OpenSSL3 Critical vulnerability: How to fix CVE-2022-3602 and CVE-2022-3786 | Read here  >>

The CyberRisk Summit is back: Join us on Dec 6. as we recap the cyber risk landscape in 2022 | Get free ticket >> 

Product update: Group and deduplicate vulnerabilities with “Vulnerability Clusters” for efficient cyber risk management | Read here  >>

OpenSSL3 Critical vulnerability: How to fix CVE-2022-3602 and CVE-2022-3786 | Read here  >>

The CyberRisk Summit is back: Join us on Dec 6. as we recap the cyber risk landscape in 2022 | Get free ticket >> 

Product update: Group and deduplicate vulnerabilities with “Vulnerability Clusters” for efficient cyber risk management | Read here  >>

Perspectives

CVE-2022-36067 and more: first officer's blog - week 22

CVE-2022-36067, privacy issues in Chrome incognito, and more. Here are the latest stories from the world of cyber risk.

Mike Parkin | October 24, 2022

First Officer’s log, Terrestrial date, 20221024. Officer of the Deck reporting.  

Working with the security operations team on Starbase 42 has been an interesting experience. And by interesting, I mean it has presented some unique challenges that can only come from an organization that grew organically and didn’t always follow the best practices. 

While it is not our place to comment on the relationship between various departments sharing responsibility for operating Starbase, at least if we want to have a career after this, it became quite obvious that they didn’t always communicate well, or even get along. While the Command division was keeping the station running and meeting their requirements, they had given their different teams quite a bit of freedom to execute as they saw fit. 

That meant Engineering had their fiefdom, Security had theirs, Operations did what they thought was best, Medical and the others did their thing, and the whole thing could sometimes devolve into department heads trying to push responsibility onto a different department when things got difficult. 

The situation here wasn’t as complex as it had been for Lieutenant [REDACTED] on [REDACTED], as we weren’t dealing directly with the vendors. Everyone here was technically in the same organization. But we were dealing with layers of internal politics while trying to get everyone on the same page and working together. And it didn’t help that in several cases the different teams had designed and implemented their own solutions, rather than adopting one of the available standards. 

It was kind of typical for a Starbase environment, unfortunately.  

Fortunately, with our crew’s tools and experience we were able to integrate with the different standard and custom telemetry systems. Once we got things deployed, they could analyze everything together and get focused where they needed to be focused. There might have been some grumbling from the teams that needed to clean up, but at least everyone was on the same page and reading from the same playbook. 

This side mission complete, we’ve been able to depart Starbase 42 and get back on course to recover our team from [REDACTED]. 

All in the family? 

What happened 

Investigators and researchers have found evidence of ties between the veteran REvil cybercriminal group and the relatively recent group identified as Ransom Cartel. While they have not stated that one group is evolved from, or descended from the other, they have noted similarities and evidence of contact between the groups. 

Why it matters 

Advanced Persistent Threat groups are constantly evolving, both in their techniques and tools and in the makeup of their organization. Analyzing the changes over time can help give law enforcement an idea of who the players are, and perhaps help curtail their activities. For security professionals, having some insight into the groups' makeup and interrelationships can help predict who’s likely to be targeted, and what techniques may come into play. 

What they said 

Whatever the relationship between REvil and Ransom Cartel, this story is turning heads

Wait? You can see me? 

What happened 

A recent report has revealed that Chrome’s “Incognito” mode is not especially private, with internal Google employees complaining that it does not live up to privacy expectations. While the mode does not store persistent cookies, it does little to conceal a user's identity. 

Why it matters 

Many users outside the security community, and even some inside, rely on Chrome’s Incognito mode for private browsing, thinking that it gives them considerably more privacy protection than it does. While the mode doesn't store persistent cookies, it does little else in the way of privacy protection. 

For really private browsing, a user would need to switch to a more privacy-conscious browser, such as Firefox and its Private mode. But for real privacy, it takes more than just a browser. A user would need to go to a VPN that doesn’t log, or Onion routing as used by the Tor network, and a truly private browser such as the Firefox-based Tor Browser. 

It can be considerably slower to browse through Tor, but the combination is considerably more private for those who need it. 

What they said  

The uncomfortable revelation that private browsing isn't really very private at all has got plenty of people talking

CVE-2022-36067 in vm2 Sandbox

What happened 

A vulnerability in the vm2 sandbox  - CVE-2022-36067 - has been revealed that could let an attacker break out of the sandbox environment and run shell commands on the host system. The vulnerability has received a CVSS score of 10, and vm2 users are advised to apply the available patches immediately. 

Why it matters  

Sandboxes exist for a reason. Multiple reasons, really. Any vulnerability that could let an attacker break out of the isolation the sandbox provides and access the host is an issue. The vm2 sandbox is widely used, which means CVE-2022-36067 could have a fairly broad reach if threat actors found a way to exploit it. 

Fortunately, the patch is already out and there’s no evidence CVE-2022-36067 was exploited in the wild. 

What they said

CVE-2022-36067

CVE-2022-36067 is rightfully getting some attention.

___________________________________________________________________________________________________________________________

Want to get ahead of the stories? Join the conversations as they happen with the Vulcan Cyber community Slack channel