Cybersecurity Digest #20: 1/03/2021 – 12/03/2021

Microsoft has released updates to address four previously unknown or ‘zero-day’ vulnerabilities in Exchange Server that were being used in limited targeted attacks, according to Microsoft. Hafnium state-sponsored threat actor was exploiting four previously unknown flaws in Exchange servers.
New Critical RCE Vulnerabilities in BIG-IP, BIG-IQ let Attacker Take Control of an Affected System. F5 Networks has published a security advisory warning customer to patch a critical flaw in BIG-IP product that is very likely to be exploited. announced four critical CVEs, along with three related CVEs (two high and one medium).
Cornell University specialists have introduced the first microarchitectural side channel attacks that leverage contention on the CPU ring interconnect. They demonstrated our attack by extracting key bits from vulnerable EdDSA and RSA implementations, as well as inferring the precise timing of keystrokes typed by a victim user.
PingSafe AI, a security company that monitors multiple breaches in real-time, has uncovered a critical vulnerability in the iPhone automatic call recorder application that exposed thousands of users’ recorded calls. The Call Recorder app-enabled third-parties to access a user’s entire library of recordings, just by knowing their phone number.

ActZero expert has introduced 7 lessons learned from SMB cybersecurity leaders. The author thinks that at small to medium-sized businesses or really any with a blossoming security program, IT leaders’ cybersecurity problems revolve mainly around a lack of three components: people, process, and technology.
GRIMM experts have found three bugs in a forgotten corner of the mainline Linux kernel that turned out to be about 15 years old. These bugs turned out to still be good, and one turned out to be useable as a Local Privilege Escalation (LPE) in multiple Linux environments.
Ritika Singh explained in his article what is NoSQL injection attack and how to prevent it.
Anton Chuvakin shared his thoughts about SOC automation. His main advice is stop trying to take humans out of security operations.

Mobile Malware Evolution 2020 report by Kaspersky Lab has shown that the share of adware attacks increased in relation to mobile malware in general. Whereas it was 12.85% in 2019, it reached 14.62% in 2020.
According to Check Point Research´s Brand Phishing Report – Q4 2020, Microsoft still leads the top ten-brand phishing in the last quarter of 2020, with many websites trying to impersonate Microsoft login screens and steal user credentials.
The 2020 Intel Product Security Report has shown that 92% of vulnerabilities addressed are the direct result of Intel’s investment in product security assurance. 109 of the 231 CVEs (47%) published were discovered internally by Intel employees.
According to Zimperium analysis, 14% of iOS and Android apps that use cloud storage had unsecure configurations and were vulnerable to a number of significant issues that exposed PII, enabled fraud or exposed IP or internal systems.

Oxford University lab with COVID-19 research links targeted by hackers. Compromised machines included those used in sample analysis. The university confirmed that a security incident took place at the Division of Structural Biology lab, also known as “Strubi,” after Forbes disclosed that hackers were boasting of access to the school’s systems.
Accellion zero-day claims a new victim in cybersecurity company Qualys. The cloud security and compliance firm said that the security incident did not have any “operational impact,” but “unauthorized access” had been obtained to an Accellion FTA server used by the company.
A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.
Microsoft attack blamed on China morphs into global crisis. The attack, which Microsoft has said started with a Chinese government-backed hacking group, has so far claimed at least 60,000 known victims globally, according to a former senior U.S. official with knowledge of the investigation.