Net Security Weekly is a security information column launched by Prism Qicai. It aims to let users understand the threats of open source and software supply chain by displaying the attacks related to open source security and software supply chain security within a week, so as to raise the importance of security and do a good job. defensive measures.
1. The banking industry has become the target of open source software supply chain attacks
Cybersecurity researchers say they have uncovered the first supply chain attack on open source software specifically targeting the banking industry. These attacks demonstrate advanced techniques, including targeting specific components within the victim bank's network assets by attaching malicious functionality.
Reference link: https://thehackernews.com/2023/07/banking-sector-targeted-in-open-source.html
2. The cloud computing supply chain encounters a major security risk! Critical Flaw in AMI MegaRAC BMC Software Exposes Servers to Remote Attacks
Two security vulnerabilities have been disclosed in the AMI MegaRAC baseboard management controller (BMC) software that, if successfully exploited, could allow threat actors to remotely control vulnerable servers and deploy malware. The popularity of the MegaRAC BMC, a critical supply chain component found in millions of devices shipped by major vendors, has made it an important target for threat actors, and these vulnerabilities pose a significant risk to the technology supply chain behind cloud computing.
Reference link: https://thehackernews.com/2023/07/critical-flaws-in-ami-megarac-bmc.html
3. Ubuntu exposes Linux vulnerabilities, nearly 40% of users are affected
Ubuntu is currently one of the most widely used Linux distributions, with more than 40 million users. Recently, two Linux vulnerabilities CVE-2023-32629 and CVE-2023-2640 have been exposed in the Ubuntu kernel. Unprivileged local users may exploit them Gaining higher privileges on a device affects about 40% of Ubuntu users. The researchers warn that the two vulnerabilities stem from separate changes made by Ubuntu to the OverlayFS module, both targeting the Ubuntu kernel, and weaponized attacks targeting these vulnerabilities are now public.
Reference link: https://www.bleepingcomputer.com/
4. New OpenSSH vulnerability exposes Linux systems to remote command injection
A new vulnerability has been discovered in OpenSSH that could allow a remote attacker to execute arbitrary commands on a vulnerable OpenSSH-forwarded ssh agent. OpenSSH is a popular connection tool for remote logins using the SSH protocol, which encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. Successful exploitation of this vulnerability requires certain libraries to be present on the victim system and forward the SSH authentication proxy to an attacker-controlled system. Users of OpenSSH are strongly advised to update to the latest version to prevent potential cyber threats.
Reference link: https://thehackernews.com/2023/07/new-openssh-vulnerability-exposes-linux.html
5. MikroTik OS bug exposed over 500,000 devices
Researchers from the security company VulnCheck discovered that there is a serious privilege escalation vulnerability (CVE-2023-30799, CVSS score 9.1) in the MikroTik RouterOS system, which allows attackers to execute arbitrary code on the system and take full control of the affected device. According to the researchers, about half a million RouterOS devices worldwide remain vulnerable through their web management interface, a number that would rise to more than 900,000 if the attack was carried out through the Winbox management client.
Reference link: https://cybernews.com/news/mikrotik-bug-exposes-thousands-devices/