Cybersecurity News Headline Updated on 18 July 2020

The headline on 18 July 2020

Microsoft Patches Severe, Wormable Vulnerability in Windows Server 2019. The bug is a vulnerability found in Windows DNS servers, that allows remote code execution due to mishandled requests. It’s only present in Windows Servers configured to handle DNS requests, but the severity of the bug means all affected server versions should update ASAP.

Both Microsoft and the researchers who discovered the bug have confirmed it’s wormable as well. Vulnerabilities are nothing new, but wormable vulnerabilities are particularly nasty. They allow attackers to infect one machine after another, spreading malware across the internet and eventually infecting every vulnerable machine that it touches.

Microsoft urges patching as quickly as possible, so if you’re currently using Windows Server 2019, you should look into applying the fix.

Read more at arstechnica.com

Zoom Fixes a Bug In Subdomain Handling. The bug resulted from the ability to construct malicious URLs posing as a company’s genuine vanity URL. For example, if the original link was https://zoom.us/j/####, the attacker could change it to https://<organization’s name>.zoom.us/j/####, and potentially pose as a company employee in a meeting.

Read more in: Zoom Addresses Vanity URL Zero-Day

UK, Canada, and US Say Russian Hackers are Targeting COVID-19 Vaccine Research. In a joint advisory, government officials from the UK, Canada, and the US said that hackers with ties to Russia have been targeting organizations conducting research on COVID-19 vaccines. Suggestions for mitigating the risk of attack include keeping devices and networks up-to-date; implementing multi-factor authentication; and preventing and detecting lateral movement in networks.

Read more in:

Hackers Hijacked High-Profile Twitter Accounts And Used Them in Bitcoin Scam. Hackers took over dozens of high-profile Twitter accounts and used them to tweet that if people sent then bitcoin, they would send back twice as much. They received $120,000 worth of the cryptocurrency before the scam was detected and shut down. Twitter says is believes that the hackers targeted Twitter employees in a “coordinated social engineering attack” to take control of the accounts.

Read more in:

US Legislators Adding Solarium Report Recommendations to Defense Spending Bill. Cybersecurity recommendations made in the Cyberspace Solarium Commission report, which was released earlier this year, are finding their way into markups of and proposed amendments to the FY 2021 US National Defense Authorization Act (NDAA). This month, the Cyberspace Solarium Commission staff released a list of 54 legislative proposals drawn from the report.

Read more in:

Patch Tuesday: Cisco and Oracle. Cisco has released fixes for more than 30 vulnerabilities in a variety of products, five of which are rated critical. The critical flaws include two remote code execution vulnerabilities, authentication bypass, privilege elevation, default credential. Oracle’s Critical Patch Update for July 2020 includes nearly 450 fixes for vulnerabilities in multiple products.

Read more in:

Patch Tuesday Adobe. On Tuesday, July 14, Adobe released fixes for a total of 13 vulnerabilities affecting five different products: Download Manager, ColdFusion, Genuine Service, Media Encoder and the Creative Cloud Desktop Application. Four of the vulnerabilities are rated critical; the other nine are rated important. The critical flaws are a Symlink vulnerability in Creative Cloud; two out-of-bounds write vulnerabilities in Media Encoder; and a command injection vulnerability in Download Manager.

Read more in:

Microsoft Patch Tuesday Addresses 120+ Vulnerabilities, Including Wormable Flaw (SIGRed). On Tuesday, July 14, Microsoft released fixes for more than 120 vulnerabilities across its product line; 18 of the vulnerabilities are rated critical. One of the critical flaws is a “wormable” remote code execution flaw which can spread from machine to machine with no human interaction. Check Point detected the flaw and reported it to Microsoft in May. SIGRed, as Check Point named the flaw, affects Windows DNS servers and can be exploited by sending a malicious request to a vulnerable Windows DNS server. The flaw has been present in Windows DNS Server for 17 years. It has been given a CVSS base score of 10.

Read more in:

Apple Updates: iOS, macOS, and More. On Wednesday, July 15, Apple released updates for numerous products, including iOS (13.6), iPadOS (13.6), macOS (10.15.6), Safari (13.1.2), tvOS (13.4.8), and watchOS (6.2.8).

