Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 16, 2022
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 16, 2022

4 years ago Andrew Swoboda
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 16, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 16, 2022. I’ve also included some comments on these stories. 

Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability  

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities Catalog, the Hacker News reports. Citing evidence of active exploitation, the reported flaws included the recently disclosed remote code execution bug affecting Zyxel firewalls. 

ANDREW SWOBODA | Senior Security Researcher at Tripwire

Zyxel Firewalls are subject to a code execution vulnerability. Attackers can inject arbitrary commands upon successful exploitation of this vulnerability. The following devices are affected by this vulnerability: USG FLEX 100, 100W, 200, 500, 700 USG20-VPN, USG20W-VPN ATP 100, 200, 500, 700, 800, and VPN series. Upgrade to patch V5.30 or later to fix this vulnerability. 

Hackers target Tatsu WordPress plugin in millions of attacks  

Hackers are massively exploiting a remote code execution vulnerability (CVE-2021-25094) in the Tatsu Builder plugin for WordPress, which is installed on about 100,000 websites. Although the patch has been available since early April, up to 50,000 websites are estimated to still run a vulnerable version of the plugin, Bleeping Computer notes. 

ANDREW SWOBODA | Senior Security Researcher at Tripwire

The Tatsu Builder plugin for WordPress is subject to a code execution vulnerability. To exploit this vulnerable attackers need to upload a malicious zip file that extracts a PHP file that starts with a ‘.’ to bypass extension controls.  

It is estimated that there are 50 000 vulnerable websites. Attackers are currently exploiting this issue and it is necessary to patch vulnerable systems. Versions of Tatsu Builder prior to 3.3.13 are vulnerability to exploitation.  

Attackers have been seen trying to inject a hidden malware dropper in “wp-content/uploads/typehub/custom/”. Check to make sure a file with the name “.sp3ctra_XO.php” and a MD5 hash of 3708363c5b7bf582f8477b1c82c8cbf8 is not located on the system. This is a known malicious file associated with the attack. 

380K Kubernetes API Servers Exposed to Public Internet  

Here’s a shocking fact: 380K Kubernetes API server are currently exposed to the public internet. Threatpost warns that over three-quarters of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allows some form of access. 

ANDREW SWOBODA | Senior Security Researcher at Tripwire

Between 300,000 and 400,000 Kubernetes API servers have been discovered to be exposed on the internet. While testing ShadowServer notices that servers responded to a “200 OK”. This does not mean that each server will have the same attack surface, but might configured to allow more permissions than necessary.  

This article highlights the need to ensure that systems are not configured to be more permissible than necessary.  

Sysrv-K Botnet Targets Windows, Linux 

Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins, reports Threatpost.  

Matthew Jerzewski | Security Researcher at Tripwire 

Sysrv-k is back at it again with some new features. The botnet known as “sysrv-k” has been scanning numerous webapps, databases, WordPress plugins, and now is taking advantage of the new CVE identified in Spring Framework API and Spring Cloud Gateway. CVE-2022-22947 is one of the numerous CVE’s released this year getting a CVSS score of 10 affecting Spring Cloud Gateway. The sysrv-k botnet is leveraging this vulnerability which exposes apps to remote code injection, therefore allowing the botnet to install Monero crypto miners. 

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack 0-Days 

Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise, Threatpost notes. Most advanced persistent threat groups (APTs) use known vulnerabilities in their attacks against organizations, suggesting the need to prioritize faster patching rather than chasing zero-day flaws as a more effective security strategy, new research has found. 

Darlene Hibbs | Security Researcher at Tripwire 

It’s risky to assume that APTs are only targeting 0-day exploits. Research shows that known vulnerabilities are just as likely an attack vector for APTs if not more so, and slow patch cycles can increase the chances of a breach by 9 times. There is only so much that can be done to mitigate the risk of 0-day vulnerabilities as you don’t know what you don’t know, but decreasing the time to patch what you do know about can significantly reduce risk. 

Keep in Touch with Tripwire VERT 

Want more insights from Tripwire VERT before our next cybersecurity news roundup comes out? Subscribe to our newsletter here.  

Previous VERT Cybersecurity News Roundups 

  • May 2, 2022
  • April 25, 2022 
  • April 18, 2022 
  • April 11, 2022 
  • April 4, 2022 
  • March 28, 2022 
  • March 21, 2022 
  • March 14, 2022 
  • February 28, 2022 
  • February 21, 2022 

The post ” Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 16, 2022″ appeared first on TripWire

Source:TripWire – Andrew Swoboda

Tags: Bug, Cloud, Exploit, Hacker, Hacker News, Linux, Microsoft, Threatpost, TripWire, Vulnerability

Continue Reading

Previous Yes, Containers Are Terrific, But Watch the Security Risks
Next Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code

More Stories

  • Cyber Attacks
  • Data Breach

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

6 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

9 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

The Kill Chain Is Obsolete When Your AI Agent Is the Threat

12 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

12 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

12 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

16 hours ago [email protected] (The Hacker News)

Recent Posts

  • LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
  • GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
  • The Kill Chain Is Obsolete When Your AI Agent Is the Threat
  • Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
  • Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT