My Shared Links — Week 49/2022
Collection of the resources and links I have found insightful and shared during week #49 of 2022.
{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF
Team82 at Claroty has developed a generic bypass of industry-leading web application firewalls (WAF). The attack technique involves appending JSON syntax to SQL injection payloads that a WAF is unable to parse.
The bypass worked against WAFs sold by five leading vendors: Palo Alto Networks, Amazon Web Services, Cloudflare, F5, and Imperva. All five have been notified and have updated their products to support JSON syntax in their SQL injection inspection process.
Big Tech Vendors Object to US Gov SBOM Mandate
The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into strong objections from big-name technology vendors.
The trade group, called ITI (Information Technology Industry Council), counts Amazon, Microsoft, Apple, Intel, AMD, Lenovo, IBM, Cisco, Samsung, TSMC, Qualcomm, Zoom and Palo Alto Networks among its prominent members.
Google: State hackers still exploiting Internet Explorer zero-days
The vulnerability (tracked as CVE-2022–41128) is due to a weakness in the JavaScript engine of Internet Explorer, which allows threat actors who successfully exploit it to execute arbitrary code when rendering a maliciously crafted website.
Zero-Day Hackers Breach Samsung Galaxy S22 Twice In 24 Hours
At Pwn2Own in Toronto, Canada, elite hacking teams went one better: Samsung’s flagship Galaxy S22 smartphone fell to zero-day exploits twice on the same day.
Rackspace confirms outage was caused by ransomware attack
Cloud computing provider Rackspace Technology has confirmed today that a ransomware attack is behind its ongoing Hosted Exchange outage.
Rackspace says that the investigation, led by a cyber defense firm and its own internal security team, is in its early stages with no info on “what, if any, data was affected.”
Hacking cars remotely with just their VIN
Your car’s mobile app might have allowed hackers to remotely unlock your vehicle, turn on or off its engine, and even honk its horn.
Those are the findings of Sam Curry, a security researcher and bug bounty hunter, who explored vulnerabilities that could affect Hyundai, Genesis, Nissan, Infiniti, Honda, and Acura vehicles, amongst others.
Curry and his colleagues first turned their attention to the official mobile apps used by owners of Hyundai and Genesis vehicles, that allow authenticated users to start, stop, lock, and unlock their cars.
French Hospital Cancels Operations After Cyberattack
A hospital complex in Versailles, near Paris, had to cancel operations and transfer some patients after being hit by a cyberattack over the weekend, France’s health ministry said.
Researchers Accidentally Crash Cryptomining Botnet
Security researchers analyzing a prolific botnet managed to accidentally kill it due to the coding equivalent of a typing error, according to Akamai.
Rackspace Cloud Office suffers security breach
Thousands of small to medium size businesses are suffering as Rackspace have suffered a security incident on their Hosted Exchange service.
Cybercriminals linked to Chinese government stole millions in Covid benefits, Secret Service says
Chengdu-based threat group known as APT41 and linked to the Chinese government stole at least $20 million in U.S. Covid relief benefits, including Small Business Administration loans and unemployment insurance funds in over a dozen states, according to the Secret Service.
Google links three exploitation frameworks to Spanish commercial spyware vendor Variston
While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm.
Officially, Variston claims to provide custom security solutions and custom patches for embedded system.
The experts reported that the framework includes exploits for n-day vulnerabilities in Chrome, Firefox and Microsoft Defender, the company also provides a collection of tools to deploy a malicious payload to a target device.
Law enforcement agencies can extract data from thousands of cars’ infotainment systems
Data managed by infotainment systems in modern vehicles are a valuable source of information for the investigation of law enforcement agencies.
Modern vehicles come with sophisticated infotainment systems that are connected online and that could represent an entry point for attackers, as demonstrated by many security experts over the years.
Law enforcement and intelligence worldwide are buying technologies that exploit weaknesses in vehicle systems.
