Cybersecurity Digest #6: 08/06/2020 – 19/06/2020

Cybersecurity News 

• A newly disclosed UPnP vulnerability, which is tracked as CVE-2020-12695 and is referred to as CallStranger, affects billions of devices can be exploited for various types of malicious activities, including distributed denial-of-service (DDoS) attacks. This vulnerability can also be used for bypassing DLP and network security devices to exfiltrate data and scanning internal ports from Internet facing UPnP devices.
• Security researcher Athul Jayaram is warning that a WhatsApp feature called “Click to Chat” puts users’ mobile phone numbers at risk — by allowing Google Search to index them for anyone to find.
• With the release of the June 2020 Patch security updates, Microsoft has released one advisory for an Adobe Flash Player update and fixes for 129 vulnerabilities in Microsoft products. Of these vulnerabilities, 11 are classified as Critical, 109 as Important, 7 as Moderate, and 2 as Low.
• Two separate teams of academic researchers published papers describing flaws in Intel’s Software Guard Extensions (SGX). The aim of SGX is to protect application code and data from disclosure or modification. The recently uncovered flaws can prevent SGX from achieving its goal, the research teams showed.
• More than a dozen vulnerabilities, collectively named Ripple20, affecting the TCP/IP communication stack used in hundreds of millions of embedded devices paint a grim scenario for connected gadgets. Some of the flaws are critical and can be exploited to gain remote control of all vulnerable devices on the network.
• Researchers have discovered an unpatched zero-day vulnerability in firmware for Netgear routers that put 79 device models at risk for full takeover. The flaw, a memory-safety issue present in the firmware’s httpd web server, allows attackers to bypass authentication on affected installations of Netgear routers, according to two separate reports.

Cybersecurity Blog Posts

• Containers have become one of the fastest growing technologies in the history of IT. Since DockerHub’s inception in 2013, billions of container images have been downloaded, and hundreds of thousands of images are currently stored there. Trisha Paine from Checkpoint tells about their strengths and limitations, and the future of this technology.
• Chris Schueler discusses how information security teams can deal with cybersecurity threats using Managed security services (MSS), Endpoint detection and response (EDR) and Managed detection and response (MDR) solutions. And, what is the difference between these technologies, how to use them effectively and when you really need each of them.
• To best protect your organization you need to understand what kind of information is publicly available. It’s important to know the tools, skills, and techniques available to scour the massive amounts of information found on the Internet. SANS Institute introduces some free resources about OSINT to help in any investigation, pen test or to just see if your organization is exposed.
• Security and DevOps teams frequently don’t play well together because they often have wildly divergent goals. Matthew Chiodi from Palo Alto Networks tells how security and DevOps teams can work together to arrive at a healthy DevSecOps culture.

Research & Analytics

• 40% of consumers hold business leaders personally responsible for ransomware attacks businesses suffer, according to global research from Veritas Technologies. Furthermore, research shows the public often wants restitution from businesses that fall foul of ransomware – with 65% of respondents wanting compensation, and 9% even wanting to send the CEO to prison.
• A study that analyzed the top 54 open source projects found that security vulnerabilities in these tools doubled in 2019, going from 421 bugs reported in 2018 to 968 last year. According to RiskSense’s “The Dark Reality of Open Source” report the company found 2,694 bugs reported in popular open source projects between 2015 and March 2020. Jenkins and MySQL vulnerabilities have had the most weaponized vulnerabilities in the past five years.
• SophosLabs has published a report «An insider view into the increasingly complex kingminer botnet» that follows the evolution and operation of the cybercrime gang behind a botnet known as Kingminer. Cryptomining seems to be the top activity in the Kingminer gang’s playbook, and they’re not targeting home users with laptops but instead going after company networks and all the computers on them.
• According to the Crypsis Group’s 2020 Incident Response and Data Breach Report, sums of cryptocurrency demanded by ransomware attackers have grown to the tune of roughly 200% in 2019, the average ransomware demand was an eye-popping $115,123. Crypsis says that one of the reasons that the sum has risen so much is that ransomware attackers are shifting their focus towards larger entities.
• A new Cybersecurity Exposure Index (CEI) 2020 reveals which countries are the most and least exposed to cybercrime. According to the Index, Afghanistan is the most exposed country, followed by Myanmar, Ethiopia, Palestine and Venezuela. Finland is the least exposed country, followed by Denmark, Luxembourg, Australia and Estonia.
• Check Point commissioned Dimensional Research to survey 400 global security leaders to capture hard data on their attitudes towards tool consolidation. The key findings of this research: 98% of organizations manage their security products with multiple consoles, creating visibility silos. 79% of security professionals say working with multiple vendors presents significant challenges. 69% agree that prioritizing vendor consolidation would lead to better security.
• A new survey of 1,009 businesses revealed 65% of SMEs plan to spend more on cyber insurance in the next two years, compared with 58% of large enterprises. More than 70% of SMEs have a coverage limit lower than $1 million and less than the total cost of expenses and loss related to a cyberattack they have experienced in the past or expect to face in the future.

Major Cyber Incidents

• Japan’s Honda Motor Co has resumed production at automobile and motorcycle plants in the United States and other countries after they were hit by a suspected cyberattack. The suspected attack was the second on Honda’s global network after the WannaCry virus forced it to halt production for a day at a domestic plant in 2017.
• The Japanese video game giant Nintendo has admitted that threat actors have breached 300,000 accounts since early April. The hackers have gained access to personal information, including birthday and email address, but financial data were not impacted.
• The city of Knoxville, Tennessee, has shut down its IT network on June 11 following a ransomware attack. The city’s IT department did not detect the intrusion until it was too late, and the ransomware had already encrypted multiple systems.
• Personal information of police officers in departments nationwide is being leaked online amid tense interactions at demonstrations across the U.S. over the police custody death of George Floyd and others, according to an unclassified intelligence document from the U.S. Department of Homeland Security, obtained by The Associated Press.
• A1 Telekom, the largest internet service provider in Austria, has admitted to a security breach this week, following a whistleblower’s expose. From December 2019 to May 2020, A1 said its security team had battled with the malware’s operators in attempts to remove all of their hidden backdoor components and kick out the intruders.
• Hackers hijacked an Oxford email server to deliver malicious emails as part of a phishing campaign designed to harvest Microsoft Office 365 credentials from European, Asian, and Middle Eastern targets.