Dropbox Sign Breach Exposes Customer Data
Cloud storage giant Dropbox has recently disclosed a data breach affecting its eSignature service, Dropbox Sign (formerly HelloSign). The incident highlights the ongoing risks businesses…
Exploit Released Targeting Flaw in Thousands of Realtek Networking Devices
Affected Systems: Networking devices containing Realtek’s RTL819x system on a chip.
Description:
Researchers from Faraday Security, a cyber security company based in Argentina, have released exploit code for a vulnerability tracked as CVE-2022-27255 that would allow a remote attacker to compromise vulnerable Realtek network devices and execute code without authentication. Notably, no user interaction is needed for this vulnerability to be successfully exploited. Researchers detailed how an attacker would only need the external IP address of a vulnerable device to exploit it.
Although Realtek released a patch for this vulnerability in March 2022, many devices (routers, access points & signal repeaters) are still vulnerable as manufacturers (of which there are at least 20) using the chip are responsible for distributing the update to end-user devices. Many vendors known to have used vulnerable chips in their products have yet to release an update to fix this vulnerability.
Should a device be compromised, attackers are able to not only execute arbitrary code but can also crash the device, establish backdoors, and reroute and intercept network traffic. Researchers have warned that if the exploit turns into a worm, it could quickly spread across the internet.
The researcher’s slides from their talk at DEF CON on this subject can be found here.
Preventions:
If you are using any devices that contain Realtek eCOS SDK manufactured before March 2022, please check for any updates released after March from the device manufacturer, and update all devices as soon as possible. If no updates are available for a vulnerable device, consider blocking unsolicited User Datagram Protocol (UDP) requests to your organisation’s network, as the exploit published uses a single UDP packet to gain access to the device.
Related Links:
https://www.bleepingcomputer.com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices/ – Published August 16th
https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940 – Published August 14th
https://github.com/infobyte/cve-2022-27255/blob/main/DEFCON/slides.pdf – Published August 13th
Related articles
Social Media Fraud: The Evolving Threat and How to Defend Yourself
Social media platforms offer connection and entertainment, but they’ve also become a hunting ground for sophisticated scammers. These criminals are increasingly turning to a combination…
DarkGate Malware: Threat Exploiting AutoHotkey
The DarkGate malware family, a persistent threat since 2018, has recently resurfaced in a sophisticated global campaign. This Remote Access Trojan (RAT), built using the…