Foxit PDF Reader Vulnerability
by Artie Kaye
Cisco’s Talos security team has found four flaws within the Foxit reader which were made known to the company. The bugs can allow arbitrary code execution. For the exploit to work, a user would have to open a malicious file. However, if the reader extension is installed on a web browser, the vulnerability could activate by visiting a compromised site. If using Foxit, please update to the latest version to protect yourself.
The flaws are listed as CVE-2022-32774, CVE-2022-38097, CVE-2022-37332, and CVE-2022-40129.
https://www.foxit.com/support/security-bulletins.html
https://www.securityweek.com/foxit-patches-several-code-execution-vulnerabilities-pdf-reader
LiteSpeed Server Update
by Artie Kaye
Vulnerabilities were discovered in OpenLiteSpeed and LiteSpeed server software which can allow arbitrary code execution with elevated privileges. As the access to the server is required to implement, these exploits cannot be used without authentication. Palo Alto Networks discovered and reported the flaws, and a patch has been made available for their products.
The flaws are listed as CVE-2022-0072, CVE-2022-0073, and CVE-2022-0074.
https://unit42.paloaltonetworks.com/openlitespeed-vulnerabilities/
https://thehackernews.com/2022/11/multiple-high-severity-flaw-affect.html
https://www.securityweek.com/litespeed-vulnerabilities-can-lead-complete-web-server-takeover
BatLoader Malware Distributor
by Artie Kaye
A variant in malicious software has appeared that will selectively install malware specific to the type of machine it has infected. If it is a personal machine, the installation is customized to look for and steal banking information, passwords, and personal information. For business machines, programs like Cobalt Strike will be installed. BatLoader is distributed through fake search results and advertisements, especially for common free programs like Zoom, TeamViewer, and others. Users download and install what they think is a legitimate program and infect themselves. Due to its use of PowerShell and batch scripts, it is difficult to detect. The known infected machines are extremely low according to researchers at VMware.
When installing programs always get them from a trusted source. With free programs, this is usually the official website for their product. When using a search engine to find a program to install, do not click the advertisements in the results, scroll lower to find the official webpage. Scan any files you download before opening, even if you trust them and the source.
https://blogs.vmware.com/security/2022/11/batloader-the-evasive-downloader-malware.html
https://www.esentire.com/blog/batloader-facilitates-fraud-hands-on-keyboard-attacks
https://www.darkreading.com/attacks-breaches/researchers-alarm-batloader-malware-dropper
Android Bug Bypasses Lock Screen
by Artie Kaye
A bug was found in Android operating systems which allowed full phone access. Google has released an update to fix this problem. Users of affected devices are encouraged to update as soon as possible.
The flaw is listed as CVE-2022-20465.
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
https://www.securityweek.com/google-pays-70k-android-lock-screen-bypass
GitHub Adds Reporting Vulnerabilities Privately
by Artie Kaye
Reporting flaws to developers on GitHub can be difficult if the development person or team does not have contact information attached to the project. This can lead to other users publicly disclosing the problem in hopes that the creators will see and fix the issue. A new feature on GitHub allows people to report problems to the creators using the platform. The function can be toggled on or off under the settings of the specific repository.
https://www.securityweek.com/github-introduces-private-vulnerability-reporting-public-repositories