The Iranian threat actor known as Agrius is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli organizations.
Agrius, also known as Pink Sandstorm (formerly Americium), has a track record of staging destructive data-wiping attacks aimed at Israel under the guise of ransomware infections.
Microsoft has attributed the threat actor to Iran’s Ministry of Read More
Related Posts
MobSF Pen-Testing Tool Input Validation Flaw Leads to SSRF
MobSF Pen-Testing Tool Input Validation Flaw Leads to SSRF
[[{“value”:”
The Mobile Security Framework (MobSF), a widely used pen-testing, malware analysis, and security assessment framework, has been found to contain a critical input validation flaw that could lead to server-side request forgery (SSRF) attacks.
The vulnerability, tracked as CVE-2024-29190, affects MobSF version 3.9.5 Beta and prior.
Understanding the Vulnerability: CVE-2024-29190
While investigating the “App Link assetlinks.json file could not be found” vulnerability, the Trendyol Application Security team discovered that MobSF sends a GET request to the “/.well-known/assetlinks.json” endpoint for all hosts specified with “android: host” in the AndroidManifest.xml file.
Document
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, which helps you to quantify risk accurately:
However, due to a lack of input validation when extracting hostnames from the android: host attribute, MobSF could inadvertently send requests to local hostnames, potentially leading to SSRF.
GitHub has recently published a blog post regarding a Server-Side Request Forgery (SSRF) vulnerability that affects the assetlinks_check functionality.
Technical Breakdown
Example of Vulnerable Configuration
XML
<intent-filter android:autoVerify=”true”>
<action android:name=”android.intent.action.VIEW” />
<category android:name=”android.intent.category.DEFAULT” />
<category android:name=”android.intent.category.BROWSABLE” />
<data android:host=”192.168.1.102/user/delete/1#” android:scheme=”http” />
</intent-filter>
The android: host is defined as “192.168.1.102/user/delete/1#” in the example above.
Including the “#” character at the host’s end is critical as it prevents requests from being sent to the “/.well-known/assetlinks.json” endpoint, ensuring that requests are sent to the specified endpoint before it.
Proof of Concept (PoC)
A proof of concept video demonstrating the SSRF vulnerability has been made available by the Trendyol Application Security team.
The SSRF vulnerability poses a significant risk as it allows an attacker to cause the server to make unauthorized connections to internal-only services within an organization’s infrastructure.
This could lead to the exposure of sensitive internal systems and data.
Mitigation and Hotfix
A hotfix for this issue has been implemented in commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77.
Users of MobSF are urged to update to the latest version to mitigate the risk associated with CVE-2024-29190.
The discovery of CVE-2024-29190 highlights the importance of thorough input validation in software development, especially in security-critical applications like MobSF.
Organizations relying on MobSF for their security assessments should take immediate action to apply the hotfix and protect their infrastructure from potential SSRF attacks.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post MobSF Pen-Testing Tool Input Validation Flaw Leads to SSRF appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Armis acquires Compliance.ai. Dapple Security raises $2.3 million.
Armis acquires Compliance.ai. Dapple Security raises $2.3 million.
Armis acquires Compliance.ai. Dapple Security raises $2.3 million. Read More
The CyberWire
Acronym Overdose – Navigating the Complex Data Security Landscape
Acronym Overdose – Navigating the Complex Data Security Landscape
In the modern enterprise, data security is often discussed using a complex lexicon of acronyms—DLP, DDR, DSPM, and many others. While these acronyms represent critical frameworks, architectures, and tools for protecting sensitive information, they can also overwhelm those trying to piece together an effective security strategy. This article aims to demystify some of the most important acronyms Read More