SwitHak

Security Advisories / Bulletins / vendors Responses linked to Spring4Shell (CVE-2022-22965)

Errors, typos, something to say ?

• If you want to add a link, comment or send it to me
• Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

A B C D E F G H [I](https://gist.github.com/SwitHak/0be6e857174d6ba2a6973f9ff9030c

SwitHak

CVE-2020-0796 AKA SMBGhost

General

• A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests.
• An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.
• To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.
• The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests.
• Vulnerability was discovered by Microsoft Platform Security Assurance & Vulnerability Research team.

Affected products:

SwitHak

Offensive Cyber Operation against Albania networks by Iran

General

• An offensive cyber operation against Albania government & medias networks occured the 15th July weekend.
• Quickly the AKSHI announced they were forced to disconnect public services & government websites from Internet.
• Mandiant cyber security company in a blog post attributed the activity to LIKELY an iranian threat actor.
• Albania Prime Minister offcially attributed the offensive cyber operation gainst its country to Iran.
• Albania government severed the diplomatic relationship with Iran the 7th September with immediate effect.
• Iran embassy personnel must leave the country.
• Nota: The response to this event depends, some says they're supportive of the Iran attribution, some not.

SwitHak

Security Advisories / Bulletins / vendors Responses linked to 3CX compromise event

General

What's 3CX?

• 3CX evolved from its roots as a PBX phone system to a complete communications platform, offering customers a simple, flexible, and affordable solution to call, video and live chat.

What's happening?

• Per several report the building environment of 3CX for the DesktopApp (MAC & Windows) has been compromised
• The recent releases (details given below) have been compromised to include malicious code inside it
• More details available regarding the compromise with the graphics by Thomas Roccia:

SwitHak

Ripple20, set of vulnerabilities inside Treck / KASAGO IP Stacks

General

• Ripple20 is the codename to a set of 19 vulnerabilities discovered by the cybersecurity team JSOF.
• These vulnerabilities are inside an IP stack, selled under two different names (Treck TCP/IP for U.S market Kasago TCP/IP, for Asia market. -These two stacks were bought and used under privated-labeled by several softwares companies, some known names are: GHnetv2, Kwiknet, Quadnet.
• But there's more, these stacks were also integrated, sometimes with modifications, inside several RTOS (real-time operating system).
• Last, some of the vulnerabilities, depending the device operating system, configuration or location can have greater or lower CVSS score.
• My advice is for companies to ask their suppliers if they use one of this stack and assess the risk following their company risk policy.
• This will not be an easy set of vulnerabilities to patch, sadly.

SwitHak

Hacktivists in Ukraine-Russia Conflict

Intro

• Since the beginning of the Ukraine invasion in 2022, we observed multiple hacktivists entities involved in the conflict, this document aims to centralize the information collected and provides a short analysis of their operating methods, financing models and some ideas on how-to report on this threat actor type, Mitre ATT&CK mapping.

Disclaimer

• The scope encompass my own collection from January 2022 to July 2023 included, it is mostly based on publicly available data, some Telegrams & VK groups were private.
• The following analysis will not contain Hacktivist entities & alliances names to not make them any publicity
• I can be wrong, I'm a human, do not hesitate to comment the analysis

SwitHak

Advisory

Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.

Details:

See the netflix information security advisory:

• https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

Exploit

sudo hping3 yourhost --tcp-mss 20 -S --flood

SwitHak

CVE-2020-0601 AKA ChainOfFools OR CurveBall

General

• Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
• The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
• The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

• NSA description:
• NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.

SwitHak

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

• If you want to add a link, comment or send it to me
• Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

• Royce Williams list sorted by vendors responses Royce List
• Very detailed list NCSC-NL
• The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List