Proprietary Issues and Windows TCO

posted by Roy Schestowitz on Jun 27, 2023

• CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks

  The Taiwanese device manufacturer published an advisory last week to warn customers that its NAS326, NAS540 and NAS542 devices, specifically ones running firmware version 5.21 and earlier, are impacted by a critical vulnerability.

  The flaw, tracked as CVE-2023-27992, can be exploited for arbitrary command injection without authentication.

• A technical analysis of the SALTWATER backdoor used in Barracuda 0-day vulnerability (CVE-2023-2868) exploitation

  SALTWATER is a backdoor that has been used in the exploitation of the Barracuda 0-day vulnerability CVE-2023-2868. It is a module for the Barracuda SMTP daemon called bsmtpd. The malware hooked the recv, send, and close functions using an open-source hooking library called funchook. The following functionalities are implemented: execute arbitrary commands, download and upload files, proxy functionality, and tunneling functionality.

• Windows TCO

  • Attorney sues Microsoft for $1.75M, claiming his email has been useless since May

    In the complaint [PDF] – first filed in New York state but later moved to the Southern District of New York – David M Schlachter asks for $750,000 in damages and $1 million in punitive damages. He alleges that he lost access to his Microsoft business email account in May, but that the software giant failed to extricate him from a verification loop that was preventing him from getting into his account, which he says he pays for via a monthly subscription.

    The problem started, according to the attorney's complaint, when he tried to log in on May 10, and the system asked him for his "2 step verification."

    Schlachter describes being caught in an "error code 500121" loop and provides a screenshot in the complaint.

  • Dragos hits Mandiant claims about new malware COSMICENERGY for six

    - Operators should reach out to vendors to see if software packages include MS SQL. - Operators should ensure they have network monitoring in place, watch for xp_cmdshell alerts and, out of an abundance of caution, audit their MS SQL Servers.

    [...]

    Mandiant's post appeared to be keen to associate COSMICENERGY with Russia, while Dragos, which has a policy of not associating threats with any country, kept to its own code.

    Back in 2020, the Israeli security firm Claroty claimed to have fixed a flaw in the Siemens Digsi 4 protocol, saying that the protocol was the same as that exploited by the malware known as Industroyer in 2016.

    Industroyer is claimed to have been used to attack the power grid in Ukraine on 17 December 2016. There is, however, no unanimity in this claim; as iTWire reported in 2017, researchers from Slovakian security firm ESET were cautious about concluding that Industroyer was really used in the Ukraine attack.

    All that ESET committed to at the time was that their researchers had found malware — it was they who coined the name Industroyer — which could have done exactly what happened to the power grid in Ukraine. The capital, Kiev, was without power for an hour. A previous attack in 2015, also in December, knocked out the power in about 250,000 houses in various regions of Ukraine.