dropper. This version of the Sharkbot dropper leverages user interaction instead of requesting accessibility permissions. To install Sharkbot the dropper requests the APK from a command-and-control server and prompts the user to install the APK by convincing the user it is an update. Once installed the Sharkbot steals the valid session cookie and sends it to the command-and-control server.
Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin
Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. Security Affairs notes that the plugin allows storing backup files in multiple locations, including Google Drive, OneDrive, and AWS.
The BackupBuddy plugin for WordPress is subject to a remote access vulnerability. An attacker could download arbitrary files upon successful exploitation of this vulnerability. There are about 140,000 active installations of this plugin. This plugin enables the ability to back up the WordPress installation. This vulnerability was patched in version 8.7.5 and later.
Keep in Touch with Tripwire VERT
Want more insights from Tripwire VERT before our next cybersecurity news roundup comes out? Subscribe to our newsletter here.