Cyber security news August 2020

This posting is here to collect cyber security news in August 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

cybergedeon_flame_color

240 Comments

  1. Tomi Engdahl says:

    https://www.facebook.com/groups/majordomo/permalink/10160585419634522/

    heads up, anyone who’s dealt with SANS.org a cybersecurity training company was compromised by the very thing they teach about…

    Reply
  2. Tomi Engdahl says:

    Just got assigned CVE-2020-1337. Here its Vulnerability description, Root Cause Analysis and PoC for my PrintDemon’s (CVE-2020-1048) Patch Bypass via Junction Directory (TOCTOU). https://voidsec.com/cve-2020-1337-printdemon-is-dead-long-live-printdemon/

    Reply
  3. Tomi Engdahl says:

    https://thehackernews.com/2020/08/chrome-csp-bypass.html?m=1

    If you haven’t recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to do so as quickly as possible.
    Cybersecurity researchers on Monday disclosed details about a zero-day flaw in Chromium-based web browsers for Windows, Mac and Android that could have allowed attackers to entirely bypass Content Security Policy (CSP) rules since Chrome 73.

    Tracked as CVE-2020-6519 (rated 6.5 on the CVSS scale), the issue stems from a CSP bypass that results in arbitrary execution of malicious code on target websites.
    According to PerimeterX, some of the most popular websites, including Facebook, Wells Fargo, Zoom, Gmail, WhatsApp, Investopedia, ESPN, Roblox, Indeed, TikTok, Instagram, Blogger, and Quora, were susceptible to the CSP bypass.

    Interestingly, it appears that the same flaw was also highlighted by Tencent Security Xuanwu Lab more than a year ago, just a month after the release of Chrome 73 in March 2019, but was never addressed until PerimeterX reported the issue earlier this March.

    Reply
  4. Tomi Engdahl says:

    Just not even surprised anymore… [https://www.bleepingcomputer.com/news/security/sans-infosec-training-org-suffers-data-breach-after-phishing-attack/](https://www.bleepingcomputer.com/news/security/sans-infosec-training-org-suffers-data-breach-after-phishing-attack/)

    Reply
  5. Tomi Engdahl says:

    This is node joke. Tor battles to fend off swarm of Bitcoin-stealing evil exit relays making up about 25% of outgoing capacity at its height >

    This is node joke. Tor battles to fend off swarm of Bitcoin-stealing evil exit relays making up about 25% of outgoing capacity at its height
    https://www.theregister.com/2020/08/12/tor_exit_nodes/

    Cash-strapped privacy devs face determined miscreants who keep coming back for more

    The Tor Project has confirmed someone, or some group, is in control of a large number of Bitcoin-snaffling exit nodes in its anonymizing network, and it’s battling to boot them off.

    One observer reckons more than 23 per cent of the entire Tor network’s exit capacity was under the command of one miscreant, or one group of miscreants, at one point in May, with the end goal being the theft of people’s cryptocurrency..

    Crucially, whoever is running an exit node can access the traffic flowing through it. Thus it is wise to ensure your connections to websites and other services are wrapped in additional encryption, such as HTTPS or SSH, so that exit node operators cannot snoop on you and alter any information you send over the internet.

    It’s one thing to be mindful of a rogue exit node operator eavesdropping on you, it’s another thing when someone successfully adds a large number of exit nodes to Tor, all under their control, because it means some kind of elaborate campaign is underway to undermine Tor’s security.

    In this case, it appears someone or some group is adding malicious exit nodes that perform a form of SSL stripping to eavesdrop on visitors to cryptocurrency websites – specifically, Bitcoin mixer services. If any Bitcoin wallet addresses are spotted in the passing unprotected traffic, the addresses are rewritten on the fly so as to funnel transactions into the miscreants’ coffers, thus stealing victims’ digital money.

    The malicious exit nodes intercept some of these insecure HTTP requests to prevent them being upgraded to HTTPS-encrypted connections, and tamper with the unprotected data in transit, namely any Bitcoin wallet addresses.

    Yes, there are plugins like HTTPS Everywhere that force browsers to use encryption, but not everyone uses them, or they disable them after a while because the extensions complain too much when they can’t establish a connection to non-HTTPS pages.

