Several Vulnerabilities Patched and Malware Enters Systems Through Trojan USBs

RealTek SDK Vulnerability

by Artie Kaye

A serious flaw was discovered in a chip manufactured by RealTek. This could allow remote access, code execution, even rerouting or complete takeover of traffic through the device. The chip is used in millions of devices manufactured before March 2022. Since the chip was sold to manufacturers all over the world, the flaw is present in dozens of brands of networking devices. RealTek has known about the bug and has patched it in firmware updates. It is not known if all manufacturers that used the chips have applied this patch to their devices. Update the firmware of your network devices when you are able. If you are concerned that your hardware has the flaw, and no patch is available for it, the safest bet is to replace the device. This is actively being exploited in the wild.

The flaw is listed as CVE-2022-27255.

---

Apple and Chrome Zero Day Patches

by Artie Kaye

Apple has released emergency patches to address two zero-day exploits. Both are actively being leveraged. The patch is available for all Mac devices.

Google addressed an actively exploited flaw in their recent patch for their browser. The update is being released for Windows, Linux, and Mac versions of the browser. 

Please update your software to keep yourself safe.

---

USB Based Industrial Malware

by Artie Kaye

A computer that is not on a network can still be infected with malware. USB drives can carry trojan files that will activate when the device is accessed on a machine. Honeywell Forge released a report detailing their findings regarding USB based threats to the computers they monitored. The use of physical media to deliver payloads to machines increased from 19% to 52% over the past 2 years. Malware designed to interfere with industrial functions increased from 11% to 32%. Practicing good security doesn’t just apply to internet activities, it applies to all files and devices being used or introduced to a computer. 

Recommendations to address the threats discussed in the report include a USB security policy, limiting outbound network traffic, and maintaining a virus scanner with a focus in OT threat intelligence. The full report is linked below.

---

Zeppelin Ransomware

by Artie Kaye

CISA has released a statement regarding the Zeppelin brand of ransomware. Targeting health care mainly it’s also seen use against defense contractors, manufacturing, and academia. Something unusual about this attack is that they’ll encrypt multiple times, requiring more than one key to unlock the files. Attackers will spend time in the system looking for important documents and files before activating the software. Government agencies urge those attacked to report it and not pay the ransom. 

If you are the target of ransomware, please visit https://www.nomoreransom.org to see if they can be of help. The CISA advisement can be found below.

---

Zoom Flaw On Mac OS 

by Artie Kaye

Zoom was informed of a security flaw in their program for Macs. The flaw could allow a low level user to gain root access to the system. Patrick Wardle, the person who found the flaw, spoke about the issue at DEFCON this past weekend. Zoom had released a patch before the convention to address the flaw, the efficacy of which was called into question during the presentation. Zoom issued another patch, which appears to have fixed the problem. The method for which the flaw was exploited was to hijack the auto-updater within the program. If you are using a version of Zoom that’s before 5.11.5 and don’t want to auto-update, visit their website manually to get the required files.

The flaw is listed as CVE-2022-28756.

---