All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 15th, 2022. I’ve also included some comments on these stories.

Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems

A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems, reports The Hacker News. The module, named “secretslib” and downloaded 93 times prior to its deletion, was released to the Python Package Index (PyPI) on August 6, 2022 and is described as “secrets matching and verification made easy.”

ANDREW SWOBODA | Senior Security Researcher at Tripwire

“secretslib” was removed from PyPi because it runs cryptominers on Linux systems in-memory. To achieve this “secretslib” pulls an ELF file from a remote server and deletes the file after it is running in memory. The package was assigned to a legitimate software engineer to build trust and have people download the library.


PoC exploit code for critical Realtek RCE flaw released online

The PoC exploit code for a critical stack-based buffer overflow issue, tracked as CVE-2022-27255 (CVSS 9.8), was recently released online. The code was for a critical vulnerability affecting networking devices using Realtek RTL819x system on a chip, notes Security Affairs.

Andrew Swoboda | Senior Security Researcher at Tripwire

Realtek RTL819x system is subject to a code execution vulnerability. This vulnerability is being tracked as CVE-2022-27255 and was discovered by researchers from Faraday Security. The vulnerability is located in the SDK for the opensource eCos operating system. The vulnerability is exploited by overflowing a buffer in the “SIP ALG” module. The module fails to check the size of the (Read more...)