    Ongoing war
    The Tor Project confirmed to us it has been trying for months to get the bad actor off its network, including banning the malicious nodes in May and June only to see the surveillance menace return. We’re told the Tor team is hampered right now due to being short-staffed. Back in April, the project had to drop 13 people, about a third of its staff, due to funding shortfalls amid the coronavirus pandemic and economic downturn. That means there’s not enough people monitoring the anonymizing mesh for wrongdoers.

    Reply
  6. Tomi Engdahl says:

    Belarus Has Shut Down the Internet Amid a Controversial Election
    Human rights organizations have blamed the Belarusian government for widespread outages.
    https://www.wired.com/story/belarus-internet-outage-election/

    Reply
  7. Tomi Engdahl says:

    A Vulnerability in GNU C Library Could Allow for Remote Code Execution
    https://www.cisecurity.org/advisory/a-vulnerability-in-gnu-c-library-could-allow-for-remote-code-execution_2020-105/

    OVERVIEW:
    A vulnerability has been discovered in the GNU C Library (glibc), which could allow for remote code execution. This library is required in all modern distributions of Linux as it defines the system calls and other basic facilities used in the Linux kernel. Successful exploitation of this vulnerability could allow an attacker to execute remote code in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.

    A vulnerability has been discovered in the GNU C Library (glibc), which could allow for remote code execution. Specifically, this is a stack-based-buffer-overflow due to the ieee754_rem_pio2l() function’s failure to validate pseudo-zero values. This vulnerability can be exploited when the system processes maliciously crafted data.

    Successful exploitation of this vulnerability could allow an attacker to execute remote code in the context of the affected application.

    Reply
  8. Tomi Engdahl says:

    Voice over LTE (VoLTE) is a packet-based telephony service seamlessly integrated into the Long Term Evolution (LTE) standard. By now all major telecommunication operators use VoLTE. To secure the phone calls, VoLTE encrypts the voice data between the phone and the network with a stream cipher. The stream cipher shall generate a unique keystream for each call to prevent the problem of keystream reuse.

    We introduce ReVoLTE, an attack that exploits an LTE implementation flaw to recover the contents of an encrypted VoLTE call. This enables an adversary to eavesdrop on VoLTE phone calls. ReVoLTE makes use of a predictable keystream reuse. Eventually, the keystream reuse allows an adversary to decrypt a recorded call with minimal resources.

    https://revolte-attack.net/

    Reply
  9. Tomi Engdahl says:

    23% of Tor browser relays found to be stealing Bitcoin
    https://www.hackread.com/tor-browser-relays-found-to-stealing-bitcoin/

    The threat actor was also able to see the user’s transmitted data on the Tor browser in unencrypted format and tamper with it for their own ill-motives.

    Reply
  10. Tomi Engdahl says:

    The quest to liberate $300,000 of bitcoin from an old ZIP file
    A few quintillion possible decryption keys stand between a man and his cryptocurrency.
    https://arstechnica.com/information-technology/2020/08/the-quest-to-liberate-300000-of-bitcoin-from-an-old-zip-file/?utm_social-type=owned&utm_brand=ars&utm_source=facebook&utm_medium=social

    Nineteen years ago, Stay published a paper detailing a technique for breaking into encrypted zip files. The Guy had bought around $10,000 worth of bitcoin in January 2016, well before the boom. He had encrypted the private keys in a zip file and had forgotten the password. He was hoping Stay could help him break in.

    In a talk at the Defcon security conference this week, Stay details the epic attempt that ensued.

    Zip is a popular file format used for “lossless” compression of large files, like the little drawstring sack that can somehow contain your sleeping bag. Many implementations of zip are known to be insecure, to the point that US senator Ron Wyden of Oregon called on the National Institute of Standards and Technology last summer to investigate the issue. “If we find the password successfully, I will thank you,” The Guy wrote with a smiley face. After an initial analysis, Stay estimated that he would need to charge $100,000 to break into the file. The Guy took the deal. After all, he’d still be turning quite the profit.
    “It’s the most fun I’ve had in ages. Every morning I was excited to get to work and wrestle with the problem,” says Stay, who today is the chief technology officer of the blockchain software development firm Pyrofex. “The zip cipher was designed decades ago by an amateur cryptographer—the fact that it has held up so well is remarkable.” But while some zip files can be cracked easily with off-the-shelf tools, The Guy wasn’t so lucky.

