Let’s Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug
The most popular free certificate signing authority Let’s Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let’s Encrypt confirmed on February 29 and was fixed two hours after discovery, impacted the way it checked the domain name ownership before issuing new TLS certificates. As a result, the bug opened up a scenario where a certificate could be issued even without adequately validating the holder’s control of a domain name.
Source: The hacker news / Bleeping computer / Dark reading / Bruce Schneier on security / Securityweek / Helpnet security / SANS internet storm center / Community letsencrypt
Hackers Can Use Ultrasonic Waves to Secretly Control Voice Assistant Devices
Researchers have discovered a new means to target voice-controlled devices by propagating ultrasonic waves through solid materials in order to interact with and compromise them using inaudible voice commands without the victims’ knowledge. Called “SurfingAttack,” the attack leverages the unique properties of acoustic transmission in solid materials — such as tables — to “enable multiple rounds of interactions between the voice-controlled device and the attacker over a longer distance and without the need to be in line-of-sight.”
In doing so, it’s possible for an attacker to interact with the devices using the voice assistants, hijack SMS two-factor authentication codes, and even place fraudulent calls, the researchers outlined in the paper, thus controlling the victim device inconspicuously.
Source: The hacker news / WUSTL
GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat
If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Yes, that’s possible because all versions (9.x/8.x/7.x/6.x) of the Apache Tomcat released in the past 13 years have been found vulnerable to a new high-severity (CVSS 9.8) ‘file read and inclusion bug’—which can be exploited in the default configuration.
But it’s more concerning because several proof-of-concept exploits (1, 2, 3, 4 and more) for this vulnerability have also been surfaced on the Internet, making it easy for anyone to hack into publicly accessible vulnerable web servers.
Source: The hacker news / Bleeping computer / Securityweek /Apache.org
Chinese Security Firm Says CIA Hackers Attacked China Since 2008
Chinese security vendor Qihoo 360 says that the US Central Intelligence Agency (CIA) has hacked Chinese organizations for the last 11 years, targeting various industry sectors and government agencies. Qihoo 360 claims in the report that lacks any technical details that “the CIA hacking group (APT-C-39)” has targeted a multitude of Chinese companies between September 2008 and June 2019, with a focus on “aviation organizations, scientific research institutions, petroleum industry, Internet companies, and government agencies.” “We speculate that in the past eleven years of infiltration attacks, CIA may have already grasped the most classified business information of China, even of many other countries in the world,” Qihoo 360’s report says.
Source: Bleeping computer / The hacker news / Securityweek / BBC / Infosecurity magazine
German BSI Tells Local Govt Authorities Not to Pay Ransoms
BSI, Germany’s federal cybersecurity agency, recommends local governments and municipal institutions not to pay the ransoms asked by attackers after they get affected by ransomware attacks. Germany’s Federal Office for Information Security (aka BSI, short for Bundesamt für Sicherheit in der Informationstechnik) in collaboration with the Federal Criminal Police Office (BKA) also issued recommendations for local authorities on how to deal with ransom demands following an increasing number of such attacks.
Source: Bleeping computer
Microsoft, Google Offer Free Remote Work Tools Due to Coronavirus
With employees either being quarantined after international travel or encouraged to work remotely due to the Coronavirus (COVID–19), Microsoft, Google, LogMeIn, and Cisco are offering free licenses to their meeting, collaboration, and remote work tools. Using these products, remote workers will be able to perform virtual meetings and chat with other employees while working remotely from their homes.
Source: Bleeping computer
Critical Netgear Bug Impacts Flagship Nighthawk Router
Netgear is warning users of a critical remote code execution bug that could allow an unauthenticated attacker to take control of its Wireless AC Router Nighthawk (R7800) hardware running firmware versions prior to 126.96.36.199. The warnings, posted Tuesday, also include two high-severity bugs impacting Nighthawk routers, 21 medium-severity flaws and one rated low.
The “last” Week in Ransomware – February 28th 2020 – Data Leaks Everywhere
Over the past two weeks, we continue to see small towns, fire departments, hospitals, and companies being attacked by ransomware. As more ransomware operators adopt the technique of stealing data and publishing it on data leak sites, organizations face increased pressure to declare data breaches after a ransom attack.
Source: Bleeping computer
Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection
Legal services and e-discovery giant Epiq Global took their systems offline on Saturday after the Ryuk Ransomware was deployed and began encrypting devices on their network.
On March 2nd, legal reporter Bob Ambrogi broke the news that Epiq had globally taken their systems offline after detecting a cyberattack.
