At a glance.
- BrakTooth Bluetooth vulnerabilities
- Ransomware playbook leaked.
- WhatsApp vulnerability patched.
BrakTooth Bluetooth vulnerabilities
Researchers from the Singapore University of Technology and Design have discovered sixteen vulnerabilities affecting the Bluetooth software stack used by many popular System-on-Chip (SoC) boards. The flaws affect devices produced by Intel, Qualcomm, Infineon, Silicon Labs, Texas Instruments, and more, although the severity of the vulnerabilities varies between products. The researchers state, "The BrakTooth family of vulnerabilities affect Bluetooth enabled devices by continuously crashing or deadlocking them, while some result in more serious consequences such as arbitrary code execution." The most serious of the flaws is CVE-2021-28139, which could allow "attackers in radio range to trigger arbitrary code execution (ACE) in ESP32 via a crafted Extended Features bitfield payload."
The researchers have reported all of the vulnerabilities to the impacted vendors; some of the flaws have already been fixed, and the rest are in the process of being patched.
Ransomware playbook leaked.
Researchers at Cisco Talos have translated a leaked playbook created by the Conti ransomware gang as a guide for its affiliates. The documents were leaked by a disgruntled affiliate of the gang who claimed he hadn't been paid by the ransomware's proprietors. The playbook teaches readers how to use Cobalt Strike and other red-teaming tools, including Armitage and SharpView. It also contains instructions on how to identify users within a network that have access to Active Directory:
"The adversaries list several ways to hunt for administrator access once on the victim network. They use commands such as Net to list users and tools like AdFind to enumerate users with access to Active Directory, and even OSINT, including the use of social media sites like LinkedIn to identify roles and users with privileged access. They note that this hunting process is particularly easy in U.S. and EU networks because of how they are structured and how roles and responsibilities are commonly detailed in comments."
The researchers stress that the playbook is extremely thorough and can enable less-skilled criminals to carry out sophisticated attacks:
"One of the biggest takeaways during the translation was the overall thoroughness and detail of these playbooks. The level of detail provided could allow even amateur adversaries to carry out destructive ransomware attacks, a much lower barrier to entry than other forms of attacks. This lower barrier to entry also may have led to the leak by a disgruntled member who was viewed as less technical (aka "a script kiddie") and less important."
WhatsApp vulnerability patched.
Check Point describes a now-patched vulnerability in WhatsApp that could have allowed an attacker to read sensitive information from the app's memory. The researchers state, "The vulnerability related to the WhatsApp image filter functionality and was triggered when a user opened an attachment that contained a maliciously crafted image file, then tried to apply a filter, and then sent the image with the filter applied back to the attacker." The vulnerability stemmed from an out-of-bounds read-write flaw:
"The problem is that both destination and source images are assumed to have the same dimensions and also the same format RGBA (meaning each pixel is stored as 4 bytes, hence the multiplication by 4). However, there are no checks performed on the format of the source and destination images. Therefore, when a maliciously crafted source image has only 1 byte per pixel, the function tries to read and copy 4 times the amount of the allocated source image buffer, which leads to an out-of-bounds memory access."
Check Point notes that the attack "would have required complex steps and extensive user interaction in order to exploit," and WhatsApp stated that they've seen no evidence that the flaw was ever exploited.