    That’s partly why the work was priced so high. Newer generations of zip programs use the established and robust cryptographic standard AES, but outdated versions—like the one used in The Guy’s case—use Zip 2.0 Legacy encryption that can often be cracked. The degree of difficulty depends on how it’s implemented, though.

    Reply
  11. Tomi Engdahl says:

    The Secret SIMs Used By Criminals to Spoof Any Number
    https://www.vice.com/amp/en_us/article/n7w9pw/russian-sims-encrypted
    This SIM card, the caller said, allowed him to spoof any phone number
    he wanted. Want to look like you’re calling from a bank in order to
    scam a target? Easy. Want to change it to a random series of digits so
    that the recipient’s phone won’t record your real number? That just
    takes a few seconds to set up, according to tutorials of how to use
    the cards available online.. To test the process of obtaining such a
    SIM, Motherboard purchased a so-called white SIM, known for not having
    any branding or labelling, through a source close to the criminal
    world. After sending the supplier around $100 in Bitcoin, a package
    arrived the next day.. Essentially, entering this tells a user’s phone
    that they want to connect to a particular phone network, one that it
    may not ordinarily recognize.. Karsten Nohl, a security researcher
    from SRLabs focused on telecommunications security, told Motherboard
    in an email that operators of the SIM cards likely run their own
    Mobile Virtual Network Operator (MVNO), which is essentially a telecom
    company piggy backing off of the infrastructure of a more established
    network. . Many MVNOs exist, including Google’s Fi, which runs on top
    of T-Mobile’s infrastructure.. In order to obtain SIMs and data to
    sell, smaller companies can go to different carriers around the world
    and buy the data in bulk, according to a source who currently works in
    the secure communications industry.

    Reply
  12. Tomi Engdahl says:

    Call Me Maybe: Ea­ves­drop­ping En­cryp­ted LTE Calls With Re­VoL­TE
    https://revolte-attack.net/
    Voice over LTE (VoLTE) is a packet-based telephony service seamlessly
    integrated into the Long Term Evolution (LTE) standard. By now all
    major telecommunication operators use VoLTE. To secure the phone
    calls, VoLTE encrypts the voice data between the phone and the network
    with a stream cipher. . The stream cipher shall generate a unique
    keystream for each call to prevent the problem of keystream reuse.. We
    introduce ReVoLTE, an attack that exploits an LTE implementation flaw
    to recover the contents of an encrypted VoLTE call. This enables an
    adversary to eavesdrop on VoLTE phone calls. ReVoLTE makes use of a
    predictable keystream reuse, which was discovered by Raza & Lu..
    Eventually, the keystream reuse allows an adversary to decrypt a
    recorded call with minimal resources.. Read also:
    https://revolte-attack.net/media/revolte_camera_ready.pdf. As well as:
    https://www.zdnet.com/article/re-vol-te-attack-can-decrypt-4g-lte-calls-to-eavesdrop-on-conversations/

    Reply
  13. Tomi Engdahl says:

    Irony, thy name is SANS: 28k records nicked from infosec training org
    after staffer’s email account phished
    https://www.theregister.com/2020/08/12/sans_institute_data_breach/
    Names, email addresses, phone numbers, job titles, company names,
    country of residence etc. pinched. Read also:
    https://www.sans.org/dataincident2020

    Reply
  14. Tomi Engdahl says:

    Exclusive: August Smart Lock Flaw Opens Your Wi-Fi Network to Hackers
    https://uk.pcmag.com/encryption/128120/exclusive-august-smart-lock-flaw-opens-your-wi-fi-network-to-hackers
    Implementing this hack would take a lot of patience. The hacker would
    have to find a spot close enough to listen in on the Wi-Fi network,
    perhaps a parked car. The attack that forces the doorbell offline
    takes time. And the device doesnt reconnect until its owner notices
    that it’s offline and initiates the exchange.. Read also:
    https://www.bitdefender.com/files/News/CaseStudies/study/363/Bitdefender-PR-Whitepaper-AugustConnect-creat4699-en-EN-GenericUse.pdf

