Les Bell
Blog entry by Les Bell
Welcome to today's daily briefing on security news relevant to our CISSP (and other) courses. Links within stories may lead to further details in the course notes of some of our courses, and will only be accessible if you are enrolled in the corresponding course - this is a shallow ploy to encourage ongoing study. However, each item ends with a link to the original source.
News Stories
Steganography for Fun and Profit
A malware campaign called GO#WEBBFUSCATOR is distributing malware payloads in what seems to be an image of the Deep Space Field captured by the James Webb Space Telescope. Of course, malware embedded in a JPEG won't do anything by itself unless able to exploit a buffer overflow vulnerability in an image viewer, but in this case, the file gets downloaded by an obfuscated VBA macro fetched by an infected email.
The downloaded image file is actually a base64-encoded 64-bit Windows executable written in the Go programming language and further obfuscated using a technique called gobfuscation. This makes reverse-engineering and analysis of the malware very difficult. Fortunately, since Microsoft has disabled macros by default, fewer and fewer systems are likely to be vulnerable to this particular attack.
Lakshamanan, Ravie, Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope, The Hacker News, 31 August 2022. Available online at https://thehackernews.com/2022/08/hackers-hide-malware-in-stunning-images.html.
Chrome Vulnerability Allows Clipboard Access
A vulnerability introduced in Chrome version 104 allows malicious web sites to write to the clipboard without asking user permission - something that was present in previous versions of the browser.
This could allow a range of attacks, e.g. altering strings which a user copies and pastes from a web page, such as phone numbers, digest values, cryptocurrency wallet addresses, etc. No fix has yet been released for the vulnerability.
Johnson, Jeff, Web pages can overwrite your system clipboard without your knowledge, blog article, available online at https://lapcatsoftware.com/articles/clipboard.html.
Pros and Cons of Managed Firewall Services
An interesting piece in Dark Reading lays out the pros and cons of managed firewalls, which offer services such as firewall monitoring, service and incident management, automatic updates and patching, security policy implementation, reporting, analysis and remediation and more. The author concludes that managed firewalls are generally a good option, but may not suit smaller enterprises with simple networks and small budgets, those with highly complex environments or organizations who want to avoid giving third party service providers privileged access to their systems.
Anderson, Eric, The Pros and Cons of Managed Firewalls, Dark Reading, 1 September 2022. Available online at https://www.darkreading.com/attacks-breaches/the-pros-and-cons-of-managed-firewalls.
Apple Releases Security Updates for Older iPhones and iPads
Apple has released patches for a buffer overflow vulnerability (CVE-2022-3289) in the WebKit browser engine which underpins the Safari browser. An earlier fix was released for macOS and newer handheld devices; this fix applies to iOS 12.5.6, which supports devices back to the iPhone 5s. The company says the update is necessary because they are receiving reports of active exploitation, although no details have been released.
Gatlan, Sergiu, Apple backports fix for actively exploited iOS zero-day to older iPhones, 31 August 2022. Available online at https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-actively-exploited-ios-zero-day-to-older-iphones/.
These news brief blog articles are collected at https://www.lesbell.com.au/blog/index.php?courseid=1. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.
Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.