Episode 60: June 12 2023
Links
https://www.hackread.com/picture-in-picture-technique-phishing-attack/
Easily Exploitable Microsoft Visual Studio Bug
- Bug
- Microsoft Visual Studio installer
- multiple versions of the Visual Studio
- integrated development environment (IDE)
- 2017-2022
- Hackers could create malicious extensions to application developers.
- under the guise of being a legitimate software publisher
- infiltrate development environments
- taking control of device
- poisoning code
- steal high-value intellectual property
- CVE-2023-28299
- Microsoft Released a Patch
- security update for April
- Moderate Severity
- bug that attackers are less likely to exploit
- Varonis
- different take
- easily exploitable
- 26% market share
- Attack
- phishing or other social engineering
- deliver the malicious extension to software developers
- site containing cracked software
- typosquatting a known and valid extension
- Open visual Studio Extension (VSIX) package as a .ZIP file
- manually adding newline characters to a tag in the “extension.vsixmanifest” file.
- newline character is something that developers use to denote the end of a line of text, so the cursor moves to the beginning of the next line on screen.
- adding enough newline characters to the extension name
- force all other text in the Visual Studio installer to be pushed down
- hiding from sight any warnings about the extension not being digitally signed.
- Tricks them to think it’s genuine.
- force all other text in the Visual Studio installer to be pushed down
- deliver the malicious extension to software developers
- phishing or other social engineering
- different take
- Microsoft Released a Patch
- multiple versions of the Visual Studio
- Microsoft Visual Studio installer
Cybersecurity awareness takes center stage
- Fortinet
- 5th Annual Fortinet State of OT and Cybersecurity Report
- operational technology (OT)
- 507 Technology Professional
- Third Party
- 5th Annual Fortinet State of OT and Cybersecurity Report
- Results
- 84% of organizations experienced one or more breaches in 2022
- 90% of leaders believe that increased employee cybersecurity awareness would help decrease the occurrence of cyberattacks.
- 81% of organizations faced malware, phishing, and password attacks last year which mainly were targeted at users
- 85% of leaders say their organization has a security awareness and training program
- 50% believe their employees still lack cybersecurity knowledge.
- 93% of organizations indicated their board of directors are asking about the organizations cyber defenses and strategy
“Picture in Picture” Technique Exploited in New Deceptive Phishing Attack
- phishing campaign
- sophisticated obfuscation tactics
- deceive unsuspecting users into visiting malicious websites and disclosing sensitive information.
- hide malicious links within seemingly innocuous images
- Targeting known brands
- Delta Airlines and Kohl’s
- “picture in picture”
- users’ trust in familiar logos and promotions
- embedding nefarious URLs within promotional image
- Often, hackers will happily link a file, image, or QR code to something malicious. You can see the true intention by using OCR to convert the images to text or parsing QR codes and decoding them. But many security services don’t or can’t do this.
- sophisticated obfuscation tactics
PoC released for Windows Win32k bug exploited in attacks
- Avast
- proof-of-concept (PoC) exploit
- privilege escalation vulnerability
- May 2023 Patch Tuesday
- Discovered as actively exploited as a zero-day in attacks
- cybersecurity firm Numen
- released full technical details
- a PoC exploit for Windows Server 2016
- CVE-2023-29336
- CVSS 7.8/10
- low-privileged users to gain Windows SYSTEM privileges
- Microsoft
- only affects older versions of Windows
- including older Windows 10 versions
- non-exploitable on the Win11 system version
- only affects older versions of Windows
- Vulnerable because obsolete code being copied over to newer Win32k versions
- leaves menu objects vulnerable to tampering or hijacks
- if attackers alter the specific address in the system memory
- gaining the same-level access as the program that launched it
- leaves menu objects vulnerable to tampering or hijacks