    Reply
  15. Tomi Engdahl says:

    Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption
    https://www.darkreading.com/iot/kr00k-krack-and-the-seams-in-wi-fi-iot-encryption/d/d-id/1338633
    Earlier this year, two ESET researchers disclosed a flaw in processor
    chips powering over 1 billion Wi-Fi and Internet of Things (IoT)
    devices that would make it easy for attackers to snoop on encrypted
    traffic.. Last week at Black Hat, the researchers explained that the
    attack surface area for these kinds of flaws is broader than they
    initially thought and that the weakness is present in a several other
    popular chipsets that could put even more IoT and Wi-Fi devices at
    risk.. Dubbed “Kr00k” by researchers Robert Lipovsky and Stefan
    Svorencik, the flaw in question occurs in how Wi-Fi chips handle the
    four-way handshake process that occurs between a device and an access
    point to facilitate WPA2 encryption. . When devices associate and
    disassociate with a network, the handshake process governs
    authentication and how cryptographic keys are exchanged as connection
    is both established and broken between device and access point.. Kr00k
    is a flaw in how the chips handle the process of WLAN session
    disassociation, in which they overwrite the encryption keys with all
    zeros in the expectation that no further data will be transmitted
    after disassociation. The expectation is when the device reassociates
    with a new session, a new encryption key will be negotiated and
    encryption will remain seamless.

    Reply
  16. Tomi Engdahl says:

    NCC Group admits its training data was leaked online after folders
    full of Crest pentest certification exam notes posted to Github
    https://www.theregister.com/2020/08/11/ncc_group_crest_cheat_sheets/
    Exclusive British infosec biz NCC Group has admitted to The Register
    that its internal training data was leaked on GitHub after folders
    purporting to help people pass the Crest pentest certification exams
    appeared online.

    Reply
  17. Tomi Engdahl says:

    Samsung Quietly Fixes Critical Galaxy Flaws Allowing Spying, Data
    Wiping
    https://threatpost.com/samsung-quietly-fixed-critical-galaxy-flaws-allowing-spying-data-wiping/158241/
    Four critical-severity flaws were recently disclosed in the Find My
    Mobile feature of Samsung Galaxy smartphones, which if exploited could
    allow attackers to force a factory reset on the phones or spy on
    users.

    Reply
  18. Tomi Engdahl says:

    A mysterious group has hijacked Tor exit nodes to perform SSL
    stripping attacks
    https://www.zdnet.com/article/a-mysterious-group-has-hijacked-tor-exit-nodes-to-perform-ssl-stripping-attacks/
    At one point, the group ran almost a quarter of all Tor exit nodes.
    Group still controls 10% of all Tor exit nodes today.

    Reply
  19. Tomi Engdahl says:

    Homeland Security details new tools for extracting device data at US
    borders
    https://www.cnet.com/news/homeland-security-details-new-tools-for-extracting-device-data-at-us-borders/
    The agency says it can now obtain details including your phone’s
    location history, social media information, and photos and videos.
    Read also:
    https://www.tivi.fi/uutiset/tv/fd853718-ac31-490c-9818-33d26b7a97db

    Reply
  20. Tomi Engdahl says:

    Belarus Has Shut Down the Internet Amid a Controversial Election
    https://www.wired.com/story/belarus-internet-outage-election/
    Human rights organizations have blamed the Belarusian government for
    widespread outages. INTERNET CONNECTIVITY AND cellular service in
    Belarus have been down since Sunday evening, after sporadic outages
    early that morning and throughout the day. The connectivity blackout,
    which also includes landline phones, appears to be a
    government-imposed outage that comes amid widespread protests and
    increasing social unrest over Belarus’ presidential election Sunday.

    Reply
  21. Tomi Engdahl says:

    New Meow’ attack has deleted almost 4, 000 unsecured databases
    https://www.bleepingcomputer.com/news/security/new-meow-attack-has-deleted-almost-4-000-unsecured-databases/
    Hundreds of unsecured databases exposed on the public web are the
    target of an automated ‘meow’ attack that destroys data without any
    explanation. The activity started recently by hitting Elasticsearch
    and MongoDB instances without leaving any explanation, or even a
    ransom note. Attacks then expanded to other database types and to file
    systems open on the web.

