Skip to content ↓ | Skip to navigation ↓

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 15th, 2022. I’ve also included some comments on these stories.

Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems

A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems, reports The Hacker News. The module, named “secretslib” and downloaded 93 times prior to its deletion, was released to the Python Package Index (PyPI) on August 6, 2022 and is described as “secrets matching and verification made easy.”

ANDREW SWOBODA | Senior Security Researcher at Tripwire

“secretslib” was removed from PyPi because it runs cryptominers on Linux systems in-memory. To achieve this “secretslib” pulls an ELF file from a remote server and deletes the file after it is running in memory. The package was assigned to a legitimate software engineer to build trust and have people download the library.

PoC exploit code for critical Realtek RCE flaw released online

The PoC exploit code for a critical stack-based buffer overflow issue, tracked as CVE-2022-27255 (CVSS 9.8), was recently released online. The code was for a critical vulnerability affecting networking devices using Realtek RTL819x system on a chip, notes Security Affairs.

Andrew Swoboda | Senior Security Researcher at Tripwire

Realtek RTL819x system is subject to a code execution vulnerability. This vulnerability is being tracked as CVE-2022-27255 and was discovered by researchers from Faraday Security. The vulnerability is located in the SDK for the opensource eCos operating system. The vulnerability is exploited by overflowing a buffer in the “SIP ALG” module. The module fails to check the size of the contents before data into a buffer. It is possible to exploit this vulnerability on the WAN interface by crafting arguments in SDP data or a SIP header.

Safari 15.6.1 addresses a zero-day flaw actively exploited in the wild

Apple released Safari 15.6.1 for macOS Big Sur and Catalina to address a zero-day vulnerability actively exploited in the wild, Security Affairs reports. It is being tracked as CVE-2022-32893 and was reported by an anonymous researcher. Interestingly, the same issue was also found in MacOS Monterey, iPhones and iPads.

Andrew Swoboda | Senior Security Researcher at Tripwire

Apple Safari is subject to an out-of-bounds write issue in WebKit. Apple has fixed the issue by improving the bounds checking. An attacker could execute arbitrary code upon successful exploitation of this issue. This issue might be actively exploited, and Safari should be updated to prevent exploitation.

New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings

Retail giant Amazon patched a high-severity security issue in its Ring app for Android in May, states The Hacker News. If exploited, the vulnerability could have enabled a rogue application installed on a user’s device to access sensitive information and camera recordings.

Andrew Swoboda | Senior Security Researcher at Tripwire

Checkmarx discovered the ability to use a cross-site scripting exploit that could enable an attacker to install a malicious application. This application could then be used to obtain Authorization Token. This can then be leveraged to obtain the session cookie and the hardware ID. This would give an attacker access to the user’s account and all personal information associated with it. This issue has been patched since May 27.

Keep in Touch with Tripwire VERT

Want more insights from Tripwire VERT before our next cybersecurity news roundup comes out? Subscribe to our newsletter here.

Previous VERT Cybersecurity News Roundups