This outage affected their e-Discovery platforms, which made it impossible for legal clients to access documents needed for court cases and client deadlines.
Source: Bleeping computer / Securityweek
Zero-Day Bug Allowed Attackers to Register Malicious Domains
A zero-day vulnerability impacting Verisign and several SaaS services including Google, Amazon, and DigitalOcean allowed potential attackers to register .com and .net homograph domain names (among others) that could be used in insider, phishing, and social-engineering attacks against organizations. Before this was disclosed by Soluble security researcher Matt Hamilton in collaboration with security testing firm Bishop Fox to Verisign and SaaS services, anyone could register homograph domain names on gTLDs (.com, .net, and more) and subdomains within some SaaS companies using homoglyph characters. “Some of these vendors were responsive and engaged in productive dialog, though others have not responded or did not want to fix the issue,” Hamilton says.
Source: Bleeping computer / Securityweek / Soluble blog / Helpnet security
French Firms Rocked by Kasbah Hacker?
A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. An individual thought to be involved has earned accolades from the likes of Apple, Dell, and Microsoft for helping to find and fix security vulnerabilities in their products.
Source: Krebs on security
The Case for Limiting Your Browser Extensions
Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who’d edited the Web site in the past month. The incident is a reminder that browser extensions — however useful or fun they may seem when you install them — typically have a great deal of power and can effectively read and/or write all data in your browsing sessions. And as we’ll see, it’s not uncommon for extension makers to sell or lease their user base to shady advertising firms, or in some cases abandon them to outright cybercriminals.
Source: Krebs on security
Microsoft OneNote Used To Sidestep Phishing Detection
A phishing campaign was recently discovered leveraging OneNote, Microsoft’s digital notebook that automatically saves and syncs notes, to bypass detection tools and download malware onto victims’ systems. The attacker was utilizing OneNote as a way to easily experiment with various lures that either delivered the credential-stealing Agent Tesla keylogger or linked to a phishing page – or both. The attack first started with an email to victims that contained a link to the OneNote document.
RSA Conference: Bruce Schneier Proposes ‘Hacking Society’ for a Better Tomorrow
Speaking at the RSA Conference 2020 on Thursday, security technologist Bruce Schneier called for a better cooperation between security experts and government policymakers. The premise being, cybersecurity often requires nonlinear problem-solving, a quality conventional bureaucrats often lack. From education systems to election structures, society is built on conventional “models” that made sense when they were first formed hundreds of years ago, said Schneier, a lecturer at the Harvard Kennedy School. But these “good faith” models can’t keep up with constantly evolving threats and unanticipated societal changes.
Video: What defenders can learn from past ransomware attacks
The Cisco Talos Incident Response “Stories from the Field” video series returns with another entry from Matt Aubert. This time, Matt discusses ransomware infections he’s seen in real-time, and shares what defenders can learn from others’ mistakes and recovery.
Source: TALOS intelligence blog
Cathay Pacific fined £500,000 over customer data protection failure
The Information Commissioner’s Office (ICO) has fined Cathay Pacific Airways £500,000 for failing to protect customers’ personal data. The UK watchdog said the airline’s computer systems had exposed details of 111,578 UK residents and a further 9.4 million people from other countries.
Source: BBC / Dark reading
Make Your Own Custom OSINT Bookmarklets (p2)
Secjuice Squeeze Volume 15
Welcome to the 15th edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly prepared for you on a weekly basis.
Secure vs. cleartext protocols – couple of interesting stats
For a very long time, there has been a strong effort aimed toward moving all potentially sensitive network-based communications from unencrypted protocols to the secure and encrypted ones. And with the recently released APWG report noting that 74% of phishing sites used HTTPS in the last quarter of 2019 and Apple’s supposed plan to start supporting only TLS certificates with no more than one year period of validity, I thought that this might be a good time to take a look the current protocol landscape on the internet. Specifically, at how the support for protocols, which offer cryptographic protection to data in transit, has changed in relation to support of cleartext protocols in the last months.
Source: SANS internet storm center
Top 10 Most Innovative Cybersecurity Companies After RSA 2020
The RSA Conference, the world’s leading information security conference and exposition, held its 29th annual event in San Francisco last week. We decided to gather some feedback from the attendees, journalists, and security experts involved in RSA 2020 to understand the most recent cybersecurity trends after this milestone event. Below is our selection of 10 most innovative cybersecurity companies that in our opinion, deserve your attention by their distinctive technical or scientific approach, value-proposition or long-term vision.
Source: The hacker news