    Reply
  22. Tomi Engdahl says:

    Industrial VPN vulnerabilities put critical infrastructure at risk
    https://www.bleepingcomputer.com/news/security/industrial-vpn-vulnerabilities-put-critical-infrastructure-at-risk/
    Security researchers analyzing popular remote access solutions used
    for industrial control systems (ICS) found multiple vulnerabilities
    that could let unauthenticated attackers execute arbitrary code and
    breach the environment. The flaws are in virtual private network (VPN)
    implementations and adversaries could exploit them cause physical
    damage by connecting to field devices and programmable logic
    controllers (PLCs). Lisäksi
    https://www.claroty.com/2020/07/28/vpn-security-flaws/

    Reply
  23. Tomi Engdahl says:

    Today’s mega’ data breaches now cost companies $392 million to recover
    from
    https://www.zdnet.com/article/todays-mega-data-breaches-now-cost-companies-392-million-in-damages-lawsuits
    The average cost of a “mega” data breach has risen astronomically over
    the past year and enterprise players impacted by such a security
    incident can expect to pay up to $392 million.

    Reply
  24. Tomi Engdahl says:

    WastedLocker: technical analysis
    https://securelist.com/wastedlocker-technical-analysis/97944/
    The use of crypto-ransomware in targeted attacks has become an
    ordinary occurrence lately: new incidents are being reported every
    month, sometimes even more often. On July 23, Garmin, a major
    manufacturer of navigation equipment and smart devices, including
    smart watches and bracelets, experienced a massive service outage. As
    confirmed by an official statement later, the cause of the downtime
    was a cybersecurity incident involving data encryption.. The situation
    was so dire that at the time of writing of this post (7/29) the
    operation of the affected online services had not been fully restored.

    Reply
  25. Tomi Engdahl says:

    New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel
    Leaks
    https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html
    Security researchers have outlined a new technique that renders a
    remote timing-based side-channel attack more effective regardless of
    the network congestion between the adversary and the target server.
    Remote timing attacks that work over a network connection are
    predominantly affected by variations in network transmission time (or
    jitter), which, in turn, depends on the load of the network connection
    at any given point in time.

    Reply
  26. Tomi Engdahl says:

    Linux warning: TrickBot malware is now infecting your systems
    https://www.bleepingcomputer.com/news/security/linux-warning-trickbot-malware-is-now-infecting-your-systems/
    TrickBot’s Anchor malware platform has been ported to infect Linux
    devices and compromise further high-impact and high-value targets
    using covert channels. TrickBot is a multi-purpose Windows malware
    platform that uses different modules to perform various malicious
    activities, including information stealing, password stealing, Windows
    domain infiltration, and malware delivery.

    Reply
  27. Tomi Engdahl says:

    Mirai Botnet Exploit Weaponized to Attack IoT Devices via
    CVE-2020-5902
    https://blog.trendmicro.com/trendlabs-security-intelligence/mirai-botnet-exploit-weaponized-to-attack-iot-devices-via-cve-2020-5902/?
    Following the initial disclosure of two F5 BIG-IP vulnerabilities on
    the first week of July, we continued monitoring and analyzing the
    vulnerabilities and other related activities to further understand
    their severities. Based on the workaround published for CVE-2020-5902,
    we found an internet of things (IoT) Mirai botnet downloader (detected
    by Trend Micro as Trojan.SH.MIRAI.BOI) that can be added to new
    malware variants to scan for exposed Big-IP boxes for intrusion and
    deliver the malicious payload.

    Reply
  28. Tomi Engdahl says:

    Confirmed: Garmin received decryptor for WastedLocker ransomware
    https://www.bleepingcomputer.com/news/security/confirmed-garmin-received-decryptor-for-wastedlocker-ransomware/
    BleepingComputer can confirm that Garmin has received the decryption
    key to recover their files encrypted in the WastedLocker Ransomware
    attack. On July 23rd, 2020, Garmin suffered a worldwide outage where
    customers could not access their connected services, including the
    Garmin Connect, flyGarmin, Strava, inReach solutions.

