CYBERSECURITY NEWS V. May – Apple Patches Exploited Vulnerabilities, Costa Rica declares national emergency after cyberattacks

News FYI

Apple Finally Patches Exploited Vulnerabilities in macOS Big Sur and Catalina 

Apple released security updates to fix dozens of vulnerabilities in its operating systems, and released long-awaited patches for macOS Big Sur and Catalina that address exploited vulnerabilities in them.

Apple did resolve CVE-2022-22675 in macOS Big Sur 11.6.6, watchOS 8.6, and tvOS 15.5, and also fixed CVE-2022-22674 with Catalina security update 2022-004.

In security bulletins, Apple experts warn that the CVE-2022-22675 bug, which allowed applications to execute arbitrary code with kernel privileges, could already be under attack by hackers, although Apple did not disclose any details.

SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices 

SonicWall released an alert that reported three vulnerabilities in its Secure Mobile Access (SMA) 1000 devices, including a critical authentication bypass vulnerability. Vulnerabilities affect SMA 6200, 6210, 7200, 7210, 8000v with firmware versions 12.4.0 and 12.4.1.

CVE-2022-22282 (CVSS Score: 8.2) - Allows an unauthorized user to bypass the access control system;

CVE-2022-1702 (CVSS Score: 6.1) - Redirects the user to an untrusted site (open redirect);

CVE-2022-1701 (CVSS Score: 5.7) - Allows an attacker to exploit a hard-coded cryptographic key.

Successful exploitation of these vulnerabilities allows an attacker to gain unauthorized access to internal resources and systems, as well as redirect potential victims to malicious sites.

Although there is no evidence of exploitation of the vulnerabilities in the wild, experts recommend that users apply the security update, as SonicWall devices have been an attractive target for ransomware attacks in the past.

Free antivirus AVG and Avast had a serious vulnerability for the last 7 years

Only now it became known that a vulnerability that appeared back in 2012 was discovered in popular shareware antiviruses. In 2012, a vulnerability appeared in version 12.1 that allowed cybercriminals to gain full access to the victim's computer. Subsequently, after the purchase of AVG, this vulnerability migrated to the new antivirus, since the code was provided unchanged.

The vulnerability has a high level of danger and when it is used, there is a large percentage of loss of control over personal computers. Using the vulnerability, hackers can change the access privilege level, replace system files with the possibility of damaging the entire operating system, and even disable personal computer security products.

Google fixes actively exploited Android kernel vulnerability

Google Corporation announced the release of a security update for Android, within which 37 vulnerabilities were fixed in various components of the operating system. The most serious of the bugs is CVE-2021-22600, which has already been exploited by hackers.

CVE-2021-22600 is a privilege escalation error in the Linux kernel that can be exploited by attackers through local access. The vulnerability affects Android, as the OS uses a modified Linux kernel. It is not clear how the vulnerability is used in attacks, but it is most likely used to execute privileged commands and lateral movement through Linux systems in corporate networks.

Google discovered the vulnerability in January, but only this month it was patched for the Android OS.

Costa Rica declares national emergency after Conti ransomware attacks

The President of Costa Rica declared a state of emergency in the country amid cyber attacks using Conti ransomware on government agencies. Hackers stole over 672 GB of sensitive data.

The Treasury Department was the first to be hit by the attack, raising fears that hackers had gotten hold of taxpayer data.

The Costa Rica Treasury has been operating without digital services since April 18, forcing businesses and citizens to fill out forms manually, greatly overburdening the public sector. Earlier, Conti demanded a $10 million ransom from the ministry, which the government refused to pay.

Experts have not yet completed a full analysis of the data leak, but a preliminary analysis of a small part of the leak revealed the source code and SQL databases belonging to government sites in Costa Rica.

Microsoft May 2022 Patch Tuesday

Microsoft has announced that 75 documented vulnerabilities have been fixed. .NET products and Visual Studio, Microsoft Exchange Server, Microsoft Office, Windows Hyper-V, and many others received security updates.

The categories of some of the vulnerabilities fixed in the May 2022 Patch Tuesday are as follows:  

26 Remote Code Execution vulnerability 

21 Privilege Escalation vulnerability 

17 Information Disclosure vulnerability 

6 Denial of Service vulnerability