New Software Vulnerabilities on the Rise: Top Cybersecurity News from the Week of Dec 4th

Although we are approaching the holiday season full of smiles and celebrations, the cyber threat actors are not taking a time off. Heading into Christmas, we are seeing more critical vulnerabilities being discovered and exploited around the industries.  Here are some of the most notable cybersecurity news from the week:

 

Major supply-chain vulnerability in IBM cloud database

IBM has discovered a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code.

The privilege escalation flaw (CVSS score: 8.8), dubbed “Hell’s Keychain” by cloud security firm Wiz, has been described as a “first-of-its-kind supply-chain attack vector impacting a cloud provider’s infrastructure.”

Successful exploitation of the bug could enable a malicious actor to remotely execute code in customers’ environments and even read or modify data stored in the PostgreSQL database.

“The vulnerability consists of a chain of three exposed secrets (Kubernetes service account token, private container registry password, CI/CD server credentials) coupled with overly permissive network access to internal build servers,” Wiz researchers Ronen Shustin and Shir Tamari said.

 

Redis server being exploited to deploy next-gen malware

A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network.

The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo, according to cloud security firm Aqua.

This is not the first time the flaw has come under active exploitation, what with Juniper Threat Labs uncovering attacks perpetrated by the Muhstik botnet in March 2022 to execute arbitrary commands.

 

Russian courts being hit by a wave of data wiper malware 

A new data wiper malware called CryWiper has been found targeting Russian government agencies, including mayor’s offices and courts. Besides terminating processes related to database and email servers, the malware is equipped with capabilities to delete shadow copies of files and modify the Windows Registry to prevent RDP connections in a likely attempt to obstruct incident response efforts.

The files overwritten with garbage data are subsequently appended with an extension called “.CRY,” following which a ransom note is dropped to give the impression that it’s a ransomware program, urging the victim to pay 0.5 Bitcoin to recover access.

CryWiper is the second retaliatory wiper malware strain aimed at Russia after RURansom, a .NET-based wiper that was found targeting entities in the country earlier this March.

For more latest cybersecurity news and insights into the world of cybersecurity, follow Code Red on Twitter and LinkedIn.

Back to Knowledge Hub