    Reply
  29. Tomi Engdahl says:

    Researchers discovered significant vulnerability in Amazon’s Alexa
    https://www.google.com/amp/s/thehill.com/policy/technology/511746-researchers-discovered-significant-vulnerability-in-amazons-alexa%3Famp

    Researchers at cybersecurity provider Check Point uncovered a flaw in Amazon’s Alexa virtual assistant that left owner’s personal information vulnerable before it was patched in June.

    The researchers detailed the vulnerability in a report released Thursday, saying potential hackers could have hijacked the voice assistant devices using malicious Amazon links.

    Reply
  30. Tomi Engdahl says:

    EU imposes the first ever sanctions against cyber-attacks
    https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/
    The Council today decided to impose restrictive measures against six
    individuals and three entities responsible for or involved in various
    cyber-attacks. These include the attempted cyber-attack against the
    OPCW (Organisation for the Prohibition of Chemical Weapons) and those
    publicly known as ‘WannaCry’, ‘NotPetya’, and ‘Operation Cloud
    Hopper’.. Read also:
    https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32020D1127&from=EN

    Reply
  31. Tomi Engdahl says:

    Microsoft Joins Open Source Security Foundation
    https://msrc-blog.microsoft.com/2020/08/03/microsoft-joins-open-source-security-foundation/
    Microsoft has invested in the security of open source software for
    many years and today Im excited to share that Microsoft is joining
    industry partners to create the Open Source Security Foundation
    (OpenSSF), a new cross-industry collaboration hosted at the Linux
    Foundation. The OpenSSF brings together work from the Linux
    Foundation-initiated Core Infrastructure Initiative (CII), the
    GitHub-initiated Open Source Security Coalition (OSSC), and other open
    source security efforts to improve the security of open source
    software by building a broader community, targeted initiatives, and
    best practices.

    Reply
  32. Tomi Engdahl says:

    Windows 10: HOSTS file blocking telemetry is now flagged as a risk
    https://www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/
    Starting at the end of July, Microsoft has begun detecting HOSTS files
    that block Windows 10 telemetry servers as a ‘Severe’ security risk.
    The HOSTS file is a text file located at
    C:\Windows\system32\driver\etc\HOSTS and can only be edited by a
    program with Administrator privileges. This file is used to resolve
    hostnames to IP addresses without using the Domain Name System (DNS).

    Reply
  33. Tomi Engdahl says:

    Hackers Could Use IoT Botnets to Manipulate Energy Markets
    https://www.wired.com/story/hackers-iot-botnets-manipulate-energy-markets/
    ON A FRIDAY morning in the fall of 2016, the Mirai botnet wrecked
    havoc on internet infrastructure, causing major website outages across
    the United States. It was a wakeup call, revealing the true damage
    that zombie armies of malware-infected gadgets could cause. Now,
    researchers at the Georgia Institute of Technology are thinking even
    farther afield about how the unlikely targets that botnets could
    someday disruptsuch as energy markets.

    Reply
  34. Tomi Engdahl says:

    Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts
    https://thehackernews.com/2020/08/apple-touchid-sign-in.html
    Apple earlier this year fixed a security vulnerability in iOS and
    macOS that could have potentially allowed an attacker to gain
    unauthorized access to a user’s iCloud account. Uncovered in February
    by Thijs Alkemade, a security specialist at IT security firm
    Computest, the flaw resided in Apple’s implementation of TouchID (or
    FaceID) biometric feature that authenticated users to log in to
    websites on Safari, specifically those that use Apple ID logins.

    Reply
  35. Tomi Engdahl says:

    High-Severity Android RCE Flaw Fixed in August Security Update
    https://threatpost.com/high-severity-android-rce-flaw-fixed-in-august-security-update/158049/
    Google has released patches addressing a high-severity issue in its
    Framework component, which if exploited could enable remote code
    execution (RCE) on Android mobile devices. Overall, 54 high-severity
    flaws were patched as part of Googles August security updates for the
    Android operating system, released on Monday. As part of this,
    Qualcomm, whose chips are used in Android devices, patched a mix of
    high and critical-severity vulnerabilities tied to 31 CVEs.