Read more in:

Counterfeit Cisco Devices Caused Network Switch Failures. An F-Secure investigation into network switch failures at an unnamed IT company found that the problem was caused by counterfeit Cisco devices. The failure occurred after a software upgrade in fall 2019.

Read more in:

IBM X-Force Found Iranian Threat Group Training Videos Online. IBM’s X-Force Incident Response Intelligence Services (IRIS) discovered a server that contained video files of an Iranian threat group’s operations. The server contained 40 gigabytes of data. The videos include evidence of stealing data from a US Navy officer and a Greek naval officer.

Read more in:

EU Court of Justice Invalidates Privacy Shield Data Sharing Agreement. The European Union Court of Justice has ruled that Privacy Shield, the EU/US data sharing agreement, is invalid. The court said that the agreement did not adequately protect EU residents’ data when it is sent to the US, and as such, violates EU privacy law. Privacy Shield was created in 2016, after the Safe Harbor agreement was deemed inadequate and the establishment of Standard Contractual Clauses (SCC), which are still valid.

Read more in:

Identity Theft Resource Center: Data Breaches Decreasing. The Identity Theft Resource Center says that data breaches have decreased during the first quarter of 2020. The organization compiled data from publicly reported breaches in the US during the first three months of 2020.

Read more in: Identity Theft Resource Center Sees a Data Breach Decrease in First Quarter of 2020

Decommissioned Police Bodycams Purchased Online Contain Sensitive Data. A used bodycam purchased on eBay yielded unencrypted video of US military police officers at work. Other decommissioned bodycams purchased online have turned up similar data.

Read more in:

The headline on 15 July 2020

Cyber Attacks Against Health Care Facilities Skyrocketing During COVID Pandemic. Attacks against hospitals and other healthcare providers have increased during the pandemic as more employees switched to working from home and medical facilities were cash-strapped and stretched thin because of COVID-19. IBM reported a 6,000 percent increase in spam attacks leveraging COVID-19 on information technology system between March and April; many of the targeted systems are at health care facilities.

Read more in: A game of ‘cat and mouse’: Hacking attacks on hospitals for patient data increase during coronavirus pandemic

SAP Patches Critical Flaw – Severity 10 – Patch Now. SAP has released a fix for a critical vulnerability in the SAP NetWeaver Application Server Java component LM Configuration Wizard. The flaw could be remotely exploited to create user accounts with maximum privileges on vulnerable systems.

Read more in:

Zoom Releases Fix for RCE Flaw Affecting Older Versions of Windows. Zoom has released an update to address a remote code execution vulnerability that affects the Zoom client running on Windows 7 and on older versions of Windows. Zoom released version 5.1.3 of the Zoom client on July 10. Zoom released additional updates on Sunday, July 12 to address “minor bug fixes” and implement “new and enhanced features” for phone and web users.

Read more in:

Amazon Walks Back its TikTok Ban; Wells Fargo Imposes One. Amazon said that an email sent to employees last week banning them from using TikTok on mobile devices that connect to corporate email “was sent in error.” The message told the employees to remove the app from those devices or risk losing access to work email on those devices. TikTok has come under scrutiny by US legislators and administration officials because it is owned by a Chinese company and some are concerned that the app could be used to spy on people. Late last year, the US Department of Defense told personnel to delete TikTok from government-issued phones. Wells Fargo has also told its employees to delete the app from company-owned devices.

Read more in:

Conti Ransomware Can Encrypt Files Very Quickly. Researchers from Carbon Black have detected Conti, a new strain of ransomware that appears to share some code with Ryuk. Conti is a human operated ransomware, meaning that its operators control it rather than allowing it to execute automatically. One of Conti’s notable features is that it uses 32 simultaneous CPU threads to encrypt data.

Read more in:

Secret Service Cyber Fraud Task Force. The US Secret Service has merged two existing units to create the Cyber Fraud Task Force. In a July 9 press release, the Secret Service said, “In today’s environment, no longer can investigators effectively pursue a financial or cybercrime investigation without understanding both the financial and internet sectors, as well as the technologies and institutions that power each industry,” prompting the decision to unify the Electronic Crimes Task Forces (ECTFs) and Financial Crimes Task Forces (FCTFs).

