Blog

Cybersecurity Digest #14: 30/11/2020 – 11/12/2020

Cybersecurity News

  • At the end of November VMware announced about a 0-day vulnerability CVE-2020-4006 in its products, detected by NSA specialists. Firstly, the company’s specialists talked about temporary ways to secure from the bug, and at the end of last week they finally released fixes.
  • Former NSS Labs CEO launched CyberRatings.org, a member-based organization that will generate ratings, reports, and analysis on security products and services. He aims to provide a more open and inclusive source of security product assessments that also encompasses the consumer sector.
  • Google has released Chrome version 87.0.4280.88 for Windows, Mac, and Linux. This version addresses 8 vulnerabilities that an attacker could exploit to take control of an affected system.
  • Disputed bug in Microsoft Teams posed RCE risk. Microsoft declined to assign a CVE for the vulnerability because the issue was resolved without user interaction through an automated update.
  • Germany, France, Spain and ten other EU countries have joined forces to invest in processors and semiconductor technologies, key to internet-connected devices and data processing, in a push to catch up with the United States and Asia.

More

Cybersecurity Digest #13: 16/11/2020 – 27/11/2020

Cybersecurity News

  • ENCS, the European Network for Cyber Security, and E.DSO, the European Distribution System Operators’ Association,  announced the launch of security requirements for Distribution Automation (DA) of Remote Terminal Units (RTUs). The requirements provide European distribution system operators (DSOs) with a defined set of practical considerations for procuring secure RTUs and are a significant step forward to industry wide requirements.
  • The notorious TrickBot has released a new lightweight reconnaissance tool used to scope out an infected victim’s network for high-value targets. The new “LightBot” is a PowerShell reconnaissance script used by the same group linked to the high-level ransomware and breach incidents involving Universal Health Service (UHS).
  • ZDNet has announced that multiple threat actors have spent the past two-three years mass-scanning the internet for ENV files that have been accidentally uploaded and left exposed on web servers. They are looking for ENV files such as API tokens, passwords, and database logins.
  • VMware has released a workaround to address a critical zero-day in multiple VMware Workspace One components that allows attackers to execute commands on the host Linux and Windows operating systems using escalated privileges.

More

Cybersecurity Digest #12: 05/10/2020 – 16/10/2020

Cybersecurity News

  • ENCS, the European Network for Cyber Security, and E.DSO, the European Distribution System Operators’ Association,  announced the launch of security requirements for Distribution Automation (DA) of Remote Terminal Units (RTUs). The requirements provide European distribution system operators (DSOs) with a defined set of practical considerations for procuring secure RTUs and are a significant step forward to industry wide requirements.
  • A team of five security researchers found 55 vulnerabilities in Apple online services which they have analyzed for three months from July to September. The flaws — including 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity vulnerabilities — could have allowed an attacker to take over a victim’s iCloud account and the sessions of Apple employees with the capability of accessing management tools and sensitive resources.
  • Microsoft found a new ransomware MalLocker.B, targeting Android users and lock their screen as part of a ransomware attack. This new ransomware family is known for being hosted on arbitrary websites and distributed on online forums using various social engineering baits, including masquerading as popular apps, video players or cracked games.
  • MDSec researcher David Middlehurst discovered that The Windows Update client (wuauclt) can be used by attackers to execute malicious code on Windows 10 systems by loading it from an arbitrary specially crafted DLL with specific command-line options.

More

Cybersecurity Digest #11: 24/08/2020 – 04/09/2020

Cybersecurity News

More

Cybersecurity Digest #10: 10/08/2020 – 21/08/2020

Cybersecurity News

  • Intel is warning of a rare critical-severity vulnerability affecting several of its motherboards, server systems and compute modules. The flaw could allow an unauthenticated, remote attacker to achieve escalated privileges. The recently patched flaw (CVE-2020-8708) ranks 9.6 out of 10 on the CVSS scale, making it critical.
  • The Chinese government has deployed an update to its national censorship tool, known as the Great Firewall (GFW), to block encrypted HTTPS traffic that uses TLS 1.3 with ESNI (Encrypted Server Name Indication) enabled.
  • FireEye is extending its private bug-bounty program to the public. The expanded program, like its predecessors, will be run in partnership with Bugcrowd. Anyone with credentials on the Bugcrowd platform can submit vulnerabilities to the program, which will pay a bounty of $50 to $2,500 depending on the bug’s severity and potential impact.
  • Troy Hunt, the security expert who handles the breach notification website Have I Been Pwned, announced that he is ready to make the code behind the site available in open source. According to him, the code will be turned over to the public for the betterment of the project and for the betterment of everyone who uses it.

More