Freely subscribe to our NEWSLETTER

Zero-Day Privilege Escalation Vulnerability Affecting Windows Version of 7-Zip.
Threat Reference: Global
Risks: Privilege Escalation
Advisory Type: Zero-Day Exploits
Priority: Elevated

Security Researchers observed a recently published zero-day vulnerability in 7-Zip that allows an attacker to perform privilege escalation and command execution on Windows machines running with the 7-Zip version 21.07. This is exploitable due to misconfiguration of 7z.dll and a heap overflow.

Publicly Available POCs can be found below:
https[://]github.com[/]tiktb8/CVE-2022-29072
https[://]github.com[/]kagancapar/CVE-2022-29072

Recommendations
• It is recommended to keep all devices and software updated to their latest versions.
• Monitor your IT infrastructure 24x7 for suspicious activities.
• It is recommended to keep anti-malware solutions at endpoints, and IPS signatures at the network level, always updated.

Google Released a Patch for Zero-Day Vulnerability (CVE-2022-1364) in Chrome, Exploited in the Wild.
Threat Reference: Global
Risks: Zero Days
Advisory Type: Updates/Patches
Priority: Standard
Google has released Chrome version 100.0.4896.127 for Windows, Mac, and Linux to fix high severity Type Confusion vulnerability in V8 (CVE-2022-1364) which is exploited in the wild.

Recommendation
• It is recommended to update Google Chrome to the latest available versions/patch level.

Apache Released Update to Fix RCE Vulnerability in Struts.
Threat Reference: Global
Risks: Remote Code Execution
Advisory Type: Updates/Patches
Priority: Standard

Apache has fixed a critical remote code execution vulnerability in Struts, tracked as CVE-2021-31805 and having CVSs score 9.8. Successful exploitation of this vulnerability can allow the attacker to execute remote code execution on the victims’ system.

Affected versions: Struts 2 versions from 2.0.0 up to and including 2.5.29.
Recommendations
• It is recommended to update Apache Strut to the latest available version 2.5.30 or greater.

Mirai Botnet Infecting Vulnerable Web Servers by Exploiting Spring4shell Vulnerability

Threat Reference: Global
Risks: Malware
Advisory Type: Threat
Priority: Standard
Researchers have observed that attackers are actively exploiting Spring4Shell vulnerability on vulnerable web servers to deploy mirai botnet. The Spring4shell vulnerability tracked as CVE-2022-22965 and having cvss score 9.8. Successful exploitation of this vulnerability can allow the attacker to install mirai botnet on web server.

Recommendations
• It is recommended to update Spring Framework to the latest available version.
• Deploy Endpoint Detection & Response (EDR) tools to detect latest malwares and suspicious activities on endpoints.
• Update the Anti-malware solutions at endpoint and perimeter level solutions to include the given IOCs.
• Analyze Endpoint solutions - EDR, AV, Email Anti-malware solution logs for the presence of mentioned IOCs.

Threat Actors Targeting Energy Sectors ICS/SCADA Devices
Threat Reference: Global
Risks: Potential Threat
Advisory Type: Threat
Priority: Standard
Security Researchers discovered that threat actors are targeting the Energy Sector by using custom tools for targeting ICS/SCADA devices. This can scan for compromised and control affected devices and gain access to operational technology network.
Threat actors can also compromise workstations present in Information Technology or OT organizations, this exploit can also compromise ASRock Motherboard driver with known vulnerabilities.

Recommendations
• Monitor your IT infrastructure 24/7 for suspicious activities.
• It is recommended to keep anti-malware solutions at endpoints and IPS signatures at the network level always updated.
• It is recommended to keep all devices and software updated to their latest versions.