20 July 2020
- Microsoft Research has announced a cloud-based malware detection service called Project Freta to detect rootkits, cryptominers, and previously undetected malware strains lurking in your Linux cloud VM images.
- A coalition of dozens of top cybersecurity and Internet freedom groups, academics and experts sent a blistering letter to the sponsors of an anti-encryption Senate bill they say would make hundreds of millions of Americans more vulnerable to hacking. The bill, called the Lawful Access to Encrypted Data Act, is the harshest among a number of efforts to weaken encryption across the Justice Department and Congress.
- Business giant SAP released a patch for a major vulnerability that impacts the vast majority of its customers. The bug, codenamed RECON, exposes companies to easy hacks, according to cloud security firm Onapsis. Onapsis says RECON allows malicious threat actors to create an SAP user account with maximum privileges on SAP applications exposed on the internet, granting attackers full control over the hacked companies’ SAP resources.
- With the July 2020 Patch Tuesday security updates release, Microsoft has released one advisory for a tampering vulnerability in IIS and fixes for 123 vulnerabilities in Microsoft products.
07 July 2020
- Google said it will automatically delete some location history after 18 months for new users and make it easier for everyone to access its search, Maps and YouTube apps without being tracked.
- US Senators introduced the Lawful Access to Encrypted Data Act, a bill to bolster national security interests and better protect communities across the country by ending the use of “warrant-proof” encrypted technology by terrorists and other bad actors to conceal illicit behavior.
- Security researchers from the Shadowserver Foundation, a non-profit organization focused on improving cyber-security practices across the world, have published a warning about companies that are leaving printers exposed online. Experts said they usually found an average of around 80,000 printers exposing themselves online via the IPP port on a daily basis.
- Starting with September 1, 2020, browsers and devices from Apple, Google, and Mozilla will show errors for new TLS certificates that have a lifespan greater than 398 days. Apple unilaterally took this decision in February 2020, following their announcement, other companies have stated similar intentions to implement the same rule in their browsers.
- Microsoft announced that it would be acquiring CyberX, a security startup that focuses specifically on detecting, stopping, and predicting security breaches on internet of things networks and the networks of large industrial organizations.
22 June 2020
- A newly disclosed UPnP vulnerability, which is tracked as CVE-2020-12695 and is referred to as CallStranger, affects billions of devices can be exploited for various types of malicious activities, including distributed denial-of-service (DDoS) attacks. This vulnerability can also be used for bypassing DLP and network security devices to exfiltrate data and scanning internal ports from Internet facing UPnP devices.
- Security researcher Athul Jayaram is warning that a WhatsApp feature called “Click to Chat” puts users’ mobile phone numbers at risk — by allowing Google Search to index them for anyone to find.
- With the release of the June 2020 Patch security updates, Microsoft has released one advisory for an Adobe Flash Player update and fixes for 129 vulnerabilities in Microsoft products. Of these vulnerabilities, 11 are classified as Critical, 109 as Important, 7 as Moderate, and 2 as Low.
- Two separate teams of academic researchers published papers describing flaws in Intel’s Software Guard Extensions (SGX). The aim of SGX is to protect application code and data from disclosure or modification. The recently uncovered flaws can prevent SGX from achieving its goal, the research teams showed.
08 June 2020
- Chrome software developers announced that starting with Chrome 84, releasing to stable on July 14 2020, sites with abusive permission requests or abusive notifications will be automatically enrolled in quieter notifications UI and notification enrollment prompts will advise users that the site may be trying to trick them.
- Microsoft shared threat data collected on PonyFinal, a Java-based ransomware deployed in human-operated ransomware campaigns. In these types of attacks, adversaries do their homework and choose a strategy and payload based on the target organization’s environment. Human-operated ransomware is not new, but it has been growing popular as attackers try to maximize ransom from individual victims.
- A team of Chinese academics has found a new way to abuse HTTP packets to amplify web traffic and bring down websites and content delivery networks (CDNs). Named RangeAmp, this new Denial-of-Service (DoS) technique exploits incorrect implementations of the HTTP “Range Requests” attribute.
- Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its ‘Sign in with Apple’ system. The now-patched vulnerability could have allowed remote attackers to bypass authentication and take over targeted users’
25 May 2020
- The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government have published the top 10 most exploited vulnerabilities from 2016 to 2019 with recommendations for mitigation.
- Israeli researches reveal NXNSAttack, a vulnerability in DNS servers that can be abused to launch DDoS attacks of massive proportions. They say that an attacker using NXNSAttack can amplify a simple DNS query from 2 to 1,620 times its initial size, creating a massive spike in traffic that can crash a victim’s DNS server.
- Cisco Talos researchers said about a new malware, dubbed WolfRAT, that is a new variant of DenDroid, a mobile Remote Access Trojan (RAT) which targets Thai users of Whatsapp, Facebook Messenger, and Line messaging apps on the Android mobile platform. WolfRAT begins its infection chain through fake update lures abusing legitimate services including Flash and Google Play.
- Security researchers from three universities in Europe have found multiple weaknesses in the ubiquitous Bluetooth protocol that could allow attackers to impersonate a paired device and establish a secure connection with a victim. Bluetooth chips from Apple, Intel, Qualcomm, Cypress, Broadcomm, and others are all vulnerable to the attacks.