Vulnerability WARNINGS and how long does it take to update?

One of the highlights of the week is the Pwn2Own competition. Participants have hacked many well-known applications. As for the rest of the news: as always, update your Cisco devices and Facebook, as usual, takes care of our privacy.
Welcome to the post! Don't forget to check out Vulners team documentation reborn and write your feedback;)

Vulnerabilities: VMware security products, Cisco EoL, Google;
Tools: Kubesploit, GoTestWaf, Apple persistence tool;
News: Facebook "data leak", malware in Google play, Pwn2Own competitions and 72 hours to your update;
Research: Have I Been Zucked? Microsoft research. Not a lot of bright stuff this week.

Feedback -> here

Vulnerabilities

VMware fixed vulnerabilities in Carbon Black Cloud Workload and vROps

VMware has fixed several critical issues within Carbon Black Cloud Workload and VMware vRealize Operations (vROps).

The vulnerability in Carbon Black Cloud Workload was identified as CVE-2021-21982. It allows attackers to bypass authentication by manipulating the URL in the interface.

Two vulnerabilities were also identified in VMware vRealize Operations (vROps), a solution for monitoring, optimizing and troubleshooting virtual infrastructure performance:

Vulnerability in the vROps API with the identifier CVE-2021-21975 is of the SSRF vulnerability type, which means it allows server-side request forgery. With its help any unauthorized intruder can steal administrator credentials and gain access to the application with maximum privileges, allowing to modify the application configuration and intercept any data in it.
Administrator privileges allow to exploit the second vulnerability, CVE-2021-21983 (arbitrary file download), which will allow to execute any commands on the server

To fix the vulnerabilities, you should follow the recommendations in the VMware notice.

WARNING: Cisco will not patch a newly discovered critical RCE vulnerability affecting its end-of-life small business routers.

Cisco System, one of the largest manufacturers of networking equipment, has no plans to address a critical security vulnerability that affects multiple business router models. Instead, Cisco urged users to simply swap out their old vulnerable device for a new one.

CVE-2021-1459 is relevant for RV110W VPN firewall, RV130, RV130W and RV215W Small Business routers. When exploited, unauthenticated cybercriminals can remotely execute arbitrary code on a vulnerable device.

Google commented on April 1 and 5 Android security updates. It turned out that, among other patches, the critical CVE-2021-0430 vulnerability was closed, thanks to which a hacker could achieve code execution in a privileged process using a specially created file.

Tools

🔥🔥 A new post-exploitation framework for Kubernetes: Kubesploit 🔥🔥

Gotestwaf - An open-source Go project to test different web application firewalls (WAF) for detection logic and bypasses.

Scylla is an OSINT tool developed in Python 3.6. Scylla lets users perform advanced searches on Instagram & Twitter accounts, websites/webservers, phone numbers, and names. Scylla also allows users to find all social media profiles (main platforms) assigned to a certain username

PoisonApple: Command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cyber threat emulation purposes.

News

Data from millions of Facebook users found in the public domain

On the cybercriminal forum, the data of 533 million Facebook users were found. The following are publicly available: full usernames, their Facebook IDs, phone numbers, location information, email addresses, gender, occupation, country and city of residence, date of account creation, etc. Most of the victims are in the USA (32 million), Great Britain (10 million) and Russia (10 million).

Another malware was found on Google Play

Check Point discovered FlixOnline, an app that pretended to be a Netflix app, on the official Google store. It turned out that if a user granted certain rights to the malware, it would automatically reply to the victim's WhatsApp messages. FlixOnline inserted a phishing link in its messages. The fake Netflix was removed from the Google Play Store, but it was downloaded 500 times in two months.

Pwn2Own 2021 is over. Windows 10, Ubuntu, Safari, Chrome, Zoom, and more successfully hacked

The biggest hacker competition, the spring Pwn2Own 2021, is over. This time it ended in a three-way draw between Team Devcore and OV, as well as the duo of IS experts Daan Koeper and Thijs Alkemade of Computest. In total, Pwn2Own participants earned $1,210,000 over the three days.

72 hours to update

SAP together with Onapsis have released a new report on current cyber threats to users of the German manufacturer's software. On average, you have 72 hours to safely update your software and hardware, and then attackers begin to act. We believe this time can be used as a guideline in local update policies

Research

Phishing Trends With PDF Files in 2020: 5 Approaches Attackers Use: https://unit42.paloaltonetworks.com/phishing-trends-with-pdf-files

Have I Been Zucked? Two British students put together a site to search the leaked Facebook dataset. https://haveibeenzucked.com

Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting - Microsoft Security https://www.microsoft.com/security/blog/2021/04/01/automating-threat-actor-tracking-understanding-attacker-behavior-for-intelligence-and-contextual-alerting

Gamifying machine learning for stronger security and AI models - Microsoft Security https://www.microsoft.com/security/blog/2021/04/08/gamifying-machine-learning-for-stronger-security-and-ai-models

Detecting process injection with ETW: https://blog.redbluepurple.io/windows-security-research/kernel-tracing-injection-detection

Feedback
W: https://blog.redbluepurple.io/windows-security-research/kernel-tracing-injection-detection

Feedback