VERT’s Cybersecurity News for the Week of August 1, 2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 1st, 2022. I’ve also included some comments on these stories.
Windows 11 Smart App Control blocks files used to push malware
Smart App Control, a Windows 11 security feature that blocks threats at the process level, now blocks several file types that threat actors use to infect targets with malware in phishing attacks, reports Bleeping Computer. This came on the heels of Microsoft again starting to block macros in Office files downloaded from the web, which forced hackers to resort to different file types when launching an attack.
ANDREW SWOBODA | Senior Security Researcher at Tripwire
Smart App Control for Windows 11 has been updated to block several file types. It has been updated to block iso and lnk file types that have been downloaded from the internet. Smart App Control will alert users when applications have been blocked. Smart App Control blocks the the following: .img, .vhd, .vhdx, .appref-ms, .bat, .cmd, .chm, .cpl, .js, .jse, .msc, .msp, .reg, .vbe, .vbs, and .wsf.
High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover
A high-severity local privilege-escalation (LPE) vulnerability in Kaspersky’s VPN Secure Connection for Microsoft Windows has been discovered, which would allow an attacker to gain administrative privileges and take full control over a victim’s computer, notes Dark Reading.
Andrew Swoboda | Senior Security Researcher at Tripwire
Kaspersky’s VPN Secure Connect for Microsoft Windows is subject to a local privilege escalation. This vulnerability could allow an attacker to take full control over a victim’s system. The vendor has released version 21.7.7.393 to resolve this vulnerability.
Critical RCE vulnerability impacts 29 models of DrayTek routers
Researchers at Trellix have discovered a critical unauthenticated remote code execution (RCE) vulnerability impacting 29 models of the DrayTek Vigor series of business routers, Bleeping Computer announces. The vulnerability is tracked as CVE-2022-32548 and carries a maximum CVSS v3 severity score of 10.0, categorizing it as critical.
Andrew Swoboda | Senior Security Researcher at Tripwire
DrayTek Vigor is subject to an unauthenticated remote code execution vulnerability. This vulnerability appears to be viable via local and wan connections. Attackers could potentially take complete control of vulnerable devices. The vendor has released patches to resolve this issue.
Zimbra Credential Theft Vulnerability Exploited in Attacks
The US Cybersecurity and Infrastructure Security Agency (CISA) informed organizations on Thursday that a recently patched vulnerability affecting the Zimbra enterprise email solution has been exploited in attacks, notes Security Week.
Andrew Swoboda | Senior Security Researcher at Tripwire
Zimbra is vulnerable to a cleartext credential theft. An attacker could exploit this vulnerability to obtain access to a victim’s email account. This would allow an attacker to potentially gain access to sensitive information. This vulnerability was fixed in 8.8.15 patch level 31.1 and 9.0.0 patch level 24.1.
Keep in Touch with Tripwire VERT
Want more insights from Tripwire VERT before our next cybersecurity news roundup comes out? Subscribe to our newsletter here.