Updated: Sep 30, 2022
In this week’s Cyber Weekly Digest we dive into the newest information on the Uber breach from last week as well as the 15-year-old Python vulnerability affecting over 350,000 open-source projects. Keep reading to stay up to date on all the latest cyber security stories from the week.
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical severity Java deserialisation vulnerability affecting multiple Zoho ManageEngine products to its catalogue of bugs exploited in the wild. The security flaw CVEE-2022-35405 can be exploited in low-complexity attacks, with zero user interaction, to gain remote code execution on servers running unpatched Zoho Manager Engine PAM360 and Password Manager Pro (Without execution) or Access Manager Plus (with authentication). “These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose a significant risk to the federal enterprise,” the CISA stated on Thursday. All security professionals and admins are strongly recommended to review CISA’s KEV catalogue and patch listed bugs within their environment to block security breach attempts.
Uber has provided an update on its breach which was discovered last Thursday. In the update, Uber states that there is no evidence that users’ private information was compromised and that all of their services are still operational. However, it has been reported that the breach involved an 18-year-old lone attacker, who used social engineering tactics to trick an Uber employee into accepting MFA prompts. Once gaining initial access the attacker found an internal network share which container Powershell scripts with privileges admin credentials giving them access to other critical systems. Most worryingly, the attacker apparently got access to privately disclosed vulnerability reports submitted via HackerOne as part of Uber's bug bounty program.
Threat actor Lapsus$ is reported to be responsible for breaching gaming giant Rockstar Games. This week an account named ‘teapotuberhacker’ posted on GTAForums around 90 videos of in-development footage of the upcoming Rockstar Games instalment, Grand Theft Auto 6. After sharing the footage teapotuberhacker left a message claiming they wanted to “negotiate a deal” with the game publisher to return unreleased data, including the source code for Grand Theft Auto 5 and the in-development version of Grand Theft Auto 6. Rockstar Games has acknowledged the leak, however, it is unclear whether the attacker gained access to data beyond the video clips leaked. The attacker has also been linked to the Uber data breach and Lapsus$ attack group.
Internet security company Imperva has announced its DDoS mitigation solution has broken a new record, defending against a single attack that sent over 25.3 billion requests to one of its customers. The DDoS attack occurred on June 27, which peaked at 3.9 million requests per second (RPS) and averaged 1.8 million RPS. The attack was launched by a massive botnet spread across 180 countries, with most IP addresses located in the U.S., Brazil, and Indonesia. Although Cloudflare mitigated a 26 million requests DDoS attack in June, this attack lasted significantly longer, for over 4 hours.
As many as 350,000 open source projects are believed to be potentially vulnerable to exploitation as a result of a security flaw in a Python module that has remained unpatched for 15 years. The flaw tracked as CVE-2007-4559 with a CVSS score of 6.8, is rooted in the tarfile module, successful exploitation of which could lead to code execution from an arbitrary file write. The vulnerability was originally disclosed in August 2007.