Top Middle East Cyber Threats – 8 November 2022
At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats.
In this blog, we share the top cybersecurity threats our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead:
OpenSSL Fixes High Severity Vulnerabilities
The OpenSSL project has fixed two high-severity security vulnerabilities in its open-source cryptographic library that is used to encrypt communication channels and HTTPS connections. The vulnerabilities are tracked as CVE-2022-3602 and CVE-2022-3786, and these affect the OpenSSL versions 3.0.0 and above. These have been patched in OpenSSL 3.0.7.
CVE-2022-3602 is an arbitrary 4-byte stack buffer overflow that could trigger crashes or enable remote code execution (RCE). An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack which could result in a crash (causing a denial-of-service). Similarly, CVE-2022-3786 can also be exploited via a malicious email address to trigger a denial-of-service state via a buffer overflow.
- Ensure all systems are patched and updated.