Read more in:

Mozilla Will Reduce TLS Certificates’ Lifespan to 398 Days. Mozilla has announced its intent to reduce the lifespan of TLS certificates it deems valid from 825 days (about 27.5 months) to 398 days (just over 13 months). As of September 1, 2020, Mozilla will consider new TLS certificates with expiration dates further out than 398 days as invalid. Earlier this year, Apple announced it will require certificates issued after September 1, 2020 to have lifespans of 398 days or less. Mozilla and Apple plan to make this change regardless of any decision reached by the CA/B Forum.

Read more in:

Amnesty International Loses Bid to Revoke NSO Export License. An Israeli court has denied Amnesty International’s petition to revoke the export license of NSO Group, which sells surveillance software. Amnesty International filed the lawsuit in 2019, alleging that NSO group’s Pegasus software had been used against an Amnesty International employee.

Read more in:

Nikulin Found Guilty of Breaking Into LinkedIn, DropBox, and Formspring. A federal jury in California has found Russian citizen Yevgeniy Nikulin guilty of breaking into computers that belonged to social networking companies, installing malware on those computers, stealing employees’ access credentials, and selling that information. Nikulin was arrested in the Czech Republic in 2016 and held there for over a year before being extradited to the US. Sentencing is scheduled for September 29, 2020.

Read more in:

US Dept. of Energy Report: DoE’s Office of Science Lacks Sufficient Peripheral Device Security. A report from the US Department of Energy Office of Inspector General warns that DoE’s Office of Science does not have adequate security for peripheral devices. The IG reviewed four DoE field sites. Among the reasons given site officials for the lack of security are that DoE’s security standards are “technically not feasible or extremely difficult to implement,” and that they are expensive to implement and hinder collaboration.

Read more in:

Belgian Bank Closes Down Older ATMs After Jackpotting Attacks. Two Argenta ATMs in Belgium were hit with jackpotting attacks over the weekend. These were older machines that were scheduled to be replaced. ATMs belonging to the same bank were hit with jackpotting attacks in late June as well. Argenta’s Christine Vermylen told The Brussels Times, “We have decided to shut down the 143 devices of this type now, pending the installation of new devices later this year. We are looking into whether that operation can be speeded up.”

Read more in:

Ukrainian Police Arrest Alleged Government Database Hacker. Police in Ukraine have arrested an individual who is suspected of breaking into government databases, stealing information, and then selling it. The suspect allegedly accessed 50 Ukrainian government databases by “hacking passwords to e-mail accounts, messengers, [and] social media accounts” of government employees.

Read more in: Ukraine arrests government database hack suspect

EFF Files Amicus Brief in Supreme Court Case Involving CFAA. The Electronic Frontier Foundation (EFF) has filed an amicus brief on behalf of cybersecurity researchers and companies urging the US Supreme Court to narrow the scope of the Computer Fraud and Abuse Act (CFAA). Specifically, the EFF urges the Supreme Court to decide that accessing computers in ways that violate terms of service does not violate the CFAA. The brief was filed in reference to Nathan Van Buren v. United States.

Read more in:

The headline on 11 July 2020

Zoom Zero-day Affects Clients Running on Older Versions of Windows. Zoom is working on a fix for a zero-day vulnerability that was disclosed on Thursday, July 9. The arbitrary code execution flaw affects the Zoom client running on Windows 7, Windows Server 2008 R2, and older versions of the operating system. Zoom clients running on Windows 8 and Windows 10 are not affected.

Read more in:

Palo Alto Networks Releases Updates for Another PAN-OS Vulnerability. Palo Alto Networks has released updates to fix a critical command injection vulnerability in its PAN-OS GlobalProtect portal. The flaw affects PAN-OS 9.1 versions prior to 9.1.3; PAN-OS 8.1 versions prior to 8.1.15; PAN-OS 9.0 versions prior to 9.0.9; and all versions of PAN-OS 8.0 and PAN-OS 7.1. Fixes will not be released for PAN-OS 8.0 and 7.1 as those versions are no longer supported.

