News for September 23, 2022


Twitter Not Logging Users Out After Password Reset
by Artie Kaye

After manually changing one’s password, the platform was not signing users out of all instances.  This affected Android and iOS users, not desktop access.  After this came to light, Twitter took actions on accounts that it suspected might have been affected, logging users out across all instances.  The company has a page where you can view your active sessions.  If you need to, log them out manually, link below.  If you see any instances you do not recognize, of course log them out, and maybe change your password as well.

https://twitter.com/settings/sessions

https://privacy.twitter.com/en/blog/2022/an-issue-impacting-password-resets

https://www.bleepingcomputer.com/news/security/twitter-failed-to-log-you-out-of-all-devices-after-password-resets/

https://www.pcmag.com/news/twitter-our-password-reset-function-failed-to-log-users-out-of-devices

https://techcrunch.com/2022/09/22/twitter-discloses-it-wasnt-logging-users-out-of-accounts-after-password-resets

Zoho ManageEngine Actively Exploited
by Artie Kaye

Functioning as a remote code execution vulnerability, this problem affects the following products.

Access Manager Plus version 4302 and below
Password Manager Pro version 12100 and below
PAM360 version 5500 and below

CISA has added this bug to their known exploited vulnerabilities list, meaning it’s actively being targeted.  Update as soon as you can.

This flaw is tracked as CVE-2022-35405.

https://thehackernews.com/2022/09/cisa-warns-of-hackers-exploiting-recent.html

https://www.securityweek.com/cisa-warns-zoho-manageengine-rce-vulnerability-exploitation

https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-manageengine-rce-bug-used-in-attacks/

Malicious Open Authorization Apps
by Artie Kaye

Open Authorization, or OAuth, is a function wherein a user can log into a service or website using an account from a different company.  Google, Twitter, and Facebook are some examples.  Microsoft researchers found the attack started with credential stuffing, trying to find an administrator account that did not have two factor authentication active.  They whitelisted a malicious OAuth program, giving it high privileges.  After that they modified the Exchange server settings to direct spam mail through the server to give it the air of authenticity.  The goal was to scam people out of money.  Setting up 2FA or MFA can help slow down or prevent credential stuffing attacks from succeeding.  

https://www.darkreading.com/application-security/cyberattackers-compromise-microsoft-exchange-servers-malicious-oauth-apps

https://thehackernews.com/2022/09/hackers-using-malicious-oauth-apps-to.html

https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-via-oauth-apps-for-phishing/