    Reply
  36. Tomi Engdahl says:

    Researcher Demonstrates 4 New Variants of HTTP Request Smuggling
    Attack
    https://thehackernews.com/2020/08/http-request-smuggling.html
    A new research has identified four new variants of HTTP request
    smuggling attacks that work against various commercial off-the-shelf
    web servers and HTTP proxy servers. Amit Klein, VP of Security
    Research at SafeBreach who presented the findings today at the Black
    Hat security conference, said that the attacks highlight how web
    servers and HTTP proxy servers are still susceptible to HTTP request
    smuggling even after 15 years since they were first documented.

    Reply
  37. Tomi Engdahl says:

    The Official Facebook Chat Plugin Created Vector for Social
    Engineering Attacks
    https://www.wordfence.com/blog/2020/08/the-official-facebook-chat-plugin-created-vector-for-social-engineering-attacks/
    On June 26, 2020, our Threat Intelligence team discovered a
    vulnerability in The Official Facebook Chat Plugin, a WordPress plugin
    installed on over 80,000 sites. This flaw made it possible for
    low-level authenticated attackers to connect their own Facebook
    Messenger account to any site running the vulnerable plugin and engage
    in chats with site visitors on affected sites. We initially reached
    out to Facebook on June 26, 2020 and included the full disclosure
    details at the time of reaching out. They initially responded on June
    30, 2020, and after much back and forth, Facebook released a patch on
    July 28, 2020

    Reply
  38. Tomi Engdahl says:

    Achilles: Small chip, big peril.
    https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
    Over 400 vulnerabilities on Qualcomms Snapdragon chip threaten mobile
    phones usability worldwide. With over 3 billion users globally,
    smartphones are an integral, almost inseparable part of our day-to-day
    lives. As the mobile market continues to grow, vendors race to provide
    new features, new capabilities and better technological innovations in
    their latest devices. To support this relentless drive for innovation,
    vendors often rely on third parties to provide the required hardware
    and software for phones. One of the most common third-party solutions
    is the Digital Signal Processor unit, commonly known as DSP chips.

    Reply
  39. Tomi Engdahl says:

    Porn blast disrupts bail hearing of alleged Twitter hacker
    https://nakedsecurity.sophos.com/2020/08/06/porn-blast-disrupts-bail-hearing-of-alleged-twitter-hacker/
    One of the alleged Twitter hackers faced a bail hearing in a Florida
    court yesterday. ICYMI, the Twitter hack were referring to involved
    the takeover of 45 prominent Twitter accounts, including those of Joe
    Biden, Elon Musk, Apple Computer, Barack Obama, Kim Kardashian and a
    laundry list of others with huge numbers of followers

    Reply
  40. Tomi Engdahl says:

    Shellshock In-Depth: Why This Old Vulnerability Wont Go Away
    https://securityintelligence.com/articles/shellshock-vulnerability-in-depth/
    Shellshock is a bug in the Bash command-line interface shell that has
    existed for 30 years and was discovered as a significant threat in
    2014. Today, Shellshock still remains a threat to enterprise. The
    threat is certainly less risky than in the year of discovery. However,
    in a year in which security priorities have recalibrated to keep up
    with the chaotic landscape, its a good time to look back at this
    threat and the underlying factors that keep these attacks alive today.

    Reply
  41. Tomi Engdahl says:

    Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks
    https://thehackernews.com/2020/08/foreshadow-processor-vulnerability.html
    The new research explains microarchitectural attacks were actually
    caused by speculative dereferencing of user-space registers in the
    kernel, which not just impacts the most recent Intel CPUs with the
    latest hardware mitigations, but also several modern processors from
    ARM, IBM, and AMD previously believed to be unaffected.

    Reply
  42. Tomi Engdahl says:

    Have I Been Pwned to go open source 10bn credentials, not so much,
    says creator Hunt
    https://www.theregister.com/2020/08/07/hibp_open_source/
    Credential breach website Have I Been Pwned (HIBP) will be going open
    source, site creator and maintainer Troy Hunt has told the world.