Read more in:

Citrix Patches 11 Vulnerabilities in Networking Products; Someone is Already Scanning for Vulnerable Installations. Earlier this week, Citrix released fixes for 11 vulnerabilities in Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP appliances. The flaws include information disclosure, local privilege elevation, code injection, cross-site scripting, authorization bypass, denial of service. Rob Joyce, the former head of the NSA’s Tailored Access Operations (TAO) team, has urged users to apply the patches as soon as possible. Active scanning for vulnerable installations has been detected.

Read more in:

Critical Flaw in WordPress Plugin. A critical remote code execution flaw in the Adning Advertising plugin for WordPress could be exploited to completely take control of vulnerable sites. The flaw has been exploited in the wild. Users are urged to update to Adning version 1.5.6, which also fixes a high-severity unauthenticated arbitrary file deletion via path traversal vulnerability.

Read more in:

Russian Hacking Group Cosmic Lynx is Conducting Sophisticated eMail Scams. A group of Russian hackers dubbed Cosmic Lynx has been launching sophisticated business email compromise schemes since last July. According to researchers at Agari, the group has launched more than 200 attacks against organizations in 46 countries. Cosmic Lynx targets organizations that have not implemented DMARC; the group has focused on scams involving mergers and acquisitions.

Read more in:

Criminals are Taking Control of Abandoned Subdomains. Criminals have been taking control of abandoned subdomains associated with well-known organizations and using them for nefarious purposes, including malware, pornographic content, or spreading malware. In late June, Microsoft published an article describing how to prevent subdomain takeovers.

Read more in:

ThiefQuest macOS Malware More Focused on Stealing Information than on Encrypting Data. Researchers now think the ThiefQuest malware that targets macOS is largely focused on exfiltrating data from infected networks. Initial assessment of ThiefQuest categorized the malware as ransomware. While it does have an encryption component, researchers think it may be included as a distraction rather than the main purpose of the malware.

Read more in:

DigiCert Will Revoke 50,000 Certificates This Weekend Because of Botched Audit. DigiCert plans to revoke 50,000 Extended Validation (EV) certificates on Saturday, July 11 after learning that they were not properly audited. While the situation does not pose a security threat, EV guidelines require that the certificates be revoked.

Read more in:

Turchin Indictment Unsealed. The US Department of Justice recently unsealed an indictment charging Andrey Turchin with conspiracy to commit computer hacking, two counts of computer fraud and abuse, conspiracy to commit wire fraud, and access device fraud. Turchin allegedly hacked into networks at hundreds of organizations, established backdoors, and then sold access to those systems. Turchin is a citizen of Kazakhstan and is believed to be residing there currently.

Read more in:

German Authorities Seize BlueLeaks Server. Authorities in Germany have seized a server hosting BlueLeaks data, 269 GB of US police documents. The department of public prosecution in Zwickau said the server was seized on July 3 at the request of the US government.

Read more in:

Microsoft Seizes Domains Used in Phishing Attacks that Targeted Office 365 Users. Recently unsealed documents detail Microsoft’s efforts to thwart phishing attacks that preyed on people’s concerns about COVID-19. The attacks targeted Office 365 users in 62 countries around the world and were crafted to appear to be from employers or other trusted entities. Microsoft’s Digital Crime Unit became aware of the fraudulent activity in December 2019. On July 1, Microsoft obtained a court order allowing it to seize the malicious domains.

Read more in:

CISA Warns of Vulnerabilities in Medical Devices and Hospital Information Management System. The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published two advisories regarding security issues in ultrasound systems from Philips and in the OpenClinic GA open source hospital information management system. Philips has released updates to address the authentication bypass issue in some of the affected products and expects to have fixes for the rest of the affected products by the end of the calendar year.

Read more in:

Published by Thomas Apel

, a dynamic and self-motivated information technology architect, with a thorough knowledge of all facets pertaining to system and network infrastructure design, implementation and administration. I enjoy the technical writing process and answering readers' comments included.