5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras
Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power. Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a denial-of-service issue affecting Cisco IP phones. Collectively dubbed ‘CDPwn,’ the reported vulnerabilities reside in the various implementations of the Cisco Discovery Protocol (CDP) that comes enabled by default on virtually all Cisco devices and can not be turned OFF.
Source: The hacker news / Bleeping computer / Threatpost / Security week / Armis blog
Bitbucket Abused to Infect 500,000+ Hosts with Malware Cocktail
Attackers are abusing the Bitbucket code hosting service to store seven types of malware threats used in an ongoing campaign that has already claimed more than 500,000 business computers across the world. Systems falling victim to this attack would get infected with multiple payloads that steal data, mine for cryptocurrency, and culminate with delivering STOP ransomware.
Source: Bleeping computer
Emotet Gets Ready for Tax Season With Malicious W-9 Forms
The Emotet Trojan is getting ready for the tax season with a fresh spam campaign pretending to be signed W-9 tax forms. Whether it is holiday party invites, invites to climate change protests, or even information about the Coronavirus, the operators of the Emotet Trojan are known to stay on top of current and upcoming events and tailor their spam emails accordingly. This is the case with a new campaign discovered by email security company Cofense, where the Emotet operators are sending spam pretending to be a requested signed W-9 tax form.
Source: Bleeping computer
Coronavirus Phishing Attacks Are Actively Targeting the US
Ongoing phishing campaigns use the recent coronavirus outbreak as bait in attacks targeting individuals from the United States and the United Kingdom, impersonating the US CDC and virologists, warning of new infection cases in their area, and providing ‘safety measures.’
Source: Bleeping computer / Dark reading / Infosecurity magazine / Knowbe4 / Brian Krebs
This WhatsApp Bug Could Have Let Attackers Access Files On Your PCs
A cybersecurity researcher today disclosed technical details of multiple high severity vulnerabilities he discovered in WhatsApp, which, if exploited, could have allowed remote attackers to compromise the security of billions of users in different ways.
When combined together, the reported issues could have even enabled hackers to remotely steal files from the Windows or Mac computer of a victim using the WhatsApp desktop app by merely sending a specially crafted message. Discovered by PerimeterX researcher Gal Weizman and tracked as CVE-2019-18426, the flaws specifically resided in WhatsApp Web, a browser version of the world’s most popular messaging application that also powers its Electron-based cross-platform apps for desktop operating systems.
Source: The hacker news / Bleeping computer / Threatpost / Security week
Google Accidentally Shared Private Videos of Some Users With Others
Google might have mistakenly shared your private videos saved on the company’s servers with other users, the tech giant admitted yesterday in a security notification sent quietly to an undisclosed number of affected users. The latest privacy mishap is the result of a “technical issue” in Google’s Takeout, a service that backs up all your Google account data into a single file and then lets you download it straight away. According to a screenshot Jon Oberheide of Duo Security shared on Twitter, the issue reportedly remained active between 21st November and 25th November last year, during which “some videos in Google Photos [service] were incorrectly exported to unrelated user’s archives.”
Source: The hacker news / Bleeping computer
Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative (‘root’) privileges on Linux or macOS systems. Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on macOS and almost every UNIX or Linux-based operating system. The newly discovered privilege escalation vulnerability, tracked as CVE-2019-18634, in question stems from a stack-based buffer overflow issue that resides in Sudo versions before 1.8.26.
Source: The hacker news / Security week / Sudo
Bug in Philips Smart Light Allows Hopping to Devices on the Network
Security researchers taking a closer look at the Philips Hue smart bulbs and the bridge device that connects them discovered a vulnerability that helped them compromise more meaningful systems on the local network. The security flaw was discovered is in the ZigBee wireless communication protocol that is used by a wide range of smart home devices.
Source: Bleeping computer / The hacker news / Security week
When Your Used Car is a Little Too ‘Mobile’
Many modern vehicles let owners use the Internet or a mobile device to control the car’s locks, track location and performance data, and start the engine. But who exactly owns that control is not always clear when these smart cars are sold or leased anew. Here’s the story of one former electric vehicle owner who discovered he could still gain remote, online access to his old automobile years after his lease ended.
Source: Krebs on security
SharePoint Bug Proves Popular Weapon for Nation-State Attacks
Thousands of servers could be exposed to SharePoint vulnerability CVE-2019-0604, recently used in cyberattacks against Middle East government targets. Researchers have detected multiple instances of cyberattackers using SharePoint vulnerability CVE-2019-0604 to target government organizations in the Middle East. These mark the latest cases of adversaries exploiting the flaw, which was recently used to breach the United Nations. CVE-2019-0604 exists when SharePoint fails to check the source markup of an application package. Attackers could exploit this by uploading a specially crafted SharePoint application package to an affected version of the software. If successful, they could run arbitrary code in the context of both the SharePoint application pool and the SharePoint server farm account.
Source: Dark reading
Two Critical Android Bugs Get Patched in February Update
Google has released a security update for a critical flaw in its Android operating system that allows hackers to execute remote code on affected handsets, potentially allowing an adversary to gain remote access to the device. Part of Google’s February Android Security Bulletin, released Monday, also warns of a second critical flaw that could allow a remote hacker to gain access to an Android handset and obtain sensitive data. Tracked as CVE-2020-0022, the remote code execution (RCE) bug impacts Android versions Pie (9.0) and Oreo (8.0, 8.1). The same CVE also impacts Google’s most recent Android version, called 10. However, with Android 10, the severity rating is moderate and the impact is not a RCE bug, but rather a denial of service threat.
Source: Threatpost / Security week / Android Security Bulletin
New Research on the Adtech Industry
The Norwegian Consumer Council has published an extensive report about how the adtech industry violates consumer privacy. At the same time, it is filing three legal complaints against six companies in this space.
Source: Bruce Schneier on security
Twitter Suspends Fake Accounts for Exploiting API Vulnerability
Twitter on Monday announced that it has suspended a large number of fake accounts that had exploited an API vulnerability to match usernames to phone numbers. The social platform initially discovered the issue on December 24, when it suspended a large network of such fake accounts, but revealed the details on the incident only this week, after an investigation that led to the identification of additional accounts engaged in the same illicit activity.
Source: Security week / The hacker news / Bleeping computer / Threatpost / Dark reading / Infosecurity magazine
Quarterly Report: Incident Response trends in fall 2019
While many Cisco Talos Incident Response (CTIR) engagements have shown similar patterns over the past two quarters, we’re seeing a dangerous trend emerge this winter. Threat actors are increasingly combining the exfiltration of sensitive data along with data encryption as new levers to compel victims to pay.
Source: TALOS Intelligence blog
Secjuice Squeeze Volume 11 – Google bounties, TrickBot, Iranian hackers & more!
Welcome to the Eleventh edition of the Secjuice Squeeze, where we present a selection of last weeks interesting infosec articles, curated for your reading enjoyment, just in case you missed them!
Malware Cyber Threat Trends
Aim of this dashboard is to monitor trends over thousands even millions of samples providing quantitative analyses on what has observed during the performed automatic analyses. The data in this dashboard is totally auto-generated without control and with no post-processing.
Source: Marco Ramilli blog
Fake browser update pages are “still a thing”
SocGholish is a term I first saw in signatures from the EmergingThreats Pro ruleset to describe fake browser update pages used to distribute malware like a NetSupport RAT-based malware package or Chthonic banking malware. Although this activity has continued into 2020, I hadn’t run across an example until this week.
Source: SANS Internet storm center