INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Internet Wide Multi VPN Search From Single /24 Network
Published: 2023-09-18
Last Updated: 2023-09-18 12:54:47 UTC
by Johannes Ullrich (Version: 1)
Brute-forcing passwords for VPN access has become a standard technique for various actors to access corporate networks to exfiltrate data later or deploy ransomware. After identifying the VPN, an attacker may use simple brute forcing, credential stuffing, or social engineering in some very public cases to obtain access.
Today, I noticed in one of my honeypots new "most commonly hit" URLs...
Read the full entry:
https://isc.sans.edu/diary/Internet+Wide+Multi+VPN+Search+From+Single+24+Network/30226/
Microsoft September 2023 Patch Tuesday
Published: 2023-09-12
Last Updated: 2023-09-12 20:37:17 UTC
by Renato Marinho (Version: 1)
This month we got patches for 66 vulnerabilities. Of these, 5 are critical, and 2 are already being exploited, according to Microsoft.
One of the exploited vulnerabilities is a Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability (CVE-2023-36802). According to the advisory, an attacker who successfully exploited this vulnerability could gain SYSTEM privileges. The CVSS for this vulnerability is 6.8.
The second one is a Microsoft Word Information Disclosure Vulnerability (CVE-2023-36761). According to the advisory, the Preview Pane is an attack vector and exploiting this vulnerability could allow the disclosure of NTLM hashes.
Regarding critical vulnerabilities, one of them is a Remote Code Execution (RCE) vulnerability on Internet Connection Sharing (ICS) (CVE-2023-38148). According to the advisory, an unauthorized attacker could exploit this Internet Connection Sharing (ICS) vulnerability by sending a specially crafted network packet to the Internet Connection Sharing (ICS) Service. This vulnerability requires no user interaction and no privileges. The CVSS is 8.8 - the highest for this month.
The second highest CVSS this month is associated to a RCE affecting Visual Studio (CVE-2023-36793). To exploit this vulnerability an attacker would have to convince a user to open a maliciously crafted package file in Visual Studio. The CVSS is 7.8.
Read the full entry:
https://isc.sans.edu/diary/Microsoft+September+2023+Patch+Tuesday/30214/
Apple fixes 0-Day Vulnerability in Older Operating Systems
Published: 2023-09-11
Last Updated: 2023-09-11 18:32:28 UTC
by Johannes Ullrich (Version: 1)
This update fixes the ImageIO vulnerability Apple patched for current operating systems last week. Now, Apple follows up with a patch for its older, but still supported, operating system versions.
According to Citizen Lab, this vulnerability is already being exploited. Exploitation took advantage of the ImageIO vulnerability and a vulnerability in the Apple wallet "PassKit" API to send a "Pass" to the victim, including the malicious image. These older operating systems support PassKit, but it needs to be clarified if they are vulnerable to the PassKit issue.
More details: Apple: https://support.apple.com/en-us/HT201222
Citizen Lab: https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Read the full entry:
https://isc.sans.edu/diary/Apple+fixes+0Day+Vulnerability+in+Older+Operating+Systems/30210/