    Reply
  43. Tomi Engdahl says:

    Dutch Hackers Found a Simple Way to Mess With Traffic Lights
    https://www.wired.com/story/hacking-traffic-lights-netherlands/
    By reverse engineering apps intended for cyclists, security
    researchers found they could cause delays in at least 10 cities from
    anywhere in the world.

    Reply
  44. Tomi Engdahl says:

    Beyond KrØØk: Even more WiFi chips vulnerable to eavesdropping
    https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
    At Black Hat USA 2020, ESET researchers delved into details about the
    KrØØk vulnerability in Wi-Fi chips and revealed that similar bugs
    affect more chip brands than previously thought. KrØØk (formally
    CVE-2019-15126) is a vulnerability in Broadcom and Cypress Wi-Fi chips
    that allows unauthorized decryption of some WPA2-encrypted traffic.
    Specifically, the bug has led to wireless network data being encrypted
    with a WPA2 pairwise session key that is all zeros instead of the
    proper session key that had previously been established in the 4-way
    handshake. This undesirable state occurs on vulnerable Broadcom and
    Cypress chips following a Wi-Fi disassociation.

    Reply
  45. Tomi Engdahl says:

    Researchers found another way to hack Android cellphones via Bluetooth
    https://www.cyberscoop.com/bluetooth-vulnerability-android-dbappsecurity-black-hat-2020/
    Attackers looking to steal sensitive information like contacts, call
    history, and SMS verification codes from Android devices only need to
    target Bluetooth protocols, according to new DBAPPSecurity research
    presented at the 2020 Black Hat conference Wednesday. These exploits,
    one of which takes advantage of a zero-day vulnerability, could also
    allow hackers to send fake text messages if manipulated properly,
    researchers found. The other attack allows researchers to take
    advantage of an authentication bypass vulnerability, dubbed
    “BlueRepli.” Would-be attackers can bypass authentication by imitating
    a device that has previously been connected with a target. Victims do
    not need to give permission to a device for the exploit to work. Read
    also:
    https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF

    Reply
  46. Tomi Engdahl says:

    Hacking the PLC via Its Engineering Software
    https://www.darkreading.com/vulnerabilities—threats/hacking-the-plc-via-its-engineering-software/d/d-id/1338612
    Researcher will demonstrate at DEF CON an emerging threat to
    industrial control networks. Attackers don’t need to directly hack
    into a programmable logic controller (PLC) to wreak havoc on an
    industrial process: they can target its configuration files and pivot
    from there.

    Reply
  47. Tomi Engdahl says:

    Nearly 50% of all smartphones affected by Qualcomm Snapdragon bugs
    https://csirt.cy/nearly-50-of-all-smartphones-affected-by-qualcomm-snapdragon-bugs/
    Several security vulnerabilities found in Qualcomm’s Snapdragon chip
    Digital Signal Processor (DSP) chip could allow attackers to take
    control of almost 40% of all smartphones, spy on their users, and
    create un-removable malware capable of evading detection. Read also:
    https://www.kauppalehti.fi/uutiset/tietoturvatutkijat-lahes-kaikki-android-puhelimet-ovat-alttiita-hyokkayksille/3c34aa45-c575-4b84-aa82-b34b2b638c81.
    As well as:
    https://www.darkreading.com/vulnerabilities—threats/400+-qualcomm-chip-vulnerabilities-threaten-millions-of-android-phones/d/d-id/1338613.
    And:
    https://threatpost.com/qualcomm-bugs-opens-40-percent-of-android-devices-to-attack/158194/

    Reply
  48. Tomi Engdahl says:

    Evasive Credit Card Skimmers Using Homograph Domains and Infected
    Favicon
    https://thehackernews.com/2020/08/magecart-homograph-phishing.html
    Cybersecurity researchers today highlighted an evasive phishing
    technique that attackers are exploiting in the wild to target visitors
    of several sites with a quirk in domain names, and leverage modified
    favicons to inject e-skimmers and steal payment card information
    covertly. Read also:
    https://www.zdnet.com/article/magecart-group-uses-homoglyph-attacks-to-fool-you-into-visiting-malicious-websites/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*