Security news weekly round-up - 10th July 2020

Habdul Hazeez - Jul 10 '20 - - Dev Community

Contrary to the tradition of this weekly round-up that always contains seven links, there are ten links in this round-up hence, the five minutes reading time..

Introduction

Welcome to the weekly round-up of security news from around the Web. I hope your week was fine.

This it's a mixture of vulnerabilities, cybercrime, malware and security.


Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network

Almost everything invented by man has been used for other purposes than what it was created and meant for.

Encryption makes it difficult to read almost any date whether at rest or in transit from data to communication.

In this case encryption was abused to protect the communications of alleged drug dealers and criminals.

Excerpt from the article:

In a joint operation, European and British law enforcement agencies recently arrested hundreds of alleged drug dealers and other criminals after infiltrating into a global network of an encrypted chatting app that was used to plot drug deals, money laundering, extortions, and even murders.

Dubbed EncroChat, the top-secret encrypted communication app comes pre-installed on a customized Android-based handset with GPS, camera, and microphone functionality removed for anonymity and security.

Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers

Remote Code Execution is a vulnerability that allow attackers to execute code on a target machine. For any software, this is bad news.

Excerpt from the article:

The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS score of 10 out of 10, could let remote attackers take complete control of the targeted systems, eventually gaining surveillance over the application data they manage.

According to Mikhail Klyuchnikov, a security researcher at Positive Technologies who discovered the flaw and reported it to F5 Networks, the issue resides in a configuration utility called Traffic Management User Interface (TMUI) for BIG-IP application delivery controller (ADC).

.NET Core vulnerability lets attackers evade malware detection

The title says it all.

Excerpt from the article:

A vulnerability in the .NET Core library allows malicious programs to be launched while evading detection by security software.

This vulnerability is caused by a Path Traversal bug in Microsoft’s .NET Core library that allows malicious garbage collection DLLs to be loaded by users with low privileges.

Microsoft takes down domains used in COVID-19-related cybercrime

It's the year 2020 and coronavirus is a global pandemic but that has not stopped cybercriminals from taking advantage of the entire situation.

Excerpt from the article:

Microsoft took control of domains used by cybercriminals as part of the infrastructure needed to launch phishing attacks designed to exploit vulnerabilities and public fear resulting from the COVID-19 pandemic.

The threat actors who controlled these domains were first spotted by Microsoft’s Digital Crimes Unit (DCU) while attempting to compromise Microsoft customer accounts in December 2019 using phishing emails designed to help harvest contact lists, sensitive documents, and other sensitive information, later to be used as part of Business Email Compromise (BEC) attacks.

Company web names hijacked via outdated cloud DNS records

The title says it all.

Excerpt from the article:

US security researcher Zach Edwards recently tweeted about finding 250 company website names that had been taken over by cybercriminals.

He didn’t name the brands, but insists that the organizations affected include banks, healthcare companies, restaurant chains, civil rights groups and more.

Risky blogspot.in domain for sale after Google fails to renew it

The title says it all.

Excerpt from the article:

In 2012, Google implemented a new feature that redirects Blogspot sites to country-specific URLs that match their geolocation and comply with content take-down requests more quickly.

One of the domains that were used by Blogspot is blogspot.in, whose registration Google lets lapse in early June 2020.

This lapse in registration caused 4.4 million URLs in the Google search results to become broken as the domain was no longer responding to requests.

Google Patches Critical Android Vulnerabilities With July 2020 Updates

Currently, Android is the most popular mobile operating system and is regularly updated by Google.

This time they patched some vulnerabilities.

Excerpt from the article:

The most severe of the flaws impacts the system component and could allow an attacker to execute code with high privileges, via a specially crafted file. In fact, Google addressed two critical flaws in the system component, one impacting Android 8.0 and newer releases (CVE-2020-0224), and the other affecting Android 10 only (CVE-2020-0225).

A third vulnerability addressed in system was a high-severity information disclosure issue (CVE-2020-0107) that impacts Android 10 only.

Mozilla turns off “Firefox Send” following malware abuse reports

The title says it all.

Excerpt from the article:

The problem is that in the case of the crooks, they’re typically using Firefox Send for what you might call “data infiltration” – a way of importing malware files or attack tools onto a network they’ve already broken into without drawing undue attention to themselves.

That sort of operational tactic goes by the name of living off the land – a slightly misplaced metaphor, to be sure, but one that is now widely used in the cybersecurity industry to mean “fitting right in with everyday behavior on the network”.

By using Firefox Send, the crooks don’t need to set up a file sharing server of their own at a legitimate-looking URL, and they don’t have to worry about making sure their URLs expire automatically after use.

Researchers Find Pre-Installed Malware on More Android Phones in U.S.

The title says it all.

Excerpt from the article:

In January, the security firm reported that the UMX U686CL phone, sold as part of the government-funded Lifeline Assistance program by Virgin Mobile, a subsidiary of Sprint, was being shipped to users with two malicious programs pre-installed: a Wireless Update application and a Settings app.

Within a month, UMX (Unimax) Communications delivered a software update to the device to completely remove the malware, although it told the security firm that the update was meant to, in fact, correct a vulnerability.

Now, Malwarebytes’s Nathan Collier says that another phone model provided through the Lifeline Assistance program was found to include pre-installed malware: the ANS (American Network Solutions) UL40 running Android 7.1.1.

Unpatched Critical Flaw Disclosed in Zoom Software for Windows 7 or Earlier

It's 2020, I don't think Zoom needs any introduction.

Excerpt from the article:

A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older.

To successfully exploit the zoom vulnerability, all an attacker needs to do is tricking a Zoom user into performing some typical action like opening a received document file. No security warning is triggered or shown to the user at the time of the attack.


That's it for this week, I'll see you next Friday.

Cover photo by Jazmin Quaynor on Unsplash.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .