Warning — Unpatched Critical ‘Wormable’ Windows SMBv3 Flaw Disclosed
Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol. It appears Microsoft originally planned to fix the flaw as part of its March 2020 Patch Tuesday update only, but, for some reason, it pulled the plug at the last minute, which apparently did not stop a tech company from accidentally leaking the existence of the unpatched flaw.
The yet-to-be patched flaw (tracked as CVE-2020-0796), if exploited successfully, could allow an attacker to execute arbitrary code on the target SMB Server or SMB Client.
Source: The hacker news / Bleeping computer / Dark reading / Threatpost / Securityweek / Helpnet security / SANS internet storm center / Microsoft ADV200005
Link: https://thehackernews.com/2020/03/smbv3-wormable-vulnerability.html
Link: https://threatpost.com/wormable-unpatched-microsoft-bug/153632/
Link: https://www.securityweek.com/microsoft-working-patches-wormable-smb-vulnerability
Link: https://www.helpnetsecurity.com/2020/03/11/cve-2020-0796/
Link: https://isc.sans.edu/forums/diary/Critical+SMBv3+Vulnerability+Remote+Code+Execution/25890/
Link: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005
Microsoft Issues March 2020 Updates to Patch 115 Security Flaws
Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company’s history. Of the 115 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, Exchange Server, Office, Azure, Windows Defender, and Visual Studio — that received new patches, 26 have been rated as critical, 88 received a severity of important, and one is moderate in severity. However, unlike last month, none of the vulnerabilities the tech giant patched this month are listed as being publicly known or under active attack at the time of release.
Source: The hacker news / Bleeping computer / Krebs on security / Dark reading / Threatpost / Securityweek / TALOS intelligence blog / Infosecurity magazine / Helpnet security / SANS internet storm center
Link: https://thehackernews.com/2020/03/microsoft-patch-tuesday-march-2020.html
Link: https://krebsonsecurity.com/2020/03/microsoft-patch-tuesday-march-2020-edition/
Link: https://threatpost.com/microsoft-patches-bugs-march-update/153597/
Link: https://www.securityweek.com/microsoft-patches-115-vulnerabilities-windows-other-products
Link: https://blog.talosintelligence.com/2020/03/microsoft-patch-tuesday-march-2020.html
Link: https://www.infosecurity-magazine.com/news/patch-tuesday-fixes-over-100-bugs/
Link: https://www.helpnetsecurity.com/2020/03/10/march-2020-patch-tuesday/
Link: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+March+2020/25886
LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk
It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless ‘performance killing’ patches that resolve them.
Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The Hacker News. Tracked as CVE-2020-0551, dubbed “Load Value Injection in the Line Fill Buffers” or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information—encryption keys or passwords—from the protected memory and subsequently, take significant control over a targeted system.
Source: The hacker news / Bleeping computer / Securityweek / Helpnet security
Link: https://thehackernews.com/2020/03/intel-load-value-injection.html
Link: https://www.securityweek.com/load-value-injection-intel-cpus-vulnerable-reverse-meltdown-attack
Link: https://www.helpnetsecurity.com/2020/03/12/load-value-injection/
Hackers Compromise T-Mobile Employee’ Email Accounts and Steal User’ Data
If you are a T-Mobile customer, this news may concern you.
US-based telecom giant T-Mobile has suffered yet another data breach incident that recently exposed personal and accounts information of both its employees and customers to unknown hackers. What happened? In a breach notification posted on its website, T-Mobile today said its cybersecurity team recently discovered a sophisticated cyberattack against the email accounts of some of its employees that resulted in unauthorized access to the sensitive information contained in it, including details for its customers and other employees.
Source: The hacker news / Bleeping computer
Link: https://thehackernews.com/2020/03/hackers-compromise-t-mobile-employees.html
COVID-19 Drives Rush to Remote Work. Is Your Security Team Ready?
A rapid transition to remote work puts pressure on security teams to understand and address a wave of potential security risks. Many companies, concerned for employees’ health amid the rapid spread of coronavirus, have begun encouraging them to work from home. The shift, rightly done to protect people from infection, could also potentially expose organizations to cyberattack if precautions aren’t taken.
Source: Dark reading / Helpnet security
Link: https://www.helpnetsecurity.com/2020/03/12/coronavirus-risk-management/
Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide
Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure. The latest botnet takedown was the result of a coordinated operation involving international police and private tech companies across 35 countries. The operation was conducted successfully after researchers successfully broke the domain generation algorithm (DGA) implemented by the Necurs malware, which helped it remain resilient for a long time.
Source: The hacker news / Bleeping computer / Dark reading / Threatpost / BBC
Link: https://thehackernews.com/2020/03/necurs-botnet-takedown.html
Link: https://threatpost.com/necurs-botnet-in-crosshairs-of-global-takedown-offensive/153607/
Link: https://www.securityweek.com/microsoft-cracks-infrastructure-infamous-necurs-botnet
Link: https://www.bbc.com/news/technology-51828781
Beware of ‘Coronavirus Maps’ – It’s a malware infecting PCs to steal passwords
Cybercriminals will stop at nothing to exploit every chance to prey on internet users.
Even the disastrous spread of SARS-COV-II (the virus), which causes COVID-19 (the disease), is becoming an opportunity for them to likewise spread malware or launch cyber attacks.
Reason Cybersecurity recently released a threat analysis report detailing a new attack that takes advantage of internet users’ increased craving for information about the novel coronavirus that is wreaking havoc worldwide. The malware attack specifically aims to target those who are looking for cartographic presentations of the spread of COVID-19 on the Internet, and trickes them to download and run a malicious application that, on its front-end, shows a map loaded from a legit online source but in the background compromises the computer.
Source: The hacker news / Threatpost / Trendmicro / Helpnet security / SANS internet storm center / Blog reason security
Link: https://thehackernews.com/2020/03/coronavirus-maps-covid-19.html
Link: https://threatpost.com/coronavirus-themed-cyberattacks-persists/153493/
Link: https://www.helpnetsecurity.com/2020/03/11/coronavirus-ransomware-attacks/
Link. https://isc.sans.edu/forums/diary/Hancitor+distributed+through+coronavirusthemed+malspam/25892/
Virgin Media Data Leak Exposes Details of 900,000 Customers
On the same day yesterday, when the US-based telecom giant T-Mobile admitted a data breach, the UK-based telecommunication provider Virgin Media announced that it has also suffered a data leak incident exposing the personal information of roughly 900,000 customers.
Unlike the T-Mobile data breach that involved a sophisticated cyber attack, Virgin Media said the incident was neither a cyber attack nor the company’s database was hacked.
Rather the personal details of around 900,000 Virgin Media UK-based customers were exposed after one of its marketing databases was left unsecured on the Internet and accessible to anyone without requiring any authentication.
Source: The hacker news / Bleeping computer / Securityweek
Link: https://thehackernews.com/2020/03/virgin-media-data-breach.html
Link: https://www.securityweek.com/virgin-media-accused-downplaying-security-incident
“Last” Week in Ransomware – March 6th 2020 – Breaches Everywhere
Ransomware continues to target the enterprise and local government in the hopes of a big windfall of bitcoins. In addition new variants of STOP, Dharma, and other families continue to be released. This week we saw Lasalle County, Illinois and the City of Novi Sad, Serbia getting hit with a new ransomware called PwndLocker. The good news is that Emsisoft was able to figure out a way to decrypt the files without paying a ransom. Ryuk Ransomware has also been a strong presence this week with attacks against Epiq Global, EMCOR, and others.
Source: Bleeping computer
NSA Warns About Microsoft Exchange Flaw as Attacks Start
The U.S. National Security Agency (NSA) warned about a post-auth remote code execution vulnerability in all supported Microsoft Exchange Server servers via a tweet published on the agency’s Twitter account. NSA’s tweet reminded followers to patch the CVE-2020-0688 vulnerability which would enable potential attackers to execute commands on vulnerable Microsoft Exchange servers using email credentials. Microsoft patched this RCE security flaw as part of the February 2020 Patch Tuesday and tagged it with an “Exploitation More Likely” exploitability index assessment hinting at CVE-2020-0688 being an attractive target for attackers.
Source: Bleeping computer / Threatpost / Securityweek
Link: https://threatpost.com/microsoft-exchange-server-flaw-exploited-in-apt-attacks/153527/
Link: https://www.securityweek.com/attacks-targeting-recent-microsoft-exchange-flaw-ramping
Intel Patches High Severity Flaws in Windows Graphics Drivers
Intel released security updates to address 27 vulnerabilities as part of March 2020 Patch Tuesday, with ten of them being high severity security flaws impacting Intel’s Graphics Drivers for Windows and the Smart Sound Technology integrated audio DSP in Intel Core and Intel Atom CPUs. The security issues patched today are detailed in the nine security advisories published by Intel on its Security Center, with the company providing download links for security updates available through the drivers and software download center.
The vulnerabilities disclosed today may allow authenticated or privileged users to potentially access sensitive information, to trigger denial-of-service states, and escalate privileges via local access.
Source: Bleeping computer / Threatpost / Securityweek
Link: https://threatpost.com/high-severity-flaws-intel-graphics-drivers/153568/
Link: https://www.securityweek.com/intel-patches-27-vulnerabilities-across-product-portfolio
Cybersecurity Law Casebook
Robert Chesney teaches cybersecurity at the University of Texas School of Law. He recently published a fantastic casebook, which is a good source for anyone studying this.
Source: Bruce Schneier on security / SSRN (Robert Chesney)
Link: https://www.schneier.com/blog/archives/2020/03/cybersecurity_l.html
Link: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3547103
Critical Vulnerabilities in SAP Solution Manager Expose Companies to Attacks
SAP on Tuesday released 16 security notes and two updates to previously released patches as part of its March 2020 Security Patch Day, with three of the new notes rated hot news.
The most important of the notes address critical (hot news) missing authorization checks in Solution Manager. The first of them, CVE-2020-6207, features a CVSS score of 10 and impacts User-Experience Monitoring, while the second, CVE-2020-6198, features a CVSS score of 9.8 and impacts Diagnostics Agent.
Source: Securityweek
Link: https://www.securityweek.com/critical-vulnerabilities-sap-solution-manager-expose-companies-attacks
Secjuice Squeeze Volume 16
Welcome to the 16th edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly prepared for you every week. This week’s volume compiled by Secjuice writers Bhumish Gajjar and Mike Peterson.
Source: Secjuice