Cybersecurity Roundup for 10.17.2022: Text4Shell Apache Commons Text vulnerability, Microsoft vulnerabilities and layoffs, and more from Operation Cuckoobees

Ramifications of the Apache Commons Text4shell vulnerability, Upheaval at Microsoft, and Operation Cuckoobees targeted attacks of Hong Kong organizations.

This week witnessed an Apache Commons text vulnerability, Text4Shell.  Researchers consider it a serious vulnerability, but one that will not be as disruptive as Log4j.  Also, Microsoft has a lot of tumult just before their upcoming Fiscal 2023 Q1 earnings, with both layoffs and a statement about customer data exposure.  Finally, Winnti cyber-espionage group, Operation Cuckoobees, is linked to a recent attempt to gather intelligence on Hong Kong’s government organizations.


Text4Shell vulnerability makes waves, reminiscent of Log4j

*reported by Apache Software Foundation

Apache recommends upgrading to Apache Commons Text 1.10.0 to fix the vulnerability, which was disclosed last week.  As DarkReading reports, researchers who analyzed the bug “described it this week as serious but unlikely to be as disruptive as last year’s Log4j bug.” This bug, now dubbed Text4Shell, has serious implications for those who do not fix it, but it is unlikely to be as impactful as Log4j due to the specific circumstances required to exploit the vulnerability.

The senior director of security research at JFrog, Shachar Menashe, says that the common Java library, Apache Commons Text(ACT) “provides an API to perform variable interpolation — or substitution — allowing properties to be dynamically evaluated and expanded. […] Some functions of this library were found to lead to remote code execution if attacker-controlled data is passed to these functions.”

Outdated security measures are insufficient to prevent attacks on such vulnerabilities

Because it is a library vulnerability, Erick Galinkin, principal researcher at Rapid7 says it is hard to predict the impact.  Says Galinkin, “Overall, our assessment is that the vulnerability is potentially serious,” he says. “It is certainly important to patch affected applications as those patches become available, but not worth panicking over.”  

As more vulnerabilities are uncovered, this highlights the need for adequate security practices, specifically as more vulnerabilities such as Text4shell cannot be blocked by WAF signatures and other out-dated security measures.  

Microsoft data exposure and recent layoffs

Microsoft customer data exposure addressed by the company

*as reported by Microsoft Security Response Center

This week witnessed a lot of activity at Microsoft.  First, Microsoft released a statement on their blog related to findings by security researchers at SOCRadar regarding a misconfigured Microsoft endpoint, creating potentially unauthenticated access to business transaction data between Microsoft and prospective customers.  According to Microsoft, “the endpoint was quickly secured and is now only accessible with required authentication. Our investigation found no indication customer accounts or systems were compromised.”

The potentially compromised data included personally identifiable information such as names, email addresses and content, company names and numbers, and attached files.  Microsoft reiterated that it was due to an unintentional misconfiguration and was not the result of an overarching security vulnerability.  The company also criticizes SOCRadar’s approach of releasing a publicly available search tool that does not adequately ensure customer privacy and security, possibly creating unnecessary risk exposure, and followed with basic security measures they recommend for any company wishing to release similar tools in the future.


Tech layoff trend hits Microsoft

*source crn.com

With more than 200,000 employees globally, it’s not surprising that Microsoft has recently joined in the trend of layoffs affecting tech companies.  Days before its first quarterly earnings report for its 2023 fiscal year, fewer than 1,000 employees globally, across departments, have been laid off.

As reported by crn.com, jobs were cut in “its Xbox gaming division, the ‘mission expansion’ cloud government division, the ‘strategic missions and technology’ team and Studio Alpha, a war-gaming simulation division,” along with the “Edge team, the experiences and devices division, and the legal department.”

Microsoft gave a statement related to the layoffs, a spokesperson saying, “Like all companies, we evaluate our business priorities on a regular basis, and make structural adjustments accordingly. We will continue to invest in our business and hire in key growth areas in the year ahead.”

Spyder Loader: Malware reported by Symantec likely more from Operation Cuckoobees

*as reported by Symantec’s Threat Hunter Team

Operation Cuckoobees has been pointed to as the most likely aggressors behind a recent Malware campaign targeting Hong Kong organizations.  Recently the Spyder Loader malware was used as part of an intelligence gathering campaign against these Hong Kong organizations.

According to Symantec, “While we do not see the final payload delivered in this campaign, the use of the Spyder Loader malware and crossover with the activity previously identified by SonicWall and Cybereason, combined with the victims seen in this recent activity, make it most likely that the motivation behind this activity is intelligence gathering.”

The company goes on to point to the years-long endeavor of this campaign, with variations of the Spyder Loader deployed against specific entities, reinforces the idea that those behind the attacks “are persistent and focused adversaries, with the ability to carry out stealthy operations on victim networks over a long period of time.”  

Most importantly, “Companies that hold valuable intellectual property should ensure that they have taken all reasonable steps to keep their networks protected from this kind of activity,” says the report.  

As we have previously reported, cyber threats are a serious issue and should be prioritized by companies, however more often than not, security is an afterthought, addressed only when negative and potentially costly consequences such as data breaches, malicious attacks, or vulnerabilities are discovered.  Now, more than ever, companies handling sensitive data need to make security central to their organization and a board level priority.


Bonus: Broadcom’s VMWare acquisition pushing for expedited EU Approval

*source: crn.com

Broadcom is hoping to speed the antitrust approval from the EU regarding its $61 billion VMWare acquisition, citing increased competition in the cloud market against such players as Amazon, Google, and Microsoft.  This deal is the second largest to happen so far this year.

VMWare partners are uncertain about the acquisition, unsure of the ramifications it will have on the market.


About Traceable

Traceable is the industry’s leading API security platform that identifies APIs, evaluates API risk posture, stops API attacks, and provides deep analytics for threat hunting and forensic research. With visual depictions of API paths at the core of its technology, its platform applies the power of distributed tracing and machine learning models for API security across the entire software development lifecycle. Book a demo today.