Cyber Security News for 2Jun2020

#security #cybersecurity #itsecurity #privacy #vmware #contacttracing #Sodinokibi #revil #unc0ver #sandworm #exim #booters #geoint #ipip #cisco #sectigo #comodo #pki
Image by https://tripwire.com
  1. “While it would be nice if cybersecurity could temporarily take a backseat while people and organizations figure out how to adapt to truly new working conditions, the reality is that you can’t do things like rapidly shift to working from home, dramatically increase ecommerce over brick-and-mortar sales, and massively scale the logistics of delivery without considering how all those changes are secured along the way. Cybersecurity is part of the pandemic response, plain and simple.” https://www.tripwire.com/state-of-security/featured/cybersecurity-integral-part-pandemic-response-plan/
  2. “Cybersecurity researchers today disclosed details for a new vulnerability in VMware’s Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure.  Tracked as CVE-2020-3956, the code injection flaw stems from an improper input handling that could be abused by an authenticated attacker to send malicious traffic to Cloud Director, leading to the execution of arbitrary code.  It’s rated 8.8 out of 10 on the CVSS v.3 vulnerability severity scale, making it a critical vulnerability.” https://thehackernews.com/2020/06/vmware-cloud-director-exploit.html
  3. “Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution” https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-android-os-could-allow-for-arbitrary-code-execution_2020-073/
  4. “There are positive and negatives to both a centralised and decentralised model. But there is definitely an advantage of using an Operating System developed feature over a custom developed application. The marriage of software and hardware by Google and Apple means better performance, better battery life and resilience.  If a centralised model is required, then steps like NHS health authority have taken to ensure personal data is protected or not collected in the first place, must be a priority.” https://www.tripwire.com/state-of-security/healthcare/contact-tracing-ensure-user-privacy-security/
  5. “Two weeks later, Sodinokibi operators published 1,280 files allegedly stolen from the company on their leak site. The files contain passports of Elexon staff members and an apparent business insurance application form.   Even if the company did not reveal details on the attack, experts from security firm Bad Packets reported that Elexon had been running an outdated version of Pulse Secure VPN server, if confirmed threat actors could have exploited it to access the internal network.” https://securityaffairs.co/wordpress/104149/cyber-crime/sodinokibi-published-elexon-files.html
  6. “In the past, we have often heard of some strings or files that you can send to other users to cause their iPhone/iPad to reboot.  Now there’s a similar issue affecting some Android devices: a simple picture can soft-brick some Android phones if it’s set as the wallpaper.” https://www.andreafortuna.org/2020/06/02/beware-a-simple-wallpaper-image-can-brick-your-android-device/
  7. “Apple released security patches to address the CVE-2020-9859 zero-day vulnerability in the iOS kernel that had been used to jailbreak iPhones.  The flaw was discovered by a team of cyber-security researchers and hackers that also released a new jailbreak package dubbed Unc0ver (from the name of the team that devised it) that works on all recent iOS versions.” https://securityaffairs.co/wordpress/104168/hacking/apple-fixes-cve-2020-9859-jailbreak.html
  8. “Patching Exim mail servers is not going fast enough and members of the Russian hacker group Sandworm are actively exploiting three critical vulnerabilities that allow executing remote command or code remotely.  Close to a million Exim servers are currently exposed and vulnerable, although the number is gradually getting lower every day. Exim 4.93 is currently considered a safe release” https://www.bleepingcomputer.com/news/security/critical-exim-bugs-being-patched-but-many-servers-still-at-risk/
  9. “Booters are illegal DDoS-for-hire services used to overload websites with huge amounts of traffic, with gaming servers a favourite target (stressers are synonymous with much the same nefarious idea although in theory they also have legitimate uses such as helping sysadmins model the traffic capacity of their websites).” https://nakedsecurity.sophos.com/2020/06/02/crime-agency-turns-to-google-ads-to-deter-teen-ddos-hackers/
  10. “We live in a world in which threats are constantly growing and morphing. Geospatial intelligence (GEOINT) links events to geography through visual depictions and deep analysis. This empowers leaders to understand what is happening, where it’s happening, and why it’s happening — so they can take decisive action to protect citizens.” https://www.recordedfuture.com/geoint-artificial-intelligence/
  11. “Google Search is facing indexing issues on June 2, 2020 and the bug prevents users from discovering new content across the search engine.  According to several reports and our own testing, Google search is partially broken for users and the latest articles of websites such as BleepingComputer and CNN are not showing up in Search and Google News results.” https://www.bleepingcomputer.com/news/google/google-search-bug-prevents-new-content-from-being-indexed/
  12. “An unauthenticated attacker can route network traffic through a vulnerable device, which may lead to reflective DDoS, information leak and bypass of network access controls,” reads the advisory published by the CERT Coordination Center (CERT/CC). “An IP-in-IP device is considered to be vulnerable if it accepts IP-in-IP packets from any source to any destination without explicit configuration between the specified source and destination IP addresses. This unexpected Data Processing Error (CWE-19) by a vulnerable device can be abused to perform reflective DDoS and in certain scenarios used to bypass network access control lists.”  https://securityaffairs.co/wordpress/104192/security/ip-in-ip-flaw-cisco.html
  13. “A successful exploit could cause the affected device to unexpectedly decapsulate the IP-in-IP packet and forward the inner IP packet,” according to Cisco’s security advisory, published on Monday. “This may result in IP packets bypassing input ACLs configured on the affected device or other security boundaries defined elsewhere in the network.”  https://threatpost.com/cisco-dos-flaw-nexus-switches/156203/
  14. “There’s a bit of a kerfuffle in the web hosting community just at the moment over an expired web security certificate from a certificate authority called Sectigo, formerly Comodo Certificate Authority. Expired certificates are a problem because they cause the web server that relies on them to show up as “invalid” to any program that tries to do the right thing and verify the validity of the site it’s connecting to.” https://nakedsecurity.sophos.com/2020/06/02/the-mystery-of-the-expiring-sectigo-web-certificate/
  15. “?The operators of the REvil ransomware have launched a new auction site used to sell victim’s stolen data to the highest bidder.  REvil, otherwise known as Sodinokibi, is a ransomware operation that breaches corporate networks using exposed remote desktop services, spamexploits, and hacked Managed Service Providers.” https://www.bleepingcomputer.com/news/security/revil-ransomware-creates-ebay-like-auction-site-for-stolen-data/

#security #cybersecurity #itsecurity #privacy #vmware #contacttracing #Sodinokibi #revil #unc0ver #sandworm #exim #booters #geoint #ipip #cisco #sectigo #comodo #pki