This Week in Security: Wyze, ScreenConnect, and Untrustworthy Job Postings

For a smart home company with an emphasis on cloud-connected cameras, what could possibly be worse than accidentally showing active cameras to the wrong users? Doing it again , to far more users, less than 6 months after the previous incident.
The setup for this breach was an AWS problem, that caused a Wyze system outage last Friday morning. As the system was restored, the load spiked and a caching library took the brunt of the unintentional DDoS. This library apparently has a fail state of serving images and videos to the wrong users. An official report from Wyze mentions that this library had been recently added, and that the number of thumbnails shown to unauthorized users was around 13,000. Eek. There’s a reason we recommend picking one of the Open Source NVR systems here at Hackaday.
ScreenConnect Exploit in the Wild
A pair of vulnerabilities in ConnectWise ScreenConnect were announced this week , Proof of Concepts were released , and are already being used in active exploitation . The vulnerabilities are a CVSS 10.0 authentication bypass and a CVSS 8.4 path traversal bypass.
Huntress has a guide out, detailing how embarrassingly easy the vulnerabilities are to exploit. The authentication bypass is a result of a .Net quirk, that adding an additional directory on the end of a .aspx URL doesn’t actually change the destination, but is captured as PathInfo. This allows a bypass of the protections against re-running the initial setup wizard: hostname/SetupWizard.aspx/literallyanything
The second vulnerability triggers during extension unpack, as the unzipping process doesn’t prevent path traversal. The most interesting part is that the unzip happens before the extension installation finishes. So an attacker can compromise the box, cancel the install, and leave very little trace of exploitation.

Chinese Spyware
A rather interesting story broke this week, where someone leaked documents to GitHub, detailing the capabilities of a Chinese spyware vendor. Unfortunately the repository has been closed, but efforts on X to analyze and archive the information is enough to take a look at .

#threatintel someone just leaked a bunch of internal Chinese government documents on GitHub
— 安坂星海 Azaka 
<div class=

Top News